1 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python/CVE-2016-0772.patch b/meta/recipes-devtools/python/python/CVE-2016-0772.patch
new file mode 100644
index 0000000000..0580507954
--- /dev/null
+++ b/meta/recipes-devtools/python/python/CVE-2016-0772.patch
@@ -0,0 +1,42 @@
+# HG changeset patch
+# User Benjamin Peterson <benjamin@python.org>
+# Date 1465676202 25200
+# Node ID b3ce713fb9beebfff9848cefa0acbd59acc68fe9
+# Parent  3017e41b0c99d24e88faf1de447f230e2f64d122
+raise an error when STARTTLS fails
+Upstream-status: Backport
+CVE: CVE-2016-0772
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+Index: Python-2.7.9/Lib/smtplib.py
+===================================================================
+--- Python-2.7.9.orig/Lib/smtplib.py
+++ Python-2.7.9/Lib/smtplib.py
+@@ -656,6 +656,11 @@ class SMTP:
+             self.ehlo_resp = None
+             self.esmtp_features = {}
+             self.does_esmtp = 0
+        else:
+            # RFC 3207:
+            # 501 Syntax error (no parameters allowed)
+            # 454 TLS not available due to temporary reason
+            raise SMTPResponseException(resp, reply)
+         return (resp, reply)
+ 
+     def sendmail(self, from_addr, to_addrs, msg, mail_options=[],
+Index: Python-2.7.9/Misc/NEWS
+===================================================================
+--- Python-2.7.9.orig/Misc/NEWS
+++ Python-2.7.9/Misc/NEWS
+@@ -5136,6 +5136,9 @@ Library
+ 
+ - Issue #8140: Extend compileall to compile single files.  Add -i option.
+ 
+- Fix TLS stripping vulnerability in smptlib, CVE-2016-0772.  Reported by Team
+  Oststrom
+
+ - Issue #7356: ctypes.util: Make parsing of ldconfig output independent of the
+   locale.
+

diff --git a/meta/recipes-devtools/python/python/CVE-2016-0772.patch b/meta/recipes-devtools/python/python/CVE-2016-0772.patch new file mode 100644 index 0000000000..0580507954 --- /dev/null +++ b/meta/recipes-devtools/python/python/CVE-2016-0772.patch
@@ -0,0 +1,42 @@
	1
	2	# HG changeset patch
	3	# User Benjamin Peterson <benjamin@python.org>
	4	# Date 1465676202 25200
	5	# Node ID b3ce713fb9beebfff9848cefa0acbd59acc68fe9
	6	# Parent 3017e41b0c99d24e88faf1de447f230e2f64d122
	7	raise an error when STARTTLS fails
	8
	9	Upstream-status: Backport
	10	CVE: CVE-2016-0772
	11	Signed-off-by: Armin Kuster <akuster@mvista.com>
	12
	13	Index: Python-2.7.9/Lib/smtplib.py
	14	===================================================================
	15	--- Python-2.7.9.orig/Lib/smtplib.py
	16	+++ Python-2.7.9/Lib/smtplib.py
	17	@@ -656,6 +656,11 @@ class SMTP:
	18	self.ehlo_resp = None
	19	self.esmtp_features = {}
	20	self.does_esmtp = 0
	21	+ else:
	22	+ # RFC 3207:
	23	+ # 501 Syntax error (no parameters allowed)
	24	+ # 454 TLS not available due to temporary reason
	25	+ raise SMTPResponseException(resp, reply)
	26	return (resp, reply)
	27
	28	def sendmail(self, from_addr, to_addrs, msg, mail_options=[],
	29	Index: Python-2.7.9/Misc/NEWS
	30	===================================================================
	31	--- Python-2.7.9.orig/Misc/NEWS
	32	+++ Python-2.7.9/Misc/NEWS
	33	@@ -5136,6 +5136,9 @@ Library
	34
	35	- Issue #8140: Extend compileall to compile single files. Add -i option.
	36
	37	+- Fix TLS stripping vulnerability in smptlib, CVE-2016-0772. Reported by Team
	38	+ Oststrom
	39	+
	40	- Issue #7356: ctypes.util: Make parsing of ldconfig output independent of the
	41	locale.
	42