Matej Cepl
88ffffeead
- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch
removing unnecessary (and potentially harmful) URL scheme
local-file://.
- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch
Characters in the netloc attribute that decompose under NFKC
normalization (as used by the IDNA encoding) into any of ``/``,
``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the
URL is decomposed before parsing, or is not a Unicode string,
no error will be raised.
Upstream commits e37ef41 and 507bd8c.
- Update to 2.7.16:
* bugfix-only release: complete list of changes on
https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst
* Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch
which are fully included in the tarball.
* Updated patches to apply cleanly:
CVE-2019-5010-null-defer-x509-cert-DOS.patch
bpo36160-init-sysconfig_vars.patch
do-not-use-non-ascii-in-test_ssl.patch
openssl-111-middlebox-compat.patch
openssl-111-ssl_options.patch
python-2.5.1-sqlite.patch
python-2.6-gettext-plurals.patch
python-2.7-dirs.patch
python-2.7.2-fix_date_time_compiler.patch
python-2.7.4-canonicalize2.patch
python-2.7.5-multilib.patch
python-2.7.9-ssl_ca_path.patch
OBS-URL: https://build.opensuse.org/request/show/692400
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=241
61 lines
2.4 KiB
Diff
61 lines
2.4 KiB
Diff
From 280917872027ee991416d2623fc16ff1eed48f50 Mon Sep 17 00:00:00 2001
|
|
From: Christian Heimes <christian@python.org>
|
|
Date: Tue, 15 Jan 2019 23:47:42 +0100
|
|
Subject: [PATCH] bpo-35746: Fix segfault in ssl's cert parser (GH-11569)
|
|
|
|
Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
|
|
distribution points with empty DP or URI correctly. A malicious or buggy
|
|
certificate can result into segfault.
|
|
|
|
Signed-off-by: Christian Heimes <christian@python.org>
|
|
|
|
https://bugs.python.org/issue35746
|
|
(cherry picked from commit a37f52436f9aa4b9292878b72f3ff1480e2606c3)
|
|
|
|
Co-authored-by: Christian Heimes <christian@python.org>
|
|
---
|
|
Lib/test/talos-2019-0758.pem | 22 +++++++++++++++++++
|
|
Lib/test/test_ssl.py | 22 +++++++++++++++++++
|
|
.../2019-01-15-18-16-05.bpo-35746.nMSd0j.rst | 3 +++
|
|
Modules/_ssl.c | 4 ++++
|
|
4 files changed, 51 insertions(+)
|
|
create mode 100644 Lib/test/talos-2019-0758.pem
|
|
create mode 100644 Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
|
|
|
|
--- a/Lib/test/test_ssl.py
|
|
+++ b/Lib/test/test_ssl.py
|
|
@@ -256,6 +256,27 @@ class BasicSocketTests(unittest.TestCase
|
|
}
|
|
)
|
|
|
|
+ def test_parse_cert_CVE_2019_5010(self):
|
|
+ p = ssl._ssl._test_decode_cert(TALOS_INVALID_CRLDP)
|
|
+ if support.verbose:
|
|
+ sys.stdout.write("\n" + pprint.pformat(p) + "\n")
|
|
+ self.assertEqual(
|
|
+ p,
|
|
+ {
|
|
+ 'issuer': (
|
|
+ (('countryName', 'UK'),), (('commonName', 'cody-ca'),)),
|
|
+ 'notAfter': 'Jun 14 18:00:58 2028 GMT',
|
|
+ 'notBefore': 'Jun 18 18:00:58 2018 GMT',
|
|
+ 'serialNumber': '02',
|
|
+ 'subject': ((('countryName', 'UK'),),
|
|
+ (('commonName',
|
|
+ 'codenomicon-vm-2.test.lal.cisco.com'),)),
|
|
+ 'subjectAltName': (
|
|
+ ('DNS', 'codenomicon-vm-2.test.lal.cisco.com'),),
|
|
+ 'version': 3
|
|
+ }
|
|
+ )
|
|
+
|
|
def test_parse_cert_CVE_2013_4238(self):
|
|
p = ssl._ssl._test_decode_cert(NULLBYTECERT)
|
|
if support.verbose:
|
|
--- /dev/null
|
|
+++ b/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
|
|
@@ -0,0 +1,3 @@
|
|
+[CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did
|
|
+not handle CRL distribution points with empty DP or URI correctly. A
|
|
+malicious or buggy certificate can result into segfault.
|