Merge branch 'master' into core-updates

author: Marius Bakke <[email protected]> 2018-10-17 20:47:11 +0200
committer: Marius Bakke <[email protected]> 2018-10-17 20:47:11 +0200
commit: d02bb02f7d833ad371c53c346b6cb77f01377cf4 (patch)
tree: 9506f04a7fde2f3b264ba1d2a9012085e1f72b72 /gnu/packages/patches/python2-CVE-2018-1060.patch
parent: fb3ff265cd8c6b4c6160f94240dc8932097e637b (diff)
parent: acce0a474c1493ab18912bc46285248e4ccb0314 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/gnu/packages/patches/python2-CVE-2018-1060.patch b/gnu/packages/patches/python2-CVE-2018-1060.patch
new file mode 100644
index 0000000000..5eb7ccfbc9
--- /dev/null
+++ b/gnu/packages/patches/python2-CVE-2018-1060.patch
@@ -0,0 +1,20 @@
+Fix CVE-2018-1060:
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060
+
+Taken from upstream commit (sans test and NEWS):
+https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2
+
+diff --git a/Lib/poplib.py b/Lib/poplib.py
+index b91e5f72d2ca..a238510b38fc 100644
+--- a/Lib/poplib.py
++++ b/Lib/poplib.py
+@@ -274,7 +274,7 @@ def rpop(self, user):
+         return self._shortcmd('RPOP %s' % user)
+ 
+ 
+-    timestamp = re.compile(r'\+OK.*(<[^>]+>)')
++    timestamp = re.compile(br'\+OK.[^<]*(<.*>)')
+ 
+     def apop(self, user, secret):
+         """Authorisation
+
author	Marius Bakke <[email protected]>	2018-10-17 20:47:11 +0200
committer	Marius Bakke <[email protected]>	2018-10-17 20:47:11 +0200
commit	d02bb02f7d833ad371c53c346b6cb77f01377cf4 (patch)
tree	9506f04a7fde2f3b264ba1d2a9012085e1f72b72 /gnu/packages/patches/python2-CVE-2018-1060.patch
parent	fb3ff265cd8c6b4c6160f94240dc8932097e637b (diff)
parent	acce0a474c1493ab18912bc46285248e4ccb0314 (diff)