rpms / python2.7

Clone
Source Code
GIT

#2 Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907)
Merged 3 years ago by churchyard. Opened 3 years ago by pviktori.
rpms/ pviktori/python2.7 cve-2019-20907  into  master

file added
+70 
@@ -0,0 +1,70 @@ 
 

+ From cdee96242ad45e32a2caa46ffb91f0ad57766fc5 Mon Sep 17 00:00:00 2001
 

+ From: Rishi <rishi_devan@mail.com>
 

+ Date: Wed, 15 Jul 2020 13:51:00 +0200
 

+ Subject: [PATCH] 00351-cve-2019-20907-fix-infinite-loop-in-tarfile.patch
 

+ 

+ 00351 #
 

+ Avoid infinite loop when reading specially crafted TAR files using the tarfile module
 

+ (CVE-2019-20907).
 

+ See: https://bugs.python.org/issue39017
 

+ ---
 

+  Lib/tarfile.py                                    |   2 ++
 

+  Lib/test/recursion.tar                            | Bin 0 -> 516 bytes
 

+  Lib/test/test_tarfile.py                          |   7 +++++++
 

+  .../2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst      |   1 +
 

+  4 files changed, 10 insertions(+)
 

+  create mode 100644 Lib/test/recursion.tar
 

+  create mode 100644 Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst
 

+ 

+ diff --git a/Lib/tarfile.py b/Lib/tarfile.py
 

+ index adf91d5382..574a6bb279 100644
 

+ --- a/Lib/tarfile.py
 

+ +++ b/Lib/tarfile.py
 

+ @@ -1400,6 +1400,8 @@ class TarInfo(object):
 

+  

+              length, keyword = match.groups()
 

+              length = int(length)
 

+ +            if length == 0:
 

+ +                raise InvalidHeaderError("invalid header")
 

+              value = buf[match.end(2) + 1:match.start(1) + length - 1]
 

+  

+              keyword = keyword.decode("utf8")
 

+ diff --git a/Lib/test/recursion.tar b/Lib/test/recursion.tar
 

+ new file mode 100644
 

+ index 0000000000000000000000000000000000000000..b8237251964983f54ed1966297e887636cd0c5f4
 

+ GIT binary patch
 

+ literal 516
 

+ zcmYdFPRz+kEn=W0Fn}74P8%Xw3X=l~85kIuo0>8xq$A1Gm}!7)KUsFc41m#O8A5+e
 

+ I1_}|j06>QaCIA2c
 

+ 

+ literal 0
 

+ HcmV?d00001
 

+ 

+ diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py
 

+ index 89bd738aea..45921562f5 100644
 

+ --- a/Lib/test/test_tarfile.py
 

+ +++ b/Lib/test/test_tarfile.py
 

+ @@ -325,6 +325,13 @@ class CommonReadTest(ReadTest):
 

+  class MiscReadTest(CommonReadTest):
 

+      taropen = tarfile.TarFile.taropen
 

+  

+ +    def test_length_zero_header(self):
 

+ +        # bpo-39017 (CVE-2019-20907): reading a zero-length header should fail
 

+ +        # with an exception
 

+ +        with self.assertRaisesRegexp(tarfile.ReadError, "file could not be opened successfully"):
 

+ +            with tarfile.open(support.findfile('recursion.tar')) as tar:
 

+ +                pass
 

+ +
 

+      def test_no_name_argument(self):
 

+          with open(self.tarname, "rb") as fobj:
 

+              tar = tarfile.open(fileobj=fobj, mode=self.mode)
 

+ diff --git a/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst b/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst
 

+ new file mode 100644
 

+ index 0000000000..ad26676f8b
 

+ --- /dev/null
 

+ +++ b/Misc/NEWS.d/next/Library/2020-07-12-22-16-58.bpo-39017.x3Cg-9.rst
 

+ @@ -0,0 +1 @@
 

+ +Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907).
 

+ -- 

+ 2.26.2
 

+

file modified
+15 -1 
@@ -57,7 +57,7 @@ 
 

  #global prerel ...
 

  %global upstream_version %{general_version}%{?prerel}
 

  Version: %{general_version}%{?prerel:~%{prerel}}
 

- Release: 2%{?dist}
 

+ Release: 3%{?dist}
 

  %if %{with rpmwheels}
 

  License: Python
 

  %else
 
@@ -150,6 +150,7 @@ 
 

  BuildRequires: tk-devel
 

  BuildRequires: zlib-devel
 

  BuildRequires: gnupg2
 

+ BuildRequires: git-core
 

  

  %if %{with_gdbm}
 

  # ABI change without soname bump, reverted
 
@@ -728,6 +729,12 @@ 
 

  # (we handle it it in Setup.dist, see Patch0)
 

  Patch289: 00289-disable-nis-detection.patch
 

  

+ # 00351 #
 

+ # Avoid infinite loop when reading specially crafted TAR files using the tarfile module
 

+ # (CVE-2019-20907).
 

+ # See: https://bugs.python.org/issue39017
 

+ Patch351: 00351-cve-2019-20907-fix-infinite-loop-in-tarfile.patch
 

+ 

  # (New patches go here ^^^)
 

  #
 

  # When adding new patches to "python2" and "python3" in Fedora, EL, etc.,
 
@@ -881,6 +888,9 @@ 
 

  %patch193 -p1
 

  %patch289 -p1
 

  

+ # Patch 351 adds binary file for testing. We need to apply it using Git.
 

+ git apply %{PATCH351}
 

+ 

  # This shouldn't be necesarry, but is right now (2.2a3)
 

  find -name "*~" |xargs rm -f
 

  
@@ -1554,6 +1564,10 @@ 
 

  # ======================================================
 

  

  %changelog
 

+ * Wed Jul 15 2020 Petr Viktorin <pviktori@redhat.com> - 2.7.18-3
 

+ - Avoid infinite loop when reading specially crafted TAR files (CVE-2019-20907)
 

+   Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1856481
 

+ 

  * Thu May 07 2020 Miro Hrončok <mhroncok@redhat.com> - 2.7.18-2
 

  - Rename from python27 to python2.7

no initial comment

Build failed.

The backport looks reasonable. I also trust the test, so if it passes, will see the build log to verify it actually run.

rebased onto f2a32e0
3 years ago

Build succeeded.

The diff looks good to me and the test passes test_length_zero_header (test.test_tarfile.MiscReadTest) ... ok.

Pull-Request has been merged by churchyard
3 years ago
Changes Summary 2
+70
file added
00351-cve-2019-20907-fix-infinite-loop-in-tarfile.patch
+15 -1
file changed
python2.7.spec
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.