diff options
| author | Armin Kuster <akuster@mvista.com> | 2016-11-06 10:27:08 -0800 |
|---|---|---|
| committer | Robert Yang <liezhi.yang@windriver.com> | 2016-12-06 05:19:39 -0800 |
| commit | dd1a22f4beeb4100388efdc072e7cff2025535a7 (patch) | |
| tree | 2b42c60d18495bb49979f08ff3205f4ef7ca6537 | |
| parent | 0256b61cdafe540edb3cec2a34429e24b037cfae (diff) | |
| download | openembedded-core-dd1a22f4beeb4100388efdc072e7cff2025535a7.tar.gz openembedded-core-dd1a22f4beeb4100388efdc072e7cff2025535a7.tar.bz2 openembedded-core-dd1a22f4beeb4100388efdc072e7cff2025535a7.zip | |
python-2.7: Security fix CVE-2016-0772
Affects python < 2.7.12
Signed-off-by: Armin Kuster <akuster@mvista.com>
| -rw-r--r-- | meta/recipes-devtools/python/python/CVE-2016-0772.patch | 42 | ||||
| -rw-r--r-- | meta/recipes-devtools/python/python_2.7.9.bb | 1 |
2 files changed, 43 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python/CVE-2016-0772.patch b/meta/recipes-devtools/python/python/CVE-2016-0772.patch new file mode 100644 index 0000000000..0580507954 --- /dev/null +++ b/meta/recipes-devtools/python/python/CVE-2016-0772.patch @@ -0,0 +1,42 @@ + +# HG changeset patch +# User Benjamin Peterson <benjamin@python.org> +# Date 1465676202 25200 +# Node ID b3ce713fb9beebfff9848cefa0acbd59acc68fe9 +# Parent 3017e41b0c99d24e88faf1de447f230e2f64d122 +raise an error when STARTTLS fails + +Upstream-status: Backport +CVE: CVE-2016-0772 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +Index: Python-2.7.9/Lib/smtplib.py +=================================================================== +--- Python-2.7.9.orig/Lib/smtplib.py ++++ Python-2.7.9/Lib/smtplib.py +@@ -656,6 +656,11 @@ class SMTP: + self.ehlo_resp = None + self.esmtp_features = {} + self.does_esmtp = 0 ++ else: ++ # RFC 3207: ++ # 501 Syntax error (no parameters allowed) ++ # 454 TLS not available due to temporary reason ++ raise SMTPResponseException(resp, reply) + return (resp, reply) + + def sendmail(self, from_addr, to_addrs, msg, mail_options=[], +Index: Python-2.7.9/Misc/NEWS +=================================================================== +--- Python-2.7.9.orig/Misc/NEWS ++++ Python-2.7.9/Misc/NEWS +@@ -5136,6 +5136,9 @@ Library + + - Issue #8140: Extend compileall to compile single files. Add -i option. + ++- Fix TLS stripping vulnerability in smptlib, CVE-2016-0772. Reported by Team ++ Oststrom ++ + - Issue #7356: ctypes.util: Make parsing of ldconfig output independent of the + locale. + diff --git a/meta/recipes-devtools/python/python_2.7.9.bb b/meta/recipes-devtools/python/python_2.7.9.bb index f7e2f272f4..53ec99181f 100644 --- a/meta/recipes-devtools/python/python_2.7.9.bb +++ b/meta/recipes-devtools/python/python_2.7.9.bb @@ -26,6 +26,7 @@ SRC_URI += "\ file://parallel-makeinst-create-bindir.patch \ file://use_sysroot_ncurses_instead_of_host.patch \ file://avoid_parallel_make_races_on_pgen.patch \ + file://CVE-2016-0772.patch \ " S = "${WORKDIR}/Python-${PV}" |