Browse code
python-py: Patched for CVE-2020-29651
CVE-2020-29651 is a compute time DoS attack when py.path.svnwc component
of python-py is exploited by supplying malicious input to the blame
functionality.
Change-Id: I7ebbc7be0557b679b60de1cc73b27a7aad966b57
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/13763
Reviewed-by: Tapas Kundu <tkundu@vmware.com>
Tested-by: gerrit-photon <photon-checkins@vmware.com>
dweepadvani authored on 2021/06/22 05:18:56Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,31 @@ |
| 0 |
+From 4a9017dc6199d2a564b6e4b0aa39d6d8870e4144 Mon Sep 17 00:00:00 2001 |
|
| 1 |
+From: Ran Benita <ran@unusedvar.com> |
|
| 2 |
+Date: Fri, 4 Sep 2020 13:57:26 +0300 |
|
| 3 |
+Subject: [PATCH] svnwc: fix regular expression vulnerable to DoS in blame |
|
| 4 |
+ functionality |
|
| 5 |
+ |
|
| 6 |
+The subpattern `\d+\s*\S+` is ambiguous which makes the pattern subject |
|
| 7 |
+to catastrophic backtracing given a string like `"1" * 5000`. |
|
| 8 |
+ |
|
| 9 |
+SVN blame output seems to always have at least one space between the |
|
| 10 |
+revision number and the user name, so the ambiguity can be fixed by |
|
| 11 |
+changing the `*` to `+`. |
|
| 12 |
+ |
|
| 13 |
+Fixes #256. |
|
| 14 |
+--- |
|
| 15 |
+ py/_path/svnwc.py | 2 +- |
|
| 16 |
+ 1 file changed, 1 insertion(+), 1 deletion(-) |
|
| 17 |
+ |
|
| 18 |
+diff --git a/py/_path/svnwc.py b/py/_path/svnwc.py |
|
| 19 |
+index 3138dd85..b5b9d8d5 100644 |
|
| 20 |
+--- a/py/_path/svnwc.py |
|
| 21 |
+@@ -396,7 +396,7 @@ def makecmdoptions(self): |
|
| 22 |
+ def __str__(self): |
|
| 23 |
+ return "<SvnAuth username=%s ...>" %(self.username,) |
|
| 24 |
+ |
|
| 25 |
+-rex_blame = re.compile(r'\s*(\d+)\s*(\S+) (.*)') |
|
| 26 |
++rex_blame = re.compile(r'\s*(\d+)\s+(\S+) (.*)') |
|
| 27 |
+ |
|
| 28 |
+ class SvnWCCommandPath(common.PathBase): |
|
| 29 |
+ """ path implementation offering access/modification to svn working copies. |
| ... | ... |
@@ -2,7 +2,7 @@ |
| 2 | 2 |
|
| 3 | 3 |
Name: python3-py |
| 4 | 4 |
Version: 1.9.0 |
| 5 |
-Release: 1%{?dist}
|
|
| 5 |
+Release: 2%{?dist}
|
|
| 6 | 6 |
Summary: Python development support library |
| 7 | 7 |
License: MIT |
| 8 | 8 |
Group: Development/Languages/Python |
| ... | ... |
@@ -12,6 +12,7 @@ Distribution: Photon |
| 12 | 12 |
Source0: https://pypi.python.org/packages/53/72/6c6f1e787d9cab2cc733cf042f125abec07209a58308831c9f292504e826/py-%{version}.tar.gz
|
| 13 | 13 |
%define sha1 py=8cbe522347596ffc292fd9b1ceaa4564a551ac76 |
| 14 | 14 |
|
| 15 |
+Patch0: python-py-CVE-2020-29651.patch |
|
| 15 | 16 |
BuildRequires: python3 |
| 16 | 17 |
BuildRequires: python3-devel |
| 17 | 18 |
BuildRequires: python3-setuptools |
| ... | ... |
@@ -34,6 +35,7 @@ py.code: dynamic code generation and introspection |
| 34 | 34 |
|
| 35 | 35 |
%prep |
| 36 | 36 |
%setup -n py-%{version}
|
| 37 |
+%patch0 -p1 |
|
| 37 | 38 |
|
| 38 | 39 |
%build |
| 39 | 40 |
python3 setup.py build |
| ... | ... |
@@ -50,6 +52,8 @@ make -k check |& tee %{_specdir}/%{name}-check-log || %{nocheck}
|
| 50 | 50 |
%{python3_sitelib}/*
|
| 51 | 51 |
|
| 52 | 52 |
%changelog |
| 53 |
+* Mon Jun 21 2021 Dweep Advani <dadvani@vmware.com> 1.9.0-2 |
|
| 54 |
+- Patched for CVE-2020-29651 |
|
| 53 | 55 |
* Tue Jul 28 2020 Tapas Kundu <tkundu@vmware.com> 1.9.0-1 |
| 54 | 56 |
- Updated to version 1.9.0 |
| 55 | 57 |
* Tue Jun 16 2020 Tapas Kundu <tkundu@vmware.com> 1.6.0-2 |