new file mode 100644

@@ -0,0 +1,23 @@

+# HG changeset patch

+# User Benjamin Peterson <benjamin@python.org>

+# Date 1453357424 28800

+# Node ID 985fc64c60d6adffd1138b6cc46df388ca91ca5d

+# Parent  7ec954b9fc54448a35b56d271340ba109eb381b9

+prevent buffer overflow in get_data (closes #26171)

+ 

+diff --git a/Modules/zipimport.c b/Modules/zipimport.c

+--- a/Modules/zipimport.c

+@@ -895,6 +895,11 @@ get_data(char *archive, PyObject *toc_en

+         PyMarshal_ReadShortFromFile(fp);        /* local header size */

+     file_offset += l;           /* Start of file data */

+ 

++    if (data_size > LONG_MAX - 1) {

++        fclose(fp);

++        PyErr_NoMemory();

++        return NULL;

++    }

+     raw_data = PyString_FromStringAndSize((char *)NULL, compress == 0 ?

+                                           data_size : data_size + 1);

+     if (raw_data == NULL) {

+

@@ -1,7 +1,7 @@

 Summary:	A high-level scripting language

 Name:		python2

 Version:	2.7.11

-Release:	7%{?dist}

+Release:	8%{?dist}

 License:	PSF

 URL:		http://www.python.org/

 Group:		System Environment/Programming

@@ -12,6 +12,7 @@ Source0:	http://www.python.org/ftp/python/2.7.11/Python-%{version}.tar.xz

 Patch0: cgi.patch

 Patch1: added-compiler-flags-for-curses-module.patch

 Patch2: added-pyopenssl-ipaddress-certificate-validation.patch

+Patch3: python2-CVE-2016-5636.patch

 BuildRequires:	pkg-config >= 0.28

 BuildRequires:	bzip2-devel

 BuildRequires:  openssl-devel

@@ -101,6 +102,8 @@ to build python programs.

 %patch0 -p1

 %patch1 -p1

 %patch2 -p1

+%patch3 -p1

+

 %build

 export OPT="${CFLAGS}"

 ./configure \

@@ -217,6 +220,8 @@ rm -rf %{buildroot}/*

 %{_bindir}/idle*

 %changelog

+*   Thu Oct 27 2016 Anish Swaminathan <anishs@vmware.com> 2.7.11-8

+-   Patch for CVE-2016-5636

 *   Wed Sep 14 2016 Divya Thaluru <dthaluru@vmware.com> 2.7.11-7

 -   Improvised pyopenssl patch

 *   Wed Sep 7 2016 Divya Thaluru <dthaluru@vmware.com> 2.7.11-6

new file mode 100644

@@ -0,0 +1,22 @@

+# HG changeset patch

+# User Benjamin Peterson <benjamin@python.org>

+# Date 1453357506 28800

+# Node ID 10dad6da1b28ea4af78ad9529e469fdbf4ebbc8f

+# Parent  a3ac2cd93db9d5336dfd7b5b27efde2c568d8794# Parent  01ddd608b85c85952537d95a43bbabf4fb655057

+ 

+diff --git a/Modules/zipimport.c b/Modules/zipimport.c

+--- a/Modules/zipimport.c

+@@ -1127,6 +1127,11 @@ get_data(PyObject *archive, PyObject *to

+     }

+     file_offset += l;           /* Start of file data */

+ 

++    if (data_size > LONG_MAX - 1) {

++        fclose(fp);

++        PyErr_NoMemory();

++        return NULL;

++    }

+     bytes_size = compress == 0 ? data_size : data_size + 1;

+     if (bytes_size == 0)

+         bytes_size++;

+

@@ -1,7 +1,7 @@

 Summary:	A high-level scripting language

 Name:		python3

 Version:	3.5.1

-Release:	5%{?dist}

+Release:	6%{?dist}

 License:	PSF

 URL:		http://www.python.org/

 Group:		System Environment/Programming

@@ -9,7 +9,8 @@ Vendor:		VMware, Inc.

 Distribution:	Photon

 Source0:	https://www.python.org/ftp/python/%{version}/Python-%{version}.tar.xz

 %define sha1 Python=0186da436db76776196612b98bb9c2f76acfe90e

-Patch:          cgi3.patch

+Patch0:         cgi3.patch

+Patch1:         python3-CVE-2016-5636.patch

 BuildRequires:	pkg-config >= 0.28

 BuildRequires:	bzip2-devel

 BuildRequires:	ncurses-devel

@@ -83,7 +84,8 @@ to build python programs.

 %prep

 %setup -q -n Python-%{version}

-%patch -p1

+%patch0 -p1

+%patch1 -p1

 %build

 export OPT="${CFLAGS}"

@@ -186,6 +188,8 @@ rm -rf %{buildroot}/*

 %{_bindir}/idle*

 %changelog

+*   	Thu Oct 27 2016 Anish Swaminathan <anishs@vmware.com> 3.5.1-6

+-   	Patch for CVE-2016-5636

 *	Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 3.5.1-5

 -	GA - Bump release of all rpms

 *	Wed May 04 2016 Anish Swaminathan <anishs@vmware.com> 3.5.1-4