Fix CVE-2013-7338 and CVE-2014-2667.
Resolves: rhbz#1078015 Resolves: rhbz#1083594 Conflicts: python3.spec
This commit is contained in:
parent
899a2cefac
commit
3d0d477966
21
00198-fix-CVE-2013-7338.patch
Normal file
21
00198-fix-CVE-2013-7338.patch
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
# This is a backport of following upstream patch:
|
||||||
|
# HG changeset patch
|
||||||
|
# User Serhiy Storchaka <storchaka@gmail.com>
|
||||||
|
# Date 1389272021 -7200
|
||||||
|
# Node ID 79ea4ce431b1b10c79f51dcb2aaa0ccb2a8b1d48
|
||||||
|
# Parent 9e3f5b5bcf7e4c62475bb1126fd0aecbbb9b64ac# Parent 0cf1defd5ac4433b8e36f950ba452103eb417f9f
|
||||||
|
Issue #20078: Reading malformed zipfiles no longer hangs with 100% CPU
|
||||||
|
consumption.
|
||||||
|
|
||||||
|
diff --git a/Lib/zipfile.py b/Lib/zipfile.py
|
||||||
|
--- a/Lib/zipfile.py
|
||||||
|
+++ b/Lib/zipfile.py
|
||||||
|
@@ -862,6 +862,8 @@ class ZipExtFile(io.BufferedIOBase):
|
||||||
|
|
||||||
|
data = self._fileobj.read(n)
|
||||||
|
self._compress_left -= len(data)
|
||||||
|
+ if not data:
|
||||||
|
+ raise EOFError
|
||||||
|
|
||||||
|
if self._decrypter is not None:
|
||||||
|
data = bytes(map(self._decrypter, data))
|
102
00199-fix-CVE-2014-2667.patch
Normal file
102
00199-fix-CVE-2014-2667.patch
Normal file
@ -0,0 +1,102 @@
|
|||||||
|
# This is a backport of following upstream patch:
|
||||||
|
# HG changeset patch
|
||||||
|
# User Benjamin Peterson <benjamin@python.org>
|
||||||
|
# Date 1396394277 14400
|
||||||
|
# Node ID 6370d44013f7e7e0892dd7f78b91d3a929e2d343
|
||||||
|
# Parent cb3a8abc0870d8d81a3521b3c8f397c5ccc73d7d# Parent 9186f4a18584f5038a9f875f2a7a3194ee46a571
|
||||||
|
merge 3.2 (#21082)
|
||||||
|
|
||||||
|
diff --git a/Doc/library/os.rst b/Doc/library/os.rst
|
||||||
|
--- a/Doc/library/os.rst
|
||||||
|
+++ b/Doc/library/os.rst
|
||||||
|
@@ -1563,11 +1563,8 @@ features:
|
||||||
|
The default *mode* is ``0o777`` (octal). On some systems, *mode* is
|
||||||
|
ignored. Where it is used, the current umask value is first masked out.
|
||||||
|
|
||||||
|
- If *exists_ok* is ``False`` (the default), an :exc:`OSError` is raised if
|
||||||
|
- the target directory already exists. If *exists_ok* is ``True`` an
|
||||||
|
- :exc:`OSError` is still raised if the umask-masked *mode* is different from
|
||||||
|
- the existing mode, on systems where the mode is used. :exc:`OSError` will
|
||||||
|
- also be raised if the directory creation fails.
|
||||||
|
+ If *exist_ok* is ``False`` (the default), an :exc:`OSError` is raised if the
|
||||||
|
+ target directory already exists.
