aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/python-CVE-2018-14647.patch
blob: 24f8d218209f80f51bb7709e89e86ed961cdc642 (about) (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

Fix CVE-2018-14647:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647
https://bugs.python.org/issue34623

Taken from upstream:
https://github.com/python/cpython/commit/f7666e828cc3d5873136473ea36ba2013d624fa1

diff --git Include/pyexpat.h Include/pyexpat.h
index 44259bf6d7..07020b5dc9 100644
--- Include/pyexpat.h
+++ Include/pyexpat.h
@@ -3,7 +3,7 @@
 
 /* note: you must import expat.h before importing this module! */
 
-#define PyExpat_CAPI_MAGIC  "pyexpat.expat_CAPI 1.0"
+#define PyExpat_CAPI_MAGIC  "pyexpat.expat_CAPI 1.1"
 #define PyExpat_CAPSULE_NAME "pyexpat.expat_CAPI"
 
 struct PyExpat_CAPI
@@ -48,6 +48,8 @@ struct PyExpat_CAPI
     enum XML_Status (*SetEncoding)(XML_Parser parser, const XML_Char *encoding);
     int (*DefaultUnknownEncodingHandler)(
         void *encodingHandlerData, const XML_Char *name, XML_Encoding *info);
+    /* might be none for expat < 2.1.0 */
+    int (*SetHashSalt)(XML_Parser parser, unsigned long hash_salt);
     /* always add new stuff to the end! */
 };
 
diff --git Modules/_elementtree.c Modules/_elementtree.c
index 707ab2912b..53f05f937f 100644
--- Modules/_elementtree.c
+++ Modules/_elementtree.c
@@ -3261,6 +3261,11 @@ _elementtree_XMLParser___init___impl(XMLParserObject *self, PyObject *html,
         PyErr_NoMemory();
         return -1;
     }
+    /* expat < 2.1.0 has no XML_SetHashSalt() */
+    if (EXPAT(SetHashSalt) != NULL) {
+        EXPAT(SetHashSalt)(self->parser,
+                           (unsigned long)_Py_HashSecret.expat.hashsalt);
+    }
 
     if (target) {
         Py_INCREF(target);
diff --git Modules/pyexpat.c Modules/pyexpat.c
index 47c3e86c20..aa21d93c11 100644
--- Modules/pyexpat.c
+++ Modules/pyexpat.c
@@ -1887,6 +1887,11 @@ MODULE_INITFUNC(void)
     capi.SetStartDoctypeDeclHandler = XML_SetStartDoctypeDeclHandler;
     capi.SetEncoding = XML_SetEncoding;
     capi.DefaultUnknownEncodingHandler = PyUnknownEncodingHandler;
+#if XML_COMBINED_VERSION >= 20100
+    capi.SetHashSalt = XML_SetHashSalt;
+#else
+    capi.SetHashSalt = NULL;
+#endif
 
     /* export using capsule */
     capi_object = PyCapsule_New(&capi, PyExpat_CAPSULE_NAME, NULL);
generated by cgit
r class='nohover-highlight'> * gnu/packages/version-control.scm (gita)[arguments]: Add phase install-shell-completions. Signed-off-by: Oleg Pykhalov <go.wigust@gmail.com> 2020-12-08gnu: Add gita.Oleg Pykhalov * gnu/packages/version-control.scm (gita): New variable. 2020-12-05gnu: Add diff-so-fancy.EuAndreh * gnu/packages/version-control.scm (diff-so-fancy): New variable. Signed-off-by: Leo Famulari <leo@famulari.name> 2020-12-04gnu: git-open: Remove unnecessary propagated input.EuAndreh * gnu/packages/version-control.scm (git-open)[arguments]: Wrap the git-open executable with the path to xdg-utils. [propagated-inputs]: Replace with ... [inputs]: New field. [build-system]: Use copy-build-system. Signed-off-by: Leo Famulari <leo@famulari.name> 2020-12-03gnu: libgit2: Update to 1.1.0Holger Peters * gnu/packages/version-control.scm (libgit2): Update to 1.1.0. Signed-off-by: Leo Famulari <leo@famulari.name> 2020-11-29gnu: stgit: Update to 0.23.Tobias Geerinckx-Rice * gnu/packages/version-control.scm (stgit): Update to 0.23. 2020-11-29gnu: stgit: Update home page.Tobias Geerinckx-Rice * packages/version-control.scm (stgit)[home-page]: Follow HTML redirection. 2020-11-29gnu: b4: Update to 0.5.3.Kyle Meyer * gnu/packages/version-control.scm (b4): Update to 0.5.3. Signed-off-by: Efraim Flashner <efraim@flashner.co.il> 2020-11-29gnu: grokmirror: Update to 2.0.5.Kyle Meyer * gnu/packages/version-control.scm (grokmirror): Update to 2.0.5. [propagated-inputs]: Add python-packaging. Signed-off-by: Efraim Flashner <efraim@flashner.co.il> 2020-11-25gnu: Add git-open.EuAndreh * gnu/packages/version-control.scm (git-open): New variable. Signed-off-by: Leo Famulari <leo@famulari.name> 2020-11-16gnu: git: Add phase to restore hooks shebang.Miguel Ángel Arruga Vivas Fixes <https://bugs.gnu.org/25508>. * gnu/packages/version-control.scm (git)[arguments]: New phase restore-sample-hooks-shebang. 2020-11-15gnu: Add b4.Kyle Meyer * gnu/packages/version-control.scm (b4): New variable. Signed-off-by: Christopher Baines <mail@cbaines.net> 2020-11-10gnu: pre-commit: Update to 2.8.1.Vinicius Monego * gnu/packages/version-control.scm (pre-commit): Update to 2.8.1. [arguments]: Skip new dotnet and nodejs tests. [native-inputs]: Add python-re-assert. [inputs]: Propagate. Signed-off-by: Marius Bakke <marius@gnu.org> 2020-11-01gnu: git: Update to 2.29.2.Tobias Geerinckx-Rice * gnu/packages/version-control.scm (git): Update to 2.29.2. 2020-10-25gnu: Git: Update to 2.29.1.Leo Famulari * gnu/packages/version-control.scm (git): Update to 2.29.1. (native-inputs)[git-manpages]: Update hash. (git-minimal)[arguments]: Delete obsolete phase 'delete-svn-test'. 2020-10-23gnu: rcs: Update to 5.10.0.Efraim Flashner * gnu/packages/version-control.scm (rcs): Update to 5.10.0. [source]: Update patches. [arguments]: Remove field. * gnu/packages/patches/rcs-5.9.4-noreturn.patch: Remove file. * gnu/packages/patches/rcs-5.10.0-no-stdin.patch: Add file. * gnu/local.mk (dist_patch_DATA): Register changes. 2020-10-18gnu: vc-dwim: Update to 1.10.Efraim Flashner * gnu/packages/version-control.scm (vc-dwim): Update to 1.10. 2020-09-27gnu: Add grokmirror.Kyle Meyer * gnu/packages/version-control.scm (grokmirror): New variable. Signed-off-by: Ludovic Courtès <ludo@gnu.org>