aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/python/python3/CVE-2018-14647.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools/python/python3/CVE-2018-14647.patch')
-rw-r--r--meta/recipes-devtools/python/python3/CVE-2018-14647.patch95
1 files changed, 95 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python3/CVE-2018-14647.patch b/meta/recipes-devtools/python/python3/CVE-2018-14647.patch
new file mode 100644
index 00000000000..c1f21f826c1
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/CVE-2018-14647.patch
@@ -0,0 +1,95 @@
+From 610b4b0dbaedd3099ab76acf678e9cc845d99a76 Mon Sep 17 00:00:00 2001
+From: stratakis <cstratak@redhat.com>
+Date: Mon, 25 Feb 2019 22:04:09 +0100
+Subject: [PATCH] [3.5] bpo-34623: Use XML_SetHashSalt in _elementtree (#9933)
+
+* bpo-34623: Use XML_SetHashSalt in _elementtree (GH-9146)
+
+The C accelerated _elementtree module now initializes hash randomization
+salt from _Py_HashSecret instead of libexpat's default CPRNG.
+
+Signed-off-by: Christian Heimes <christian@python.org>
+
+https://bugs.python.org/issue34623
+(cherry picked from commit cb5778f00ce48631c7140f33ba242496aaf7102b)
+
+Co-authored-by: Christian Heimes <christian@python.org>
+
+CVE: CVE-2018-14647
+Upstream-Status: Backport
+[https://github.com/python/cpython/commit/41b48e71ac8a71f56694b548f118bd20ce203410]
+
+Signed-off-by: Dan Tran <dantran@microsoft.com>
+---
+ Include/pyexpat.h | 4 +++-
+ .../next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst | 2 ++
+ Modules/_elementtree.c | 5 +++++
+ Modules/pyexpat.c | 5 +++++
+ 4 files changed, 15 insertions(+), 1 deletion(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst
+
+diff --git a/Include/pyexpat.h b/Include/pyexpat.h
+index 44259bf6d7..07020b5dc9 100644
+--- a/Include/pyexpat.h
++++ b/Include/pyexpat.h
+@@ -3,7 +3,7 @@
+
+ /* note: you must import expat.h before importing this module! */
+
+-#define PyExpat_CAPI_MAGIC "pyexpat.expat_CAPI 1.0"
++#define PyExpat_CAPI_MAGIC "pyexpat.expat_CAPI 1.1"
+ #define PyExpat_CAPSULE_NAME "pyexpat.expat_CAPI"
+
+ struct PyExpat_CAPI
+@@ -48,6 +48,8 @@ struct PyExpat_CAPI
+ enum XML_Status (*SetEncoding)(XML_Parser parser, const XML_Char *encoding);
+ int (*DefaultUnknownEncodingHandler)(
+ void *encodingHandlerData, const XML_Char *name, XML_Encoding *info);
++ /* might be none for expat < 2.1.0 */
++ int (*SetHashSalt)(XML_Parser parser, unsigned long hash_salt);
+ /* always add new stuff to the end! */
+ };
+
+diff --git a/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst b/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst
+new file mode 100644
+index 0000000000..cbaa4b7506
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2018-09-10-16-05-39.bpo-34623.Ua9jMv.rst
+@@ -0,0 +1,2 @@
++CVE-2018-14647: The C accelerated _elementtree module now initializes hash
++randomization salt from _Py_HashSecret instead of libexpat's default CSPRNG.
+diff --git a/Modules/_elementtree.c b/Modules/_elementtree.c
+index 5dba9f70a9..90c6daf64a 100644
+--- a/Modules/_elementtree.c
++++ b/Modules/_elementtree.c
+@@ -3282,6 +3282,11 @@ _elementtree_XMLParser___init___impl(XMLParserObject *self, PyObject *html,
+ PyErr_NoMemory();
+ return -1;
+ }
++ /* expat < 2.1.0 has no XML_SetHashSalt() */
++ if (EXPAT(SetHashSalt) != NULL) {
++ EXPAT(SetHashSalt)(self->parser,
++ (unsigned long)_Py_HashSecret.expat.hashsalt);
++ }
+
+ if (target) {
+ Py_INCREF(target);
+diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c
+index adc9b6cde8..948ab1b703 100644
+--- a/Modules/pyexpat.c
++++ b/Modules/pyexpat.c
+@@ -1882,6 +1882,11 @@ MODULE_INITFUNC(void)
+ capi.SetStartDoctypeDeclHandler = XML_SetStartDoctypeDeclHandler;
+ capi.SetEncoding = XML_SetEncoding;
+ capi.DefaultUnknownEncodingHandler = PyUnknownEncodingHandler;
++#if XML_COMBINED_VERSION >= 20100
++ capi.SetHashSalt = XML_SetHashSalt;
++#else
++ capi.SetHashSalt = NULL;
++#endif
+
+ /* export using capsule */
+ capi_object = PyCapsule_New(&capi, PyExpat_CAPSULE_NAME, NULL);
+--
+2.22.0.vfs.1.1.57.gbaf16c8
+