mirror of
git://git.yoctoproject.org/poky.git
synced 2025-07-19 21:09:03 +02:00
python-2.7: Security fix CVE-2016-0772
Affects python < 2.7.12 (From OE-Core rev: dd1a22f4beeb4100388efdc072e7cff2025535a7) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Armin Kuster
Richard Purdie
parent
96c1644d0d
commit
867babeb6f
42
meta/recipes-devtools/python/python/CVE-2016-0772.patch
Normal file
42
meta/recipes-devtools/python/python/CVE-2016-0772.patch
Normal file
|
|
@ -0,0 +1,42 @@
|
||||||
|
|
||||||
|
# HG changeset patch
|
||||||
|
# User Benjamin Peterson <benjamin@python.org>
|
||||||
|
# Date 1465676202 25200
|
||||||
|
# Node ID b3ce713fb9beebfff9848cefa0acbd59acc68fe9
|
||||||
|
# Parent 3017e41b0c99d24e88faf1de447f230e2f64d122
|
||||||
|
raise an error when STARTTLS fails
|
||||||
|
|
||||||
|
Upstream-status: Backport
|
||||||
|
CVE: CVE-2016-0772
|
||||||
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
||||||
|
|
||||||
|
Index: Python-2.7.9/Lib/smtplib.py
|
||||||
|
===================================================================
|
||||||
|
--- Python-2.7.9.orig/Lib/smtplib.py
|
||||||
|
+++ Python-2.7.9/Lib/smtplib.py
|
||||||
|
@@ -656,6 +656,11 @@ class SMTP:
|
||||||
|
self.ehlo_resp = None
|
||||||
|
self.esmtp_features = {}
|
||||||
|
self.does_esmtp = 0
|
||||||
|
+ else:
|
||||||
|
+ # RFC 3207:
|
||||||
|
+ # 501 Syntax error (no parameters allowed)
|
||||||
|
+ # 454 TLS not available due to temporary reason
|
||||||
|
+ raise SMTPResponseException(resp, reply)
|
||||||
|
return (resp, reply)
|
||||||
|
|
||||||
|
def sendmail(self, from_addr, to_addrs, msg, mail_options=[],
|
||||||
|
Index: Python-2.7.9/Misc/NEWS
|
||||||
|
===================================================================
|
||||||
|
--- Python-2.7.9.orig/Misc/NEWS
|
||||||
|
+++ Python-2.7.9/Misc/NEWS
|
||||||
|
@@ -5136,6 +5136,9 @@ Library
|
||||||
|
|
||||||
|
- Issue #8140: Extend compileall to compile single files. Add -i option.
|
||||||
|
|
||||||
|
+- Fix TLS stripping vulnerability in smptlib, CVE-2016-0772. Reported by Team
|
||||||
|
+ Oststrom
|
||||||
|
+
|
||||||
|
- Issue #7356: ctypes.util: Make parsing of ldconfig output independent of the
|
||||||
|
locale.
|
||||||
|
|
||||||
|
|
@ -26,6 +26,7 @@ SRC_URI += "\
|
||||||
file://parallel-makeinst-create-bindir.patch \
|
file://parallel-makeinst-create-bindir.patch \
|
||||||
file://use_sysroot_ncurses_instead_of_host.patch \
|
file://use_sysroot_ncurses_instead_of_host.patch \
|
||||||
file://avoid_parallel_make_races_on_pgen.patch \
|
file://avoid_parallel_make_races_on_pgen.patch \
|
||||||
|
file://CVE-2016-0772.patch \
|
||||||
"
|
"
|
||||||
|
|
||||||
S = "${WORKDIR}/Python-${PV}"
|
S = "${WORKDIR}/Python-${PV}"
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user