diff options
Diffstat (limited to 'meta/recipes-devtools')
-rw-r--r-- | meta/recipes-devtools/python/python-native_2.7.3.bb | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/python/python/json-flaw-fix.patch | 27 | ||||
-rw-r--r-- | meta/recipes-devtools/python/python_2.7.3.bb | 1 |
3 files changed, 29 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python-native_2.7.3.bb b/meta/recipes-devtools/python/python-native_2.7.3.bb index 0571d3a488..827654dfa2 100644 --- a/meta/recipes-devtools/python/python-native_2.7.3.bb +++ b/meta/recipes-devtools/python/python-native_2.7.3.bb | |||
@@ -19,6 +19,7 @@ SRC_URI += "\ | |||
19 | file://parallel-makeinst-create-bindir.patch \ | 19 | file://parallel-makeinst-create-bindir.patch \ |
20 | file://python-fix-build-error-with-Readline-6.3.patch \ | 20 | file://python-fix-build-error-with-Readline-6.3.patch \ |
21 | file://gcc-4.8-fix-configure-Wformat.patch \ | 21 | file://gcc-4.8-fix-configure-Wformat.patch \ |
22 | file://json-flaw-fix.patch \ | ||
22 | " | 23 | " |
23 | S = "${WORKDIR}/Python-${PV}" | 24 | S = "${WORKDIR}/Python-${PV}" |
24 | 25 | ||
diff --git a/meta/recipes-devtools/python/python/json-flaw-fix.patch b/meta/recipes-devtools/python/python/json-flaw-fix.patch new file mode 100644 index 0000000000..e9a6cca017 --- /dev/null +++ b/meta/recipes-devtools/python/python/json-flaw-fix.patch | |||
@@ -0,0 +1,27 @@ | |||
1 | |||
2 | python: fix _json module arbitrary process memory read vulnerability | ||
3 | |||
4 | Upstream-Status: submitted | ||
5 | |||
6 | Signed-off-by: Daniel BORNAZ <daniel.bornaz@enea.com> | ||
7 | |||
8 | --- a/Modules/_json.c 2014-07-15 15:37:17.151046356 +0200 | ||
9 | +++ b/Modules/_json.c 2014-07-15 15:38:37.335605042 +0200 | ||
10 | @@ -1491,7 +1491,7 @@ scan_once_str(PyScannerObject *s, PyObje | ||
11 | PyObject *res; | ||
12 | char *str = PyString_AS_STRING(pystr); | ||
13 | Py_ssize_t length = PyString_GET_SIZE(pystr); | ||
14 | - if (idx >= length) { | ||
15 | + if ( idx < 0 || idx >= length) { | ||
16 | PyErr_SetNone(PyExc_StopIteration); | ||
17 | return NULL; | ||
18 | } | ||
19 | @@ -1578,7 +1578,7 @@ scan_once_unicode(PyScannerObject *s, Py | ||
20 | PyObject *res; | ||
21 | Py_UNICODE *str = PyUnicode_AS_UNICODE(pystr); | ||
22 | Py_ssize_t length = PyUnicode_GET_SIZE(pystr); | ||
23 | - if (idx >= length) { | ||
24 | + if ( idx < 0 || idx >= length) { | ||
25 | PyErr_SetNone(PyExc_StopIteration); | ||
26 | return NULL; | ||
27 | } | ||
diff --git a/meta/recipes-devtools/python/python_2.7.3.bb b/meta/recipes-devtools/python/python_2.7.3.bb index 0d641720f1..5be9073829 100644 --- a/meta/recipes-devtools/python/python_2.7.3.bb +++ b/meta/recipes-devtools/python/python_2.7.3.bb | |||
@@ -36,6 +36,7 @@ SRC_URI += "\ | |||
36 | file://python-2.7.3-CVE-2013-1752-smtplib-fix.patch \ | 36 | file://python-2.7.3-CVE-2013-1752-smtplib-fix.patch \ |
37 | file://python-fix-build-error-with-Readline-6.3.patch \ | 37 | file://python-fix-build-error-with-Readline-6.3.patch \ |
38 | file://python-2.7.3-CVE-2014-1912.patch \ | 38 | file://python-2.7.3-CVE-2014-1912.patch \ |
39 | file://json-flaw-fix.patch \ | ||
39 | " | 40 | " |
40 | 41 | ||
41 | S = "${WORKDIR}/Python-${PV}" | 42 | S = "${WORKDIR}/Python-${PV}" |