summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/recipes-devtools/python/python/CVE-2016-5636.patch44
-rw-r--r--meta/recipes-devtools/python/python/avoid_parallel_make_races_on_pgen.patch27
2 files changed, 0 insertions, 71 deletions
diff --git a/meta/recipes-devtools/python/python/CVE-2016-5636.patch b/meta/recipes-devtools/python/python/CVE-2016-5636.patch
deleted file mode 100644
index 9a37471459..0000000000
--- a/meta/recipes-devtools/python/python/CVE-2016-5636.patch
+++ /dev/null
@@ -1,44 +0,0 @@
1
2# HG changeset patch
3# User Benjamin Peterson <benjamin@python.org>
4# Date 1453357424 28800
5# Node ID 985fc64c60d6adffd1138b6cc46df388ca91ca5d
6# Parent 7ec954b9fc54448a35b56d271340ba109eb381b9
7prevent buffer overflow in get_data (closes #26171)
8
9Upstream-Status: Backport
10https://hg.python.org/cpython/rev/985fc64c60d6
11
12CVE: CVE-2016-5636
13Signed-off-by: Armin Kuster <akuster@mvista.com>
14
15Index: Python-2.7.11/Misc/NEWS
16===================================================================
17--- Python-2.7.11.orig/Misc/NEWS
18+++ Python-2.7.11/Misc/NEWS
19@@ -7,6 +7,9 @@ What's New in Python 2.7.11?
20
21 *Release date: 2015-12-05*
22
23+- Issue #26171: Fix possible integer overflow and heap corruption in
24+ zipimporter.get_data().
25+
26 Library
27 -------
28
29Index: Python-2.7.11/Modules/zipimport.c
30===================================================================
31--- Python-2.7.11.orig/Modules/zipimport.c
32+++ Python-2.7.11/Modules/zipimport.c
33@@ -895,6 +895,11 @@ get_data(char *archive, PyObject *toc_en
34 PyMarshal_ReadShortFromFile(fp); /* local header size */
35 file_offset += l; /* Start of file data */
36
37+ if (data_size > LONG_MAX - 1) {
38+ fclose(fp);
39+ PyErr_NoMemory();
40+ return NULL;
41+ }
42 raw_data = PyString_FromStringAndSize((char *)NULL, compress == 0 ?
43 data_size : data_size + 1);
44 if (raw_data == NULL) {
diff --git a/meta/recipes-devtools/python/python/avoid_parallel_make_races_on_pgen.patch b/meta/recipes-devtools/python/python/avoid_parallel_make_races_on_pgen.patch
deleted file mode 100644
index 8012245afe..0000000000
--- a/meta/recipes-devtools/python/python/avoid_parallel_make_races_on_pgen.patch
+++ /dev/null
@@ -1,27 +0,0 @@
1Upstream-Status: Pending
2
3Avoids parallel make races linking errors when making Parser/PGEN
4
5- Implements Richard Purdie's idea
6
7Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
8Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
9
10Index: Python-2.7.9/Makefile.pre.in
11===================================================================
12--- Python-2.7.9.orig/Makefile.pre.in
13+++ Python-2.7.9/Makefile.pre.in
14@@ -611,12 +611,10 @@ Modules/grpmodule.o: $(srcdir)/Modules/g
15
16 Modules/pwdmodule.o: $(srcdir)/Modules/pwdmodule.c $(srcdir)/Modules/posixmodule.h
17
18-$(GRAMMAR_H): $(GRAMMAR_INPUT) $(PGENSRCS)
19+$(GRAMMAR_H): $(GRAMMAR_INPUT) $(PGENSRCS) $(PGEN)
20 @$(MKDIR_P) Include
21- $(MAKE) $(PGEN)
22 $(HOSTPGEN) $(GRAMMAR_INPUT) $(GRAMMAR_H) $(GRAMMAR_C)
23 $(GRAMMAR_C): $(GRAMMAR_H) $(GRAMMAR_INPUT) $(PGENSRCS)
24- $(MAKE) $(GRAMMAR_H)
25 touch $(GRAMMAR_C)
26
27 $(PGEN): $(PGENOBJS)