python27: add backported security fix for CVE-2022-45061
This commit is contained in:
parent
d2340297f7
commit
3adb59e442
4 changed files with 73 additions and 3 deletions
|
@ -1,9 +1,9 @@
|
|||
# $NetBSD: Makefile,v 1.104 2022/08/11 01:32:50 gutteridge Exp $
|
||||
# $NetBSD: Makefile,v 1.105 2023/01/08 00:54:29 gutteridge Exp $
|
||||
|
||||
.include "dist.mk"
|
||||
|
||||
PKGNAME= python27-${PY_DISTVERSION}
|
||||
PKGREVISION= 9
|
||||
PKGREVISION= 10
|
||||
CATEGORIES= lang python
|
||||
|
||||
MAINTAINER= pkgsrc-users@NetBSD.org
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
$NetBSD: distinfo,v 1.91 2022/08/11 01:32:50 gutteridge Exp $
|
||||
$NetBSD: distinfo,v 1.92 2023/01/08 00:54:29 gutteridge Exp $
|
||||
|
||||
BLAKE2s (Python-2.7.18.tar.xz) = 1b673ec8c9362a178e044691392bc4f67ad13457d7fddd84a88de346f23f9812
|
||||
SHA512 (Python-2.7.18.tar.xz) = a7bb62b51f48ff0b6df0b18f5b0312a523e3110f49c3237936bfe56ed0e26838c0274ff5401bda6fc21bf24337477ccac49e8026c5d651e4b4cafb5eb5086f6c
|
||||
|
@ -20,6 +20,7 @@ SHA1 (patch-Lib_distutils_command_install__egg__info.py) = ec7f9e0cd04489b1f6497
|
|||
SHA1 (patch-Lib_distutils_tests_test__build__ext.py) = 6b3c8c8d1d351836b239c049d34d132953bd4786
|
||||
SHA1 (patch-Lib_distutils_unixccompiler.py) = 4e2425ae15d9f0383f83779e77d8b6ebce374967
|
||||
SHA1 (patch-Lib_distutils_util.py) = 5bcfad96f8e490351160f1a7c1f4ece7706a33fa
|
||||
SHA1 (patch-Lib_encodings_idna.py) = 47436d4c45599556f4861d062ce398702fc63325
|
||||
SHA1 (patch-Lib_ftplib.py) = 6679c4ea109dcb5d56d86a55343954e0368b9138
|
||||
SHA1 (patch-Lib_httplib.py) = b8eeaa203e2a86ece94148d192b2a7e0c078602a
|
||||
SHA1 (patch-Lib_lib2to3_pgen2_driver.py) = 5d6dab14197f27363394ff1aeee22a8ced8026d2
|
||||
|
@ -31,6 +32,7 @@ SHA1 (patch-Lib_tarfile.py) = df00aa1941367c42dcbbed4b6658b724a22ddcde
|
|||
SHA1 (patch-Lib_test_mailcap.txt) = 80923517cb616f7de97df11ee8632465cce8d10c
|
||||
SHA1 (patch-Lib_test_multibytecodec__support.py) = a18c40e8009f1a8f63e15196d3e751d7dccf8367
|
||||
SHA1 (patch-Lib_test_test__cgi.py) = 724355e8d2195f8a4b76d7ea61133e9b14fa3a68
|
||||
SHA1 (patch-Lib_test_test__codecs.py) = 825b5e5d57ffcb97542fc6eef149ac74c950f711
|
||||
SHA1 (patch-Lib_test_test__ftplib.py) = 4b22c8a963ccf6f60ca49be003bf026e1b0b632d
|
||||
SHA1 (patch-Lib_test_test__httplib.py) = f7cfa5501a63eaca539bfa53d38cf931f3a6c3ac
|
||||
SHA1 (patch-Lib_test_test__mailcap.py) = 6b869c9e9d9ef097d6fc4aef967e7b7bca3bd41c
|
||||
|
|
47
lang/python27/patches/patch-Lib_encodings_idna.py
Normal file
47
lang/python27/patches/patch-Lib_encodings_idna.py
Normal file
|
@ -0,0 +1,47 @@
|
|||
$NetBSD: patch-Lib_encodings_idna.py,v 1.1 2023/01/08 00:54:29 gutteridge Exp $
|
||||
|
||||
Security fix for CVE-2022-45061: CPU denial of service via inefficient IDNA decoder
|
||||
Via Fedora:
|
||||
https://src.fedoraproject.org/rpms/python2.7/raw/64f3700b7679f9f8a385d99e3862a758b14e1d28/f/00394-cve-2022-45061-cpu-denial-of-service-via-inefficient-idna-decoder.patch
|
||||
|
||||
--- Lib/encodings/idna.py.orig 2020-04-19 21:13:39.000000000 +0000
|
||||
+++ Lib/encodings/idna.py
|
||||
@@ -39,23 +39,21 @@ def nameprep(label):
|
||||
|
||||
# Check bidi
|
||||
RandAL = map(stringprep.in_table_d1, label)
|
||||
- for c in RandAL:
|
||||
- if c:
|
||||
- # There is a RandAL char in the string. Must perform further
|
||||
- # tests:
|
||||
- # 1) The characters in section 5.8 MUST be prohibited.
