New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
python27: add patch for CVE-2018-14647 #52996
Conversation
e1ff3a4
to
ed99794
Compare
We need to add (version of) this patch to all interpreter versions. |
@@ -80,6 +80,11 @@ let | |||
url = "https://github.com/python/cpython/pull/8985.patch"; | |||
sha256 = "1c8nq2c9sjqa8ipl62hiandg6a7lzrwwfhi3ky6jd3pxgyalrh97"; | |||
}) | |||
# CVE-2018-14647. See https://bugs.python.org/issue34623 | |||
(fetchpatch { | |||
url = "https://github.com/python/cpython/commit/18b20bad75b4ff0486940fba4ec680e96e70f3a2.patch"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://github.com/python/cpython/commit/10be1d3f802b874914b2a13eb41407c7a582d9b3.patch is the patch that's merged in the 2.7 branch.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That commit only adds the news entry. I've used the commit which includes the fix, it's also referenced in the Debian tracker https://security-tracker.debian.org/tracker/CVE-2018-14647
Also, you can target |
python2.7 is the only affected.
|
ping @FRidh |
ping |
Leaving this unresolved is probably a bad PR, though we do have the newest expat on both master and 18.09 (and build python
|
Motivation for this change
Closes #52977
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)nix path-info -S
before and after)