-
Notifications
You must be signed in to change notification settings - Fork 563
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Patch python-gevent to resolve CVE-2024-25629 (#10713)
- Loading branch information
Showing
2 changed files
with
34 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| From a804c04ddc8245fc8adf0e92368709639125e183 Mon Sep 17 00:00:00 2001 | ||
| From: Brad House <[email protected]> | ||
| Date: Thu, 22 Feb 2024 16:23:33 -0500 | ||
| Subject: [PATCH] Merge pull request from GHSA-mg26-v6qh-x48q | ||
|
|
||
| --- | ||
| deps/c-ares/src/lib/ares__read_line.c | 8 ++++++++ | ||
| 1 file changed, 8 insertions(+) | ||
|
|
||
| diff --git a/deps/c-ares/src/lib/ares__read_line.c b/deps/c-ares/src/lib/ares__read_line.c | ||
| index c62ad2a..4aa5b10 100644 | ||
| --- a/deps/c-ares/src/lib/ares__read_line.c | ||
| +++ b/deps/c-ares/src/lib/ares__read_line.c | ||
| @@ -49,6 +49,14 @@ int ares__read_line(FILE *fp, char **buf, size_t *bufsize) | ||
| if (!fgets(*buf + offset, bytestoread, fp)) | ||
| return (offset != 0) ? 0 : (ferror(fp)) ? ARES_EFILE : ARES_EOF; | ||
| len = offset + strlen(*buf + offset); | ||
| + | ||
| + /* Probably means there was an embedded NULL as the first character in | ||
| + * the line, throw away line */ | ||
| + if (len == 0) { | ||
| + offset = 0; | ||
| + continue; | ||
| + } | ||
| + | ||
| if ((*buf)[len - 1] == '\n') | ||
| { | ||
| (*buf)[len - 1] = 0; | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,7 @@ | ||
| Summary: Coroutine-based network library | ||
| Name: python-gevent | ||
| Version: 23.9.1 | ||
| Release: 3%{?dist} | ||
| Release: 4%{?dist} | ||
| License: MIT | ||
| Vendor: Microsoft Corporation | ||
| Distribution: Azure Linux | ||
|
|
@@ -10,6 +10,7 @@ URL: https://www.gevent.org | |
| Source0: https://github.com/gevent/gevent/archive/%{version}.tar.gz#/gevent-%{version}.tar.gz | ||
| Patch0: CVE-2024-24806.patch | ||
| Patch1: skip-irrelevant-tests.patch | ||
| Patch2: CVE-2024-25629.patch | ||
|
|
||
| %description | ||
| gevent is a coroutine-based Python networking library. | ||
|
|
@@ -71,6 +72,9 @@ pip3 install packaging==23.2 tox tox-current-env | |
| %license LICENSE | ||
|
|
||
| %changelog | ||
| * Mon Oct 14 2024 Sumedh Sharma <[email protected]> - 23.9.1-4 | ||
| - Add patch to resolve CVE-2024-25629 | ||
|
|
||
| * Mon Jul 01 2024 Nick Samson <[email protected]> - 23.9.1-3 | ||
| - Patch to address CVE-2024-24806 | ||
| - Migrate tests to use tox | ||
|
|
||