diff options
| author |   Sven Wegener <swegener@gentoo.org> | 2021-10-31 13:34:29 +0100 |
|---|---|---|
| committer | Sven Wegener <swegener@gentoo.org> | 2021-10-31 16:48:23 +0100 |
| commit | a0e1a56eed02c79bc1a261e3d13c9fe0c4a728e8 (patch) | |
| tree | 13e88136df983d3a5608f7b8398369a10a273686 /dev-python/hiredis | |
| parent | app-arch/xar-1.8.0.0.452: version bump to macOS 11 version (diff) | |
| download | gentoo-a0e1a56eed02c79bc1a261e3d13c9fe0c4a728e8.tar.gz gentoo-a0e1a56eed02c79bc1a261e3d13c9fe0c4a728e8.tar.bz2 gentoo-a0e1a56eed02c79bc1a261e3d13c9fe0c4a728e8.zip | |
dev-python/hiredis: Revision bump for CVE-2021-32765
It includes a bundled copy of dev-libs/hiredis and is suffering the same
security issue.
URL: https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2
Bug: https://bugs.gentoo.org/816318
Package-Manager: Portage-3.0.28, Repoman-3.0.3
Signed-off-by: Sven Wegener <swegener@gentoo.org>
Diffstat (limited to 'dev-python/hiredis')
| -rw-r--r-- | dev-python/hiredis/files/hiredis-2.0.0-CVE-2021-32765.patch | 36 | ||||
| -rw-r--r-- | dev-python/hiredis/hiredis-2.0.0-r2.ebuild | 36 |
2 files changed, 72 insertions, 0 deletions
diff --git a/dev-python/hiredis/files/hiredis-2.0.0-CVE-2021-32765.patch b/dev-python/hiredis/files/hiredis-2.0.0-CVE-2021-32765.patch new file mode 100644 index 000000000000..ad1bb80ac0de --- /dev/null +++ b/dev-python/hiredis/files/hiredis-2.0.0-CVE-2021-32765.patch @@ -0,0 +1,36 @@ +--- a/vendor/hiredis/alloc.c ++++ b/vendor/hiredis/alloc.c +@@ -68,6 +68,10 @@ void *hi_malloc(size_t size) { + } + + void *hi_calloc(size_t nmemb, size_t size) { ++ /* Overflow check as the user can specify any arbitrary allocator */ ++ if (SIZE_MAX / size < nmemb) ++ return NULL; ++ + return hiredisAllocFns.callocFn(nmemb, size); + } + +diff --git a/alloc.h b/alloc.h +index 34a05f4..771f9fe 100644 +--- a/vendor/hiredis/alloc.h ++++ b/vendor/hiredis/alloc.h +@@ -32,6 +32,7 @@ + #define HIREDIS_ALLOC_H + + #include <stddef.h> /* for size_t */ ++#include <stdint.h> + + #ifdef __cplusplus + extern "C" { +@@ -59,6 +60,10 @@ static inline void *hi_malloc(size_t size) { + } + + static inline void *hi_calloc(size_t nmemb, size_t size) { ++ /* Overflow check as the user can specify any arbitrary allocator */ ++ if (SIZE_MAX / size < nmemb) ++ return NULL; ++ + return hiredisAllocFns.callocFn(nmemb, size); + } + diff --git a/dev-python/hiredis/hiredis-2.0.0-r2.ebuild b/dev-python/hiredis/hiredis-2.0.0-r2.ebuild new file mode 100644 index 000000000000..48e177fb23f1 --- /dev/null +++ b/dev-python/hiredis/hiredis-2.0.0-r2.ebuild @@ -0,0 +1,36 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{8..10} pypy3 ) +inherit distutils-r1 + +DESCRIPTION="Python extension that wraps hiredis" +HOMEPAGE="https://github.com/redis/hiredis-py/" +SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~sparc ~x86" +IUSE="system-libs" + +DEPEND="system-libs? ( >=dev-libs/hiredis-1.0.0:= )" +RDEPEND="${DEPEND}" + +PATCHES=( + "${FILESDIR}"/${P}-CVE-2021-32765.patch +) + +src_prepare() { + use system-libs && PATCHES+=( + "${FILESDIR}"/${P}-system-libs.patch + ) + sed -i -e 's:description-file:description_file:' setup.cfg || die + default +} + +python_test() { + cd test || die + "${EPYTHON}" -m unittest -v reader.ReaderTest || die "tests failed" +} |