diff --git a/backport-CVE-2022-48566.patch b/backport-CVE-2022-48566.patch new file mode 100644 index 0000000000000000000000000000000000000000..4814285dc8d2ce65d39f8cd2be70e068eb9fd2bc --- /dev/null +++ b/backport-CVE-2022-48566.patch @@ -0,0 +1,30 @@ +From 31729366e2bc09632e78f3896dbce0ae64914f28 Mon Sep 17 00:00:00 2001 +From: Devin Jeanpierre +Date: Sat, 21 Nov 2020 01:55:23 -0700 +Subject: [PATCH] bpo-40791: Make compare_digest more constant-time. (GH-20444) + +* bpo-40791: Make compare_digest more constant-time. + +The existing volatile `left`/`right` pointers guarantee that the reads will all occur, but does not guarantee that they will be _used_. So a compiler can still short-circuit the loop, saving e.g. the overhead of doing the xors and especially the overhead of the data dependency between `result` and the reads. That would change performance depending on where the first unequal byte occurs. This change removes that optimization. + +(This is change #1 from https://bugs.python.org/issue40791 .) +--- + Modules/_operator.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Modules/_operator.c b/Modules/_operator.c +index 51daa1f..7fff654 100644 +--- a/Modules/_operator.c ++++ b/Modules/_operator.c +@@ -735,7 +735,7 @@ _tscmp(const unsigned char *a, const unsigned char *b, + volatile const unsigned char *left; + volatile const unsigned char *right; + Py_ssize_t i; +- unsigned char result; ++ volatile unsigned char result; + + /* loop count depends on length of b */ + length = len_b; +-- +2.33.0 + diff --git a/python3.spec b/python3.spec index 0a49c15dc15b94e362b7112b473cab4dbd088e08..b232db8340b350034b5dc0e15b3a95d90e63ab16 100644 --- a/python3.spec +++ b/python3.spec @@ -3,7 +3,7 @@ Summary: Interpreter of the Python3 programming language URL: https://www.python.org/ Version: 3.7.9 -Release: 34 +Release: 35 License: Python-2.0 %global branchversion 3.7 @@ -168,6 +168,7 @@ Patch6058: backport-CVE-2022-37454.patch Patch6059: backport-bpo-44434-Don-t-call-PyThread_exit_thread-explicitly.patch Patch6060: backport-Make-urllib.parse.urlparse-enforce-that-a-scheme-mus.patch Patch6061: backport-CVE-2022-48565.patch +Patch6062: backport-CVE-2022-48566.patch patch9000: Don-t-override-PYTHONPATH-which-is-already-set.patch patch9001: add-the-sm3-method-for-obtaining-the-salt-value.patch @@ -324,6 +325,7 @@ rm Lib/ensurepip/_bundled/*.whl %patch6059 -p1 %patch6060 -p1 %patch6061 -p1 +%patch6062 -p1 %patch9000 -p1 %patch9001 -p1 @@ -929,6 +931,12 @@ export BEP_GTDLIST="$BEP_GTDLIST_TMP" %{_mandir}/*/* %changelog +* Wed Sep 06 2023 dongyuzhen - 3.7.9-35 +- Type:CVE +- CVE:CVE-2022-48566 +- SUG:NA +- DESC:fix CVE-2022-48566 + * Tue Sep 05 2023 dongyuzhen - 3.7.9-34 - Type:CVE - CVE:CVE-2022-48565