Fix for: CVE-2016-0772 python: smtplib StartTLS stripping attack (rhbz#1303647)
Raise an error when STARTTLS fails - rhbz#1303647: https://bugzilla.redhat.com/show_bug.cgi?id=1303647 - rhbz#1351679: https://bugzilla.redhat.com/show_bug.cgi?id=1351679 - Fixed upstream: https://hg.python.org/cpython/rev/b3ce713fb9be
This commit is contained in:
parent
5acd38513f
commit
f1894aa779
35
009-raise-an-error-when-STARTTLS-fails.patch
Normal file
35
009-raise-an-error-when-STARTTLS-fails.patch
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
From 935f806ae382a45620873dea0eafc536c9e01323 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
|
||||||
|
Date: Thu, 30 Jun 2016 14:51:24 +0200
|
||||||
|
Subject: [PATCH] Raise an error when STARTTLS fails
|
||||||
|
|
||||||
|
CVE-2016-0772 python: smtplib StartTLS stripping attack
|
||||||
|
rhbz#1303647: https://bugzilla.redhat.com/show_bug.cgi?id=1303647
|
||||||
|
rhbz#1351679: https://bugzilla.redhat.com/show_bug.cgi?id=1351679
|
||||||
|
|
||||||
|
Based on an upstream change by Benjamin Peterson <benjamin@python.org>
|
||||||
|
- in changeset 101886:b3ce713fb9be 2.7
|
||||||
|
- https://hg.python.org/cpython/rev/b3ce713fb9be
|
||||||
|
---
|
||||||
|
lib-python/2.7/smtplib.py | 5 +++++
|
||||||
|
1 file changed, 5 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib-python/2.7/smtplib.py b/lib-python/2.7/smtplib.py
|
||||||
|
index 8388b98..e1651c0 100755
|
||||||
|
--- a/lib-python/2.7/smtplib.py
|
||||||
|
+++ b/lib-python/2.7/smtplib.py
|
||||||
|
@@ -656,6 +656,11 @@ class SMTP:
|
||||||
|
self.ehlo_resp = None
|
||||||
|
self.esmtp_features = {}
|
||||||
|
self.does_esmtp = 0
|
||||||
|
+ else:
|
||||||
|
+ # RFC 3207:
|
||||||
|
+ # 501 Syntax error (no parameters allowed)
|
||||||
|
+ # 454 TLS not available due to temporary reason
|
||||||
|
+ raise SMTPResponseException(resp, reply)
|
||||||
|
return (resp, reply)
|
||||||
|
|
||||||
|
def sendmail(self, from_addr, to_addrs, msg, mail_options=[],
|
||||||
|
--
|
||||||
|
2.9.0
|
||||||
|
|
17
pypy.spec
17
pypy.spec
@ -1,6 +1,6 @@
|
|||||||
Name: pypy
|
Name: pypy
|
||||||
Version: 5.0.1
|
Version: 5.0.1
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
Summary: Python implementation with a Just-In-Time compiler
|
Summary: Python implementation with a Just-In-Time compiler
|
||||||
|
|
||||||
Group: Development/Languages
|
Group: Development/Languages
|
||||||
@ -153,6 +153,13 @@ Patch1: 006-always-log-stdout.patch
|
|||||||
# community that won't make sense outside of it). [Sorry to be a killjoy]
|
# community that won't make sense outside of it). [Sorry to be a killjoy]
|
||||||
Patch2: 007-remove-startup-message.patch
|
Patch2: 007-remove-startup-message.patch
|
||||||
|
|
||||||
|
# CVE-2016-0772 python: smtplib StartTLS stripping attack
|
||||||
|
# rhbz#1303647: https://bugzilla.redhat.com/show_bug.cgi?id=1303647
|
||||||
|
# rhbz#1351679: https://bugzilla.redhat.com/show_bug.cgi?id=1351679
|
||||||
|
# FIXED UPSTREAM: https://hg.python.org/cpython/rev/b3ce713fb9be
|
||||||
|
# Raise an error when STARTTLS fails
|
||||||
|
Patch3: 009-raise-an-error-when-STARTTLS-fails.patch
|
||||||
|
|
||||||
# Build-time requirements:
|
# Build-time requirements:
|
||||||
|
|
||||||
# pypy's can be rebuilt using itself, rather than with CPython; doing so
|
# pypy's can be rebuilt using itself, rather than with CPython; doing so
|
||||||
@ -268,6 +275,7 @@ Build of PyPy with support for micro-threads for massive concurrency
|
|||||||
%patch0 -p1
|
%patch0 -p1
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
|
%patch3 -p1
|
||||||
# Replace /usr/local/bin/python shebangs with /usr/bin/python:
|
# Replace /usr/local/bin/python shebangs with /usr/bin/python:
|
||||||
find -name "*.py" -exec \
|
find -name "*.py" -exec \
|
||||||
sed \
|
sed \
|
||||||
@ -710,6 +718,13 @@ CheckPyPy %{name}-c-stackless
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jun 30 2016 Miro Hrončok <mhroncok@redhat.com> - 5.0.1-3
|
||||||
|
- Fix for: CVE-2016-0772 python: smtplib StartTLS stripping attack
|
||||||
|
- Raise an error when STARTTLS fails
|
||||||
|
- rhbz#1303647: https://bugzilla.redhat.com/show_bug.cgi?id=1303647
|
||||||
|
- rhbz#1351679: https://bugzilla.redhat.com/show_bug.cgi?id=1351679
|
||||||
|
- Fixed upstream: https://hg.python.org/cpython/rev/b3ce713fb9be
|
||||||
|
|
||||||
* Fri May 13 2016 Miro Hrončok <mhroncok@redhat.com> - 5.0.1-2
|
* Fri May 13 2016 Miro Hrončok <mhroncok@redhat.com> - 5.0.1-2
|
||||||
- Move header files back to %%{pypy_include_dir} (rhbz#1328025)
|
- Move header files back to %%{pypy_include_dir} (rhbz#1328025)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user