summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChen Qi <Qi.Chen@windriver.com>2018-10-19 10:43:15 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-10-20 22:40:16 +0100
commit4ad151a53ddb5fdce56d5c8185a49d3433788b2c (patch)
tree6c7ce6ad68ad67fb52a8269092cb92d95b723a45
parentcdec724312dde6406d27e7b7fb94a894db14f639 (diff)
downloadpoky-4ad151a53ddb5fdce56d5c8185a49d3433788b2c.tar.gz
python: backport patch to fix CVE-2018-14647
Backport patch to fix the following CVE. CVE: CVE-2018-14647 (From OE-Core rev: 68e51756f67499081c3c53cff6c5c1efdf4b60f0) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/python/python/0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch98
-rw-r--r--meta/recipes-devtools/python/python_2.7.15.bb1
2 files changed, 99 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python/0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch b/meta/recipes-devtools/python/python/0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch
new file mode 100644
index 0000000000..42c64caaee
--- /dev/null
+++ b/meta/recipes-devtools/python/python/0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch
@@ -0,0 +1,98 @@
1From 3ffc80959f01f9fde548f1632694b9f950c2dd7c Mon Sep 17 00:00:00 2001
2From: Christian Heimes <christian@python.org>
3Date: Tue, 18 Sep 2018 15:13:09 +0200
4Subject: [PATCH] [2.7] bpo-34623: Use XML_SetHashSalt in _elementtree
5 (GH-9146) (GH-9394)
6
7The C accelerated _elementtree module now initializes hash randomization
8salt from _Py_HashSecret instead of libexpat's default CPRNG.
9
10Signed-off-by: Christian Heimes <christian@python.org>
11
12https://bugs.python.org/issue34623.
13(cherry picked from commit cb5778f00ce48631c7140f33ba242496aaf7102b)
14
15Co-authored-by: Christian Heimes <christian@python.org>
16
17
18
19https://bugs.python.org/issue34623
20
21Upstream-Status: Backport
22
23Fix CVE-2018-14647
24
25Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
26---
27 Include/pyexpat.h | 4 +++-
28 Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst | 2 ++
29 Modules/_elementtree.c | 5 +++++
30 Modules/pyexpat.c | 5 +++++
31 4 files changed, 15 insertions(+), 1 deletion(-)
32 create mode 100644 Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst
33
34diff --git a/Include/pyexpat.h b/Include/pyexpat.h
35index 5340ef5..3fc5fa5 100644
36--- a/Include/pyexpat.h
37+++ b/Include/pyexpat.h
38@@ -3,7 +3,7 @@
39
40 /* note: you must import expat.h before importing this module! */
41
42-#define PyExpat_CAPI_MAGIC "pyexpat.expat_CAPI 1.0"
43+#define PyExpat_CAPI_MAGIC "pyexpat.expat_CAPI 1.1"
44 #define PyExpat_CAPSULE_NAME "pyexpat.expat_CAPI"
45
46 struct PyExpat_CAPI
47@@ -43,6 +43,8 @@ struct PyExpat_CAPI
48 XML_Parser parser, XML_UnknownEncodingHandler handler,
49 void *encodingHandlerData);
50 void (*SetUserData)(XML_Parser parser, void *userData);
51+ /* might be none for expat < 2.1.0 */
52+ int (*SetHashSalt)(XML_Parser parser, unsigned long hash_salt);
53 /* always add new stuff to the end! */
54 };
55
56diff --git a/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst b/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst
57new file mode 100644
58index 0000000..31ad92e
59--- /dev/null
60+++ b/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst
61@@ -0,0 +1,2 @@
62+The C accelerated _elementtree module now initializes hash randomization
63+salt from _Py_HashSecret instead of libexpat's default CSPRNG.
64diff --git a/Modules/_elementtree.c b/Modules/_elementtree.c
65index 1d316a1..a19cbf7 100644
66--- a/Modules/_elementtree.c
67+++ b/Modules/_elementtree.c
68@@ -2574,6 +2574,11 @@ xmlparser(PyObject* self_, PyObject* args, PyObject* kw)
69 PyErr_NoMemory();
70 return NULL;
71 }
72+ /* expat < 2.1.0 has no XML_SetHashSalt() */
73+ if (EXPAT(SetHashSalt) != NULL) {
74+ EXPAT(SetHashSalt)(self->parser,
75+ (unsigned long)_Py_HashSecret.prefix);
76+ }
77
78 ALLOC(sizeof(XMLParserObject), "create expatparser");
79
80diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c
81index 2b4d312..1f8c0d7 100644
82--- a/Modules/pyexpat.c
83+++ b/Modules/pyexpat.c
84@@ -2042,6 +2042,11 @@ MODULE_INITFUNC(void)
85 capi.SetProcessingInstructionHandler = XML_SetProcessingInstructionHandler;
86 capi.SetUnknownEncodingHandler = XML_SetUnknownEncodingHandler;
87 capi.SetUserData = XML_SetUserData;
88+#if XML_COMBINED_VERSION >= 20100
89+ capi.SetHashSalt = XML_SetHashSalt;
90+#else
91+ capi.SetHashSalt = NULL;
92+#endif
93
94 /* export using capsule */
95 capi_object = PyCapsule_New(&capi, PyExpat_CAPSULE_NAME, NULL);
96--
972.7.4
98
diff --git a/meta/recipes-devtools/python/python_2.7.15.bb b/meta/recipes-devtools/python/python_2.7.15.bb
index e8c9475005..dd969d8e7e 100644
--- a/meta/recipes-devtools/python/python_2.7.15.bb
+++ b/meta/recipes-devtools/python/python_2.7.15.bb
@@ -32,6 +32,7 @@ SRC_URI += "\
32 file://support_SOURCE_DATE_EPOCH_in_py_compile_2.7.patch \ 32 file://support_SOURCE_DATE_EPOCH_in_py_compile_2.7.patch \
33 file://float-endian.patch \ 33 file://float-endian.patch \
34 file://0001-closes-bpo-34540-Convert-shutil._call_external_zip-t.patch \ 34 file://0001-closes-bpo-34540-Convert-shutil._call_external_zip-t.patch \
35 file://0001-2.7-bpo-34623-Use-XML_SetHashSalt-in-_elementtree-GH.patch \
35" 36"
36 37
37S = "${WORKDIR}/Python-${PV}" 38S = "${WORKDIR}/Python-${PV}"