diff options
Diffstat (limited to 'meta/recipes-devtools/python/python3/CVE-2016-5636.patch')
-rw-r--r-- | meta/recipes-devtools/python/python3/CVE-2016-5636.patch | 44 |
1 files changed, 0 insertions, 44 deletions
diff --git a/meta/recipes-devtools/python/python3/CVE-2016-5636.patch b/meta/recipes-devtools/python/python3/CVE-2016-5636.patch deleted file mode 100644 index 0d494d20f4..0000000000 --- a/meta/recipes-devtools/python/python3/CVE-2016-5636.patch +++ /dev/null @@ -1,44 +0,0 @@ - -# HG changeset patch -# User Benjamin Peterson <benjamin@python.org> -# Date 1453357506 28800 -# Node ID 10dad6da1b28ea4af78ad9529e469fdbf4ebbc8f -# Parent a3ac2cd93db9d5336dfd7b5b27efde2c568d8794# Parent 01ddd608b85c85952537d95a43bbabf4fb655057 -merge 3.4 (#26171) - -Upstream-Status: Backport -CVE: CVE-2016-5636 - -https://hg.python.org/cpython/raw-rev/10dad6da1b28 -Signed-off-by: Armin Kuster <akuster@mvista.com> - -Index: Python-3.5.1/Misc/NEWS -=================================================================== ---- Python-3.5.1.orig/Misc/NEWS -+++ Python-3.5.1/Misc/NEWS -@@ -91,6 +91,9 @@ Core and Builtins - Python.h header to fix a compilation error with OpenMP. PyThreadState_GET() - becomes an alias to PyThreadState_Get() to avoid ABI incompatibilies. - -+- Issue #26171: Fix possible integer overflow and heap corruption in -+ zipimporter.get_data(). -+ - Library - ------- - -Index: Python-3.5.1/Modules/zipimport.c -=================================================================== ---- Python-3.5.1.orig/Modules/zipimport.c -+++ Python-3.5.1/Modules/zipimport.c -@@ -1112,6 +1112,11 @@ get_data(PyObject *archive, PyObject *to - } - file_offset += l; /* Start of file data */ - -+ if (data_size > LONG_MAX - 1) { -+ fclose(fp); -+ PyErr_NoMemory(); -+ return NULL; -+ } - bytes_size = compress == 0 ? data_size : data_size + 1; - if (bytes_size == 0) - bytes_size++; |