pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2022Q4] pkgsrc/lang/python27
Module Name: pkgsrc
Committed By: bsiegert
Date: Fri Jan 13 19:54:39 UTC 2023
Modified Files:
pkgsrc/lang/python27 [pkgsrc-2022Q4]: Makefile distinfo
Added Files:
pkgsrc/lang/python27/patches [pkgsrc-2022Q4]:
patch-Lib_encodings_idna.py patch-Lib_test_test__codecs.py
Log Message:
Pullup ticket #6720 - requested by gutteridge
lang/python27: security fix
Revisions pulled up:
- lang/python27/Makefile 1.105
- lang/python27/distinfo 1.92
- lang/python27/patches/patch-Lib_encodings_idna.py 1.1
- lang/python27/patches/patch-Lib_test_test__codecs.py 1.1
---
Module Name: pkgsrc
Committed By: gutteridge
Date: Sun Jan 8 00:54:30 UTC 2023
Modified Files:
pkgsrc/lang/python27: Makefile distinfo
Added Files:
pkgsrc/lang/python27/patches: patch-Lib_encodings_idna.py
patch-Lib_test_test__codecs.py
Log Message:
python27: add backported security fix for CVE-2022-45061
To generate a diff of this commit:
cvs rdiff -u -r1.104 -r1.104.4.1 pkgsrc/lang/python27/Makefile
cvs rdiff -u -r1.91 -r1.91.4.1 pkgsrc/lang/python27/distinfo
cvs rdiff -u -r0 -r1.1.2.2 \
pkgsrc/lang/python27/patches/patch-Lib_encodings_idna.py \
pkgsrc/lang/python27/patches/patch-Lib_test_test__codecs.py
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/lang/python27/Makefile
diff -u pkgsrc/lang/python27/Makefile:1.104 pkgsrc/lang/python27/Makefile:1.104.4.1
--- pkgsrc/lang/python27/Makefile:1.104 Thu Aug 11 01:32:50 2022
+++ pkgsrc/lang/python27/Makefile Fri Jan 13 19:54:39 2023
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.104 2022/08/11 01:32:50 gutteridge Exp $
+# $NetBSD: Makefile,v 1.104.4.1 2023/01/13 19:54:39 bsiegert Exp $
.include "dist.mk"
PKGNAME= python27-${PY_DISTVERSION}
-PKGREVISION= 9
+PKGREVISION= 10
CATEGORIES= lang python
MAINTAINER= pkgsrc-users%NetBSD.org@localhost
Index: pkgsrc/lang/python27/distinfo
diff -u pkgsrc/lang/python27/distinfo:1.91 pkgsrc/lang/python27/distinfo:1.91.4.1
--- pkgsrc/lang/python27/distinfo:1.91 Thu Aug 11 01:32:50 2022
+++ pkgsrc/lang/python27/distinfo Fri Jan 13 19:54:39 2023
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.91 2022/08/11 01:32:50 gutteridge Exp $
+$NetBSD: distinfo,v 1.91.4.1 2023/01/13 19:54:39 bsiegert Exp $
BLAKE2s (Python-2.7.18.tar.xz) = 1b673ec8c9362a178e044691392bc4f67ad13457d7fddd84a88de346f23f9812
SHA512 (Python-2.7.18.tar.xz) = a7bb62b51f48ff0b6df0b18f5b0312a523e3110f49c3237936bfe56ed0e26838c0274ff5401bda6fc21bf24337477ccac49e8026c5d651e4b4cafb5eb5086f6c
@@ -20,6 +20,7 @@ SHA1 (patch-Lib_distutils_command_instal
SHA1 (patch-Lib_distutils_tests_test__build__ext.py) = 6b3c8c8d1d351836b239c049d34d132953bd4786
SHA1 (patch-Lib_distutils_unixccompiler.py) = 4e2425ae15d9f0383f83779e77d8b6ebce374967
SHA1 (patch-Lib_distutils_util.py) = 5bcfad96f8e490351160f1a7c1f4ece7706a33fa
+SHA1 (patch-Lib_encodings_idna.py) = 47436d4c45599556f4861d062ce398702fc63325
SHA1 (patch-Lib_ftplib.py) = 6679c4ea109dcb5d56d86a55343954e0368b9138
SHA1 (patch-Lib_httplib.py) = b8eeaa203e2a86ece94148d192b2a7e0c078602a
SHA1 (patch-Lib_lib2to3_pgen2_driver.py) = 5d6dab14197f27363394ff1aeee22a8ced8026d2
@@ -31,6 +32,7 @@ SHA1 (patch-Lib_tarfile.py) = df00aa1941
SHA1 (patch-Lib_test_mailcap.txt) = 80923517cb616f7de97df11ee8632465cce8d10c
SHA1 (patch-Lib_test_multibytecodec__support.py) = a18c40e8009f1a8f63e15196d3e751d7dccf8367
SHA1 (patch-Lib_test_test__cgi.py) = 724355e8d2195f8a4b76d7ea61133e9b14fa3a68
+SHA1 (patch-Lib_test_test__codecs.py) = 825b5e5d57ffcb97542fc6eef149ac74c950f711
SHA1 (patch-Lib_test_test__ftplib.py) = 4b22c8a963ccf6f60ca49be003bf026e1b0b632d
SHA1 (patch-Lib_test_test__httplib.py) = f7cfa5501a63eaca539bfa53d38cf931f3a6c3ac
