fix CVE-2017-18207

CVE-2017-18207.patch

@@ -0,0 +1,22 @@
+From ae0ed14794ced2c51c822fc6f0d3ca92064619dd Mon Sep 17 00:00:00 2001
+From: BT123 <abcdyzhang@163.com>
+Date: Fri, 17 Nov 2017 16:45:45 +0800
+Subject: [PATCH] bug in wave.py
+
+---
+ Lib/wave.py | 2 ++
+ 1 file changed, 2 insertions(+)
+
+Index: Python-2.7.13/Lib/wave.py
+===================================================================
+--- Python-2.7.13.orig/Lib/wave.py	2018-06-07 17:00:25.370728844 +0000
++++ Python-2.7.13/Lib/wave.py	2018-06-07 17:02:51.768202800 +0000
+@@ -272,6 +272,8 @@ class Wave_read:
+             self._sampwidth = (sampwidth + 7) // 8
+         else:
+             raise Error, 'unknown format: %r' % (wFormatTag,)
++        if self._nchannels == 0:
++            raise Error, "The audio file in wav format should have at least one channel!"
+         self._framesize = self._nchannels * self._sampwidth
+         self._comptype = 'NONE'
+         self._compname = 'not compressed'

python2.spec

@@ -15,7 +15,7 @@
 %undefine _debuginfo_subpackages
 Name:      python2
 Version:   2.7.16
-Release:   9
+Release:   10
 Summary:   Python is an interpreted, interactive object-oriented programming language suitable
 License:   Python
 URL:       https://www.python.org/
@@ -98,6 +98,7 @@ Patch6054: CVE-2019-16056.patch
 Patch6055: CVE-2018-20852.patch
 Patch6056: CVE-2019-16935.patch
 Patch6057: CVE-2019-17514.patch
+Patch6058: CVE-2017-18207.patch
 
 BuildRequires: libdb-devel libffi-devel valgrind-devel ncurses-devel expat-devel readline-devel
 BuildRequires: openssl-devel libtirpc-devel tcl-devel tk-devel glibc-devel libnsl2-devel
@@ -632,6 +633,12 @@ sed -e "s|LIBRARY_PATH|%{_libdir}/%{py_INSTSONAME_debug}|" %{SOURCE1} \
 %{dynload_dir}/_testcapimodule_d.so
 
 %changelog
+* Mon Feb 3 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.7.16-10
+- Type:bugfix
+- Id:NA
+- SUG:NA
+- DESC:fix CVE-2017-18207
+
 * Tue Jan 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.7.16-9
 - delete unneeded obsoletes with isa