- added patches for CVE-2013-1752 (bnc#856836) issues that are

missing in 2.7.6: python-2.7.6-imaplib.patch python-2.7.6-poplib.patch smtplib_maxline-2.7.patch - CVE-2013-1753 (bnc#856835) gzip decompression bomb in xmlrpc client: xmlrpc_gzip_27.patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=159
2014-02-10 14:35:47 +00:00
parent 73549b66f0
commit 4f815b3251
8 changed files with 379 additions and 2 deletions
--- a/python-base.spec
+++ b/python-base.spec
@@ -52,6 +52,12 @@ Patch23:        python-2.7.4-no-REUSEPORT.patch
 Patch24:        python-bsddb6.diff
 # PATCH-FIX-OPENSUSE Properly support ppc64le in _ctypes module
 Patch25:        libffi-ppc64le.diff
+# CVE-2013-1753 [bnc#856835] unbounded gzip decompression in xmlrpc client
+Patch26:        xmlrpc_gzip_27.patch
+# CVE-2013-1752 patches missing in 2.7.6: imaplib, poplib, smtplib
+Patch27:        python-2.7.6-imaplib.patch
+Patch28:        smtplib_maxline-2.7.patch
+Patch29:        python-2.7.6-poplib.patch
 # COMMON-PATCH-END
 %define         python_version    %(echo %{tarversion} | head -c 3)
 BuildRequires:  automake
@@ -146,6 +152,10 @@ other applications.
 %patch23 -p1
 %patch24 -p1
 %patch25 -p0
+%patch26 -p1
+%patch27 -p1
+%patch28 -p1
+%patch29 -p1

 # drop Autoconf version requirement
 sed -i 's/^version_required/dnl version_required/' configure.ac