microsoft
/
CBL-Mariner
зеркало из https://github.com/microsoft/CBL-Mariner.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Patch CVE-2022-40897 in python3-setuptools (#4754) 

* Patch CVE-2022-40897 in  python3-setuptools
This commit is contained in:
Daniel McIlvaney 2023-02-03 16:36:04 -08:00 коммит произвёл GitHub
Родитель 9d284dad0b
Коммит a2923a2e4d
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
6 изменённых файлов: 59 добавлений и 28 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

12
SPECS/python3/CVE-2022-40897.patch Normal file
Просмотреть файл

@ -0,0 +1,12 @@
diff -ru setuptools-40.2.0/setuptools/package_index.py setuptools-40.2.0-mod/setuptools/package_index.py
--- setuptools-40.2.0/setuptools/package_index.py 2018-08-21 13:04:36.000000000 -0700
+++ setuptools-40.2.0-mod/setuptools/package_index.py 2023-01-03 15:00:04.313117605 -0800
@@ -213,7 +213,7 @@
return wrapper
-REL = re.compile(r"""<([^>]*\srel\s*=\s*['"]?([^'">]+)[^>]*)>""", re.I)
+REL = re.compile(r"""<([^>]*\srel\s{0,10}=\s{0,10}['"]?([^'" >]+)[^>]*)>""", re.I)
# this line is here to fix emacs' cruddy broken syntax highlighting

23
SPECS/python3/python3.spec
Просмотреть файл

@ -12,7 +12,7 @@
Summary: A high-level scripting language
Name: python3
Version: 3.9.14
Release: 5%{?dist}
Release: 6%{?dist}
License: PSF
Vendor: Microsoft Corporation
Distribution: Mariner
@ -26,6 +26,8 @@ Patch2: 0001-gh-95231-Disable-md5-crypt-modules-if-FIPS-is-enable.patch
Patch3: CVE-2022-37454.patch
Patch4: CVE-2022-45061.patch
Patch5: CVE-2022-42919.patch
# Patch for setuptools, resolved in 65.5.1
Patch1000: CVE-2022-40897.patch
BuildRequires: bzip2-devel
BuildRequires: expat-devel >= 2.1.0
@ -155,7 +157,17 @@ Provides: python%{majmin_nodots}-test = %{version}-%{release}
The test package contains all regression tests for Python as well as the modules test.support and test.regrtest. test.support is used to enhance your tests while test.regrtest drives the testing suite.
%prep
%autosetup -p1 -n Python-%{version}
# We need to patch setuptools later, so manually manage patches with -N
%autosetup -p1 -n Python-%{version} -N
# Ideally we would use '%%autopatch -p1 -M 999', but unfortunately the GitHub CI pipelines use a very old version of rpm which doesn't support it.
# We use the CI to validate the toolchain manifests, which means we need to parse this .spec file
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%build
# Remove GCC specs and build environment linker scripts
@ -205,6 +217,10 @@ pip3 install --no-cache-dir --no-index --ignore-installed \
pip-%{pip_version}-py3-none-any.whl
popd
# Manually patch CVE-2022-40897 which is a bundled wheel. We can only update the source code after install
echo 'Patching CVE-2022-40897 in bundled wheel file %{_libdir}/python%{majmin}/site-packages/setuptools/package_index.py'
patch %{buildroot}%{_libdir}/python%{majmin}/site-packages/setuptools/package_index.py < %{PATCH1000}
# Windows executables get installed by pip and setuptools- we don't need these.
find %{buildroot}%{_libdir}/python%{majmin}/site-packages -name '*.exe' -delete -print
@ -305,6 +321,9 @@ rm -rf %{buildroot}%{_bindir}/__pycache__
%{_libdir}/python%{majmin}/test/*
%changelog
* Thu Feb 02 2023 Daniel McIlvaney <damcilva@microsoft.com> - 3.9.14-6
- Patch CVE-2022-40897 in the bundled setuptools wheel
* Wed Dec 07 2022 Henry Beberman <henry.beberman@microsoft.com> - 3.9.14-5
- Add CVE-2022-42919 patch from upstream.

