diff options
Diffstat (limited to 'dev-python/python-debian/files/python-debian-0.1.26-CVE-2015-0840.patch')
| -rw-r--r-- | dev-python/python-debian/files/python-debian-0.1.26-CVE-2015-0840.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/dev-python/python-debian/files/python-debian-0.1.26-CVE-2015-0840.patch b/dev-python/python-debian/files/python-debian-0.1.26-CVE-2015-0840.patch new file mode 100644 index 00000000000..d4cde15e6d2 --- /dev/null +++ b/dev-python/python-debian/files/python-debian-0.1.26-CVE-2015-0840.patch @@ -0,0 +1,29 @@ +From 94a5864b6666ca5c2d0760702f386047189a248e Mon Sep 17 00:00:00 2001 +From: Guillem Jover <guillem@debian.org> +Date: Thu, 9 Apr 2015 23:16:48 +0200 +Subject: [PATCH] deb822: Fix OpenPGP Armor Header Line parsing + +We should only accept [\r\t ] as trailing whitespace, although RFC4880 +does not clarify what whitespace really maps to, we should really match +the GnuPG implementation anyway, as that is what we use to verify the +signatures. +--- + lib/debian/deb822.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/debian/deb822.py b/lib/debian/deb822.py +index 0c0748e..c1dcb17 100644 +--- a/lib/debian/deb822.py ++++ b/lib/debian/deb822.py +@@ -638,7 +638,7 @@ class Deb822(Deb822Dict): + lines = [] + gpg_post_lines = [] + state = b'SAFE' +- gpgre = re.compile(br'^-----(?P<action>BEGIN|END) PGP (?P<what>[^-]+)-----\s*$') ++ gpgre = re.compile(br'^-----(?P<action>BEGIN|END) PGP (?P<what>[^-]+)-----[\r\t ]*$') + # Include whitespace-only lines in blank lines to split paragraphs. + # (see #715558) + blank_line = re.compile(b'^\s*$') +-- +2.2.1.209.g41e5f3a + |