Hello community, here is the log from the commit of package python for openSUSE:Factory checked in at Fri Oct 15 12:38:37 CEST 2010. -------- --- python/python-base.changes 2010-09-21 12:07:57.000000000 +0200 +++ /mounts/work_src_done/STABLE/python/python-base.changes 2010-10-04 15:38:35.000000000 +0200 @@ -1,0 +2,7 @@ +Fri Oct 1 13:41:30 UTC 2010 - jmatejek@novell.com + +- moved unittest to python-base (it is a testing framework, not a + testsuite, so it clearly belongs into stdlib) +- fixed smtpd.py DoS (bnc#638233, CVE probably not assigned) + +------------------------------------------------------------------- python.changes: same change calling whatdependson for head-i586 New: ---- smtpd-dos.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-base.spec ++++++ --- /var/tmp/diff_new_pack.AcnmZ2/_old 2010-10-15 12:34:38.000000000 +0200 +++ /var/tmp/diff_new_pack.AcnmZ2/_new 2010-10-15 12:34:38.000000000 +0200 @@ -30,7 +30,7 @@ # Summary: Python Interpreter base package Version: 2.7 -Release: 2 +Release: 3 %define tarversion %{version} %define tarname Python-%{tarversion} Source0: %{tarname}.tar.bz2 @@ -50,6 +50,7 @@ Patch8: sparc_longdouble.patch Patch9: python-2.7-acrequire.patch Patch10: urllib2-AbstractBasicAuthHandler_reset_attr.diff +Patch11: smtpd-dos.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %define python_version %(echo %{version} | head -c 3) @@ -139,6 +140,7 @@ %patch8 -p1 %patch9 -p1 %patch10 +%patch11 # some cleanup find . -name .cvsignore -type f -print0 | xargs -0 rm -f @@ -286,7 +288,6 @@ %{_includedir}/python* %exclude %{_includedir}/python%{python_version}/pyconfig.h %{_libdir}/python%{python_version}/test -%{_libdir}/python%{python_version}/unittest %defattr(755, root, root) %{_bindir}/python-config %{_bindir}/python%{python_version}-config @@ -333,6 +334,7 @@ %{_libdir}/python%{python_version}/multiprocessing %{_libdir}/python%{python_version}/plat-* %{_libdir}/python%{python_version}/pydoc_data +%{_libdir}/python%{python_version}/unittest %{_libdir}/python%{python_version}/wsgiref %dir %{_libdir}/python%{python_version}/site-packages %{_libdir}/python%{python_version}/site-packages/README ++++++ python-doc.spec ++++++ --- /var/tmp/diff_new_pack.AcnmZ2/_old 2010-10-15 12:34:38.000000000 +0200 +++ /var/tmp/diff_new_pack.AcnmZ2/_new 2010-10-15 12:34:38.000000000 +0200 @@ -24,7 +24,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: Additional Package Documentation for Python. Version: 2.7 -Release: 2 +Release: 3 %define pyver 2.7 BuildArch: noarch %define tarname Python-%{pyver} ++++++ python.spec ++++++ --- /var/tmp/diff_new_pack.AcnmZ2/_old 2010-10-15 12:34:38.000000000 +0200 +++ /var/tmp/diff_new_pack.AcnmZ2/_new 2010-10-15 12:34:38.000000000 +0200 @@ -32,7 +32,7 @@ Obsoletes: python-nothreads python21 python-elementtree python-sqlite Summary: Python Interpreter Version: 2.7 -Release: 2 +Release: 3 Requires: python-base = %{version} %define tarversion %{version} %define tarname Python-%{tarversion} ++++++ smtpd-dos.patch ++++++ Index: Lib/smtpd.py =================================================================== --- Lib/smtpd.py.orig +++ Lib/smtpd.py @@ -121,7 +121,16 @@ class SMTPChannel(asynchat.async_chat): self.__rcpttos = [] self.__data = '' self.__fqdn = socket.getfqdn() - self.__peer = conn.getpeername() + try: + self.__peer = conn.getpeername() + except socket.error as err: + # a race condition may occur if the other end is closing + # before we can get the peername + #self.connected = False + self.close() + if err.args[0] != errno.ENOTCONN: + raise + return print >> DEBUGSTREAM, 'Peer:', repr(self.__peer) self.push('220 %s %s' % (self.__fqdn, __version__)) self.set_terminator('\r\n') @@ -291,9 +300,24 @@ class SMTPServer(asyncore.dispatcher): localaddr, remoteaddr) def handle_accept(self): - conn, addr = self.accept() + try: + conn, addr = self.accept() + except TypeError: + # sometimes accept() might return None + return + except socket.error as err: + # ECONNABORTED might be thrown + if err.args[0] != errno.ECONNABORTED: + raise + return + else: + # sometimes addr == None instead of (ip, port) + if addr == None: + return print >> DEBUGSTREAM, 'Incoming connection from %s' % repr(addr) channel = SMTPChannel(self, conn, addr) + if not channel.connected: + return # API for "doing something useful with the message" def process_message(self, peer, mailfrom, rcpttos, data): ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org