Update patches

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=57
2021-02-21 14:40:01 +00:00 · 2021-02-21 14:40:01 +00:00 · 9559d22979
commit 9559d22979
parent d3bad64b2f
4 changed files with 9 additions and 77 deletions
--- a/CVE-2019-5010-null-defer-x509-cert-DOS.patch
+++ b/CVE-2019-5010-null-defer-x509-cert-DOS.patch
@ -1,59 +0,0 @@
 From a37f52436f9aa4b9292878b72f3ff1480e2606c3 Mon Sep 17 00:00:00 2001
 From: Christian Heimes <christian@python.org>
 Date: Tue, 15 Jan 2019 23:47:42 +0100
 Subject: [PATCH] bpo-35746: Fix segfault in ssl's cert parser (GH-11569)
 Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
 distribution points with empty DP or URI correctly. A malicious or buggy
 certificate can result into segfault.
 Signed-off-by: Christian Heimes <christian@python.org>
 https://bugs.python.org/issue35746
 ---
 Lib/test/talos-2019-0758.pem                  | 22 +++++++++++++++++++
 Lib/test/test_ssl.py                          | 22 +++++++++++++++++++
 .../2019-01-15-18-16-05.bpo-35746.nMSd0j.rst  |  3 +++
 Modules/_ssl.c                                |  4 ++++
 4 files changed, 51 insertions(+)
 create mode 100644 Lib/test/talos-2019-0758.pem
 create mode 100644 Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
 --- a/Lib/test/test_ssl.py
 +++ b/Lib/test/test_ssl.py
@@ -470,6 +470,27 @@ class BasicSocketTests(unittest.TestCase
             }
         )
 +    def test_parse_cert_CVE_2019_5010(self):
 +        p = ssl._ssl._test_decode_cert(TALOS_INVALID_CRLDP)
 +        if support.verbose:
 +            sys.stdout.write("\n" + pprint.pformat(p) + "\n")
 +        self.assertEqual(
 +            p,
 +            {
 +                'issuer': (
 +                    (('countryName', 'UK'),), (('commonName', 'cody-ca'),)),
 +                'notAfter': 'Jun 14 18:00:58 2028 GMT',
 +                'notBefore': 'Jun 18 18:00:58 2018 GMT',
 +                'serialNumber': '02',
 +                'subject': ((('countryName', 'UK'),),
 +                            (('commonName',
 +                              'codenomicon-vm-2.test.lal.cisco.com'),)),
 +                'subjectAltName': (
 +                    ('DNS', 'codenomicon-vm-2.test.lal.cisco.com'),),
 +                'version': 3
 +            }
 +        )
 +
     def test_parse_cert_CVE_2013_4238(self):
         p = ssl._ssl._test_decode_cert(NULLBYTECERT)
         if support.verbose:
 --- /dev/null
 +++ b/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
@@ -0,0 +1,3 @@
 +[CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did
 +not handle CRL distribution points with empty DP or URI correctly. A
 +malicious or buggy certificate can result into segfault.
--- a/no-skipif-doctests.patch
+++ b/no-skipif-doctests.patch
@ -179,7 +179,7 @@ unchanged:
       >>> turtle.pos()
       (440.00,-0.00)
@@ -665,7 +643,6 @@ Tell Turtle's state
-    orientation which depends on the mode - "standard"/"world" or "logo").
+    orientation which depends on the mode - "standard"/"world" or "logo".
    .. doctest::
 -      :skipif: _tkinter is None
@ -267,7 +267,7 @@ unchanged:
       >>> turtle.penup()
       >>> turtle.isdown()
@@ -917,7 +884,6 @@ Color control
-     newly set pencolor.
+    newly set pencolor.
    .. doctest::
 -      :skipif: _tkinter is None
@ -275,7 +275,7 @@ unchanged:
        >>> colormode()
        1.0
@@ -966,7 +932,6 @@ Color control
-     with the newly set fillcolor.
+    with the newly set fillcolor.
    .. doctest::
 -      :skipif: _tkinter is None
@ -283,7 +283,7 @@ unchanged:
        >>> turtle.fillcolor("violet")
        >>> turtle.fillcolor()
@@ -1005,7 +970,6 @@ Color control
-     with the newly set colors.
+    with the newly set colors.
    .. doctest::
 -      :skipif: _tkinter is None
@ -347,7 +347,7 @@ unchanged:
       >>> turtle.shape()
       'classic'
@@ -1195,7 +1152,6 @@ Appearance
-    resizemode("user") is called by :func:`shapesize` when used with arguments.
+    ``resizemode("user")`` is called by :func:`shapesize` when used with arguments.
    .. doctest::
 -      :skipif: _tkinter is None
@ -563,7 +563,7 @@ unchanged:
       >>> def f():
       ...     fd(50)
@@ -1824,7 +1754,6 @@ Using screen events
-    named turtle:
+    named ``turtle``:
    .. doctest::
 -      :skipif: _tkinter is None
--- a/python39.changes
+++ b/python39.changes
@ -13,6 +13,7 @@ Fri Feb 19 16:58:38 UTC 2021 - Matej Cepl <mcepl@suse.com>
  - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
  - bsc1167501-invalid-alignment.patch
  - skip_random_failing_tests.patch
  - CVE-2019-5010-null-defer-x509-cert-DOS.patch
 -------------------------------------------------------------------
 Tue Feb  9 01:37:59 UTC 2021 - Steve Kowalik <steven.kowalik@suse.com>
--- a/python39.spec
+++ b/python39.spec
@ -127,13 +127,7 @@ Patch08:        python-3.3.0b1-fix_date_time_compiler.patch
 Patch09:        python-3.3.0b1-test-posix_fadvise.patch
 # Raise timeout value for test_subprocess
 Patch15:        subprocess-raise-timeout.patch
 # skip some tests only for PowerPC
 Patch23:        skip_random_failing_tests.patch
 Patch25:        python3-imp-returntype.patch
 # PATCH-FIX-UPSTREAM CVE-2019-5010-null-defer-x509-cert-DOS.patch bnc#1122191 mcepl@suse.com
 # https://github.com/python/cpython/pull/11569
 # Fix segfault in ssl's cert parser
 Patch27:        CVE-2019-5010-null-defer-x509-cert-DOS.patch
 # PATCH-FEATURE-UPSTREAM bpo-31046_ensurepip_honours_prefix.patch bpo#31046 mcepl@suse.com
 # ensurepip should honour the value of $(prefix)
 Patch29:        bpo-31046_ensurepip_honours_prefix.patch
@ -381,16 +375,12 @@ other applications.
 %patch08 -p1
 %patch09 -p1
 %patch15 -p1
 # %%ifarch ppc ppc64 ppc64le
 # %%patch23 -p1
 # %%endif
 %patch25 -p1
 %patch27 -p1
 %patch29 -p1
 %patch32 -p1
-%if 0%{?suse_version} <= 1500
+# %%if 0%%{?suse_version} <= 1500
 %patch33 -p1
-%endif
+# %%endif
 # drop Autoconf version requirement
 sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac