python3: fix CVE-2020-14422

(From OE-Core rev: 0400d217d0891ee553926c10d7caaabc8bebc22e) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Lee Chee Yang <chee.yang.lee@intel.com> 2020-07-03 17:32:04 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-07-07 23:15:10 +0100
commit: 17e594e8f97c9747c3774f491abc6b6b4ff2bb8a (patch)
tree: 54fdf7c0fdf41e4fc5d4f82a7edb52a2b1d096a1 /meta/recipes-devtools
parent: bf175f82ceebd85377857554100cb23653490bde (diff)
download: poky-17e594e8f97c9747c3774f491abc6b6b4ff2bb8a.tar.gz
2 files changed, 78 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python3/CVE-2020-14422.patch b/meta/recipes-devtools/python/python3/CVE-2020-14422.patch
new file mode 100644
index 0000000000..6889e46da9
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/CVE-2020-14422.patch
@@ -0,0 +1,77 @@
+From dc8ce8ead182de46584cc1ed8a8c51d48240cbd5 Mon Sep 17 00:00:00 2001
+From: "Miss Islington (bot)"
+ <31488909+miss-islington@users.noreply.github.com>
+Date: Mon, 29 Jun 2020 11:12:50 -0700
+Subject: [PATCH] bpo-41004: Resolve hash collisions for IPv4Interface and
+ IPv6Interface (GH-21033)
+The __hash__() methods of classes IPv4Interface and IPv6Interface had issue
+of generating constant hash values of 32 and 128 respectively causing hash collisions.
+The fix uses the hash() function to generate hash values for the objects
+instead of XOR operation
+(cherry picked from commit b30ee26e366bf509b7538d79bfec6c6d38d53f28)
+Co-authored-by: Ravi Teja P <rvteja92@gmail.com>
+Upstream-Status: Backport [https://github.com/python/cpython/commit/dc8ce8ead182de46584cc1ed8a8c51d48240cbd5]
+CVE: CVE-2020-14422
+Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
+---
+ Lib/ipaddress.py                                     |  4 ++--
+ Lib/test/test_ipaddress.py                           | 12 ++++++++++++
+ .../2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst         |  1 +
+ 3 files changed, 15 insertions(+), 2 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst
+diff --git a/Lib/ipaddress.py b/Lib/ipaddress.py
+index 873c7644081af..a3a04f7f4b309 100644
+--- a/Lib/ipaddress.py
+++ b/Lib/ipaddress.py
+@@ -1370,7 +1370,7 @@ def __lt__(self, other):
+             return False
+ 
+     def __hash__(self):
+-        return self._ip ^ self._prefixlen ^ int(self.network.network_address)
+        return hash((self._ip, self._prefixlen, int(self.network.network_address)))
+ 
+     __reduce__ = _IPAddressBase.__reduce__
+ 
+@@ -2017,7 +2017,7 @@ def __lt__(self, other):
+             return False
+ 
+     def __hash__(self):
+-        return self._ip ^ self._prefixlen ^ int(self.network.network_address)
+        return hash((self._ip, self._prefixlen, int(self.network.network_address)))
+ 
+     __reduce__ = _IPAddressBase.__reduce__
+ 
+diff --git a/Lib/test/test_ipaddress.py b/Lib/test/test_ipaddress.py
+index de77111705b69..2eba740e5e7a4 100644
+--- a/Lib/test/test_ipaddress.py
+++ b/Lib/test/test_ipaddress.py
+@@ -2053,6 +2053,18 @@ def testsixtofour(self):
+                          sixtofouraddr.sixtofour)
+         self.assertFalse(bad_addr.sixtofour)
+ 
+    # issue41004 Hash collisions in IPv4Interface and IPv6Interface
+    def testV4HashIsNotConstant(self):
+        ipv4_address1 = ipaddress.IPv4Interface("1.2.3.4")
+        ipv4_address2 = ipaddress.IPv4Interface("2.3.4.5")
+        self.assertNotEqual(ipv4_address1.__hash__(), ipv4_address2.__hash__())
+
+    # issue41004 Hash collisions in IPv4Interface and IPv6Interface
+    def testV6HashIsNotConstant(self):
+        ipv6_address1 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:1")
+        ipv6_address2 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:2")
+        self.assertNotEqual(ipv6_address1.__hash__(), ipv6_address2.__hash__())
+
+ 
+ if __name__ == '__main__':
+     unittest.main()
+diff --git a/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst
+new file mode 100644
+index 0000000000000..1380b31fbe9f4
+--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst
+@@ -0,0 +1 @@
+The __hash__() methods of  ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address).
diff --git a/meta/recipes-devtools/python/python3_3.8.2.bb b/meta/recipes-devtools/python/python3_3.8.2.bb
index a4a16fd495..99d9f6748f 100644
--- a/meta/recipes-devtools/python/python3_3.8.2.bb
+++ b/meta/recipes-devtools/python/python3_3.8.2.bb
@@ -33,6 +33,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
           file://0001-python3-Do-not-hardcode-lib-for-distutils.patch \
           file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \
           file://0001-bpo-39503-CVE-2020-8492-Fix-AbstractBasicAuthHandler.patch \
+           file://CVE-2020-14422.patch \
           "
 SRC_URI_append_class-native = " \
author	Lee Chee Yang <chee.yang.lee@intel.com>	2020-07-03 17:32:04 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2020-07-07 23:15:10 +0100
commit	17e594e8f97c9747c3774f491abc6b6b4ff2bb8a (patch)
tree	54fdf7c0fdf41e4fc5d4f82a7edb52a2b1d096a1 /meta/recipes-devtools
parent	bf175f82ceebd85377857554100cb23653490bde (diff)
download	poky-17e594e8f97c9747c3774f491abc6b6b4ff2bb8a.tar.gz

diff --git a/meta/recipes-devtools/python/python3/CVE-2020-14422.patch b/meta/recipes-devtools/python/python3/CVE-2020-14422.patch new file mode 100644 index 0000000000..6889e46da9 --- /dev/null +++ b/meta/recipes-devtools/python/python3/CVE-2020-14422.patch
@@ -0,0 +1,77 @@
		1	From dc8ce8ead182de46584cc1ed8a8c51d48240cbd5 Mon Sep 17 00:00:00 2001
		2	From: "Miss Islington (bot)"
		3	<31488909+miss-islington@users.noreply.github.com>
		4	Date: Mon, 29 Jun 2020 11:12:50 -0700
		5	Subject: [PATCH] bpo-41004: Resolve hash collisions for IPv4Interface and
		6	IPv6Interface (GH-21033)
		7
		8	The __hash__() methods of classes IPv4Interface and IPv6Interface had issue
		9	of generating constant hash values of 32 and 128 respectively causing hash collisions.
		10	The fix uses the hash() function to generate hash values for the objects
		11	instead of XOR operation
		12	(cherry picked from commit b30ee26e366bf509b7538d79bfec6c6d38d53f28)
		13
		14	Co-authored-by: Ravi Teja P <rvteja92@gmail.com>
		15
		16	Upstream-Status: Backport [https://github.com/python/cpython/commit/dc8ce8ead182de46584cc1ed8a8c51d48240cbd5]
		17	CVE: CVE-2020-14422
		18	Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
		19	---
		20	Lib/ipaddress.py \| 4 ++--
		21	Lib/test/test_ipaddress.py \| 12 ++++++++++++
		22	.../2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst \| 1 +
		23	3 files changed, 15 insertions(+), 2 deletions(-)
		24	create mode 100644 Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst
		25
		26	diff --git a/Lib/ipaddress.py b/Lib/ipaddress.py
		27	index 873c7644081af..a3a04f7f4b309 100644
		28	--- a/Lib/ipaddress.py
		29	+++ b/Lib/ipaddress.py
		30	@@ -1370,7 +1370,7 @@ def __lt__(self, other):
		31	return False
		32
		33	def __hash__(self):
		34	- return self._ip ^ self._prefixlen ^ int(self.network.network_address)
		35	+ return hash((self._ip, self._prefixlen, int(self.network.network_address)))
		36
		37	__reduce__ = _IPAddressBase.__reduce__
		38
		39	@@ -2017,7 +2017,7 @@ def __lt__(self, other):
		40	return False
		41
		42	def __hash__(self):
		43	- return self._ip ^ self._prefixlen ^ int(self.network.network_address)
		44	+ return hash((self._ip, self._prefixlen, int(self.network.network_address)))
		45
		46	__reduce__ = _IPAddressBase.__reduce__
		47
		48	diff --git a/Lib/test/test_ipaddress.py b/Lib/test/test_ipaddress.py
		49	index de77111705b69..2eba740e5e7a4 100644
		50	--- a/Lib/test/test_ipaddress.py
		51	+++ b/Lib/test/test_ipaddress.py
		52	@@ -2053,6 +2053,18 @@ def testsixtofour(self):
		53	sixtofouraddr.sixtofour)
		54	self.assertFalse(bad_addr.sixtofour)
		55
		56	+ # issue41004 Hash collisions in IPv4Interface and IPv6Interface
		57	+ def testV4HashIsNotConstant(self):
		58	+ ipv4_address1 = ipaddress.IPv4Interface("1.2.3.4")
		59	+ ipv4_address2 = ipaddress.IPv4Interface("2.3.4.5")
		60	+ self.assertNotEqual(ipv4_address1.__hash__(), ipv4_address2.__hash__())
		61	+
		62	+ # issue41004 Hash collisions in IPv4Interface and IPv6Interface
		63	+ def testV6HashIsNotConstant(self):
		64	+ ipv6_address1 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:1")
		65	+ ipv6_address2 = ipaddress.IPv6Interface("2001:658:22a:cafe:200:0:0:2")
		66	+ self.assertNotEqual(ipv6_address1.__hash__(), ipv6_address2.__hash__())
		67	+
		68
		69	if __name__ == '__main__':
		70	unittest.main()
		71	diff --git a/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst
		72	new file mode 100644
		73	index 0000000000000..1380b31fbe9f4
		74	--- /dev/null
		75	+++ b/Misc/NEWS.d/next/Security/2020-06-29-16-02-29.bpo-41004.ovF0KZ.rst
		76	@@ -0,0 +1 @@
		77	+The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address).


diff --git a/meta/recipes-devtools/python/python3_3.8.2.bb b/meta/recipes-devtools/python/python3_3.8.2.bb index a4a16fd495..99d9f6748f 100644 --- a/meta/recipes-devtools/python/python3_3.8.2.bb +++ b/meta/recipes-devtools/python/python3_3.8.2.bb
@@ -33,6 +33,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
33	file://0001-python3-Do-not-hardcode-lib-for-distutils.patch \	33	file://0001-python3-Do-not-hardcode-lib-for-distutils.patch \
34	file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \	34	file://0020-configure.ac-setup.py-do-not-add-a-curses-include-pa.patch \
35	file://0001-bpo-39503-CVE-2020-8492-Fix-AbstractBasicAuthHandler.patch \	35	file://0001-bpo-39503-CVE-2020-8492-Fix-AbstractBasicAuthHandler.patch \
		36	file://CVE-2020-14422.patch \
36	"	37	"
37		38
38	SRC_URI_append_class-native = " \	39	SRC_URI_append_class-native = " \