|
||||||
|
|
||||||
|
.. note::
|
||||||
|
|
||||||
|
diff --git a/Lib/os.py b/Lib/os.py
|
||||||
|
--- a/Lib/os.py
|
||||||
|
+++ b/Lib/os.py
|
||||||
|
@@ -230,23 +230,16 @@ SEEK_SET = 0
|
||||||
|
SEEK_CUR = 1
|
||||||
|
SEEK_END = 2
|
||||||
|
|
||||||
|
-
|
||||||
|
-def _get_masked_mode(mode):
|
||||||
|
- mask = umask(0)
|
||||||
|
- umask(mask)
|
||||||
|
- return mode & ~mask
|
||||||
|
-
|
||||||
|
# Super directory utilities.
|
||||||
|
# (Inspired by Eric Raymond; the doc strings are mostly his)
|
||||||
|
|
||||||
|
def makedirs(name, mode=0o777, exist_ok=False):
|
||||||
|
"""makedirs(path [, mode=0o777][, exist_ok=False])
|
||||||
|
|
||||||
|
- Super-mkdir; create a leaf directory and all intermediate ones.
|
||||||
|
- Works like mkdir, except that any intermediate path segment (not
|
||||||
|
- just the rightmost) will be created if it does not exist. If the
|
||||||
|
- target directory with the same mode as we specified already exists,
|
||||||
|
- raises an OSError if exist_ok is False, otherwise no exception is
|
||||||
|
+ Super-mkdir; create a leaf directory and all intermediate ones. Works like
|
||||||
|
+ mkdir, except that any intermediate path segment (not just the rightmost)
|
||||||
|
+ will be created if it does not exist. If the target directory already
|
||||||
|
+ exists, raise an OSError if exist_ok is False. Otherwise no exception is
|
||||||
|
raised. This is recursive.
|
||||||
|
|
||||||
|
"""
|
||||||
|
@@ -268,20 +261,7 @@ def makedirs(name, mode=0o777, exist_ok=
|
||||||
|
try:
|
||||||
|
mkdir(name, mode)
|
||||||
|
except OSError as e:
|
||||||
|
- dir_exists = path.isdir(name)
|
||||||
|
- expected_mode = _get_masked_mode(mode)
|
||||||
|
- if dir_exists:
|
||||||
|
- # S_ISGID is automatically copied by the OS from parent to child
|
||||||
|
- # directories on mkdir. Don't consider it being set to be a mode
|
||||||
|
- # mismatch as mkdir does not unset it when not specified in mode.
|
||||||
|
- actual_mode = st.S_IMODE(lstat(name).st_mode) & ~st.S_ISGID
|
||||||
|
- else:
|
||||||
|
- actual_mode = -1
|
||||||
|
- if not (e.errno == errno.EEXIST and exist_ok and dir_exists and
|
||||||
|
- actual_mode == expected_mode):
|
||||||
|
- if dir_exists and actual_mode != expected_mode:
|
||||||
|
- e.strerror += ' (mode %o != expected mode %o)' % (
|
||||||
|
- actual_mode, expected_mode)
|
||||||
|
+ if not exist_ok or e.errno != errno.EEXIST or not path.isdir(name):
|
||||||
|
raise
|
||||||
|
|
||||||
|
def removedirs(name):
|
||||||
|
diff --git a/Lib/test/test_os.py b/Lib/test/test_os.py
|
||||||
|
--- a/Lib/test/test_os.py
|
||||||
|
+++ b/Lib/test/test_os.py
|
||||||
|
@@ -872,7 +872,7 @@ class MakedirTests(unittest.TestCase):
|
||||||
|
os.makedirs(path, mode)
|
||||||
|
self.assertRaises(OSError, os.makedirs, path, mode)
|
||||||
|
self.assertRaises(OSError, os.makedirs, path, mode, exist_ok=False)
|
||||||
|
- self.assertRaises(OSError, os.makedirs, path, 0o776, exist_ok=True)
|
||||||
|
+ os.makedirs(path, 0o776, exist_ok=True)
|
||||||
|
os.makedirs(path, mode=mode, exist_ok=True)
|
||||||
|
os.umask(old_mask)
|
||||||
|
|
||||||
|
@@ -898,9 +898,8 @@ class MakedirTests(unittest.TestCase):
|
||||||
|
os.makedirs(path, mode, exist_ok=True)
|
||||||
|
# remove the bit.
|
||||||
|
os.chmod(path, stat.S_IMODE(os.lstat(path).st_mode) & ~S_ISGID)
|
||||||
|
- with self.assertRaises(OSError):
|
||||||
|
- # Should fail when the bit is not already set when demanded.
