summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/python/python/CVE-2016-0772.patch
blob: 058050795401bf5d6a7f463bd56f67fcda168042 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# HG changeset patch
# User Benjamin Peterson <benjamin@python.org>
# Date 1465676202 25200
# Node ID b3ce713fb9beebfff9848cefa0acbd59acc68fe9
# Parent  3017e41b0c99d24e88faf1de447f230e2f64d122
raise an error when STARTTLS fails

Upstream-status: Backport
CVE: CVE-2016-0772
Signed-off-by: Armin Kuster <akuster@mvista.com>

Index: Python-2.7.9/Lib/smtplib.py
===================================================================
--- Python-2.7.9.orig/Lib/smtplib.py
+++ Python-2.7.9/Lib/smtplib.py
@@ -656,6 +656,11 @@ class SMTP:
             self.ehlo_resp = None
             self.esmtp_features = {}
             self.does_esmtp = 0
+        else:
+            # RFC 3207:
+            # 501 Syntax error (no parameters allowed)
+            # 454 TLS not available due to temporary reason
+            raise SMTPResponseException(resp, reply)
         return (resp, reply)
 
     def sendmail(self, from_addr, to_addrs, msg, mail_options=[],
Index: Python-2.7.9/Misc/NEWS
===================================================================
--- Python-2.7.9.orig/Misc/NEWS
+++ Python-2.7.9/Misc/NEWS
@@ -5136,6 +5136,9 @@ Library
 
 - Issue #8140: Extend compileall to compile single files.  Add -i option.
 
+- Fix TLS stripping vulnerability in smptlib, CVE-2016-0772.  Reported by Team
+  Oststrom
+
 - Issue #7356: ctypes.util: Make parsing of ldconfig output independent of the
   locale.