1 |
commit: a0e1a56eed02c79bc1a261e3d13c9fe0c4a728e8 |
2 |
Author: Sven Wegener <swegener <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Oct 31 12:34:29 2021 +0000 |
4 |
Commit: Sven Wegener <swegener <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Oct 31 15:48:23 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a0e1a56e |
7 |
|
8 |
dev-python/hiredis: Revision bump for CVE-2021-32765 |
9 |
|
10 |
It includes a bundled copy of dev-libs/hiredis and is suffering the same |
11 |
security issue. |
12 |
|
13 |
URL: https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2 |
14 |
Bug: https://bugs.gentoo.org/816318 |
15 |
Package-Manager: Portage-3.0.28, Repoman-3.0.3 |
16 |
Signed-off-by: Sven Wegener <swegener <AT> gentoo.org> |
17 |
|
18 |
.../files/hiredis-2.0.0-CVE-2021-32765.patch | 36 ++++++++++++++++++++++ |
19 |
dev-python/hiredis/hiredis-2.0.0-r2.ebuild | 36 ++++++++++++++++++++++ |
20 |
2 files changed, 72 insertions(+) |
21 |
|
22 |
diff --git a/dev-python/hiredis/files/hiredis-2.0.0-CVE-2021-32765.patch b/dev-python/hiredis/files/hiredis-2.0.0-CVE-2021-32765.patch |
23 |
new file mode 100644 |
24 |
index 00000000000..ad1bb80ac0d |
25 |
--- /dev/null |
26 |
+++ b/dev-python/hiredis/files/hiredis-2.0.0-CVE-2021-32765.patch |
27 |
@@ -0,0 +1,36 @@ |
28 |
+--- a/vendor/hiredis/alloc.c |
29 |
++++ b/vendor/hiredis/alloc.c |
30 |
+@@ -68,6 +68,10 @@ void *hi_malloc(size_t size) { |
31 |
+ } |
32 |
+ |
33 |
+ void *hi_calloc(size_t nmemb, size_t size) { |
34 |
++ /* Overflow check as the user can specify any arbitrary allocator */ |
35 |
++ if (SIZE_MAX / size < nmemb) |
36 |
++ return NULL; |
37 |
++ |
38 |
+ return hiredisAllocFns.callocFn(nmemb, size); |
39 |
+ } |
40 |
+ |
41 |
+diff --git a/alloc.h b/alloc.h |
42 |
+index 34a05f4..771f9fe 100644 |
43 |
+--- a/vendor/hiredis/alloc.h |
44 |
++++ b/vendor/hiredis/alloc.h |
45 |
+@@ -32,6 +32,7 @@ |
46 |
+ #define HIREDIS_ALLOC_H |
47 |
+ |
48 |
+ #include <stddef.h> /* for size_t */ |
49 |
++#include <stdint.h> |
50 |
+ |
51 |
+ #ifdef __cplusplus |
52 |
+ extern "C" { |
53 |
+@@ -59,6 +60,10 @@ static inline void *hi_malloc(size_t size) { |
54 |
+ } |
55 |
+ |
56 |
+ static inline void *hi_calloc(size_t nmemb, size_t size) { |
57 |
++ /* Overflow check as the user can specify any arbitrary allocator */ |
58 |
++ if (SIZE_MAX / size < nmemb) |
59 |
++ return NULL; |
60 |
++ |
61 |
+ return hiredisAllocFns.callocFn(nmemb, size); |
62 |
+ } |
63 |
+ |
64 |
|
65 |
diff --git a/dev-python/hiredis/hiredis-2.0.0-r2.ebuild b/dev-python/hiredis/hiredis-2.0.0-r2.ebuild |
66 |
new file mode 100644 |
67 |
index 00000000000..48e177fb23f |
68 |
--- /dev/null |
69 |
+++ b/dev-python/hiredis/hiredis-2.0.0-r2.ebuild |
70 |
@@ -0,0 +1,36 @@ |
71 |
+# Copyright 1999-2021 Gentoo Authors |
72 |
+# Distributed under the terms of the GNU General Public License v2 |
73 |
+ |
74 |
+EAPI=7 |
75 |
+ |
76 |
+PYTHON_COMPAT=( python3_{8..10} pypy3 ) |
77 |
+inherit distutils-r1 |
78 |
+ |
79 |
+DESCRIPTION="Python extension that wraps hiredis" |
80 |
+HOMEPAGE="https://github.com/redis/hiredis-py/" |
81 |
+SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz" |
82 |
+ |
83 |
+LICENSE="BSD" |
84 |
+SLOT="0" |
85 |
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~sparc ~x86" |
86 |
+IUSE="system-libs" |
87 |
+ |
88 |
+DEPEND="system-libs? ( >=dev-libs/hiredis-1.0.0:= )" |
89 |
+RDEPEND="${DEPEND}" |
90 |
+ |
91 |
+PATCHES=( |
92 |
+ "${FILESDIR}"/${P}-CVE-2021-32765.patch |
93 |
+) |
94 |
+ |
95 |
+src_prepare() { |
96 |
+ use system-libs && PATCHES+=( |
97 |
+ "${FILESDIR}"/${P}-system-libs.patch |
98 |
+ ) |
99 |
+ sed -i -e 's:description-file:description_file:' setup.cfg || die |
100 |
+ default |
101 |
+} |
102 |
+ |
103 |
+python_test() { |
104 |
+ cd test || die |
105 |
+ "${EPYTHON}" -m unittest -v reader.ReaderTest || die "tests failed" |
106 |
+} |