SHA1 (patch-Lib_test_test__mailcap.py) = 6b869c9e9d9ef097d6fc4aef967e7b7bca3bd41c
Added files:
Index: pkgsrc/lang/python27/patches/patch-Lib_encodings_idna.py
diff -u /dev/null pkgsrc/lang/python27/patches/patch-Lib_encodings_idna.py:1.1.2.2
--- /dev/null Fri Jan 13 19:54:40 2023
+++ pkgsrc/lang/python27/patches/patch-Lib_encodings_idna.py Fri Jan 13 19:54:39 2023
@@ -0,0 +1,47 @@
+$NetBSD: patch-Lib_encodings_idna.py,v 1.1.2.2 2023/01/13 19:54:39 bsiegert Exp $
+
+Security fix for CVE-2022-45061: CPU denial of service via inefficient IDNA decoder
+Via Fedora:
+https://src.fedoraproject.org/rpms/python2.7/raw/64f3700b7679f9f8a385d99e3862a758b14e1d28/f/00394-cve-2022-45061-cpu-denial-of-service-via-inefficient-idna-decoder.patch
+
+--- Lib/encodings/idna.py.orig 2020-04-19 21:13:39.000000000 +0000
++++ Lib/encodings/idna.py
+@@ -39,23 +39,21 @@ def nameprep(label):
+
+ # Check bidi
+ RandAL = map(stringprep.in_table_d1, label)
+- for c in RandAL:
+- if c:
+- # There is a RandAL char in the string. Must perform further
+- # tests:
+- # 1) The characters in section 5.8 MUST be prohibited.
+- # This is table C.8, which was already checked
+- # 2) If a string contains any RandALCat character, the string
+- # MUST NOT contain any LCat character.
+- if filter(stringprep.in_table_d2, label):
+- raise UnicodeError("Violation of BIDI requirement 2")
+-
+- # 3) If a string contains any RandALCat character, a
+- # RandALCat character MUST be the first character of the
+- # string, and a RandALCat character MUST be the last
+- # character of the string.
+- if not RandAL[0] or not RandAL[-1]:
+- raise UnicodeError("Violation of BIDI requirement 3")
++ if any(RandAL):
++ # There is a RandAL char in the string. Must perform further
++ # tests:
++ # 1) The characters in section 5.8 MUST be prohibited.
++ # This is table C.8, which was already checked
++ # 2) If a string contains any RandALCat character, the string
++ # MUST NOT contain any LCat character.
++ if any(stringprep.in_table_d2(x) for x in label):
++ raise UnicodeError("Violation of BIDI requirement 2")
++ # 3) If a string contains any RandALCat character, a
++ # RandALCat character MUST be the first character of the
++ # string, and a RandALCat character MUST be the last
++ # character of the string.
++ if not RandAL[0] or not RandAL[-1]:
++ raise UnicodeError("Violation of BIDI requirement 3")
+
+ return label
+
Index: pkgsrc/lang/python27/patches/patch-Lib_test_test__codecs.py
diff -u /dev/null pkgsrc/lang/python27/patches/patch-Lib_test_test__codecs.py:1.1.2.2
--- /dev/null Fri Jan 13 19:54:40 2023
+++ pkgsrc/lang/python27/patches/patch-Lib_test_test__codecs.py Fri Jan 13 19:54:39 2023
@@ -0,0 +1,21 @@
+$NetBSD: patch-Lib_test_test__codecs.py,v 1.1.2.2 2023/01/13 19:54:39 bsiegert Exp $
+
+Security fix for CVE-2022-45061: CPU denial of service via inefficient IDNA decoder
+Via Fedora:
+https://src.fedoraproject.org/rpms/python2.7/raw/64f3700b7679f9f8a385d99e3862a758b14e1d28/f/00394-cve-2022-45061-cpu-denial-of-service-via-inefficient-idna-decoder.patch
+
+--- Lib/test/test_codecs.py.orig 2020-04-19 21:13:39.000000000 +0000
++++ Lib/test/test_codecs.py
+@@ -1318,6 +1318,12 @@ class IDNACodecTest(unittest.TestCase):
+ self.assertEqual(u"pyth\xf6n.org".encode("idna"), "xn--pythn-mua.org")
+ self.assertEqual(u"pyth\xf6n.org.".encode("idna"), "xn--pythn-mua.org.")
+
++ def test_builtin_decode_length_limit(self):
++ with self.assertRaisesRegexp(UnicodeError, "too long"):
++ (b"xn--016c"+b"a"*1100).decode("idna")
++ with self.assertRaisesRegexp(UnicodeError, "too long"):
++ (b"xn--016c"+b"a"*70).decode("idna")
++
+ def test_stream(self):
+ import StringIO
+ r = codecs.getreader("idna")(StringIO.StringIO("abc"))
Home |
Main Index |
Thread Index |
Old Index