python-2.7: Security fix CVE-2016-5636

Affects python-2.7 < 2.7.12 (From OE-Core rev: d25b86ce8f2712d02bb7cde78d7f9ea5a57a7770) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2016-11-06 10:36:07 -0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-12-06 22:46:44 +0000
commit: 6976f01adc204790382a0df55cfba361695d803e (patch)
tree: d217f0119e9e876974d3714931b2ffb85f048764
parent: 867babeb6fcad2ac5497b4e36d622ff33c11908c (diff)
download: poky-6976f01adc204790382a0df55cfba361695d803e.tar.gz
2 files changed, 43 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python/CVE-2016-5636.patch b/meta/recipes-devtools/python/python/CVE-2016-5636.patch
new file mode 100644
index 0000000000..5906153d31
--- /dev/null
+++ b/meta/recipes-devtools/python/python/CVE-2016-5636.patch
@@ -0,0 +1,42 @@
+# HG changeset patch
+# User Benjamin Peterson <benjamin@python.org>
+# Date 1453357424 28800
+# Node ID 985fc64c60d6adffd1138b6cc46df388ca91ca5d
+# Parent  7ec954b9fc54448a35b56d271340ba109eb381b9
+prevent buffer overflow in get_data (closes #26171)
+Upstream-Status: Backport
+CVE: CVE-2016-5636
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+Index: Python-2.7.9/Misc/NEWS
+===================================================================
+--- Python-2.7.9.orig/Misc/NEWS
+++ Python-2.7.9/Misc/NEWS
+@@ -7,6 +7,9 @@ What's New in Python 2.7.9?
+ 
+ *Release date: 2014-12-10*
+ 
+- Issue #26171: Fix possible integer overflow and heap corruption in
+  zipimporter.get_data().
+
+ Library
+ -------
+ 
+Index: Python-2.7.9/Modules/zipimport.c
+===================================================================
+--- Python-2.7.9.orig/Modules/zipimport.c
+++ Python-2.7.9/Modules/zipimport.c
+@@ -895,6 +895,11 @@ get_data(char *archive, PyObject *toc_en
+         PyMarshal_ReadShortFromFile(fp);        /* local header size */
+     file_offset += l;           /* Start of file data */
+ 
+    if (data_size > LONG_MAX - 1) {
+        fclose(fp);
+        PyErr_NoMemory();
+        return NULL;
+    }
+     raw_data = PyString_FromStringAndSize((char *)NULL, compress == 0 ?
+                                           data_size : data_size + 1);
+     if (raw_data == NULL) {
diff --git a/meta/recipes-devtools/python/python_2.7.9.bb b/meta/recipes-devtools/python/python_2.7.9.bb
index 53ec99181f..3b3e7ad707 100644
--- a/meta/recipes-devtools/python/python_2.7.9.bb
+++ b/meta/recipes-devtools/python/python_2.7.9.bb
@@ -27,6 +27,7 @@ SRC_URI += "\
  file://use_sysroot_ncurses_instead_of_host.patch \
  file://avoid_parallel_make_races_on_pgen.patch \
  file://CVE-2016-0772.patch \
+  file://CVE-2016-5636.patch \
 "
 S = "${WORKDIR}/Python-${PV}"
author	Armin Kuster <akuster@mvista.com>	2016-11-06 10:36:07 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-12-06 22:46:44 +0000
commit	6976f01adc204790382a0df55cfba361695d803e (patch)
tree	d217f0119e9e876974d3714931b2ffb85f048764
parent	867babeb6fcad2ac5497b4e36d622ff33c11908c (diff)
download	poky-6976f01adc204790382a0df55cfba361695d803e.tar.gz

diff --git a/meta/recipes-devtools/python/python/CVE-2016-5636.patch b/meta/recipes-devtools/python/python/CVE-2016-5636.patch new file mode 100644 index 0000000000..5906153d31 --- /dev/null +++ b/meta/recipes-devtools/python/python/CVE-2016-5636.patch
@@ -0,0 +1,42 @@
		1
		2	# HG changeset patch
		3	# User Benjamin Peterson <benjamin@python.org>
		4	# Date 1453357424 28800
		5	# Node ID 985fc64c60d6adffd1138b6cc46df388ca91ca5d
		6	# Parent 7ec954b9fc54448a35b56d271340ba109eb381b9
		7	prevent buffer overflow in get_data (closes #26171)
		8
		9	Upstream-Status: Backport
		10	CVE: CVE-2016-5636
		11	Signed-off-by: Armin Kuster <akuster@mvista.com>
		12
		13	Index: Python-2.7.9/Misc/NEWS
		14	===================================================================
		15	--- Python-2.7.9.orig/Misc/NEWS
		16	+++ Python-2.7.9/Misc/NEWS
		17	@@ -7,6 +7,9 @@ What's New in Python 2.7.9?
		18
		19	Release date: 2014-12-10
		20
		21	+- Issue #26171: Fix possible integer overflow and heap corruption in
		22	+ zipimporter.get_data().
		23	+
		24	Library
		25	-------
		26
		27	Index: Python-2.7.9/Modules/zipimport.c
		28	===================================================================
		29	--- Python-2.7.9.orig/Modules/zipimport.c
		30	+++ Python-2.7.9/Modules/zipimport.c
		31	@@ -895,6 +895,11 @@ get_data(char archive, PyObject toc_en
		32	PyMarshal_ReadShortFromFile(fp); /* local header size */
		33	file_offset += l; /* Start of file data */
		34
		35	+ if (data_size > LONG_MAX - 1) {
		36	+ fclose(fp);
		37	+ PyErr_NoMemory();
		38	+ return NULL;
		39	+ }
		40	raw_data = PyString_FromStringAndSize((char *)NULL, compress == 0 ?
		41	data_size : data_size + 1);
		42	if (raw_data == NULL) {


diff --git a/meta/recipes-devtools/python/python_2.7.9.bb b/meta/recipes-devtools/python/python_2.7.9.bb index 53ec99181f..3b3e7ad707 100644 --- a/meta/recipes-devtools/python/python_2.7.9.bb +++ b/meta/recipes-devtools/python/python_2.7.9.bb
@@ -27,6 +27,7 @@ SRC_URI += "\
27	file://use_sysroot_ncurses_instead_of_host.patch \	27	file://use_sysroot_ncurses_instead_of_host.patch \
28	file://avoid_parallel_make_races_on_pgen.patch \	28	file://avoid_parallel_make_races_on_pgen.patch \
29	file://CVE-2016-0772.patch \	29	file://CVE-2016-0772.patch \
		30	file://CVE-2016-5636.patch \
30	"	31	"
31		32
32	S = "${WORKDIR}/Python-${PV}"	33	S = "${WORKDIR}/Python-${PV}"