diff options
author | Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> | 2019-03-28 18:08:45 +0000 |
---|---|---|
committer | Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> | 2019-03-28 18:08:45 +0000 |
commit | 57bef2d69aeb222b8b373a0598bf0a24b0d720e0 (patch) | |
tree | 8ddb0baba1d2e747a2255ac69bcd1d02370bbce9 | |
parent | 932773b097f62768f0895df5627c97752aa86e00 (diff) | |
download | ports-57bef2d69aeb222b8b373a0598bf0a24b0d720e0.tar.gz ports-57bef2d69aeb222b8b373a0598bf0a24b0d720e0.zip |
MFH: r496975
Fix CVE-2019-5010
- Bump PORTREVISION for package change
Obtained from: https://github.com/python/cpython/commit/216a4d83c3b72f4fdcd81b588dc3f42cc461739a
Reference: https://bugs.python.org/issue35746
Security: d74371d2-4fee-11e9-a5cd-1df8a848de3d
Approved by: ports-secteam (miwi)
Notes
Notes:
svn path=/branches/2019Q1/; revision=497049
-rw-r--r-- | lang/python36/Makefile | 1 | ||||
-rw-r--r-- | lang/python36/files/patch-bpo35746 | 21 |
2 files changed, 22 insertions, 0 deletions
diff --git a/lang/python36/Makefile b/lang/python36/Makefile index e4d9e671d219..c97febabb7fe 100644 --- a/lang/python36/Makefile +++ b/lang/python36/Makefile @@ -3,6 +3,7 @@ PORTNAME= python PORTVERSION= ${PYTHON_PORTVERSION} +PORTREVISION= 1 CATEGORIES= lang python ipv6 MASTER_SITES= PYTHON/ftp/python/${PORTVERSION} PKGNAMESUFFIX= ${PYTHON_SUFFIX} diff --git a/lang/python36/files/patch-bpo35746 b/lang/python36/files/patch-bpo35746 new file mode 100644 index 000000000000..6428afba06e5 --- /dev/null +++ b/lang/python36/files/patch-bpo35746 @@ -0,0 +1,21 @@ +Obtained from: https://github.com/python/cpython/commit/216a4d83c3b72f4fdcd81b588dc3f42cc461739a + +bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (GH-11573) + +Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL +distribution points with empty DP or URI correctly. A malicious or buggy +certificate can result into segfault. + +--- Modules/_ssl.c.orig ++++ Modules/_ssl.c +@@ -1338,6 +1338,10 @@ _get_crl_dp(X509 *certificate) { + STACK_OF(GENERAL_NAME) *gns; + + dp = sk_DIST_POINT_value(dps, i); ++ if (dp->distpoint == NULL) { ++ /* Ignore empty DP value, CVE-2019-5010 */ ++ continue; ++ } + gns = dp->distpoint->name.fullname; + + for (j=0; j < sk_GENERAL_NAME_num(gns); j++) { |