Security fix for CVE-2019-5010

https://bugs.python.org/issue35746 https://bugzilla.redhat.com/show_bug.cgi?id=1666519 https://bugzilla.redhat.com/show_bug.cgi?id=1666522
2019-01-16 09:13:16 +01:00 · 2019-01-16 09:13:16 +01:00 · 4e7015b153
commit 4e7015b153
parent 053863ab41
2 changed files with 121 additions and 1 deletions
--- a/python3.spec
+++ b/python3.spec
@ -14,7 +14,7 @@ URL: https://www.python.org/
 #  WARNING  When rebasing to a new Python version,
 #           remember to update the python3-docs package as well
 Version: %{pybasever}.2
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: Python


@ -305,6 +305,11 @@ Patch274: 00274-fix-arch-names.patch
 # So we mark the command as unsupported - and the tests are skipped
 Patch316: 00316-mark-bdist_wininst-unsupported.patch

+# 00317 #
+# Security fix for CVE-2019-5010: Fix segfault in ssl's cert parser
+# Fixed upstream https://bugs.python.org/issue35746
+Patch317: 00317-CVE-2019-5010.patch
+
 # (New patches go here ^^^)
 #
 # When adding new patches to "python" and "python3" in Fedora, EL, etc.,
@ -640,6 +645,7 @@ rm Lib/ensurepip/_bundled/*.whl
 %patch251 -p1
 %patch274 -p1
 %patch316 -p1
+%patch317 -p1


 # Remove files that should be generated by the build
@ -1555,6 +1561,9 @@ CheckPython optimized
 # ======================================================

 %changelog
+* Wed Jan 16 2019 Miro Hrončok <mhroncok@redhat.com> - 3.7.2-4
+- Security fix for CVE-2019-5010 (#1666519, #1666522)
+
 * Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 3.7.2-3
 - Rebuilt for libcrypt.so.2 (#1666033)