[notify] python: security fix for CVE-2018-1000030, closes FS#1593

see https://nvd.nist.gov/vuln/detail/CVE-2018-1000030
2018-03-05 14:00:09 +01:00 · 2018-03-05 14:00:09 +01:00 · 44a2a4397f
commit 44a2a4397f
parent df2369c8bb
3 changed files with 10 additions and 3 deletions
--- a/python/.md5sum
+++ b/python/.md5sum
@ -1,2 +1,3 @@
+ff653e9e002ca0e3d4a828988e52edd3  CVE-2018-1000030.patch
 1f6db41ad91d9eb0a6f0c769b8613c5b  Python-2.7.14.tar.xz
 387d5f6d00d2be01ecb87216cac0f88c  pyconfig.h
--- a/python/.signature
+++ b/python/.signature
@ -1,6 +1,7 @@
 untrusted comment: verify with /etc/ports/opt.pub
-RWSE3ohX2g5d/epCMlUlFvQyaIBzosMEyP+lGSzf7nv8h9yrdisRjDKb2xLBIKFHVun/04RwTZIvn0CBZvxCeIfrt5e8O4HPwQQ=
-SHA256 (Pkgfile) = 1fb4bf0238ad36a48a801d2d37d04e2c9650697dff1939f2781dc74f72058491
+RWSE3ohX2g5d/boQipBgLcfxZlqFZR09X30s/Z5MGSa539QoTYA6+7gBtc/kPgMKpF6e8opocX6wAQjcf9trsFzX4XMdoJaRFwY=
+SHA256 (Pkgfile) = 68fdadc03201267d440d69f8cd2e02a028887cf0b274d02ca17c52095aa8c663
 SHA256 (.footprint) = cad0b763c2deaad518b7c81ea32fbbe025df03c1548002336ef818ca9f4cf7ce
 SHA256 (Python-2.7.14.tar.xz) = 71ffb26e09e78650e424929b2b457b9c912ac216576e6bd9e7d204ed03296a66
+SHA256 (CVE-2018-1000030.patch) = f7ff89ad24d529532b4dfa6bd601d8f7368c3ae3950dae539ecc11e5e09b3ecb
 SHA256 (pyconfig.h) = 081426cb9524c2e156a71bb035c25a67e44d389afc6f7e091bcf86a7f4e2002f
--- a/python/Pkgfile
+++ b/python/Pkgfile
@ -5,12 +5,17 @@

 name=python
 version=2.7.14
-release=1
+release=2
 source=(http://www.python.org/ftp/$name/$version/Python-$version.tar.xz \
+        CVE-2018-1000030.patch
        pyconfig.h)

 build () {
    cd Python-$version
+   
+    # fix for CVE-2018-1000030
+    # see https://bugs.python.org/issue31530
+    patch -p1 -i $SRC/CVE-2018-1000030.patch

    # set OPT to the python default without -O3
    # our CFLAGS are used as well