diff options
| -rw-r--r-- | lang/python36/Makefile | 1 | ||||
| -rw-r--r-- | lang/python36/files/patch-bpo35746 | 21 |
2 files changed, 22 insertions, 0 deletions
diff --git a/lang/python36/Makefile b/lang/python36/Makefile index e4d9e671d219..c97febabb7fe 100644 --- a/lang/python36/Makefile +++ b/lang/python36/Makefile @@ -3,6 +3,7 @@ PORTNAME= python PORTVERSION= ${PYTHON_PORTVERSION} +PORTREVISION= 1 CATEGORIES= lang python ipv6 MASTER_SITES= PYTHON/ftp/python/${PORTVERSION} PKGNAMESUFFIX= ${PYTHON_SUFFIX} diff --git a/lang/python36/files/patch-bpo35746 b/lang/python36/files/patch-bpo35746 new file mode 100644 index 000000000000..6428afba06e5 --- /dev/null +++ b/lang/python36/files/patch-bpo35746 @@ -0,0 +1,21 @@ +Obtained from: https://github.com/python/cpython/commit/216a4d83c3b72f4fdcd81b588dc3f42cc461739a + +bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (GH-11573) + +Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL +distribution points with empty DP or URI correctly. A malicious or buggy +certificate can result into segfault. + +--- Modules/_ssl.c.orig ++++ Modules/_ssl.c +@@ -1338,6 +1338,10 @@ _get_crl_dp(X509 *certificate) { + STACK_OF(GENERAL_NAME) *gns; + + dp = sk_DIST_POINT_value(dps, i); ++ if (dp->distpoint == NULL) { ++ /* Ignore empty DP value, CVE-2019-5010 */ ++ continue; ++ } + gns = dp->distpoint->name.fullname; + + for (j=0; j < sk_GENERAL_NAME_num(gns); j++) { |