diff --git a/00146-hashlib-fips.patch b/00146-hashlib-fips.patch index 2f42857..8616296 100644 --- a/00146-hashlib-fips.patch +++ b/00146-hashlib-fips.patch @@ -513,7 +513,7 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ return NULL; } -@@ -484,55 +556,116 @@ EVP_new(PyObject *self, PyObject *args, +@@ -484,55 +556,118 @@ EVP_new(PyObject *self, PyObject *args, digest = EVP_get_digestbyname(name); ret_obj = EVPnew(name_obj, digest, NULL, (unsigned char*)view.buf, @@ -601,6 +601,8 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ + } + } + ++ PyBuffer_Release(&view); ++ + return ret_obj; +} + @@ -658,7 +660,7 @@ diff -up Python-2.7.2/Modules/_hashopenssl.c.hashlib-fips Python-2.7.2/Modules/_ GEN_CONSTRUCTOR(md5) GEN_CONSTRUCTOR(sha1) #ifdef _OPENSSL_SUPPORTS_SHA2 -@@ -565,13 +698,10 @@ init_hashlib(void) +@@ -565,13 +700,10 @@ init_hashlib(void) { PyObject *m; diff --git a/00158-fix-hashlib-leak.patch b/00158-fix-hashlib-leak.patch new file mode 100644 index 0000000..e8fcf1c --- /dev/null +++ b/00158-fix-hashlib-leak.patch @@ -0,0 +1,29 @@ +diff --git a/Lib/test/test_hashlib.py b/Lib/test/test_hashlib.py +--- a/Lib/test/test_hashlib.py ++++ b/Lib/test/test_hashlib.py +@@ -108,12 +108,8 @@ class HashLibTestCase(unittest.TestCase) + _algo.islower()])) + + def test_unknown_hash(self): +- try: +- hashlib.new('spam spam spam spam spam') +- except ValueError: +- pass +- else: +- self.assertTrue(0 == "hashlib didn't reject bogus hash name") ++ self.assertRaises(ValueError, hashlib.new, 'spam spam spam spam spam') ++ self.assertRaises(TypeError, hashlib.new, 1) + + def test_get_builtin_constructor(self): + get_builtin_constructor = hashlib.__dict__[ +diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c +--- a/Modules/_hashopenssl.c ++++ b/Modules/_hashopenssl.c +@@ -477,6 +477,7 @@ EVP_new(PyObject *self, PyObject *args, + } + + if (!PyArg_Parse(name_obj, "s", &name)) { ++ PyBuffer_Release(&view); + PyErr_SetString(PyExc_TypeError, "name must be a string"); + return NULL; + } diff --git a/python.spec b/python.spec index 6a37977..701c1c6 100644 --- a/python.spec +++ b/python.spec @@ -108,7 +108,7 @@ Summary: An interpreted, interactive, object-oriented programming language Name: %{python} # Remember to also rebase python-docs when changing this: Version: 2.7.3 -Release: 10%{?dist} +Release: 11%{?dist} License: Python Group: Development/Languages Requires: %{python}-libs%{?_isa} = %{version}-%{release} @@ -684,6 +684,15 @@ Patch156: 00156-gdb-autoload-safepath.patch # (rhbz#697470) Patch157: 00157-uid-gid-overflows.patch +# 00158 +# This patch fixes a memory leak in _hashlib module, as reported in +# RHBZ #836285; upstream report http://bugs.python.org/issue15219. +# The patch has been accepted upstream, so this should be commented out +# when packaging next upstream release. +# The fix for Fedora specific "implement_specific_EVP_new()" function +# has been merged into patch 00146. +Patch158: 00158-fix-hashlib-leak.patch + # (New patches go here ^^^) # # When adding new patches to "python" and "python3" in Fedora 17 onwards, @@ -1006,6 +1015,7 @@ done %patch155 -p1 %patch156 -p1 %patch157 -p1 -b .uid-gid-overflows +%patch158 -p1 # This shouldn't be necesarry, but is right now (2.2a3) @@ -1836,6 +1846,9 @@ rm -fr %{buildroot} # ====================================================== %changelog +* Tue Jul 17 2012 Bohuslav Kabrda - 2.7.3-11 +- fix memory leak in module _hashlib (patch 158, rhbz#836285) + * Tue Jun 26 2012 David Malcolm - 2.7.3-10 - fix missing include in uid/gid handling patch (patch 157; rhbz#830405)