From 9c3fa22758e779fbd3aafadeafae49c7fe0855425b4218819acdb019f3751af5 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Fri, 4 Sep 2009 22:37:10 +0000 Subject: [PATCH] Accepting request 19972 from devel:languages:python:Factory Copy from devel:languages:python:Factory/python based on submit request 19972 from user matejcik OBS-URL: https://build.opensuse.org/request/show/19972 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python?expand=0&rev=37 --- python-2.6.2-expat.patch | 53 ++++++++++++++++++++++++ python-2.6.2-ssl_handshake_timeout.patch | 16 +++++++ python-base.changes | 5 +++ python-base.spec | 4 +- python-doc.spec | 2 +- python.changes | 5 +++ python.spec | 4 +- 7 files changed, 86 insertions(+), 3 deletions(-) create mode 100644 python-2.6.2-expat.patch create mode 100644 python-2.6.2-ssl_handshake_timeout.patch diff --git a/python-2.6.2-expat.patch b/python-2.6.2-expat.patch new file mode 100644 index 0000000..e3b1ff2 --- /dev/null +++ b/python-2.6.2-expat.patch @@ -0,0 +1,53 @@ +Index: Lib/test/test_pyexpat.py +=================================================================== +--- Lib/test/test_pyexpat.py (revision 74428) ++++ Lib/test/test_pyexpat.py (revision 74429) +@@ -559,7 +559,25 @@ + parser.Parse(xml2, 1) + self.assertEquals(self.n, 4) + ++class MalformedInputText(unittest.TestCase): ++ def test1(self): ++ xml = "\0\r\n" ++ parser = expat.ParserCreate() ++ try: ++ parser.Parse(xml, True) ++ self.fail() ++ except expat.ExpatError as e: ++ self.assertEquals(str(e), 'no element found: line 2, column 1') + ++ def test2(self): ++ xml = "\r\n" ++ parser = expat.ParserCreate() ++ try: ++ parser.Parse(xml, True) ++ self.fail() ++ except expat.ExpatError as e: ++ self.assertEquals(str(e), 'XML declaration not well-formed: line 1, column 14') ++ + def test_main(): + run_unittest(SetAttributeTest, + ParseTest, +@@ -569,7 +587,8 @@ + HandlerExceptionTest, + PositionTest, + sf1296433Test, +- ChardataBufferTest) ++ ChardataBufferTest, ++ MalformedInputText) + + if __name__ == "__main__": + test_main() +Index: Modules/expat/xmltok_impl.c +=================================================================== +--- Modules/expat/xmltok_impl.c (revision 74428) ++++ Modules/expat/xmltok_impl.c (revision 74429) +@@ -1741,7 +1741,7 @@ + const char *end, + POSITION *pos) + { +- while (ptr != end) { ++ while (ptr < end) { + switch (BYTE_TYPE(enc, ptr)) { + #define LEAD_CASE(n) \ + case BT_LEAD ## n: \ diff --git a/python-2.6.2-ssl_handshake_timeout.patch b/python-2.6.2-ssl_handshake_timeout.patch new file mode 100644 index 0000000..e758175 --- /dev/null +++ b/python-2.6.2-ssl_handshake_timeout.patch @@ -0,0 +1,16 @@ +--- Lib/ssl.py ++++ Lib/ssl.py +@@ -112,12 +112,7 @@ + keyfile, certfile, + cert_reqs, ssl_version, ca_certs) + if do_handshake_on_connect: +- timeout = self.gettimeout() +- try: +- self.settimeout(None) +- self.do_handshake() +- finally: +- self.settimeout(timeout) ++ self.do_handshake() + self.keyfile = keyfile + self.certfile = certfile + self.cert_reqs = cert_reqs diff --git a/python-base.changes b/python-base.changes index 9af61c8..a7f8108 100644 --- a/python-base.changes +++ b/python-base.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Sep 4 20:16:42 CEST 2009 - matejcik@suse.cz + +- fixed potential DoS in python's copy of expat (bnc#534721) + ------------------------------------------------------------------- Sun Aug 2 17:01:16 UTC 2009 - jansimon.moeller@opensuse.org diff --git a/python-base.spec b/python-base.spec index e116db0..d74b25f 100644 --- a/python-base.spec +++ b/python-base.spec @@ -33,7 +33,7 @@ Obsoletes: python-64bit # Summary: Python Interpreter base package Version: 2.6.2 -Release: 3 +Release: 4 %define tarname Python-%{version} Source0: %{tarname}.tar.bz2 Source1: macros.python @@ -49,6 +49,7 @@ Patch35: python-2.5.2-configure.patch Patch37: python-2.6rc2-https-proxy.patch Patch38: python-2.6-gettext-plurals.patch Patch39: python-2.6.2-test_distutils.patch +Patch40: python-2.6.2-expat.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %define python_version %(echo %{version} | head -c 3) Provides: %{name} = %{python_version} @@ -136,6 +137,7 @@ Authors: %patch37 %patch38 %patch39 +%patch40 # some cleanup find . -name .cvsignore -type f -print0 | xargs -0 rm -f find . -name CVS -type d -print0 | xargs -0 rm -rf diff --git a/python-doc.spec b/python-doc.spec index 1d30d60..1f67230 100644 --- a/python-doc.spec +++ b/python-doc.spec @@ -24,7 +24,7 @@ Group: Development/Languages/Python BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: Additional Package Documentation for Python. Version: 2.6 -Release: 13 +Release: 14 %define pyver 2.6.2 BuildArch: noarch %define tarname Python-%{pyver} diff --git a/python.changes b/python.changes index 3aba91e..30eee9e 100644 --- a/python.changes +++ b/python.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Sep 4 20:15:43 CEST 2009 - matejcik@suse.cz + +- added patch for potential SSL hangup during handshake (bnc#525295) + ------------------------------------------------------------------- Wed Jul 29 17:25:33 CEST 2009 - matejcik@suse.cz diff --git a/python.spec b/python.spec index 2bfd1ae..70f88a0 100644 --- a/python.spec +++ b/python.spec @@ -35,7 +35,7 @@ Obsoletes: python-64bit Obsoletes: python-nothreads python21 python-elementtree python-sqlite Summary: Python Interpreter Version: 2.6.2 -Release: 3 +Release: 4 Requires: python-base = %{version} %define tarname Python-%{version} Source0: %{tarname}.tar.bz2 @@ -53,6 +53,7 @@ Patch30: python-2.5.1-sqlite.patch Patch31: python-2.5.2-fwrapv.patch Patch35: python-2.5.2-configure.patch Patch38: python-2.6b3-curses-panel.patch +Patch39: python-2.6.2-ssl_handshake_timeout.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %define python_version %(echo %{version} | head -c 3) %define idle_name idle @@ -187,6 +188,7 @@ Authors: %if %suse_version > 1100 %patch38 %endif +%patch39 # some cleanup find . -name .cvsignore -type f -print0 | xargs -0 rm -f find . -name CVS -type d -print0 | xargs -0 rm -rf