|
||||||
|
- os.makedirs(path, mode | S_ISGID, exist_ok=True)
|
||||||
|
+ # May work even when the bit is not already set when demanded.
|
||||||
|
+ os.makedirs(path, mode | S_ISGID, exist_ok=True)
|
||||||
|
finally:
|
||||||
|
os.umask(old_mask)
|
||||||
|
|
21
python3.spec
21
python3.spec
@ -126,7 +126,7 @@
|
|||||||
Summary: Version 3 of the Python programming language aka Python 3000
|
Summary: Version 3 of the Python programming language aka Python 3000
|
||||||
Name: python3
|
Name: python3
|
||||||
Version: %{pybasever}.2
|
Version: %{pybasever}.2
|
||||||
Release: 10%{?dist}
|
Release: 11%{?dist}
|
||||||
License: Python
|
License: Python
|
||||||
Group: Development/Languages
|
Group: Development/Languages
|
||||||
|
|
||||||
@ -642,6 +642,18 @@ Patch188: 00188-json-add-boundary-check.patch
|
|||||||
# document root.
|
# document root.
|
||||||
Patch197: 00197-fix-CVE-2014-4650.patch
|
Patch197: 00197-fix-CVE-2014-4650.patch
|
||||||
|
|
||||||
|
# 00198
|
||||||
|
#
|
||||||
|
# Fix CVE-2013-7338: malformed ZIP files could cause 100% CPU usage
|
||||||
|
# https://hg.python.org/cpython/rev/79ea4ce431b1
|
||||||
|
Patch198: 00198-fix-CVE-2013-7338.patch
|
||||||
|
|
||||||
|
# 00199
|
||||||
|
#
|
||||||
|
# Fix CVE-2014-2667: os.makedirs(exist_ok=True) is not thread-safe in Python 3.x
|
||||||
|
# https://hg.python.org/cpython/rev/c24dd53ab4b9
|
||||||
|
Patch199: 00199-fix-CVE-2014-2667.patch
|
||||||
|
|
||||||
|
|
||||||
# (New patches go here ^^^)
|
# (New patches go here ^^^)
|
||||||
#
|
#
|
||||||
@ -906,6 +918,8 @@ done
|
|||||||
%patch187 -p1
|
%patch187 -p1
|
||||||
%patch188 -p1
|
%patch188 -p1
|
||||||
%patch197 -p1
|
%patch197 -p1
|
||||||
|
%patch198 -p1
|
||||||
|
%patch199 -p1
|
||||||
|
|
||||||
# Currently (2010-01-15), http://docs.python.org/library is for 2.6, and there
|
# Currently (2010-01-15), http://docs.python.org/library is for 2.6, and there
|
||||||
# are many differences between 2.6 and the Python 3 library.
|
# are many differences between 2.6 and the Python 3 library.
|
||||||
@ -1753,6 +1767,11 @@ rm -fr %{buildroot}
|
|||||||
# ======================================================
|
# ======================================================
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Dec 04 2014 Slavek Kabrda <bkabrda@redhat.com> - 3.3.2-19
|
||||||
|
- Fix CVE-2013-7338 and CVE-2014-2667.
|
||||||
|
Resolves: rhbz#1078015
|
||||||
|
Resolves: rhbz#1083594
|
||||||
|
|
||||||
* Mon Nov 03 2014 Slavek Kabrda <bkabrda@redhat.com> - 3.3.2-18
|
* Mon Nov 03 2014 Slavek Kabrda <bkabrda@redhat.com> - 3.3.2-18
|
||||||
- Fix CVE-2014-4650 - CGIHTTPServer URL handling
|
- Fix CVE-2014-4650 - CGIHTTPServer URL handling
|
||||||
Resolves: rhbz#1113529
|
Resolves: rhbz#1113529
|
||||||
|
Loading…
Reference in New Issue
Block a user