Date: Thu, 28 Mar 2019 18:08:45 +0000 (UTC) From: Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r497049 - in branches/2019Q1/lang/python36: . files Message-ID: <201903281808.x2SI8j9J001212@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: sunpoet Date: Thu Mar 28 18:08:45 2019 New Revision: 497049 URL: https://svnweb.freebsd.org/changeset/ports/497049 Log: MFH: r496975 Fix CVE-2019-5010 - Bump PORTREVISION for package change Obtained from: https://github.com/python/cpython/commit/216a4d83c3b72f4fdcd81b588dc3f42cc461739a Reference: https://bugs.python.org/issue35746 Security: d74371d2-4fee-11e9-a5cd-1df8a848de3d Approved by: ports-secteam (miwi) Added: branches/2019Q1/lang/python36/files/patch-bpo35746 - copied unchanged from r496975, head/lang/python36/files/patch-bpo35746 Modified: branches/2019Q1/lang/python36/Makefile Directory Properties: branches/2019Q1/ (props changed) Modified: branches/2019Q1/lang/python36/Makefile ============================================================================== --- branches/2019Q1/lang/python36/Makefile Thu Mar 28 18:03:34 2019 (r497048) +++ branches/2019Q1/lang/python36/Makefile Thu Mar 28 18:08:45 2019 (r497049) @@ -3,6 +3,7 @@ PORTNAME= python PORTVERSION= ${PYTHON_PORTVERSION} +PORTREVISION= 1 CATEGORIES= lang python ipv6 MASTER_SITES= PYTHON/ftp/python/${PORTVERSION} PKGNAMESUFFIX= ${PYTHON_SUFFIX} Copied: branches/2019Q1/lang/python36/files/patch-bpo35746 (from r496975, head/lang/python36/files/patch-bpo35746) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2019Q1/lang/python36/files/patch-bpo35746 Thu Mar 28 18:08:45 2019 (r497049, copy of r496975, head/lang/python36/files/patch-bpo35746) @@ -0,0 +1,21 @@ +Obtained from: https://github.com/python/cpython/commit/216a4d83c3b72f4fdcd81b588dc3f42cc461739a + +bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (GH-11573) + +Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL +distribution points with empty DP or URI correctly. A malicious or buggy +certificate can result into segfault. + +--- Modules/_ssl.c.orig ++++ Modules/_ssl.c +@@ -1338,6 +1338,10 @@ _get_crl_dp(X509 *certificate) { + STACK_OF(GENERAL_NAME) *gns; + + dp = sk_DIST_POINT_value(dps, i); ++ if (dp->distpoint == NULL) { ++ /* Ignore empty DP value, CVE-2019-5010 */ ++ continue; ++ } + gns = dp->distpoint->name.fullname; + + for (j=0; j < sk_GENERAL_NAME_num(gns); j++) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201903281808.x2SI8j9J001212>