[Libreoffice-commits] core.git: Branch 'distro/collabora/cp-6.0' - 2 commits - configure.ac download.lst external/python3

Andras Timar andras.timar at collabora.com
Mon Jul 2 21:25:39 UTC 2018


 configure.ac                                           |    2 
 download.lst                                           |    4 -
 external/python3/UnpackedTarball_python3.mk            |    1 
 external/python3/python-3.5.5-CVE-2017-1000158.patch.1 |   62 +++++++++++++++++
 4 files changed, 66 insertions(+), 3 deletions(-)

New commits:
commit bb9c949c31d8a17a34baeaebb7bbac81f9056d61
Author: Andras Timar <andras.timar at collabora.com>
Date:   Mon Jul 2 23:11:36 2018 +0200

    Fix Python CVE-2017-1000158
    
    Change-Id: Id686120f85d44c8a0d65ae8683bcb7ed6e42854b

diff --git a/external/python3/UnpackedTarball_python3.mk b/external/python3/UnpackedTarball_python3.mk
index 35d6e643a1b0..9ed7a1ccce38 100644
--- a/external/python3/UnpackedTarball_python3.mk
+++ b/external/python3/UnpackedTarball_python3.mk
@@ -26,6 +26,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,python3,\
 	external/python3/python-3.3.5-pyexpat-symbols.patch.1 \
 	external/python3/ubsan.patch.0 \
 	external/python3/python-3.5.tweak.strip.soabi.patch \
+	external/python3/python-3.5.5-CVE-2017-1000158.patch.1 \
 ))
 
 ifneq ($(filter DRAGONFLY FREEBSD LINUX NETBSD OPENBSD SOLARIS,$(OS)),)
diff --git a/external/python3/python-3.5.5-CVE-2017-1000158.patch.1 b/external/python3/python-3.5.5-CVE-2017-1000158.patch.1
new file mode 100644
index 000000000000..9bd472fd713d
--- /dev/null
+++ b/external/python3/python-3.5.5-CVE-2017-1000158.patch.1
@@ -0,0 +1,62 @@
+From fd8614c5c5466a14a945db5b059c10c0fb8f76d9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro at hroncok.cz>
+Date: Fri, 8 Dec 2017 22:34:12 +0100
+Subject: [PATCH] bpo-30657: Fix CVE-2017-1000158 (#4664)
+
+Fixes possible integer overflow in PyBytes_DecodeEscape.
+
+Co-Authored-By: Jay Bosamiya <jaybosamiya at gmail.com>
+---
+ Misc/ACKS                                                         | 2 ++
+ .../NEWS.d/next/Security/2017-12-01-18-51-03.bpo-30657.Fd8kId.rst | 2 ++
+ Objects/bytesobject.c                                             | 8 +++++++-
+ 3 files changed, 11 insertions(+), 1 deletion(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2017-12-01-18-51-03.bpo-30657.Fd8kId.rst
+
+diff --git a/Misc/ACKS b/Misc/ACKS
+index fbf110d801b5..1a35aad66ce7 100644
+--- a/Misc/ACKS
++++ b/Misc/ACKS
+@@ -167,6 +167,7 @@ Médéric Boquien
+ Matias Bordese
+ Jonas Borgström
+ Jurjen Bos
++Jay Bosamiya
+ Peter Bosch
+ Dan Boswell
+ Eric Bouck
+@@ -651,6 +652,7 @@ Ken Howard
+ Brad Howes
+ Mike Hoy
+ Ben Hoyt
++Miro Hrončok
+ Chiu-Hsiang Hsu
+ Chih-Hao Huang
+ Christian Hudon
+diff --git a/Misc/NEWS.d/next/Security/2017-12-01-18-51-03.bpo-30657.Fd8kId.rst b/Misc/NEWS.d/next/Security/2017-12-01-18-51-03.bpo-30657.Fd8kId.rst
+new file mode 100644
+index 000000000000..75359b6d8833
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2017-12-01-18-51-03.bpo-30657.Fd8kId.rst
+@@ -0,0 +1,2 @@
++Fixed possible integer overflow in PyBytes_DecodeEscape, CVE-2017-1000158.
++Original patch by Jay Bosamiya; rebased to Python 3 by Miro Hrončok.
+diff --git a/Objects/bytesobject.c b/Objects/bytesobject.c
+index 77dd45e84af8..9b29dc38b44f 100644
+--- a/Objects/bytesobject.c
++++ b/Objects/bytesobject.c
+@@ -970,7 +970,13 @@ PyObject *PyBytes_DecodeEscape(const char *s,
+     char *p, *buf;
+     const char *end;
+     PyObject *v;
+-    Py_ssize_t newlen = recode_encoding ? 4*len:len;
++    Py_ssize_t newlen;
++    /* Check for integer overflow */
++    if (recode_encoding && (len > PY_SSIZE_T_MAX / 4)) {
++        PyErr_SetString(PyExc_OverflowError, "string is too large");
++        return NULL;
++    }
++    newlen = recode_encoding ? 4*len:len;
+     v = PyBytes_FromStringAndSize((char *)NULL, newlen);
+     if (v == NULL)
+         return NULL;
commit 695489e29958ac66e6941afdedfdf9dd7e2cdde7
Author: Andras Timar <andras.timar at collabora.com>
Date:   Mon Jul 2 23:00:26 2018 +0200

    Revert "python3: upgrade to release 3.5.5"
    
    MSP does not like this
    
    This reverts commit c34783711b2eb207825de7fc7b7a6655ea65e576.

diff --git a/configure.ac b/configure.ac
index 68d0accb1fa4..6e6f44db6562 100644
--- a/configure.ac
+++ b/configure.ac
@@ -8078,7 +8078,7 @@ internal)
     SYSTEM_PYTHON=
     PYTHON_VERSION_MAJOR=3
     PYTHON_VERSION_MINOR=5
-    PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.5
+    PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.4
     if ! grep -q -i python.*${PYTHON_VERSION} ${SRC_ROOT}/download.lst; then
         AC_MSG_ERROR([PYTHON_VERSION ${PYTHON_VERSION} but no matching file in download.lst])
     fi
diff --git a/download.lst b/download.lst
index 8880f5e3ae84..3db3fe1cdd97 100644
--- a/download.lst
+++ b/download.lst
@@ -226,8 +226,8 @@ export POPPLER_SHA256SUM := 2c096431adfb74bc2f53be466889b7646e1b599f28fa036094f3
 export POPPLER_TARBALL := poppler-0.66.0.tar.xz
 export POSTGRESQL_SHA256SUM := db61d498105a7d5fe46185e67ac830c878cdd7dc1f82a87f06b842217924c461
 export POSTGRESQL_TARBALL := c0b4799ea9850eae3ead14f0a60e9418-postgresql-9.2.1.tar.bz2
-export PYTHON_SHA256SUM := 063d2c3b0402d6191b90731e0f735c64830e7522348aeb7ed382a83165d45009
-export PYTHON_TARBALL := Python-3.5.5.tar.xz
+export PYTHON_SHA256SUM := 6ed87a8b6c758cc3299a8b433e8a9a9122054ad5bc8aad43299cff3a53d8ca44
+export PYTHON_TARBALL := Python-3.5.4.tgz
 export QXP_SHA256SUM := 8c257f6184ff94aefa7c9fa1cfae82083d55a49247266905c71c53e013f95c73
 export QXP_TARBALL := libqxp-0.0.1.tar.xz
 export RAPTOR_SHA256SUM := ada7f0ba54787b33485d090d3d2680533520cd4426d2f7fb4782dd4a6a1480ed


More information about the Libreoffice-commits mailing list