python2: Security fix CVE-2016-5636

Affects python2 < 2.7.11 Base score (4.4) Medium (From OE-Core rev: 4d1f651047a045955b436357753c7e094468b4ed) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster@mvista.com> 2016-07-16 16:04:14 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-07-20 10:28:52 +0100
commit: 81106cd333b03d78fc090dd09dd796cf083744e7 (patch)
tree: fb03ab49557f258321a994da892d983b175ecfb0 /meta
parent: 3aaf0232027629b868c85a8f86c2d26e5e9c7ea9 (diff)
download: poky-81106cd333b03d78fc090dd09dd796cf083744e7.tar.gz
2 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python/CVE-2016-5636.patch b/meta/recipes-devtools/python/python/CVE-2016-5636.patch
new file mode 100644
index 0000000000..9a37471459
--- /dev/null
+++ b/meta/recipes-devtools/python/python/CVE-2016-5636.patch
@@ -0,0 +1,44 @@
+# HG changeset patch
+# User Benjamin Peterson <benjamin@python.org>
+# Date 1453357424 28800
+# Node ID 985fc64c60d6adffd1138b6cc46df388ca91ca5d
+# Parent  7ec954b9fc54448a35b56d271340ba109eb381b9
+prevent buffer overflow in get_data (closes #26171)
+Upstream-Status: Backport
+https://hg.python.org/cpython/rev/985fc64c60d6
+CVE: CVE-2016-5636
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+Index: Python-2.7.11/Misc/NEWS
+===================================================================
+--- Python-2.7.11.orig/Misc/NEWS
+++ Python-2.7.11/Misc/NEWS
+@@ -7,6 +7,9 @@ What's New in Python 2.7.11?
+ 
+ *Release date: 2015-12-05*
+ 
+- Issue #26171: Fix possible integer overflow and heap corruption in
+  zipimporter.get_data().
+
+ Library
+ -------
+ 
+Index: Python-2.7.11/Modules/zipimport.c
+===================================================================
+--- Python-2.7.11.orig/Modules/zipimport.c
+++ Python-2.7.11/Modules/zipimport.c
+@@ -895,6 +895,11 @@ get_data(char *archive, PyObject *toc_en
+         PyMarshal_ReadShortFromFile(fp);        /* local header size */
+     file_offset += l;           /* Start of file data */
+ 
+    if (data_size > LONG_MAX - 1) {
+        fclose(fp);
+        PyErr_NoMemory();
+        return NULL;
+    }
+     raw_data = PyString_FromStringAndSize((char *)NULL, compress == 0 ?
+                                           data_size : data_size + 1);
+     if (raw_data == NULL) {
diff --git a/meta/recipes-devtools/python/python_2.7.11.bb b/meta/recipes-devtools/python/python_2.7.11.bb
index 7eced2dcdc..1e4a30d1ff 100644
--- a/meta/recipes-devtools/python/python_2.7.11.bb
+++ b/meta/recipes-devtools/python/python_2.7.11.bb
@@ -27,6 +27,7 @@ SRC_URI += "\
  file://use_sysroot_ncurses_instead_of_host.patch \
  file://avoid_parallel_make_races_on_pgen.patch \
  file://add-CROSSPYTHONPATH-for-PYTHON_FOR_BUILD.patch \
+  file://CVE-2016-5636.patch \
 "
 S = "${WORKDIR}/Python-${PV}"
author	Armin Kuster <akuster@mvista.com>	2016-07-16 16:04:14 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-07-20 10:28:52 +0100
commit	81106cd333b03d78fc090dd09dd796cf083744e7 (patch)
tree	fb03ab49557f258321a994da892d983b175ecfb0 /meta
parent	3aaf0232027629b868c85a8f86c2d26e5e9c7ea9 (diff)
download	poky-81106cd333b03d78fc090dd09dd796cf083744e7.tar.gz

diff --git a/meta/recipes-devtools/python/python/CVE-2016-5636.patch b/meta/recipes-devtools/python/python/CVE-2016-5636.patch new file mode 100644 index 0000000000..9a37471459 --- /dev/null +++ b/meta/recipes-devtools/python/python/CVE-2016-5636.patch
@@ -0,0 +1,44 @@
		1
		2	# HG changeset patch
		3	# User Benjamin Peterson <benjamin@python.org>
		4	# Date 1453357424 28800
		5	# Node ID 985fc64c60d6adffd1138b6cc46df388ca91ca5d
		6	# Parent 7ec954b9fc54448a35b56d271340ba109eb381b9
		7	prevent buffer overflow in get_data (closes #26171)
		8
		9	Upstream-Status: Backport
		10	https://hg.python.org/cpython/rev/985fc64c60d6
		11
		12	CVE: CVE-2016-5636
		13	Signed-off-by: Armin Kuster <akuster@mvista.com>
		14
		15	Index: Python-2.7.11/Misc/NEWS
		16	===================================================================
		17	--- Python-2.7.11.orig/Misc/NEWS
		18	+++ Python-2.7.11/Misc/NEWS
		19	@@ -7,6 +7,9 @@ What's New in Python 2.7.11?
		20
		21	Release date: 2015-12-05
		22
		23	+- Issue #26171: Fix possible integer overflow and heap corruption in
		24	+ zipimporter.get_data().
		25	+
		26	Library
		27	-------
		28
		29	Index: Python-2.7.11/Modules/zipimport.c
		30	===================================================================
		31	--- Python-2.7.11.orig/Modules/zipimport.c
		32	+++ Python-2.7.11/Modules/zipimport.c
		33	@@ -895,6 +895,11 @@ get_data(char archive, PyObject toc_en
		34	PyMarshal_ReadShortFromFile(fp); /* local header size */
		35	file_offset += l; /* Start of file data */
		36
		37	+ if (data_size > LONG_MAX - 1) {
		38	+ fclose(fp);
		39	+ PyErr_NoMemory();
		40	+ return NULL;
		41	+ }
		42	raw_data = PyString_FromStringAndSize((char *)NULL, compress == 0 ?
		43	data_size : data_size + 1);
		44	if (raw_data == NULL) {


diff --git a/meta/recipes-devtools/python/python_2.7.11.bb b/meta/recipes-devtools/python/python_2.7.11.bb index 7eced2dcdc..1e4a30d1ff 100644 --- a/meta/recipes-devtools/python/python_2.7.11.bb +++ b/meta/recipes-devtools/python/python_2.7.11.bb
@@ -27,6 +27,7 @@ SRC_URI += "\
27	file://use_sysroot_ncurses_instead_of_host.patch \	27	file://use_sysroot_ncurses_instead_of_host.patch \
28	file://avoid_parallel_make_races_on_pgen.patch \	28	file://avoid_parallel_make_races_on_pgen.patch \
29	file://add-CROSSPYTHONPATH-for-PYTHON_FOR_BUILD.patch \	29	file://add-CROSSPYTHONPATH-for-PYTHON_FOR_BUILD.patch \
		30	file://CVE-2016-5636.patch \
30	"	31	"
31		32
32	S = "${WORKDIR}/Python-${PV}"	33	S = "${WORKDIR}/Python-${PV}"