summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2016-11-06 18:27:08 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-12-06 22:46:44 (GMT)
commit867babeb6fcad2ac5497b4e36d622ff33c11908c (patch)
treed94c691aa273e6506140c756d39f21da813b0fb5
parent96c1644d0d474bc451fdf3c4efea70eef49b8e57 (diff)
downloadpoky-867babeb6fcad2ac5497b4e36d622ff33c11908c.tar.gz
python-2.7: Security fix CVE-2016-0772
Affects python < 2.7.12 (From OE-Core rev: dd1a22f4beeb4100388efdc072e7cff2025535a7) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/python/python/CVE-2016-0772.patch42
-rw-r--r--meta/recipes-devtools/python/python_2.7.9.bb1
2 files changed, 43 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python/CVE-2016-0772.patch b/meta/recipes-devtools/python/python/CVE-2016-0772.patch
new file mode 100644
index 0000000..0580507
--- /dev/null
+++ b/meta/recipes-devtools/python/python/CVE-2016-0772.patch
@@ -0,0 +1,42 @@
1
2# HG changeset patch
3# User Benjamin Peterson <benjamin@python.org>
4# Date 1465676202 25200
5# Node ID b3ce713fb9beebfff9848cefa0acbd59acc68fe9
6# Parent 3017e41b0c99d24e88faf1de447f230e2f64d122
7raise an error when STARTTLS fails
8
9Upstream-status: Backport
10CVE: CVE-2016-0772
11Signed-off-by: Armin Kuster <akuster@mvista.com>
12
13Index: Python-2.7.9/Lib/smtplib.py
14===================================================================
15--- Python-2.7.9.orig/Lib/smtplib.py
16+++ Python-2.7.9/Lib/smtplib.py
17@@ -656,6 +656,11 @@ class SMTP:
18 self.ehlo_resp = None
19 self.esmtp_features = {}
20 self.does_esmtp = 0
21+ else:
22+ # RFC 3207:
23+ # 501 Syntax error (no parameters allowed)
24+ # 454 TLS not available due to temporary reason
25+ raise SMTPResponseException(resp, reply)
26 return (resp, reply)
27
28 def sendmail(self, from_addr, to_addrs, msg, mail_options=[],
29Index: Python-2.7.9/Misc/NEWS
30===================================================================
31--- Python-2.7.9.orig/Misc/NEWS
32+++ Python-2.7.9/Misc/NEWS
33@@ -5136,6 +5136,9 @@ Library
34
35 - Issue #8140: Extend compileall to compile single files. Add -i option.
36
37+- Fix TLS stripping vulnerability in smptlib, CVE-2016-0772. Reported by Team
38+ Oststrom
39+
40 - Issue #7356: ctypes.util: Make parsing of ldconfig output independent of the
41 locale.
42
diff --git a/meta/recipes-devtools/python/python_2.7.9.bb b/meta/recipes-devtools/python/python_2.7.9.bb
index f7e2f27..53ec991 100644
--- a/meta/recipes-devtools/python/python_2.7.9.bb
+++ b/meta/recipes-devtools/python/python_2.7.9.bb
@@ -26,6 +26,7 @@ SRC_URI += "\
26 file://parallel-makeinst-create-bindir.patch \ 26 file://parallel-makeinst-create-bindir.patch \
27 file://use_sysroot_ncurses_instead_of_host.patch \ 27 file://use_sysroot_ncurses_instead_of_host.patch \
28 file://avoid_parallel_make_races_on_pgen.patch \ 28 file://avoid_parallel_make_races_on_pgen.patch \
29 file://CVE-2016-0772.patch \
29" 30"
30 31
31S = "${WORKDIR}/Python-${PV}" 32S = "${WORKDIR}/Python-${PV}"