python3: Security fix CVE-2016-5636

Affects python3 < 3.5.1 Base Score (4.4) Medium (From OE-Core rev: a7cbd6805febadaad60d1e05899e10e9a8a36c26) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-02-06 08:48:45 +01:00 · 2016-07-16 16:04:15 -07:00
parent 81106cd333
commit d1fdd0ad55
2 changed files with 45 additions and 0 deletions
--- a/meta/recipes-devtools/python/python3/CVE-2016-5636.patch
+++ b/meta/recipes-devtools/python/python3/CVE-2016-5636.patch
@@ -0,0 +1,44 @@
+
+# HG changeset patch
+# User Benjamin Peterson <benjamin@python.org>
+# Date 1453357506 28800
+# Node ID 10dad6da1b28ea4af78ad9529e469fdbf4ebbc8f
+# Parent  a3ac2cd93db9d5336dfd7b5b27efde2c568d8794# Parent  01ddd608b85c85952537d95a43bbabf4fb655057
+merge 3.4 (#26171)
+
+Upstream-Status: Backport
+CVE: CVE-2016-5636
+
+https://hg.python.org/cpython/raw-rev/10dad6da1b28
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: Python-3.5.1/Misc/NEWS
+===================================================================
+--- Python-3.5.1.orig/Misc/NEWS
+++ Python-3.5.1/Misc/NEWS
+@@ -91,6 +91,9 @@ Core and Builtins
+   Python.h header to fix a compilation error with OpenMP. PyThreadState_GET()
+   becomes an alias to PyThreadState_Get() to avoid ABI incompatibilies.
+ 
+- Issue #26171: Fix possible integer overflow and heap corruption in
+  zipimporter.get_data().
+
+ Library
+ -------
+ 
+Index: Python-3.5.1/Modules/zipimport.c
+===================================================================
+--- Python-3.5.1.orig/Modules/zipimport.c
+++ Python-3.5.1/Modules/zipimport.c
+@@ -1112,6 +1112,11 @@ get_data(PyObject *archive, PyObject *to
+     }
+     file_offset += l;           /* Start of file data */
+ 
+    if (data_size > LONG_MAX - 1) {
+        fclose(fp);
+        PyErr_NoMemory();
+        return NULL;
+    }
+     bytes_size = compress == 0 ? data_size : data_size + 1;
+     if (bytes_size == 0)
+         bytes_size++;