commit python for openSUSE:Factory
Hello community, here is the log from the commit of package python for openSUSE:Factory checked in at Sat Sep 5 00:37:07 CEST 2009. -------- --- python/python-base.changes 2009-08-03 20:21:30.000000000 +0200 +++ python/python-base.changes 2009-09-04 20:17:49.000000000 +0200 @@ -1,0 +2,5 @@ +Fri Sep 4 20:16:42 CEST 2009 - matejcik@suse.cz + +- fixed potential DoS in python's copy of expat (bnc#534721) + +------------------------------------------------------------------- --- python/python.changes 2009-07-29 17:44:33.000000000 +0200 +++ python/python.changes 2009-09-04 20:17:50.000000000 +0200 @@ -1,0 +2,5 @@ +Fri Sep 4 20:15:43 CEST 2009 - matejcik@suse.cz + +- added patch for potential SSL hangup during handshake (bnc#525295) + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- python-2.6.2-expat.patch python-2.6.2-ssl_handshake_timeout.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-base.spec ++++++ --- /var/tmp/diff_new_pack.W27f8d/_old 2009-09-05 00:26:27.000000000 +0200 +++ /var/tmp/diff_new_pack.W27f8d/_new 2009-09-05 00:26:27.000000000 +0200 @@ -33,7 +33,7 @@ # Summary: Python Interpreter base package Version: 2.6.2 -Release: 3 +Release: 4 %define tarname Python-%{version} Source0: %{tarname}.tar.bz2 Source1: macros.python @@ -49,6 +49,7 @@ Patch37: python-2.6rc2-https-proxy.patch Patch38: python-2.6-gettext-plurals.patch Patch39: python-2.6.2-test_distutils.patch +Patch40: python-2.6.2-expat.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %define python_version %(echo %{version} | head -c 3) Provides: %{name} = %{python_version} @@ -136,6 +137,7 @@ %patch37 %patch38 %patch39 +%patch40 # some cleanup find . -name .cvsignore -type f -print0 | xargs -0 rm -f find . -name CVS -type d -print0 | xargs -0 rm -rf ++++++ python-doc.spec ++++++ --- /var/tmp/diff_new_pack.W27f8d/_old 2009-09-05 00:26:27.000000000 +0200 +++ /var/tmp/diff_new_pack.W27f8d/_new 2009-09-05 00:26:27.000000000 +0200 @@ -24,7 +24,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: Additional Package Documentation for Python. Version: 2.6 -Release: 13 +Release: 14 %define pyver 2.6.2 BuildArch: noarch %define tarname Python-%{pyver} ++++++ python.spec ++++++ --- /var/tmp/diff_new_pack.W27f8d/_old 2009-09-05 00:26:27.000000000 +0200 +++ /var/tmp/diff_new_pack.W27f8d/_new 2009-09-05 00:26:27.000000000 +0200 @@ -35,7 +35,7 @@ Obsoletes: python-nothreads python21 python-elementtree python-sqlite Summary: Python Interpreter Version: 2.6.2 -Release: 3 +Release: 4 Requires: python-base = %{version} %define tarname Python-%{version} Source0: %{tarname}.tar.bz2 @@ -53,6 +53,7 @@ Patch31: python-2.5.2-fwrapv.patch Patch35: python-2.5.2-configure.patch Patch38: python-2.6b3-curses-panel.patch +Patch39: python-2.6.2-ssl_handshake_timeout.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %define python_version %(echo %{version} | head -c 3) %define idle_name idle @@ -187,6 +188,7 @@ %if %suse_version > 1100 %patch38 %endif +%patch39 # some cleanup find . -name .cvsignore -type f -print0 | xargs -0 rm -f find . -name CVS -type d -print0 | xargs -0 rm -rf ++++++ python-2.6.2-expat.patch ++++++ Index: Lib/test/test_pyexpat.py =================================================================== --- Lib/test/test_pyexpat.py (revision 74428) +++ Lib/test/test_pyexpat.py (revision 74429) @@ -559,7 +559,25 @@ parser.Parse(xml2, 1) self.assertEquals(self.n, 4) +class MalformedInputText(unittest.TestCase): + def test1(self): + xml = "\0\r\n" + parser = expat.ParserCreate() + try: + parser.Parse(xml, True) + self.fail() + except expat.ExpatError as e: + self.assertEquals(str(e), 'no element found: line 2, column 1') + def test2(self): + xml = "<?xml version\xc2\x85='1.0'?>\r\n" + parser = expat.ParserCreate() + try: + parser.Parse(xml, True) + self.fail() + except expat.ExpatError as e: + self.assertEquals(str(e), 'XML declaration not well-formed: line 1, column 14') + def test_main(): run_unittest(SetAttributeTest, ParseTest, @@ -569,7 +587,8 @@ HandlerExceptionTest, PositionTest, sf1296433Test, - ChardataBufferTest) + ChardataBufferTest, + MalformedInputText) if __name__ == "__main__": test_main() Index: Modules/expat/xmltok_impl.c =================================================================== --- Modules/expat/xmltok_impl.c (revision 74428) +++ Modules/expat/xmltok_impl.c (revision 74429) @@ -1741,7 +1741,7 @@ const char *end, POSITION *pos) { - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { #define LEAD_CASE(n) \ case BT_LEAD ## n: \ ++++++ python-2.6.2-ssl_handshake_timeout.patch ++++++ --- Lib/ssl.py +++ Lib/ssl.py @@ -112,12 +112,7 @@ keyfile, certfile, cert_reqs, ssl_version, ca_certs) if do_handshake_on_connect: - timeout = self.gettimeout() - try: - self.settimeout(None) - self.do_handshake() - finally: - self.settimeout(timeout) + self.do_handshake() self.keyfile = keyfile self.certfile = certfile self.cert_reqs = cert_reqs ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@Hilbert.suse.de