8
toolkit/resources/manifests/package/pkggen_core_aarch64.txt
Просмотреть файл

@ -234,10 +234,10 @@ ca-certificates-base-2.0.0-9.cm2.noarch.rpm
ca-certificates-2.0.0-9.cm2.noarch.rpm
dwz-0.14-1.cm2.aarch64.rpm
unzip-6.0-20.cm2.aarch64.rpm
python3-3.9.14-5.cm2.aarch64.rpm
python3-devel-3.9.14-5.cm2.aarch64.rpm
python3-libs-3.9.14-5.cm2.aarch64.rpm
python3-setuptools-3.9.14-5.cm2.noarch.rpm
python3-3.9.14-6.cm2.aarch64.rpm
python3-devel-3.9.14-6.cm2.aarch64.rpm
python3-libs-3.9.14-6.cm2.aarch64.rpm
python3-setuptools-3.9.14-6.cm2.noarch.rpm
which-2.21-8.cm2.aarch64.rpm
libselinux-3.2-1.cm2.aarch64.rpm
slang-2.3.2-4.cm2.aarch64.rpm

8
toolkit/resources/manifests/package/pkggen_core_x86_64.txt
Просмотреть файл

@ -234,10 +234,10 @@ ca-certificates-base-2.0.0-9.cm2.noarch.rpm
ca-certificates-2.0.0-9.cm2.noarch.rpm
dwz-0.14-1.cm2.x86_64.rpm
unzip-6.0-20.cm2.x86_64.rpm
python3-3.9.14-5.cm2.x86_64.rpm
python3-devel-3.9.14-5.cm2.x86_64.rpm
python3-libs-3.9.14-5.cm2.x86_64.rpm
python3-setuptools-3.9.14-5.cm2.noarch.rpm
python3-3.9.14-6.cm2.x86_64.rpm
python3-devel-3.9.14-6.cm2.x86_64.rpm
python3-libs-3.9.14-6.cm2.x86_64.rpm
python3-setuptools-3.9.14-6.cm2.noarch.rpm
which-2.21-8.cm2.x86_64.rpm
libselinux-3.2-1.cm2.x86_64.rpm
slang-2.3.2-4.cm2.x86_64.rpm

18
toolkit/resources/manifests/package/toolchain_aarch64.txt
Просмотреть файл

@ -507,28 +507,28 @@ procps-ng-devel-3.3.17-1.cm2.aarch64.rpm
procps-ng-lang-3.3.17-1.cm2.aarch64.rpm
pyproject-rpm-macros-1.0.0~rc1-4.cm2.noarch.rpm
python-markupsafe-debuginfo-2.1.0-1.cm2.aarch64.rpm
python3-3.9.14-5.cm2.aarch64.rpm
python3-3.9.14-6.cm2.aarch64.rpm
python3-audit-3.0.6-7.cm2.aarch64.rpm
python3-cracklib-2.9.7-5.cm2.aarch64.rpm
python3-curses-3.9.14-5.cm2.aarch64.rpm
python3-curses-3.9.14-6.cm2.aarch64.rpm
python3-Cython-0.29.32-1.cm2.aarch64.rpm
python3-debuginfo-3.9.14-5.cm2.aarch64.rpm
python3-devel-3.9.14-5.cm2.aarch64.rpm
python3-debuginfo-3.9.14-6.cm2.aarch64.rpm
python3-devel-3.9.14-6.cm2.aarch64.rpm
python3-gpg-1.16.0-1.cm2.aarch64.rpm
python3-jinja2-3.0.3-2.cm2.noarch.rpm
python3-libcap-ng-0.8.2-2.cm2.aarch64.rpm
python3-libs-3.9.14-5.cm2.aarch64.rpm
python3-libs-3.9.14-6.cm2.aarch64.rpm
python3-libxml2-2.10.3-1.cm2.aarch64.rpm
python3-lxml-4.9.1-1.cm2.aarch64.rpm
python3-magic-5.40-2.cm2.noarch.rpm
python3-markupsafe-2.1.0-1.cm2.aarch64.rpm
python3-newt-0.52.21-4.cm2.aarch64.rpm
python3-pip-3.9.14-5.cm2.noarch.rpm
python3-pip-3.9.14-6.cm2.noarch.rpm
python3-pygments-2.4.2-7.cm2.noarch.rpm
python3-rpm-4.18.0-2.cm2.aarch64.rpm
python3-setuptools-3.9.14-5.cm2.noarch.rpm
python3-test-3.9.14-5.cm2.aarch64.rpm
python3-tools-3.9.14-5.cm2.aarch64.rpm
python3-setuptools-3.9.14-6.cm2.noarch.rpm
python3-test-3.9.14-6.cm2.aarch64.rpm
python3-tools-3.9.14-6.cm2.aarch64.rpm
readline-8.1-1.cm2.aarch64.rpm
readline-debuginfo-8.1-1.cm2.aarch64.rpm
readline-devel-8.1-1.cm2.aarch64.rpm

