From 7abeb8f0bc0eb394972a8420637f7bbee6dfebb2 Mon Sep 17 00:00:00 2001 From: Christian Buschau Date: Tue, 29 Jan 2019 05:32:47 +0100 Subject: [PATCH] python: fix CVE-2019-5010 --- srcpkgs/python/patches/CVE-2019-5010.patch | 33 ++++++++++++++++++++++ srcpkgs/python/template | 2 +- 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 srcpkgs/python/patches/CVE-2019-5010.patch diff --git a/srcpkgs/python/patches/CVE-2019-5010.patch b/srcpkgs/python/patches/CVE-2019-5010.patch new file mode 100644 index 00000000000..aabdc01a45e --- /dev/null +++ b/srcpkgs/python/patches/CVE-2019-5010.patch @@ -0,0 +1,33 @@ +commit 06b15424b0dcacb1c551b2a36e739fffa8d0c595 +Author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> +Date: Tue Jan 15 15:11:52 2019 -0800 + + bpo-35746: Fix segfault in ssl's cert parser (GH-11569) + + + Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL + distribution points with empty DP or URI correctly. A malicious or buggy + certificate can result into segfault. + + Signed-off-by: Christian Heimes + + https://bugs.python.org/issue35746 + (cherry picked from commit a37f52436f9aa4b9292878b72f3ff1480e2606c3) + + Co-authored-by: Christian Heimes + +diff --git Modules/_ssl.c Modules/_ssl.c +index a96c419260..19bb1207b4 100644 +--- Modules/_ssl.c ++++ Modules/_ssl.c +@@ -1223,6 +1223,10 @@ _get_crl_dp(X509 *certificate) { + STACK_OF(GENERAL_NAME) *gns; + + dp = sk_DIST_POINT_value(dps, i); ++ if (dp->distpoint == NULL) { ++ /* Ignore empty DP value, CVE-2019-5010 */ ++ continue; ++ } + gns = dp->distpoint->name.fullname; + + for (j=0; j < sk_GENERAL_NAME_num(gns); j++) { diff --git a/srcpkgs/python/template b/srcpkgs/python/template index d43aee5e20f..bdc0f2cf1fc 100644 --- a/srcpkgs/python/template +++ b/srcpkgs/python/template @@ -4,7 +4,7 @@ # pkgname=python version=2.7.15 -revision=4 +revision=5 wrksrc="Python-${version}" hostmakedepends="pkg-config" makedepends="libffi-devel readline-devel gdbm-devel libressl-devel expat-devel