diff --git a/00286-pystring-decodeescape-integer-overflow.patch b/00286-pystring-decodeescape-integer-overflow.patch new file mode 100644 index 0000000..8c22f3c --- /dev/null +++ b/00286-pystring-decodeescape-integer-overflow.patch @@ -0,0 +1,25 @@ +From c3c9db89273fabc62ea1b48389d9a3000c1c03ae Mon Sep 17 00:00:00 2001 +From: Jay Bosamiya +Date: Sun, 18 Jun 2017 22:11:03 +0530 +Subject: [PATCH] [2.7] bpo-30657: Check & prevent integer overflow in + PyString_DecodeEscape (#2174) + +diff --git a/Objects/bytesobject.c b/Objects/bytesobject.c +index 77dd45e..9b29dc3 100644 +--- a/Objects/bytesobject.c ++++ b/Objects/bytesobject.c +@@ -970,7 +970,13 @@ PyObject *PyBytes_DecodeEscape(const char *s, + char *p, *buf; + const char *end; + PyObject *v; +- Py_ssize_t newlen = recode_encoding ? 4*len:len; ++ Py_ssize_t newlen; ++ /* Check for integer overflow */ ++ if (recode_encoding && (len > PY_SSIZE_T_MAX / 4)) { ++ PyErr_SetString(PyExc_OverflowError, "string is too large"); ++ return NULL; ++ } ++ newlen = recode_encoding ? 4*len:len; + v = PyBytes_FromStringAndSize((char *)NULL, newlen); + if (v == NULL) + return NULL; diff --git a/python34.spec b/python34.spec index 717ab99..e2e0233 100644 --- a/python34.spec +++ b/python34.spec @@ -126,7 +126,7 @@ Summary: Version 3.4 of the Python programming language Name: python%{pyshortver} Version: %{pybasever}.7 -Release: 1%{?dist} +Release: 2%{?dist} License: Python Group: Development/Languages @@ -500,6 +500,12 @@ Patch250: 00250-getentropy.patch # See https://bugzilla.redhat.com/show_bug.cgi?id=1484497 Patch273: 00273-skip-float-test.patch +# 00286 # +# CVE-2017-1000158 +# Check & prevent integer overflow in PyString_DecodeEscape +# Fixed upstream: https://bugs.python.org/issue30657 +Patch286: 00286-pystring-decodeescape-integer-overflow.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora 17 onwards, @@ -653,6 +659,7 @@ done %patch203 -p1 %patch250 -p1 %patch273 -p1 +%patch286 -p1 # Currently (2010-01-15), http://docs.python.org/library is for 2.6, and there # are many differences between 2.6 and the Python 3 library. @@ -1207,6 +1214,10 @@ CheckPython optimized # ====================================================== %changelog +* Fri Dec 08 2017 Miro HronĨok - 3.4.7-2 +- Fix for CVE-2017-1000158 +- rhbz#1519601: https://bugzilla.redhat.com/show_bug.cgi?id=1519601 + * Thu Nov 02 2017 Charalampos Stratakis - 3.4.7-1 - Update to 3.4.7