Fix for: CVE-2016-0772 python: smtplib StartTLS stripping attack (rhbz#1303647)
Raise an error when STARTTLS fails - rhbz#1303647: https://bugzilla.redhat.com/show_bug.cgi?id=1303647 - rhbz#1351679: https://bugzilla.redhat.com/show_bug.cgi?id=1351679 - Fixed upstream: https://hg.python.org/cpython/rev/b3ce713fb9be
This commit is contained in:
parent
5acd38513f
commit
f1894aa779
35
009-raise-an-error-when-STARTTLS-fails.patch
Normal file
35
009-raise-an-error-when-STARTTLS-fails.patch
Normal file
@ -0,0 +1,35 @@
|
||||
From 935f806ae382a45620873dea0eafc536c9e01323 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro@hroncok.cz>
|
||||
Date: Thu, 30 Jun 2016 14:51:24 +0200
|
||||
Subject: [PATCH] Raise an error when STARTTLS fails
|
||||
|
||||
CVE-2016-0772 python: smtplib StartTLS stripping attack
|
||||
rhbz#1303647: https://bugzilla.redhat.com/show_bug.cgi?id=1303647
|
||||
rhbz#1351679: https://bugzilla.redhat.com/show_bug.cgi?id=1351679
|
||||
|
||||
Based on an upstream change by Benjamin Peterson <benjamin@python.org>
|
||||
- in changeset 101886:b3ce713fb9be 2.7
|
||||
- https://hg.python.org/cpython/rev/b3ce713fb9be
|
||||
---
|
||||
lib-python/2.7/smtplib.py | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/lib-python/2.7/smtplib.py b/lib-python/2.7/smtplib.py
|
||||
index 8388b98..e1651c0 100755
|
||||
--- a/lib-python/2.7/smtplib.py
|
||||
+++ b/lib-python/2.7/smtplib.py
|
||||
@@ -656,6 +656,11 @@ class SMTP:
|
||||
self.ehlo_resp = None
|
||||
self.esmtp_features = {}
|
||||
self.does_esmtp = 0
|
||||
+ else:
|
||||
+ # RFC 3207:
|
||||
+ # 501 Syntax error (no parameters allowed)
|
||||
+ # 454 TLS not available due to temporary reason
|
||||
+ raise SMTPResponseException(resp, reply)
|
||||
return (resp, reply)
|
||||
|
||||
def sendmail(self, from_addr, to_addrs, msg, mail_options=[],
|
||||
--
|
||||
2.9.0
|
||||
|
17
pypy.spec
17
pypy.spec
@ -1,6 +1,6 @@
|
||||
Name: pypy
|
||||
Version: 5.0.1
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Summary: Python implementation with a Just-In-Time compiler
|
||||
|
||||
Group: Development/Languages
|
||||
@ -153,6 +153,13 @@ Patch1: 006-always-log-stdout.patch
|
||||
# community that won't make sense outside of it). [Sorry to be a killjoy]
|
||||
Patch2: 007-remove-startup-message.patch
|
||||
|
||||
# CVE-2016-0772 python: smtplib StartTLS stripping attack
|
||||
# rhbz#1303647: https://bugzilla.redhat.com/show_bug.cgi?id=1303647
|
||||
# rhbz#1351679: https://bugzilla.redhat.com/show_bug.cgi?id=1351679
|
||||
# FIXED UPSTREAM: https://hg.python.org/cpython/rev/b3ce713fb9be
|
||||
# Raise an error when STARTTLS fails
|
||||
Patch3: 009-raise-an-error-when-STARTTLS-fails.patch
|
||||
|
||||
# Build-time requirements:
|
||||
|
||||
# pypy's can be rebuilt using itself, rather than with CPython; doing so
|
||||
@ -268,6 +275,7 @@ Build of PyPy with support for micro-threads for massive concurrency
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
# Replace /usr/local/bin/python shebangs with /usr/bin/python:
|
||||
find -name "*.py" -exec \
|
||||
sed \
|
||||
@ -710,6 +718,13 @@ CheckPyPy %{name}-c-stackless
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu Jun 30 2016 Miro Hrončok <mhroncok@redhat.com> - 5.0.1-3
|
||||
- Fix for: CVE-2016-0772 python: smtplib StartTLS stripping attack
|
||||
- Raise an error when STARTTLS fails
|
||||
- rhbz#1303647: https://bugzilla.redhat.com/show_bug.cgi?id=1303647
|
||||
- rhbz#1351679: https://bugzilla.redhat.com/show_bug.cgi?id=1351679
|
||||
- Fixed upstream: https://hg.python.org/cpython/rev/b3ce713fb9be
|
||||
|
||||
* Fri May 13 2016 Miro Hrončok <mhroncok@redhat.com> - 5.0.1-2
|
||||
- Move header files back to %%{pypy_include_dir} (rhbz#1328025)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user