#19 Security fix for CVE-2018-14647 (#1631822)
Merged 5 years ago by churchyard. Opened 5 years ago by churchyard.
rpms/ churchyard/python34 310  into  master

@@ -0,0 +1,85 @@ 

+ From d24304f014c2207365f691e60c868e0877ab5aa9 Mon Sep 17 00:00:00 2001

+ From: "Miss Islington (bot)"

+  <31488909+miss-islington@users.noreply.github.com>

+ Date: Tue, 18 Sep 2018 06:14:13 -0700

+ Subject: [PATCH 1/2] bpo-34623: Use XML_SetHashSalt in _elementtree (GH-9146)

+ 

+ The C accelerated _elementtree module now initializes hash randomization

+ salt from _Py_HashSecret instead of libexpat's default CPRNG.

+ 

+ Signed-off-by: Christian Heimes <christian@python.org>

+ 

+ https://bugs.python.org/issue34623

+ (cherry picked from commit cb5778f00ce48631c7140f33ba242496aaf7102b)

+ 

+ Co-authored-by: Christian Heimes <christian@python.org>

+ ---

+  Include/pyexpat.h                                            | 4 +++-

+  .../next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst   | 2 ++

+  Modules/_elementtree.c                                       | 5 +++++

+  Modules/pyexpat.c                                            | 5 +++++

+  4 files changed, 15 insertions(+), 1 deletion(-)

+  create mode 100644 Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst

+ 

+ diff --git a/Include/pyexpat.h b/Include/pyexpat.h

+ index 44259bf6d716..07020b5dc964 100644

+ --- a/Include/pyexpat.h

+ +++ b/Include/pyexpat.h

+ @@ -3,7 +3,7 @@

+  

+  /* note: you must import expat.h before importing this module! */

+  

+ -#define PyExpat_CAPI_MAGIC  "pyexpat.expat_CAPI 1.0"

+ +#define PyExpat_CAPI_MAGIC  "pyexpat.expat_CAPI 1.1"

+  #define PyExpat_CAPSULE_NAME "pyexpat.expat_CAPI"

+  

+  struct PyExpat_CAPI

+ @@ -48,6 +48,8 @@ struct PyExpat_CAPI

+      enum XML_Status (*SetEncoding)(XML_Parser parser, const XML_Char *encoding);

+      int (*DefaultUnknownEncodingHandler)(

+          void *encodingHandlerData, const XML_Char *name, XML_Encoding *info);

+ +    /* might be none for expat < 2.1.0 */

+ +    int (*SetHashSalt)(XML_Parser parser, unsigned long hash_salt);

+      /* always add new stuff to the end! */

+  };

+  

+ diff --git a/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst b/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst

+ new file mode 100644

+ index 000000000000..31ad92ef8582

+ --- /dev/null

+ +++ b/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst

+ @@ -0,0 +1,2 @@

+ +The C accelerated _elementtree module now initializes hash randomization

+ +salt from _Py_HashSecret instead of libexpat's default CSPRNG.

+ diff --git a/Modules/_elementtree.c b/Modules/_elementtree.c

+ index cf819e896c3e..cb6db7707bb6 100644

+ --- a/Modules/_elementtree.c

+ +++ b/Modules/_elementtree.c

+ @@ -3259,6 +3259,11 @@ xmlparser_init(PyObject *self, PyObject *args, PyObject *kwds)

+          PyErr_NoMemory();

+          return -1;

+      }

+ +    /* expat < 2.1.0 has no XML_SetHashSalt() */

+ +    if (EXPAT(SetHashSalt) != NULL) {

+ +        EXPAT(SetHashSalt)(self_xp->parser,

+ +                           (unsigned long)_Py_HashSecret.expat.hashsalt);

+ +    }

+  

+      if (target) {

+          Py_INCREF(target);

+ diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c

+ index 53d34459d152..824c49ba1efa 100644

+ --- a/Modules/pyexpat.c

+ +++ b/Modules/pyexpat.c

+ @@ -1857,6 +1857,11 @@ MODULE_INITFUNC(void)

+      capi.SetStartDoctypeDeclHandler = XML_SetStartDoctypeDeclHandler;

+      capi.SetEncoding = XML_SetEncoding;

+      capi.DefaultUnknownEncodingHandler = PyUnknownEncodingHandler;

+ +#if XML_COMBINED_VERSION >= 20100

+ +    capi.SetHashSalt = XML_SetHashSalt;

+ +#else

+ +    capi.SetHashSalt = NULL;

+ +#endif

+  

+      /* export using capsule */

+      capi_object = PyCapsule_New(&capi, PyExpat_CAPSULE_NAME, NULL);

file modified
+12 -1
@@ -110,7 +110,7 @@ 

  Summary: Version 3.4 of the Python programming language

  Name: python%{pyshortver}

  Version: %{pybasever}.9

- Release: 3%{?dist}

+ Release: 4%{?dist}

  License: Python

  Group: Development/Languages

  
@@ -504,6 +504,13 @@ 

  # and: https://bugs.python.org/issue33329

  Patch302: 00302-fix-multiprocessing-regression-on-newer-glibcs.patch

  

+ # 00310 #

+ # CVE-2018-14647

+ # Use XML_SetHashSalt in _elementtree

+ # rhbz#1631822

+ # Fixed upstream https://bugs.python.org/issue34623

+ Patch310: 00310-use-xml-sethashsalt-in-elementtree.patch

+ 

  # (New patches go here ^^^)

  #

  # When adding new patches to "python" and "python3" in Fedora 17 onwards,
@@ -668,6 +675,7 @@ 

  %patch273 -p1

  %patch290 -p1

  %patch302 -p1

+ %patch310 -p1

  

  # Currently (2010-01-15), http://docs.python.org/library is for 2.6, and there

  # are many differences between 2.6 and the Python 3 library.
@@ -1206,6 +1214,9 @@ 

  # ======================================================

  

  %changelog

+ * Mon Sep 24 2018 Miro Hrončok <mhroncok@redhat.com> - 3.4.9-4

+ - Security fix for CVE-2018-14647 (#1631822)

+ 

  * Tue Aug 21 2018 Miro Hrončok <mhroncok@redhat.com> - 3.4.9-3

  - Use RPM built wheels of pip and setuptools in ensurepip instead of bundled ones

  

no initial comment

The test_xml_etree_c fails here. cc @cheimes

======================================================================
ERROR: test_del_attribute (test.test_xml_etree_c.MiscTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/builddir/build/BUILD/Python-3.4.9/Lib/test/test_xml_etree_c.py", line 26, in test_del_attribute
    element = cET.Element('tag')
AttributeError: 'NoneType' object has no attribute 'Element'
----------------------------------------------------------------------

rebased onto 47f3a0b

5 years ago

It works. You may merge it. I'm not doing it due to the [WIP] in title in case you have other things to add.

Pull-Request has been merged by churchyard

5 years ago