[Libreoffice-commits] core.git: Branch 'distro/collabora/cp-6.0' - 2 commits - configure.ac download.lst external/python3
Andras Timar
andras.timar at collabora.com
Mon Jul 2 21:25:39 UTC 2018
configure.ac | 2
download.lst | 4 -
external/python3/UnpackedTarball_python3.mk | 1
external/python3/python-3.5.5-CVE-2017-1000158.patch.1 | 62 +++++++++++++++++
4 files changed, 66 insertions(+), 3 deletions(-)
New commits:
commit bb9c949c31d8a17a34baeaebb7bbac81f9056d61
Author: Andras Timar <andras.timar at collabora.com>
Date: Mon Jul 2 23:11:36 2018 +0200
Fix Python CVE-2017-1000158
Change-Id: Id686120f85d44c8a0d65ae8683bcb7ed6e42854b
diff --git a/external/python3/UnpackedTarball_python3.mk b/external/python3/UnpackedTarball_python3.mk
index 35d6e643a1b0..9ed7a1ccce38 100644
--- a/external/python3/UnpackedTarball_python3.mk
+++ b/external/python3/UnpackedTarball_python3.mk
@@ -26,6 +26,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,python3,\
external/python3/python-3.3.5-pyexpat-symbols.patch.1 \
external/python3/ubsan.patch.0 \
external/python3/python-3.5.tweak.strip.soabi.patch \
+ external/python3/python-3.5.5-CVE-2017-1000158.patch.1 \
))
ifneq ($(filter DRAGONFLY FREEBSD LINUX NETBSD OPENBSD SOLARIS,$(OS)),)
diff --git a/external/python3/python-3.5.5-CVE-2017-1000158.patch.1 b/external/python3/python-3.5.5-CVE-2017-1000158.patch.1
new file mode 100644
index 000000000000..9bd472fd713d
--- /dev/null
+++ b/external/python3/python-3.5.5-CVE-2017-1000158.patch.1
@@ -0,0 +1,62 @@
+From fd8614c5c5466a14a945db5b059c10c0fb8f76d9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= <miro at hroncok.cz>
+Date: Fri, 8 Dec 2017 22:34:12 +0100
+Subject: [PATCH] bpo-30657: Fix CVE-2017-1000158 (#4664)
+
+Fixes possible integer overflow in PyBytes_DecodeEscape.
+
+Co-Authored-By: Jay Bosamiya <jaybosamiya at gmail.com>
+---
+ Misc/ACKS | 2 ++
+ .../NEWS.d/next/Security/2017-12-01-18-51-03.bpo-30657.Fd8kId.rst | 2 ++
+ Objects/bytesobject.c | 8 +++++++-
+ 3 files changed, 11 insertions(+), 1 deletion(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2017-12-01-18-51-03.bpo-30657.Fd8kId.rst
+
+diff --git a/Misc/ACKS b/Misc/ACKS
+index fbf110d801b5..1a35aad66ce7 100644
+--- a/Misc/ACKS
++++ b/Misc/ACKS
+@@ -167,6 +167,7 @@ Médéric Boquien
+ Matias Bordese
+ Jonas Borgström
+ Jurjen Bos
++Jay Bosamiya
+ Peter Bosch
+ Dan Boswell
+ Eric Bouck
+@@ -651,6 +652,7 @@ Ken Howard
+ Brad Howes
+ Mike Hoy
+ Ben Hoyt
++Miro Hrončok
+ Chiu-Hsiang Hsu
+ Chih-Hao Huang
+ Christian Hudon
+diff --git a/Misc/NEWS.d/next/Security/2017-12-01-18-51-03.bpo-30657.Fd8kId.rst b/Misc/NEWS.d/next/Security/2017-12-01-18-51-03.bpo-30657.Fd8kId.rst
+new file mode 100644
+index 000000000000..75359b6d8833
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2017-12-01-18-51-03.bpo-30657.Fd8kId.rst
+@@ -0,0 +1,2 @@
++Fixed possible integer overflow in PyBytes_DecodeEscape, CVE-2017-1000158.
++Original patch by Jay Bosamiya; rebased to Python 3 by Miro Hrončok.
+diff --git a/Objects/bytesobject.c b/Objects/bytesobject.c
+index 77dd45e84af8..9b29dc38b44f 100644
+--- a/Objects/bytesobject.c
++++ b/Objects/bytesobject.c
+@@ -970,7 +970,13 @@ PyObject *PyBytes_DecodeEscape(const char *s,
+ char *p, *buf;
+ const char *end;
+ PyObject *v;
+- Py_ssize_t newlen = recode_encoding ? 4*len:len;
++ Py_ssize_t newlen;
++ /* Check for integer overflow */
++ if (recode_encoding && (len > PY_SSIZE_T_MAX / 4)) {
++ PyErr_SetString(PyExc_OverflowError, "string is too large");
++ return NULL;
++ }
++ newlen = recode_encoding ? 4*len:len;
+ v = PyBytes_FromStringAndSize((char *)NULL, newlen);
+ if (v == NULL)
+ return NULL;
commit 695489e29958ac66e6941afdedfdf9dd7e2cdde7
Author: Andras Timar <andras.timar at collabora.com>
Date: Mon Jul 2 23:00:26 2018 +0200
Revert "python3: upgrade to release 3.5.5"
MSP does not like this
This reverts commit c34783711b2eb207825de7fc7b7a6655ea65e576.
diff --git a/configure.ac b/configure.ac
index 68d0accb1fa4..6e6f44db6562 100644
--- a/configure.ac
+++ b/configure.ac
@@ -8078,7 +8078,7 @@ internal)
SYSTEM_PYTHON=
PYTHON_VERSION_MAJOR=3
PYTHON_VERSION_MINOR=5
- PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.5
+ PYTHON_VERSION=${PYTHON_VERSION_MAJOR}.${PYTHON_VERSION_MINOR}.4
if ! grep -q -i python.*${PYTHON_VERSION} ${SRC_ROOT}/download.lst; then
AC_MSG_ERROR([PYTHON_VERSION ${PYTHON_VERSION} but no matching file in download.lst])
fi
diff --git a/download.lst b/download.lst
index 8880f5e3ae84..3db3fe1cdd97 100644
--- a/download.lst
+++ b/download.lst
@@ -226,8 +226,8 @@ export POPPLER_SHA256SUM := 2c096431adfb74bc2f53be466889b7646e1b599f28fa036094f3
export POPPLER_TARBALL := poppler-0.66.0.tar.xz
export POSTGRESQL_SHA256SUM := db61d498105a7d5fe46185e67ac830c878cdd7dc1f82a87f06b842217924c461
export POSTGRESQL_TARBALL := c0b4799ea9850eae3ead14f0a60e9418-postgresql-9.2.1.tar.bz2
-export PYTHON_SHA256SUM := 063d2c3b0402d6191b90731e0f735c64830e7522348aeb7ed382a83165d45009
-export PYTHON_TARBALL := Python-3.5.5.tar.xz
+export PYTHON_SHA256SUM := 6ed87a8b6c758cc3299a8b433e8a9a9122054ad5bc8aad43299cff3a53d8ca44
+export PYTHON_TARBALL := Python-3.5.4.tgz
export QXP_SHA256SUM := 8c257f6184ff94aefa7c9fa1cfae82083d55a49247266905c71c53e013f95c73
export QXP_TARBALL := libqxp-0.0.1.tar.xz
export RAPTOR_SHA256SUM := ada7f0ba54787b33485d090d3d2680533520cd4426d2f7fb4782dd4a6a1480ed
More information about the Libreoffice-commits
mailing list