diff options
author | alpine-mips-patches <info@mobile-stream.com> | 2019-05-15 15:27:09 +0000 |
---|---|---|
committer | Leo <thinkabit.ukim@gmail.com> | 2019-06-09 13:26:31 -0300 |
commit | ee312f48b0731565f62598ba871c8f47ae55514a (patch) | |
tree | 482d900b7d3b2e4370df49a07b87d1720396d1f9 /community/python2-tkinter | |
parent | 5156d5d7bcc10cfbbca2d6911836d13c30fd5af9 (diff) | |
download | aports-ee312f48b0731565f62598ba871c8f47ae55514a.tar.bz2 aports-ee312f48b0731565f62598ba871c8f47ae55514a.tar.xz |
community/python2-tkinter: upgrade to 2.7.16
Diffstat (limited to 'community/python2-tkinter')
-rw-r--r-- | community/python2-tkinter/APKBUILD | 8 | ||||
-rw-r--r-- | community/python2-tkinter/CVE-2019-5010.patch | 116 |
2 files changed, 3 insertions, 121 deletions
diff --git a/community/python2-tkinter/APKBUILD b/community/python2-tkinter/APKBUILD index fd4a23a221..1c4b19642d 100644 --- a/community/python2-tkinter/APKBUILD +++ b/community/python2-tkinter/APKBUILD @@ -4,9 +4,9 @@ # a cyclic dependency: python -> tk -> libx11 -> libxcb -> xcb-proto -> python pkgname=python2-tkinter -pkgver=2.7.15 +pkgver=2.7.16 _verbase=${pkgver%.*} -pkgrel=3 +pkgrel=0 pkgdesc="A graphical user interface for the Python" url="https://wiki.python.org/moin/TkInter" arch="all" @@ -19,7 +19,6 @@ makedepends="expat-dev openssl-dev zlib-dev ncurses-dev bzip2-dev replaces="python2" replaces_priority=1 source="https://www.python.org/ftp/python/$pkgver/Python-$pkgver.tar.xz - CVE-2019-5010.patch musl-find_library.patch unchecked-ioctl.patch " @@ -108,7 +107,6 @@ _idle() { _mv_files usr/bin } -sha512sums="27ea43eb45fc68f3d2469d5f07636e10801dee11635a430ec8ec922ed790bb426b072da94df885e4dfa1ea8b7a24f2f56dd92f9b0f51e162330f161216bd6de6 Python-2.7.15.tar.xz -fccc9878c0e7cdc2c91f24ab2849bc21362bf7559f0800841f282aebe11fb0d0436fb1057f59edea16c039d156e900569c616798526f42d3d190ce4631d456ab CVE-2019-5010.patch +sha512sums="16e814e8dcffc707b595ca2919bd2fa3db0d15794c63d977364652c4a5b92e90e72b8c9e1cc83b5020398bd90a1b397dbdd7cb931c49f1aa4af6ef95414b43e0 Python-2.7.16.tar.xz ab8eaa2858d5109049b1f9f553198d40e0ef8d78211ad6455f7b491af525bffb16738fed60fc84e960c4889568d25753b9e4a1494834fea48291b33f07000ec2 musl-find_library.patch 5a8e013a4132d71c4360771f130d27b37275ae59330cf9a75378dc8a11236017f540eb224f2a148984e82ca3fb6b29129375b1080ba05b81044faa717520ab82 unchecked-ioctl.patch" diff --git a/community/python2-tkinter/CVE-2019-5010.patch b/community/python2-tkinter/CVE-2019-5010.patch deleted file mode 100644 index af746c6eaf..0000000000 --- a/community/python2-tkinter/CVE-2019-5010.patch +++ /dev/null @@ -1,116 +0,0 @@ -From 280917872027ee991416d2623fc16ff1eed48f50 Mon Sep 17 00:00:00 2001 -From: Christian Heimes <christian@python.org> -Date: Tue, 15 Jan 2019 23:47:42 +0100 -Subject: [PATCH] bpo-35746: Fix segfault in ssl's cert parser (GH-11569) - -Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL -distribution points with empty DP or URI correctly. A malicious or buggy -certificate can result into segfault. - -Signed-off-by: Christian Heimes <christian@python.org> - -https://bugs.python.org/issue35746 -(cherry picked from commit a37f52436f9aa4b9292878b72f3ff1480e2606c3) - -Co-authored-by: Christian Heimes <christian@python.org> ---- - Lib/test/talos-2019-0758.pem | 22 +++++++++++++++++++ - Lib/test/test_ssl.py | 22 +++++++++++++++++++ - .../2019-01-15-18-16-05.bpo-35746.nMSd0j.rst | 3 +++ - Modules/_ssl.c | 4 ++++ - 4 files changed, 51 insertions(+) - create mode 100644 Lib/test/talos-2019-0758.pem - create mode 100644 Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst - -diff --git a/Lib/test/talos-2019-0758.pem b/Lib/test/talos-2019-0758.pem -new file mode 100644 -index 000000000000..13b95a77fd8a ---- /dev/null -+++ b/Lib/test/talos-2019-0758.pem -@@ -0,0 +1,22 @@ -+-----BEGIN CERTIFICATE----- -+MIIDqDCCApKgAwIBAgIBAjALBgkqhkiG9w0BAQswHzELMAkGA1UEBhMCVUsxEDAO -+BgNVBAMTB2NvZHktY2EwHhcNMTgwNjE4MTgwMDU4WhcNMjgwNjE0MTgwMDU4WjA7 -+MQswCQYDVQQGEwJVSzEsMCoGA1UEAxMjY29kZW5vbWljb24tdm0tMi50ZXN0Lmxh -+bC5jaXNjby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC63fGB -+J80A9Av1GB0bptslKRIUtJm8EeEu34HkDWbL6AJY0P8WfDtlXjlPaLqFa6sqH6ES -+V48prSm1ZUbDSVL8R6BYVYpOlK8/48xk4pGTgRzv69gf5SGtQLwHy8UPBKgjSZoD -+5a5k5wJXGswhKFFNqyyxqCvWmMnJWxXTt2XDCiWc4g4YAWi4O4+6SeeHVAV9rV7C -+1wxqjzKovVe2uZOHjKEzJbbIU6JBPb6TRfMdRdYOw98n1VXDcKVgdX2DuuqjCzHP -+WhU4Tw050M9NaK3eXp4Mh69VuiKoBGOLSOcS8reqHIU46Reg0hqeL8LIL6OhFHIF -+j7HR6V1X6F+BfRS/AgMBAAGjgdYwgdMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUOktp -+HQjxDXXUg8prleY9jeLKeQ4wTwYDVR0jBEgwRoAUx6zgPygZ0ZErF9sPC4+5e2Io -+UU+hI6QhMB8xCzAJBgNVBAYTAlVLMRAwDgYDVQQDEwdjb2R5LWNhggkA1QEAuwb7 -+2s0wCQYDVR0SBAIwADAuBgNVHREEJzAlgiNjb2Rlbm9taWNvbi12bS0yLnRlc3Qu -+bGFsLmNpc2NvLmNvbTAOBgNVHQ8BAf8EBAMCBaAwCwYDVR0fBAQwAjAAMAsGCSqG -+SIb3DQEBCwOCAQEAvqantx2yBlM11RoFiCfi+AfSblXPdrIrHvccepV4pYc/yO6p -+t1f2dxHQb8rWH3i6cWag/EgIZx+HJQvo0rgPY1BFJsX1WnYf1/znZpkUBGbVmlJr -+t/dW1gSkNS6sPsM0Q+7HPgEv8CPDNK5eo7vU2seE0iWOkxSyVUuiCEY9ZVGaLVit -+p0C78nZ35Pdv4I+1cosmHl28+es1WI22rrnmdBpH8J1eY6WvUw2xuZHLeNVN0TzV -+Q3qq53AaCWuLOD1AjESWuUCxMZTK9DPS4JKXTK8RLyDeqOvJGjsSWp3kL0y3GaQ+ -+10T1rfkKJub2+m9A9duin1fn6tHc2wSvB7m3DA== -+-----END CERTIFICATE----- -diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py -index e47603170253..9240184d98a4 100644 ---- a/Lib/test/test_ssl.py -+++ b/Lib/test/test_ssl.py -@@ -72,6 +72,7 @@ def data_file(*name): - BADKEY = data_file("badkey.pem") - NOKIACERT = data_file("nokia.pem") - NULLBYTECERT = data_file("nullbytecert.pem") -+TALOS_INVALID_CRLDP = data_file("talos-2019-0758.pem") - - DHFILE = data_file("ffdh3072.pem") - BYTES_DHFILE = DHFILE.encode(sys.getfilesystemencoding()) -@@ -227,6 +228,27 @@ def test_parse_cert(self): - self.assertEqual(p['crlDistributionPoints'], - ('http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl',)) - -+ def test_parse_cert_CVE_2019_5010(self): -+ p = ssl._ssl._test_decode_cert(TALOS_INVALID_CRLDP) -+ if support.verbose: -+ sys.stdout.write("\n" + pprint.pformat(p) + "\n") -+ self.assertEqual( -+ p, -+ { -+ 'issuer': ( -+ (('countryName', 'UK'),), (('commonName', 'cody-ca'),)), -+ 'notAfter': 'Jun 14 18:00:58 2028 GMT', -+ 'notBefore': 'Jun 18 18:00:58 2018 GMT', -+ 'serialNumber': '02', -+ 'subject': ((('countryName', 'UK'),), -+ (('commonName', -+ 'codenomicon-vm-2.test.lal.cisco.com'),)), -+ 'subjectAltName': ( -+ ('DNS', 'codenomicon-vm-2.test.lal.cisco.com'),), -+ 'version': 3 -+ } -+ ) -+ - def test_parse_cert_CVE_2013_4238(self): - p = ssl._ssl._test_decode_cert(NULLBYTECERT) - if support.verbose: -diff --git a/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst b/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst -new file mode 100644 -index 000000000000..dffe347eec84 ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst -@@ -0,0 +1,3 @@ -+[CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did -+not handle CRL distribution points with empty DP or URI correctly. A -+malicious or buggy certificate can result into segfault. -diff --git a/Modules/_ssl.c b/Modules/_ssl.c -index a96c41926036..19bb1207b48f 100644 ---- a/Modules/_ssl.c -+++ b/Modules/_ssl.c -@@ -1223,6 +1223,10 @@ _get_crl_dp(X509 *certificate) { - STACK_OF(GENERAL_NAME) *gns; - - dp = sk_DIST_POINT_value(dps, i); -+ if (dp->distpoint == NULL) { -+ /* Ignore empty DP value, CVE-2019-5010 */ -+ continue; -+ } - gns = dp->distpoint->name.fullname; - - for (j=0; j < sk_GENERAL_NAME_num(gns); j++) { |