diff options
| author | Leo <thinkabit.ukim@gmail.com> | 2019-11-28 08:31:40 +0100 |
|---|---|---|
| committer | Leo <thinkabit.ukim@gmail.com> | 2019-11-28 08:53:22 +0100 |
| commit | 50796da3f3e8eadf80cacb306a27ec6bd6cf2181 (patch) | |
| tree | 35daa28984d9a9c978ac0954df2725475474394c | |
| parent | c87d40b7f9f1c9af7ceaf17ac9ce493589068c9b (diff) | |
| download | aports-50796da3f3e8eadf80cacb306a27ec6bd6cf2181.tar.gz aports-50796da3f3e8eadf80cacb306a27ec6bd6cf2181.tar.bz2 aports-50796da3f3e8eadf80cacb306a27ec6bd6cf2181.tar.xz | |
community/py-psutil: fix CVE-2019-18874
| -rw-r--r-- | community/py-psutil/APKBUILD | 13 | ||||
| -rw-r--r-- | community/py-psutil/CVE-2019-18874.patch | 576 |
2 files changed, 586 insertions, 3 deletions
diff --git a/community/py-psutil/APKBUILD b/community/py-psutil/APKBUILD index 33165f4ffad..4e21c6aa984 100644 --- a/community/py-psutil/APKBUILD +++ b/community/py-psutil/APKBUILD @@ -3,16 +3,22 @@ pkgname=py-psutil _pkgname=psutil pkgver=5.4.6 -pkgrel=0 +pkgrel=1 pkgdesc="A cross-platform process and system utilities module for Python" url="https://github.com/giampaolo/psutil" arch="all" license="BSD" makedepends="$depends_dev linux-headers python2-dev python3-dev" subpackages="py3-$_pkgname:_py3 py2-$_pkgname:_py2" -source="https://files.pythonhosted.org/packages/source/${_pkgname:0:1}/$_pkgname/$_pkgname-$pkgver.tar.gz" +source="https://files.pythonhosted.org/packages/source/${_pkgname:0:1}/$_pkgname/$_pkgname-$pkgver.tar.gz + CVE-2019-18874.patch + " builddir="$srcdir/$_pkgname-$pkgver" +# secfixes: +# 5.4.6-r1: +# - CVE-2019-18874 + build() { cd "$builddir" python2 setup.py build @@ -48,4 +54,5 @@ _py3() { _py python3 } -sha512sums="7aefb2c1759a62fca21d1bd07f7f3aeddc368b972ce831dc6e52cda5effaee2798c6bf0aece9732dedb7fefcd8e9e3f03760d6e715be8ea1479b282150a585f3 psutil-5.4.6.tar.gz" +sha512sums="7aefb2c1759a62fca21d1bd07f7f3aeddc368b972ce831dc6e52cda5effaee2798c6bf0aece9732dedb7fefcd8e9e3f03760d6e715be8ea1479b282150a585f3 psutil-5.4.6.tar.gz +a39fbc2f1c1d092fbbcded94291d3640edb4800f938a2665b84c88c211fc5f53155e1dfbb1898d92ebeac35357108fc1b31c550eab760e9e8dfd8e117970cd5d CVE-2019-18874.patch" diff --git a/community/py-psutil/CVE-2019-18874.patch b/community/py-psutil/CVE-2019-18874.patch new file mode 100644 index 00000000000..441615a06d7 --- /dev/null +++ b/community/py-psutil/CVE-2019-18874.patch @@ -0,0 +1,576 @@ +diff --git a/psutil/_psutil_aix.c b/psutil/_psutil_aix.c +index 898da6b..fa05be6 100644 +--- a/psutil/_psutil_aix.c ++++ b/psutil/_psutil_aix.c +@@ -390,10 +390,10 @@ psutil_users(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_username); +- Py_DECREF(py_tty); +- Py_DECREF(py_hostname); +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_username); ++ Py_CLEAR(py_tty); ++ Py_CLEAR(py_hostname); ++ Py_CLEAR(py_tuple); + } + endutxent(); + +@@ -450,9 +450,9 @@ psutil_disk_partitions(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_dev); +- Py_DECREF(py_mountp); +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_dev); ++ Py_CLEAR(py_mountp); ++ Py_CLEAR(py_tuple); + mt = getmntent(file); + } + endmntent(file); +diff --git a/psutil/_psutil_bsd.c b/psutil/_psutil_bsd.c +index dce157f..d31436e 100644 +--- a/psutil/_psutil_bsd.c ++++ b/psutil/_psutil_bsd.c +@@ -152,7 +152,7 @@ psutil_pids(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_pid)) + goto error; +- Py_DECREF(py_pid); ++ Py_CLEAR(py_pid); + proclist++; + } + free(orig_address); +@@ -507,8 +507,8 @@ psutil_proc_open_files(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_path); +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_path); ++ Py_CLEAR(py_tuple); + } + } + free(freep); +@@ -670,9 +670,9 @@ psutil_disk_partitions(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_dev); +- Py_DECREF(py_mountp); +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_dev); ++ Py_CLEAR(py_mountp); ++ Py_CLEAR(py_tuple); + } + + free(fs); +@@ -765,7 +765,7 @@ psutil_net_io_counters(PyObject *self, PyObject *args) { + goto error; + if (PyDict_SetItemString(py_retdict, ifc_name, py_ifc_info)) + goto error; +- Py_DECREF(py_ifc_info); ++ Py_CLEAR(py_ifc_info); + } + else { + continue; +@@ -840,10 +840,10 @@ psutil_users(PyObject *self, PyObject *args) { + fclose(fp); + goto error; + } +- Py_DECREF(py_username); +- Py_DECREF(py_tty); +- Py_DECREF(py_hostname); +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_username); ++ Py_CLEAR(py_tty); ++ Py_CLEAR(py_hostname); ++ Py_CLEAR(py_tuple); + } + + fclose(fp); +@@ -883,10 +883,10 @@ psutil_users(PyObject *self, PyObject *args) { + endutxent(); + goto error; + } +- Py_DECREF(py_username); +- Py_DECREF(py_tty); +- Py_DECREF(py_hostname); +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_username); ++ Py_CLEAR(py_tty); ++ Py_CLEAR(py_hostname); ++ Py_CLEAR(py_tuple); + } + + endutxent(); +diff --git a/psutil/_psutil_linux.c b/psutil/_psutil_linux.c +index bd27b5f..aabe3f4 100644 +--- a/psutil/_psutil_linux.c ++++ b/psutil/_psutil_linux.c +@@ -235,9 +235,9 @@ psutil_disk_partitions(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_dev); +- Py_DECREF(py_mountp); +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_dev); ++ Py_CLEAR(py_mountp); ++ Py_CLEAR(py_tuple); + } + endmntent(file); + return py_retlist; +@@ -491,10 +491,10 @@ psutil_users(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_username); +- Py_DECREF(py_tty); +- Py_DECREF(py_hostname); +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_username); ++ Py_CLEAR(py_tty); ++ Py_CLEAR(py_hostname); ++ Py_CLEAR(py_tuple); + } + endutent(); + return py_retlist; +diff --git a/psutil/_psutil_osx.c b/psutil/_psutil_osx.c +index be08de5..518ac4a 100644 +--- a/psutil/_psutil_osx.c ++++ b/psutil/_psutil_osx.c +@@ -831,7 +831,7 @@ psutil_per_cpu_times(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_cputime)) + goto error; +- Py_DECREF(py_cputime); ++ Py_CLEAR(py_cputime); + } + + ret = vm_deallocate(mach_task_self(), (vm_address_t)info_array, +@@ -1013,9 +1013,9 @@ psutil_disk_partitions(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_dev); +- Py_DECREF(py_mountp); +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_dev); ++ Py_CLEAR(py_mountp); ++ Py_CLEAR(py_tuple); + } + + free(fs); +@@ -1083,7 +1083,6 @@ psutil_proc_threads(PyObject *self, PyObject *args) { + } + + for (j = 0; j < thread_count; j++) { +- py_tuple = NULL; + thread_info_count = THREAD_INFO_MAX; + kr = thread_info(thread_list[j], THREAD_BASIC_INFO, + (thread_info_t)thinfo_basic, &thread_info_count); +@@ -1106,7 +1105,7 @@ psutil_proc_threads(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_tuple); + } + + ret = vm_deallocate(task, (vm_address_t)thread_list, +@@ -1215,10 +1214,8 @@ psutil_proc_open_files(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); +- py_tuple = NULL; +- Py_DECREF(py_path); +- py_path = NULL; ++ Py_CLEAR(py_tuple); ++ Py_CLEAR(py_path); + // --- /construct python list + } + } +@@ -1398,7 +1395,7 @@ psutil_proc_connections(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_tuple); + } + else if (family == AF_UNIX) { + py_laddr = PyUnicode_DecodeFSDefault( +@@ -1420,9 +1417,9 @@ psutil_proc_connections(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); +- Py_DECREF(py_laddr); +- Py_DECREF(py_raddr); ++ Py_CLEAR(py_tuple); ++ Py_CLEAR(py_laddr); ++ Py_CLEAR(py_raddr); + } + } + } +@@ -1543,7 +1540,7 @@ psutil_net_io_counters(PyObject *self, PyObject *args) { + goto error; + if (PyDict_SetItemString(py_retdict, ifc_name, py_ifc_info)) + goto error; +- Py_DECREF(py_ifc_info); ++ Py_CLEAR(py_ifc_info); + } + else { + continue; +@@ -1716,7 +1713,7 @@ psutil_disk_io_counters(PyObject *self, PyObject *args) { + goto error; + if (PyDict_SetItemString(py_retdict, disk_name, py_disk_info)) + goto error; +- Py_DECREF(py_disk_info); ++ Py_CLEAR(py_disk_info); + + CFRelease(parent_dict); + IOObjectRelease(parent); +@@ -1778,10 +1775,10 @@ psutil_users(PyObject *self, PyObject *args) { + endutxent(); + goto error; + } +- Py_DECREF(py_username); +- Py_DECREF(py_tty); +- Py_DECREF(py_hostname); +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_username); ++ Py_CLEAR(py_tty); ++ Py_CLEAR(py_hostname); ++ Py_CLEAR(py_tuple); + } + + endutxent(); +diff --git a/psutil/_psutil_sunos.c b/psutil/_psutil_sunos.c +index 0717f19..ea015e1 100644 +--- a/psutil/_psutil_sunos.c ++++ b/psutil/_psutil_sunos.c +@@ -298,8 +298,8 @@ psutil_proc_environ(PyObject *self, PyObject *args) { + if (PyDict_SetItem(py_retdict, py_envname, py_envval) < 0) + goto error; + +- Py_DECREF(py_envname); +- Py_DECREF(py_envval); ++ Py_CLEAR(py_envname); ++ Py_CLEAR(py_envval); + } + + psutil_free_cstrings_array(env, env_count); +@@ -653,10 +653,10 @@ psutil_users(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_username); +- Py_DECREF(py_tty); +- Py_DECREF(py_hostname); +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_username); ++ Py_CLEAR(py_tty); ++ Py_CLEAR(py_hostname); ++ Py_CLEAR(py_tuple); + } + endutxent(); + +@@ -712,9 +712,9 @@ psutil_disk_partitions(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_dev); +- Py_DECREF(py_mountp); +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_dev); ++ Py_CLEAR(py_mountp); ++ Py_CLEAR(py_tuple); + } + fclose(file); + return py_retlist; +@@ -765,8 +765,7 @@ psutil_per_cpu_times(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_cputime)) + goto error; +- Py_DECREF(py_cputime); +- py_cputime = NULL; ++ Py_CLEAR(py_cputime); + } + } + +@@ -822,7 +821,7 @@ psutil_disk_io_counters(PyObject *self, PyObject *args) { + if (PyDict_SetItemString(py_retdict, ksp->ks_name, + py_disk_info)) + goto error; +- Py_DECREF(py_disk_info); ++ Py_CLEAR(py_disk_info); + } + } + ksp = ksp->ks_next; +@@ -957,8 +956,8 @@ psutil_proc_memory_maps(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_path); +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_path); ++ Py_CLEAR(py_tuple); + + // increment pointer + p += 1; +@@ -1073,7 +1072,7 @@ psutil_net_io_counters(PyObject *self, PyObject *args) { + goto error; + if (PyDict_SetItemString(py_retdict, ksp->ks_name, py_ifc_info)) + goto error; +- Py_DECREF(py_ifc_info); ++ Py_CLEAR(py_ifc_info); + goto next; + + next: +@@ -1271,7 +1270,7 @@ psutil_net_connections(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_tuple); + } + } + #if defined(AF_INET6) +@@ -1285,7 +1284,7 @@ psutil_net_connections(PyObject *self, PyObject *args) { + #ifdef NEW_MIB_COMPLIANT + processed_pid = tp6.tcp6ConnCreationProcess; + #else +- processed_pid = 0; ++ processed_pid = 0; + #endif + if (pid != -1 && processed_pid != pid) + continue; +@@ -1314,14 +1313,14 @@ psutil_net_connections(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_tuple); + } + } + #endif + // UDPv4 + else if (mibhdr.level == MIB2_UDP || mibhdr.level == MIB2_UDP_ENTRY) { + num_ent = mibhdr.len / sizeof(mib2_udpEntry_t); +- assert(num_ent * sizeof(mib2_udpEntry_t) == mibhdr.len); ++ assert(num_ent * sizeof(mib2_udpEntry_t) == mibhdr.len); + for (i = 0; i < num_ent; i++) { + memcpy(&ude, databuf.buf + i * sizeof ude, sizeof ude); + #ifdef NEW_MIB_COMPLIANT +@@ -1353,7 +1352,7 @@ psutil_net_connections(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_tuple); + } + } + #if defined(AF_INET6) +@@ -1386,7 +1385,7 @@ psutil_net_connections(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_tuple); + } + } + #endif +@@ -1559,7 +1558,7 @@ psutil_net_if_stats(PyObject* self, PyObject* args) { + goto error; + if (PyDict_SetItemString(py_retdict, ksp->ks_name, py_ifc_info)) + goto error; +- Py_DECREF(py_ifc_info); ++ Py_CLEAR(py_ifc_info); + } + } + +diff --git a/psutil/_psutil_windows.c b/psutil/_psutil_windows.c +index ce44258..bf5d57d 100644 +--- a/psutil/_psutil_windows.c ++++ b/psutil/_psutil_windows.c +@@ -350,7 +350,7 @@ psutil_pids(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_pid)) + goto error; +- Py_DECREF(py_pid); ++ Py_CLEAR(py_pid); + } + + // free C array allocated for PIDs +@@ -1113,7 +1113,7 @@ psutil_per_cpu_times(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_tuple); + } + + free(sppi); +@@ -1331,7 +1331,7 @@ psutil_proc_threads(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_tuple); + + CloseHandle(hThread); + } +@@ -1788,7 +1788,7 @@ psutil_net_connections(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_conn_tuple)) + goto error; +- Py_DECREF(py_conn_tuple); ++ Py_CLEAR(py_conn_tuple); + } + } + else { +@@ -1885,7 +1885,7 @@ psutil_net_connections(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_conn_tuple)) + goto error; +- Py_DECREF(py_conn_tuple); ++ Py_CLEAR(py_conn_tuple); + } + } + else { +@@ -1959,7 +1959,7 @@ psutil_net_connections(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_conn_tuple)) + goto error; +- Py_DECREF(py_conn_tuple); ++ Py_CLEAR(py_conn_tuple); + } + } + else { +@@ -2032,7 +2032,7 @@ psutil_net_connections(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_conn_tuple)) + goto error; +- Py_DECREF(py_conn_tuple); ++ Py_CLEAR(py_conn_tuple); + } + } + else { +@@ -2439,8 +2439,8 @@ psutil_net_io_counters(PyObject *self, PyObject *args) { + goto error; + if (PyDict_SetItem(py_retdict, py_nic_name, py_nic_info)) + goto error; +- Py_XDECREF(py_nic_name); +- Py_XDECREF(py_nic_info); ++ Py_CLEAR(py_nic_name); ++ Py_CLEAR(py_nic_info); + + free(pIfRow); + pCurrAddresses = pCurrAddresses->Next; +@@ -2555,7 +2555,7 @@ psutil_disk_io_counters(PyObject *self, PyObject *args) { + goto error; + if (PyDict_SetItemString(py_retdict, szDeviceDisplay, py_tuple)) + goto error; +- Py_XDECREF(py_tuple); ++ Py_CLEAR(py_tuple); + + next: + CloseHandle(hDevice); +@@ -2712,7 +2712,7 @@ psutil_disk_partitions(PyObject *self, PyObject *args) { + goto error; + } + +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_tuple); + + // Continue looking for more mount points + mp_flag = FindNextVolumeMountPoint(mp_h, mp_buf, MAX_PATH); +@@ -2737,7 +2737,7 @@ psutil_disk_partitions(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); ++ Py_CLEAR(py_tuple); + goto next; + + next: +@@ -2867,9 +2867,9 @@ psutil_users(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_XDECREF(py_username); +- Py_XDECREF(py_address); +- Py_XDECREF(py_tuple); ++ Py_CLEAR(py_username); ++ Py_CLEAR(py_address); ++ Py_CLEAR(py_tuple); + } + + WTSFreeMemory(sessions); +@@ -3105,8 +3105,8 @@ psutil_proc_memory_maps(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); +- Py_DECREF(py_str); ++ Py_CLEAR(py_tuple); ++ Py_CLEAR(py_str); + } + previousAllocationBase = basicInfo.AllocationBase; + baseAddress = (PCHAR)baseAddress + basicInfo.RegionSize; +@@ -3156,8 +3156,8 @@ psutil_ppid_map(PyObject *self, PyObject *args) { + goto error; + if (PyDict_SetItem(py_retdict, py_pid, py_ppid)) + goto error; +- Py_DECREF(py_pid); +- Py_DECREF(py_ppid); ++ Py_CLEAR(py_pid); ++ Py_CLEAR(py_ppid); + } while (Process32Next(handle, &pe)); + } + +@@ -3260,8 +3260,8 @@ psutil_net_if_addrs(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); +- Py_DECREF(py_mac_address); ++ Py_CLEAR(py_tuple); ++ Py_CLEAR(py_mac_address); + } + + // find out the IP address associated with the NIC +@@ -3337,14 +3337,14 @@ psutil_net_if_addrs(PyObject *self, PyObject *args) { + goto error; + if (PyList_Append(py_retlist, py_tuple)) + goto error; +- Py_DECREF(py_tuple); +- Py_DECREF(py_address); +- Py_DECREF(py_netmask); ++ Py_CLEAR(py_tuple); ++ Py_CLEAR(py_address); ++ Py_CLEAR(py_netmask); + + pUnicast = pUnicast->Next; + } + } +- Py_DECREF(py_nic_name); ++ Py_CLEAR(py_nic_name); + pCurrAddresses = pCurrAddresses->Next; + } + +@@ -3464,8 +3464,8 @@ psutil_net_if_stats(PyObject *self, PyObject *args) { + goto error; + if (PyDict_SetItem(py_retdict, py_nic_name, py_ifc_info)) + goto error; +- Py_DECREF(py_nic_name); +- Py_DECREF(py_ifc_info); ++ Py_CLEAR(py_nic_name); ++ Py_CLEAR(py_ifc_info); + } + + free(pIfTable); |