| 1 |
commit: a0e1a56eed02c79bc1a261e3d13c9fe0c4a728e8 |
| 2 |
Author: Sven Wegener <swegener <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Sun Oct 31 12:34:29 2021 +0000 |
| 4 |
Commit: Sven Wegener <swegener <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun Oct 31 15:48:23 2021 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a0e1a56e |
| 7 |
|
| 8 |
dev-python/hiredis: Revision bump for CVE-2021-32765 |
| 9 |
|
| 10 |
It includes a bundled copy of dev-libs/hiredis and is suffering the same |
| 11 |
security issue. |
| 12 |
|
| 13 |
URL: https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2 |
| 14 |
Bug: https://bugs.gentoo.org/816318 |
| 15 |
Package-Manager: Portage-3.0.28, Repoman-3.0.3 |
| 16 |
Signed-off-by: Sven Wegener <swegener <AT> gentoo.org> |
| 17 |
|
| 18 |
.../files/hiredis-2.0.0-CVE-2021-32765.patch | 36 ++++++++++++++++++++++ |
| 19 |
dev-python/hiredis/hiredis-2.0.0-r2.ebuild | 36 ++++++++++++++++++++++ |
| 20 |
2 files changed, 72 insertions(+) |
| 21 |
|
| 22 |
diff --git a/dev-python/hiredis/files/hiredis-2.0.0-CVE-2021-32765.patch b/dev-python/hiredis/files/hiredis-2.0.0-CVE-2021-32765.patch |
| 23 |
new file mode 100644 |
| 24 |
index 00000000000..ad1bb80ac0d |
| 25 |
--- /dev/null |
| 26 |
+++ b/dev-python/hiredis/files/hiredis-2.0.0-CVE-2021-32765.patch |
| 27 |
@@ -0,0 +1,36 @@ |
| 28 |
+--- a/vendor/hiredis/alloc.c |
| 29 |
++++ b/vendor/hiredis/alloc.c |
| 30 |
+@@ -68,6 +68,10 @@ void *hi_malloc(size_t size) { |
| 31 |
+ } |
| 32 |
+ |
| 33 |
+ void *hi_calloc(size_t nmemb, size_t size) { |
| 34 |
++ /* Overflow check as the user can specify any arbitrary allocator */ |
| 35 |
++ if (SIZE_MAX / size < nmemb) |
| 36 |
++ return NULL; |
| 37 |
++ |
| 38 |
+ return hiredisAllocFns.callocFn(nmemb, size); |
| 39 |
+ } |
| 40 |
+ |
| 41 |
+diff --git a/alloc.h b/alloc.h |
| 42 |
+index 34a05f4..771f9fe 100644 |
| 43 |
+--- a/vendor/hiredis/alloc.h |
| 44 |
++++ b/vendor/hiredis/alloc.h |
| 45 |
+@@ -32,6 +32,7 @@ |
| 46 |
+ #define HIREDIS_ALLOC_H |
| 47 |
+ |
| 48 |
+ #include <stddef.h> /* for size_t */ |
| 49 |
++#include <stdint.h> |
| 50 |
+ |
| 51 |
+ #ifdef __cplusplus |
| 52 |
+ extern "C" { |
| 53 |
+@@ -59,6 +60,10 @@ static inline void *hi_malloc(size_t size) { |
| 54 |
+ } |
| 55 |
+ |
| 56 |
+ static inline void *hi_calloc(size_t nmemb, size_t size) { |
| 57 |
++ /* Overflow check as the user can specify any arbitrary allocator */ |
| 58 |
++ if (SIZE_MAX / size < nmemb) |
| 59 |
++ return NULL; |
| 60 |
++ |
| 61 |
+ return hiredisAllocFns.callocFn(nmemb, size); |
| 62 |
+ } |
| 63 |
+ |
| 64 |
|
| 65 |
diff --git a/dev-python/hiredis/hiredis-2.0.0-r2.ebuild b/dev-python/hiredis/hiredis-2.0.0-r2.ebuild |
| 66 |
new file mode 100644 |
| 67 |
index 00000000000..48e177fb23f |
| 68 |
--- /dev/null |
| 69 |
+++ b/dev-python/hiredis/hiredis-2.0.0-r2.ebuild |
| 70 |
@@ -0,0 +1,36 @@ |
| 71 |
+# Copyright 1999-2021 Gentoo Authors |
| 72 |
+# Distributed under the terms of the GNU General Public License v2 |
| 73 |
+ |
| 74 |
+EAPI=7 |
| 75 |
+ |
| 76 |
+PYTHON_COMPAT=( python3_{8..10} pypy3 ) |
| 77 |
+inherit distutils-r1 |
| 78 |
+ |
| 79 |
+DESCRIPTION="Python extension that wraps hiredis" |
| 80 |
+HOMEPAGE="https://github.com/redis/hiredis-py/" |
| 81 |
+SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz" |
| 82 |
+ |
| 83 |
+LICENSE="BSD" |
| 84 |
+SLOT="0" |
| 85 |
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~sparc ~x86" |
| 86 |
+IUSE="system-libs" |
| 87 |
+ |
| 88 |
+DEPEND="system-libs? ( >=dev-libs/hiredis-1.0.0:= )" |
| 89 |
+RDEPEND="${DEPEND}" |
| 90 |
+ |
| 91 |
+PATCHES=( |
| 92 |
+ "${FILESDIR}"/${P}-CVE-2021-32765.patch |
| 93 |
+) |
| 94 |
+ |
| 95 |
+src_prepare() { |
| 96 |
+ use system-libs && PATCHES+=( |
| 97 |
+ "${FILESDIR}"/${P}-system-libs.patch |
| 98 |
+ ) |
| 99 |
+ sed -i -e 's:description-file:description_file:' setup.cfg || die |
| 100 |
+ default |
| 101 |
+} |
| 102 |
+ |
| 103 |
+python_test() { |
| 104 |
+ cd test || die |
| 105 |
+ "${EPYTHON}" -m unittest -v reader.ReaderTest || die "tests failed" |
| 106 |
+} |
Archives