Merge pull request #7937 from Kistelini/python3.6

python3: fix CVE-2019-5010

srcpkgs/python3/patches/CVE-2019-5010.patch

@@ -0,0 +1,32 @@
+commit 216a4d83c3b72f4fdcd81b588dc3f42cc461739a
+Author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
+Date:   Tue Jan 15 17:16:36 2019 -0800
+
+    bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (GH-11573)
+    
+    Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
+    distribution points with empty DP or URI correctly. A malicious or buggy
+    certificate can result into segfault.
+    
+    Signed-off-by: Christian Heimes <christian@python.org>
+    
+    https://bugs.python.org/issue35746
+    (cherry picked from commit a37f52436f9aa4b9292878b72f3ff1480e2606c3)
+    
+    Co-authored-by: Christian Heimes <christian@python.org>
+
+diff --git Modules/_ssl.c Modules/_ssl.c
+index a188d6a729..7365630a5e 100644
+--- Modules/_ssl.c
++++ Modules/_ssl.c
+@@ -1338,6 +1338,10 @@ _get_crl_dp(X509 *certificate) {
+         STACK_OF(GENERAL_NAME) *gns;
+ 
+         dp = sk_DIST_POINT_value(dps, i);
++        if (dp->distpoint == NULL) {
++            /* Ignore empty DP value, CVE-2019-5010 */
++            continue;
++        }
+         gns = dp->distpoint->name.fullname;
+ 
+         for (j=0; j < sk_GENERAL_NAME_num(gns); j++) {

srcpkgs/python3/template

@@ -4,7 +4,7 @@
 #
 pkgname=python3
 version=3.6.8
-revision=2
+revision=3
 wrksrc="Python-${version}"
 short_desc="Interpreted, interactive, object-oriented programming language (${version%.*} series)"
 maintainer="Juan RP <xtraeme@voidlinux.org>"