2 files changed, 28 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python/json-flaw-CVE-2014-4616.patch b/meta/recipes-devtools/python/python/json-flaw-CVE-2014-4616.patch
new file mode 100644
index 0000000000..e9a6cca017
--- /dev/null
+++ b/meta/recipes-devtools/python/python/json-flaw-CVE-2014-4616.patch
@@ -0,0 +1,27 @@
+python: fix _json module arbitrary process memory read vulnerability
+Upstream-Status: submitted
+Signed-off-by: Daniel BORNAZ <daniel.bornaz@enea.com>
+--- a/Modules/_json.c   2014-07-15 15:37:17.151046356 +0200
+++ b/Modules/_json.c   2014-07-15 15:38:37.335605042 +0200
+@@ -1491,7 +1491,7 @@ scan_once_str(PyScannerObject *s, PyObje
+     PyObject *res;
+     char *str = PyString_AS_STRING(pystr);
+     Py_ssize_t length = PyString_GET_SIZE(pystr);
+-    if (idx >= length) {
+    if ( idx < 0 || idx >= length) {
+         PyErr_SetNone(PyExc_StopIteration);
+         return NULL;
+     }
+@@ -1578,7 +1578,7 @@ scan_once_unicode(PyScannerObject *s, Py
+     PyObject *res;
+     Py_UNICODE *str = PyUnicode_AS_UNICODE(pystr);
+     Py_ssize_t length = PyUnicode_GET_SIZE(pystr);
+-    if (idx >= length) {
+    if ( idx < 0 || idx >= length) {
+         PyErr_SetNone(PyExc_StopIteration);
+         return NULL;
+     }
diff --git a/meta/recipes-devtools/python/python_2.7.3.bb b/meta/recipes-devtools/python/python_2.7.3.bb
index 0d641720f1..bbe16eb5d2 100644
--- a/meta/recipes-devtools/python/python_2.7.3.bb
+++ b/meta/recipes-devtools/python/python_2.7.3.bb
@@ -36,6 +36,7 @@ SRC_URI += "\
  file://python-2.7.3-CVE-2013-1752-smtplib-fix.patch \
  file://python-fix-build-error-with-Readline-6.3.patch \
  file://python-2.7.3-CVE-2014-1912.patch \
+  file://json-flaw-CVE-2014-4616.patch \
 "
 S = "${WORKDIR}/Python-${PV}"

diff --git a/meta/recipes-devtools/python/python/json-flaw-CVE-2014-4616.patch b/meta/recipes-devtools/python/python/json-flaw-CVE-2014-4616.patch new file mode 100644 index 0000000000..e9a6cca017 --- /dev/null +++ b/meta/recipes-devtools/python/python/json-flaw-CVE-2014-4616.patch
@@ -0,0 +1,27 @@
		1
		2	python: fix _json module arbitrary process memory read vulnerability
		3
		4	Upstream-Status: submitted
		5
		6	Signed-off-by: Daniel BORNAZ <daniel.bornaz@enea.com>
		7
		8	--- a/Modules/_json.c 2014-07-15 15:37:17.151046356 +0200
		9	+++ b/Modules/_json.c 2014-07-15 15:38:37.335605042 +0200
		10	@@ -1491,7 +1491,7 @@ scan_once_str(PyScannerObject *s, PyObje
		11	PyObject *res;
		12	char *str = PyString_AS_STRING(pystr);
		13	Py_ssize_t length = PyString_GET_SIZE(pystr);
		14	- if (idx >= length) {
		15	+ if ( idx < 0 \|\| idx >= length) {
		16	PyErr_SetNone(PyExc_StopIteration);
		17	return NULL;
		18	}
		19	@@ -1578,7 +1578,7 @@ scan_once_unicode(PyScannerObject *s, Py
		20	PyObject *res;
		21	Py_UNICODE *str = PyUnicode_AS_UNICODE(pystr);
		22	Py_ssize_t length = PyUnicode_GET_SIZE(pystr);
		23	- if (idx >= length) {
		24	+ if ( idx < 0 \|\| idx >= length) {
		25	PyErr_SetNone(PyExc_StopIteration);
		26	return NULL;
		27	}


diff --git a/meta/recipes-devtools/python/python_2.7.3.bb b/meta/recipes-devtools/python/python_2.7.3.bb index 0d641720f1..bbe16eb5d2 100644 --- a/meta/recipes-devtools/python/python_2.7.3.bb +++ b/meta/recipes-devtools/python/python_2.7.3.bb
@@ -36,6 +36,7 @@ SRC_URI += "\
36	file://python-2.7.3-CVE-2013-1752-smtplib-fix.patch \	36	file://python-2.7.3-CVE-2013-1752-smtplib-fix.patch \
37	file://python-fix-build-error-with-Readline-6.3.patch \	37	file://python-fix-build-error-with-Readline-6.3.patch \
38	file://python-2.7.3-CVE-2014-1912.patch \	38	file://python-2.7.3-CVE-2014-1912.patch \
		39	file://json-flaw-CVE-2014-4616.patch \
39	"	40	"
40		41
41	S = "${WORKDIR}/Python-${PV}"	42	S = "${WORKDIR}/Python-${PV}"