Replace whole repo with latest content from branch stream-2.7-rhel-8.8.0
Content corresponds with RHEL dist-git commit 55ee5eb
This commit is contained in:
parent
0c8e7804e0
commit
cc1cc6b2d0
3
.gitignore
vendored
3
.gitignore
vendored
@ -1,2 +1 @@
|
|||||||
SOURCES/Python-2.7.18-noexe.tar.xz
|
/*.tar.*
|
||||||
/Python-2.7.18-noexe.tar.xz
|
|
||||||
|
41
00169-avoid-implicit-usage-of-md5-in-multiprocessing.patch
Normal file
41
00169-avoid-implicit-usage-of-md5-in-multiprocessing.patch
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
diff --git a/Lib/multiprocessing/connection.py b/Lib/multiprocessing/connection.py
|
||||||
|
--- a/Lib/multiprocessing/connection.py
|
||||||
|
+++ b/Lib/multiprocessing/connection.py
|
||||||
|
@@ -41,6 +41,10 @@
|
||||||
|
# A very generous timeout when it comes to local connections...
|
||||||
|
CONNECTION_TIMEOUT = 20.
|
||||||
|
|
||||||
|
+# The hmac module implicitly defaults to using MD5.
|
||||||
|
+# Support using a stronger algorithm for the challenge/response code:
|
||||||
|
+HMAC_DIGEST_NAME='sha256'
|
||||||
|
+
|
||||||
|
_mmap_counter = itertools.count()
|
||||||
|
|
||||||
|
default_family = 'AF_INET'
|
||||||
|
@@ -700,12 +704,16 @@
|
||||||
|
WELCOME = b'#WELCOME#'
|
||||||
|
FAILURE = b'#FAILURE#'
|
||||||
|
|
||||||
|
+def get_digestmod_for_hmac():
|
||||||
|
+ import hashlib
|
||||||
|
+ return getattr(hashlib, HMAC_DIGEST_NAME)
|
||||||
|
+
|
||||||
|
def deliver_challenge(connection, authkey):
|
||||||
|
import hmac
|
||||||
|
assert isinstance(authkey, bytes)
|
||||||
|
message = os.urandom(MESSAGE_LENGTH)
|
||||||
|
connection.send_bytes(CHALLENGE + message)
|
||||||
|
- digest = hmac.new(authkey, message).digest()
|
||||||
|
+ digest = hmac.new(authkey, message, get_digestmod_for_hmac()).digest()
|
||||||
|
response = connection.recv_bytes(256) # reject large message
|
||||||
|
if response == digest:
|
||||||
|
connection.send_bytes(WELCOME)
|
||||||
|
@@ -719,7 +727,7 @@
|
||||||
|
message = connection.recv_bytes(256) # reject large message
|
||||||
|
assert message[:len(CHALLENGE)] == CHALLENGE, 'message = %r' % message
|
||||||
|
message = message[len(CHALLENGE):]
|
||||||
|
- digest = hmac.new(authkey, message).digest()
|
||||||
|
+ digest = hmac.new(authkey, message, get_digestmod_for_hmac()).digest()
|
||||||
|
connection.send_bytes(digest)
|
||||||
|
response = connection.recv_bytes(256) # reject large message
|
||||||
|
if response != WELCOME:
|
@ -96,3 +96,23 @@ index 00000000000..5185fac2e29
|
|||||||
+length hostname involving bidirectional characters were decoded. Some protocols
|
+length hostname involving bidirectional characters were decoded. Some protocols
|
||||||
+such as :mod:`urllib` http ``3xx`` redirects potentially allow for an attacker
|
+such as :mod:`urllib` http ``3xx`` redirects potentially allow for an attacker
|
||||||
+to supply such a name.
|
+to supply such a name.
|
||||||
|
diff -urNp a/Lib/encodings/idna.py b/Lib/encodings/idna.py
|
||||||
|
--- a/Lib/encodings/idna.py 2023-02-16 08:58:06.884171667 +0100
|
||||||
|
+++ b/Lib/encodings/idna.py 2023-02-16 08:59:31.931296399 +0100
|
||||||
|
@@ -101,6 +101,16 @@ def ToASCII(label):
|
||||||
|
raise UnicodeError("label empty or too long")
|
||||||
|
|
||||||
|
def ToUnicode(label):
|
||||||
|
+ if len(label) > 1024:
|
||||||
|
+ # Protection from https://github.com/python/cpython/issues/98433.
|
||||||
|
+ # https://datatracker.ietf.org/doc/html/rfc5894#section-6
|
||||||
|
+ # doesn't specify a label size limit prior to NAMEPREP. But having
|
||||||
|
+ # one makes practical sense.
|
||||||
|
+ # This leaves ample room for nameprep() to remove Nothing characters
|
||||||
|
+ # per https://www.rfc-editor.org/rfc/rfc3454#section-3.1 while still
|
||||||
|
+ # preventing us from wasting time decoding a big thing that'll just
|
||||||
|
+ # hit the actual <= 63 length limit in Step 6.
|
||||||
|
+ raise UnicodeError("label way too long")
|
||||||
|
# Step 1: Check for ASCII
|
||||||
|
if isinstance(label, str):
|
||||||
|
pure_ascii = True
|
||||||
|
1392
python-gdb.py
Normal file
1392
python-gdb.py
Normal file
File diff suppressed because it is too large
Load Diff
@ -104,7 +104,7 @@ Summary: An interpreted, interactive, object-oriented programming language
|
|||||||
Name: %{python}
|
Name: %{python}
|
||||||
# Remember to also rebase python2-docs when changing this:
|
# Remember to also rebase python2-docs when changing this:
|
||||||
Version: 2.7.18
|
Version: 2.7.18
|
||||||
Release: 12%{?dist}
|
Release: 13%{?dist}
|
||||||
License: Python
|
License: Python
|
||||||
Group: Development/Languages
|
Group: Development/Languages
|
||||||
Requires: %{python}-libs%{?_isa} = %{version}-%{release}
|
Requires: %{python}-libs%{?_isa} = %{version}-%{release}
|
||||||
@ -2089,6 +2089,9 @@ fi
|
|||||||
# ======================================================
|
# ======================================================
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Feb 16 2023 Josef Ridky <jridky@redhat.com> - 2.7.18-13
|
||||||
|
- Add missing part of fix for CVE-2022-45061 (#2145071)
|
||||||
|
|
||||||
* Wed Dec 21 2022 Charalampos Stratakis <cstratak@redhat.com> - 2.7.18-12
|
* Wed Dec 21 2022 Charalampos Stratakis <cstratak@redhat.com> - 2.7.18-12
|
||||||
- Security fix for CVE-2022-45061: CPU denial of service via inefficient IDNA decoder
|
- Security fix for CVE-2022-45061: CPU denial of service via inefficient IDNA decoder
|
||||||
Resolves: rhbz#2144072
|
Resolves: rhbz#2144072
|
||||||
|
Loading…
Reference in New Issue
Block a user