18
toolkit/resources/manifests/package/toolchain_x86_64.txt
Просмотреть файл

@ -507,28 +507,28 @@ procps-ng-devel-3.3.17-1.cm2.x86_64.rpm
procps-ng-lang-3.3.17-1.cm2.x86_64.rpm
pyproject-rpm-macros-1.0.0~rc1-4.cm2.noarch.rpm
python-markupsafe-debuginfo-2.1.0-1.cm2.x86_64.rpm
python3-3.9.14-5.cm2.x86_64.rpm
python3-3.9.14-6.cm2.x86_64.rpm
python3-audit-3.0.6-7.cm2.x86_64.rpm
python3-cracklib-2.9.7-5.cm2.x86_64.rpm
python3-curses-3.9.14-5.cm2.x86_64.rpm
python3-curses-3.9.14-6.cm2.x86_64.rpm
python3-Cython-0.29.32-1.cm2.x86_64.rpm
python3-debuginfo-3.9.14-5.cm2.x86_64.rpm
python3-devel-3.9.14-5.cm2.x86_64.rpm
python3-debuginfo-3.9.14-6.cm2.x86_64.rpm
python3-devel-3.9.14-6.cm2.x86_64.rpm
python3-gpg-1.16.0-1.cm2.x86_64.rpm
python3-jinja2-3.0.3-2.cm2.noarch.rpm
python3-libcap-ng-0.8.2-2.cm2.x86_64.rpm
python3-libs-3.9.14-5.cm2.x86_64.rpm
python3-libs-3.9.14-6.cm2.x86_64.rpm
python3-libxml2-2.10.3-1.cm2.x86_64.rpm
python3-lxml-4.9.1-1.cm2.x86_64.rpm
python3-magic-5.40-2.cm2.noarch.rpm
python3-markupsafe-2.1.0-1.cm2.x86_64.rpm
python3-newt-0.52.21-4.cm2.x86_64.rpm
python3-pip-3.9.14-5.cm2.noarch.rpm
python3-pip-3.9.14-6.cm2.noarch.rpm
python3-pygments-2.4.2-7.cm2.noarch.rpm
python3-rpm-4.18.0-2.cm2.x86_64.rpm
python3-setuptools-3.9.14-5.cm2.noarch.rpm
python3-test-3.9.14-5.cm2.x86_64.rpm
python3-tools-3.9.14-5.cm2.x86_64.rpm
python3-setuptools-3.9.14-6.cm2.noarch.rpm
python3-test-3.9.14-6.cm2.x86_64.rpm
python3-tools-3.9.14-6.cm2.x86_64.rpm
readline-8.1-1.cm2.x86_64.rpm
readline-debuginfo-8.1-1.cm2.x86_64.rpm
readline-devel-8.1-1.cm2.x86_64.rpm