|
||||
- # This is table C.8, which was already checked
|
||||
- # 2) If a string contains any RandALCat character, the string
|
||||
- # MUST NOT contain any LCat character.
|
||||
- if filter(stringprep.in_table_d2, label):
|
||||
- raise UnicodeError("Violation of BIDI requirement 2")
|
||||
-
|
||||
- # 3) If a string contains any RandALCat character, a
|
||||
- # RandALCat character MUST be the first character of the
|
||||
- # string, and a RandALCat character MUST be the last
|
||||
- # character of the string.
|
||||
- if not RandAL[0] or not RandAL[-1]:
|
||||
- raise UnicodeError("Violation of BIDI requirement 3")
|
||||
+ if any(RandAL):
|
||||
+ # There is a RandAL char in the string. Must perform further
|
||||
+ # tests:
|
||||
+ # 1) The characters in section 5.8 MUST be prohibited.
|
||||
+ # This is table C.8, which was already checked
|
||||
+ # 2) If a string contains any RandALCat character, the string
|
||||
+ # MUST NOT contain any LCat character.
|
||||
+ if any(stringprep.in_table_d2(x) for x in label):
|
||||
+ raise UnicodeError("Violation of BIDI requirement 2")
|
||||
+ # 3) If a string contains any RandALCat character, a
|
||||
+ # RandALCat character MUST be the first character of the
|
||||
+ # string, and a RandALCat character MUST be the last
|
||||
+ # character of the string.
|
||||
+ if not RandAL[0] or not RandAL[-1]:
|
||||
+ raise UnicodeError("Violation of BIDI requirement 3")
|
||||
|
||||
return label
|
||||
|
21
lang/python27/patches/patch-Lib_test_test__codecs.py
Normal file
21
lang/python27/patches/patch-Lib_test_test__codecs.py
Normal file
|
@ -0,0 +1,21 @@
|
|||
$NetBSD: patch-Lib_test_test__codecs.py,v 1.1 2023/01/08 00:54:29 gutteridge Exp $
|
||||
|
||||
Security fix for CVE-2022-45061: CPU denial of service via inefficient IDNA decoder
|
||||
Via Fedora:
|
||||
https://src.fedoraproject.org/rpms/python2.7/raw/64f3700b7679f9f8a385d99e3862a758b14e1d28/f/00394-cve-2022-45061-cpu-denial-of-service-via-inefficient-idna-decoder.patch
|
||||
|
||||
--- Lib/test/test_codecs.py.orig 2020-04-19 21:13:39.000000000 +0000
|
||||
+++ Lib/test/test_codecs.py
|
||||
@@ -1318,6 +1318,12 @@ class IDNACodecTest(unittest.TestCase):
|
||||
self.assertEqual(u"pyth\xf6n.org".encode("idna"), "xn--pythn-mua.org")
|
||||
self.assertEqual(u"pyth\xf6n.org.".encode("idna"), "xn--pythn-mua.org.")
|
||||
|
||||
+ def test_builtin_decode_length_limit(self):
|
||||
+ with self.assertRaisesRegexp(UnicodeError, "too long"):
|
||||
+ (b"xn--016c"+b"a"*1100).decode("idna")
|
||||
+ with self.assertRaisesRegexp(UnicodeError, "too long"):
|
||||
+ (b"xn--016c"+b"a"*70).decode("idna")
|
||||
+
|
||||
def test_stream(self):
|
||||
import StringIO
|
||||
r = codecs.getreader("idna")(StringIO.StringIO("abc"))
|
Loading…
Reference in a new issue