From 83a57e0f20867655af4d260db37eb0ee2fbafc45 Mon Sep 17 00:00:00 2001 From: s17723959267 Date: Tue, 8 Sep 2020 14:05:21 +0800 Subject: [PATCH 1/3] 1 --- CVE-2019-20907.patch | 29 +++++++++++++++++++++++++++++ python2.spec | 9 ++++++++- 2 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 CVE-2019-20907.patch diff --git a/CVE-2019-20907.patch b/CVE-2019-20907.patch new file mode 100644 index 0000000..3b2bc83 --- /dev/null +++ b/CVE-2019-20907.patch @@ -0,0 +1,29 @@ +Form 1fa6ef2bc7cee1c8e088dd8b397d9b2d54036dbc Mon Sep 17 00:00:00 2001 +From: Rajarishi Devarajan +Date: Sun, 12 Jul 2020 23:47:42 +0200 +Subject: [PATCH] bpo-39017 Fix infinite loop in the tarfile module + +Add a check for length = 0 in the _proc_pax function to avoid running into an infinite loop + +Signed-off-by:Rajarishi Devarajan + +--- + Lib/tarfile.py | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/Lib/tarfile.py b/Lib/tarfile.py +index adf91d5..574a6bb 100644 +--- a/Lib/tarfile.py ++++ b/Lib/tarfile.py +@@ -1400,6 +1400,8 @@ class TarInfo(object): + + length, keyword = match.groups() + length = int(length) ++ if length == 0: ++ raise InvalidHeaderError("invalid header") + value = buf[match.end(2) + 1:match.start(1) + length - 1] + + keyword = keyword.decode("utf8") +-- +2.23.0 + diff --git a/python2.spec b/python2.spec index f73076e..666e78e 100644 --- a/python2.spec +++ b/python2.spec @@ -15,7 +15,7 @@ %undefine _debuginfo_subpackages Name: python2 Version: 2.7.18 -Release: 2 +Release: 3 Summary: Python is an interpreted, interactive object-oriented programming language suitable License: Python URL: https://www.python.org/ @@ -80,6 +80,7 @@ Patch53: CVE-2017-18207.patch Patch54: bugfix-excessive-memory-usage-when-using-regular-expressions.patch Patch55: CVE-2020-8492.patch Patch56: CVE-2019-9674.patch +Patch57: CVE-2019-20907.patch BuildRequires: libdb-devel libffi-devel valgrind-devel ncurses-devel expat-devel readline-devel BuildRequires: openssl-devel libtirpc-devel tcl-devel tk-devel glibc-devel libnsl2-devel @@ -614,6 +615,12 @@ sed -e "s|LIBRARY_PATH|%{_libdir}/%{py_INSTSONAME_debug}|" %{SOURCE1} \ %{dynload_dir}/_testcapimodule_d.so %changelog +* Tue Sep 08 2020 shangyibin - 2.7.18-3 +- Type:cves +- ID:CVE-2019-20907 +- SUG:NA +- DESC:fix CVE-2019-20907 + * Fri Aug 07 2020 Leo Fang - 2.7.18-2 - delete useless patch&repatch CVE-2017-28207 and modify yaml file -- Gitee From 40270613d6fbb42ebe7b30809a4c19692085c7d2 Mon Sep 17 00:00:00 2001 From: 2085365678 Date: Tue, 8 Sep 2020 14:51:44 +0800 Subject: [PATCH 2/3] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20CVE-?= =?UTF-8?q?2019-20907.patch?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CVE-2019-20907.patch | 29 ----------------------------- 1 file changed, 29 deletions(-) delete mode 100644 CVE-2019-20907.patch diff --git a/CVE-2019-20907.patch b/CVE-2019-20907.patch deleted file mode 100644 index 3b2bc83..0000000 --- a/CVE-2019-20907.patch +++ /dev/null @@ -1,29 +0,0 @@ -Form 1fa6ef2bc7cee1c8e088dd8b397d9b2d54036dbc Mon Sep 17 00:00:00 2001 -From: Rajarishi Devarajan -Date: Sun, 12 Jul 2020 23:47:42 +0200 -Subject: [PATCH] bpo-39017 Fix infinite loop in the tarfile module - -Add a check for length = 0 in the _proc_pax function to avoid running into an infinite loop - -Signed-off-by:Rajarishi Devarajan - ---- - Lib/tarfile.py | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/Lib/tarfile.py b/Lib/tarfile.py -index adf91d5..574a6bb 100644 ---- a/Lib/tarfile.py -+++ b/Lib/tarfile.py -@@ -1400,6 +1400,8 @@ class TarInfo(object): - - length, keyword = match.groups() - length = int(length) -+ if length == 0: -+ raise InvalidHeaderError("invalid header") - value = buf[match.end(2) + 1:match.start(1) + length - 1] - - keyword = keyword.decode("utf8") --- -2.23.0 - -- Gitee From 5af13850be0cb84f83d7e2b4d0e21a6578841861 Mon Sep 17 00:00:00 2001 From: 2085365678 Date: Tue, 8 Sep 2020 14:52:22 +0800 Subject: [PATCH 3/3] add CVE-2019-20907.patch --- CVE-2019-20907.patch | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 CVE-2019-20907.patch diff --git a/CVE-2019-20907.patch b/CVE-2019-20907.patch new file mode 100644 index 0000000..47ceeb3 --- /dev/null +++ b/CVE-2019-20907.patch @@ -0,0 +1,29 @@ +Form 1fa6ef2bc7cee1c8e088dd8b397d9b2d54036dbc Mon Sep 17 00:00:00 2001 +From: Rajarishi Devarajan +Date: Sun, 12 Jul 2020 23:47:42 +0200 +Subject: [PATCH] bpo-39017 Fix infinite loop in the tarfile module + +Add a check for length = 0 in the _proc_pax function to avoid running into an infinite loop + +Signed-off-by:Rajarishi Devarajan + +--- + Lib/tarfile.py | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/Lib/tarfile.py b/Lib/tarfile.py +index adf91d5..574a6bb 100644 +--- a/Lib/tarfile.py ++++ b/Lib/tarfile.py +@@ -1400,6 +1400,8 @@ class TarInfo(object): + + length, keyword = match.groups() + length = int(length) ++ if length == 0: ++ raise InvalidHeaderError("invalid header") + value = buf[match.end(2) + 1:match.start(1) + length - 1] + + keyword = keyword.decode("utf8") +-- +2.23.0 + -- Gitee