packages/python3
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2022-48566

Browse Source
This commit is contained in:
dongyuzhen 2023-09-06 11:25:50 +08:00
parent ec918da7f6
commit 2919414988
2 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
backport-CVE-2022-48566.patch Normal file
View File

@ -0,0 +1,30 @@
From 31729366e2bc09632e78f3896dbce0ae64914f28 Mon Sep 17 00:00:00 2001
From: Devin Jeanpierre <jeanpierreda@google.com>
Date: Sat, 21 Nov 2020 01:55:23 -0700
Subject: [PATCH] bpo-40791: Make compare_digest more constant-time. (GH-20444)
* bpo-40791: Make compare_digest more constant-time.
The existing volatile `left`/`right` pointers guarantee that the reads will all occur, but does not guarantee that they will be _used_. So a compiler can still short-circuit the loop, saving e.g. the overhead of doing the xors and especially the overhead of the data dependency between `result` and the reads. That would change performance depending on where the first unequal byte occurs. This change removes that optimization.
(This is change #1 from https://bugs.python.org/issue40791 .)
---
Modules/_operator.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Modules/_operator.c b/Modules/_operator.c
index 51daa1f..7fff654 100644
--- a/Modules/_operator.c
+++ b/Modules/_operator.c
@@ -735,7 +735,7 @@ _tscmp(const unsigned char *a, const unsigned char *b,
volatile const unsigned char *left;
volatile const unsigned char *right;
Py_ssize_t i;
- unsigned char result;
+ volatile unsigned char result;
/* loop count depends on length of b */
length = len_b;
--
2.33.0

10
python3.spec
View File

@ -3,7 +3,7 @@ Summary: Interpreter of the Python3 programming language
URL: https://www.python.org/ URL: https://www.python.org/
Version: 3.7.9 Version: 3.7.9
Release: 34 Release: 35
License: Python-2.0 License: Python-2.0
%global branchversion 3.7 %global branchversion 3.7
@ -168,6 +168,7 @@ Patch6058: backport-CVE-2022-37454.patch
Patch6059: backport-bpo-44434-Don-t-call-PyThread_exit_thread-explicitly.patch Patch6059: backport-bpo-44434-Don-t-call-PyThread_exit_thread-explicitly.patch
Patch6060: backport-Make-urllib.parse.urlparse-enforce-that-a-scheme-mus.patch Patch6060: backport-Make-urllib.parse.urlparse-enforce-that-a-scheme-mus.patch
Patch6061: backport-CVE-2022-48565.patch Patch6061: backport-CVE-2022-48565.patch
Patch6062: backport-CVE-2022-48566.patch
patch9000: Don-t-override-PYTHONPATH-which-is-already-set.patch patch9000: Don-t-override-PYTHONPATH-which-is-already-set.patch
patch9001: add-the-sm3-method-for-obtaining-the-salt-value.patch patch9001: add-the-sm3-method-for-obtaining-the-salt-value.patch
@ -324,6 +325,7 @@ rm Lib/ensurepip/_bundled/*.whl
%patch6059 -p1 %patch6059 -p1
%patch6060 -p1 %patch6060 -p1
%patch6061 -p1 %patch6061 -p1
%patch6062 -p1
%patch9000 -p1 %patch9000 -p1
%patch9001 -p1 %patch9001 -p1
@ -929,6 +931,12 @@ export BEP_GTDLIST="$BEP_GTDLIST_TMP"
%{_mandir}/*/* %{_mandir}/*/*
%changelog %changelog
* Wed Sep 06 2023 dongyuzhen <dongyuzhen@h-partners.com> - 3.7.9-35
- Type:CVE
- CVE:CVE-2022-48566
- SUG:NA
- DESC:fix CVE-2022-48566
* Tue Sep 05 2023 dongyuzhen <dongyuzhen@h-partners.com> - 3.7.9-34 * Tue Sep 05 2023 dongyuzhen <dongyuzhen@h-partners.com> - 3.7.9-34
- Type:CVE - Type:CVE
- CVE:CVE-2022-48565 - CVE:CVE-2022-48565