- Add CVE-2024-5642-OpenSSL-API-buf-overread-NPN.patch removing

support for anything but OpenSSL 1.1.1 or newer (bsc#1227233, CVE-2024-5642). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=164
2024-08-08 20:05:24 +00:00 · 2024-08-08 20:05:24 +00:00 · 88ff22d131
commit 88ff22d131
parent 91f49896e0
3 changed files with 1749 additions and 0 deletions
--- a/CVE-2024-5642-OpenSSL-API-buf-overread-NPN.patch
+++ b/CVE-2024-5642-OpenSSL-API-buf-overread-NPN.patch
--- a/python38.changes
+++ b/python38.changes
@ -7,6 +7,9 @@ Thu Aug  8 19:30:36 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
 - Add CVE-2024-6923-email-hdr-inject.patch to prevent email
  header injection due to unquoted newlines (bsc#1228780,
  CVE-2024-6923).
+- Add CVE-2024-5642-OpenSSL-API-buf-overread-NPN.patch removing
+  support for anything but OpenSSL 1.1.1 or newer (bsc#1227233,
+  CVE-2024-5642).
 - %{profileopt} variable is set according to the variable
  %{do_profiling} (bsc#1227999)

--- a/python38.spec
+++ b/python38.spec
@ -204,6 +204,9 @@ Patch46:        bso1227999-reproducible-builds.patch
 # PATCH-FIX-UPSTREAM CVE-2024-6923-email-hdr-inject.patch bsc#1228780 mcepl@suse.com
 # prevent email header injection, patch from gh#python/cpython!122608
 Patch47:        CVE-2024-6923-email-hdr-inject.patch
+# PATCH-FIX-UPSTREAM CVE-2024-5642-OpenSSL-API-buf-overread-NPN.patch bsc#1227233 mcepl@suse.com
+# Remove for support for anything but OpenSSL 1.1.1 or newer
+Patch48:        CVE-2024-5642-OpenSSL-API-buf-overread-NPN.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  fdupes
@ -480,6 +483,7 @@ other applications.
 %patch -p1 -P 45
 %patch -p1 -P 46
 %patch -p1 -P 47
+%patch -p1 -P 48

 # drop Autoconf version requirement
 sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac