From a0e1a56eed02c79bc1a261e3d13c9fe0c4a728e8 Mon Sep 17 00:00:00 2001
From: Sven Wegener <swegener@gentoo.org>
Date: Sun, 31 Oct 2021 13:34:29 +0100
Subject: dev-python/hiredis: Revision bump for CVE-2021-32765

It includes a bundled copy of dev-libs/hiredis and is suffering the same
security issue.

URL: https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2
Bug: https://bugs.gentoo.org/816318
Package-Manager: Portage-3.0.28, Repoman-3.0.3
Signed-off-by: Sven Wegener <swegener@gentoo.org>
---
 .../files/hiredis-2.0.0-CVE-2021-32765.patch       | 36 ++++++++++++++++++++++
 dev-python/hiredis/hiredis-2.0.0-r2.ebuild         | 36 ++++++++++++++++++++++
 2 files changed, 72 insertions(+)
 create mode 100644 dev-python/hiredis/files/hiredis-2.0.0-CVE-2021-32765.patch
 create mode 100644 dev-python/hiredis/hiredis-2.0.0-r2.ebuild

(limited to 'dev-python/hiredis')

diff --git a/dev-python/hiredis/files/hiredis-2.0.0-CVE-2021-32765.patch b/dev-python/hiredis/files/hiredis-2.0.0-CVE-2021-32765.patch
new file mode 100644
index 000000000000..ad1bb80ac0de
--- /dev/null
+++ b/dev-python/hiredis/files/hiredis-2.0.0-CVE-2021-32765.patch
@@ -0,0 +1,36 @@
+--- a/vendor/hiredis/alloc.c
++++ b/vendor/hiredis/alloc.c
+@@ -68,6 +68,10 @@ void *hi_malloc(size_t size) {
+ }
+ 
+ void *hi_calloc(size_t nmemb, size_t size) {
++    /* Overflow check as the user can specify any arbitrary allocator */
++    if (SIZE_MAX / size < nmemb)
++        return NULL;
++
+     return hiredisAllocFns.callocFn(nmemb, size);
+ }
+ 
+diff --git a/alloc.h b/alloc.h
+index 34a05f4..771f9fe 100644
+--- a/vendor/hiredis/alloc.h
++++ b/vendor/hiredis/alloc.h
+@@ -32,6 +32,7 @@
+ #define HIREDIS_ALLOC_H
+ 
+ #include <stddef.h> /* for size_t */
++#include <stdint.h>
+ 
+ #ifdef __cplusplus
+ extern "C" {
+@@ -59,6 +60,10 @@ static inline void *hi_malloc(size_t size) {
+ }
+ 
+ static inline void *hi_calloc(size_t nmemb, size_t size) {
++    /* Overflow check as the user can specify any arbitrary allocator */
++    if (SIZE_MAX / size < nmemb)
++        return NULL;
++
+     return hiredisAllocFns.callocFn(nmemb, size);
+ }
+ 
diff --git a/dev-python/hiredis/hiredis-2.0.0-r2.ebuild b/dev-python/hiredis/hiredis-2.0.0-r2.ebuild
new file mode 100644
index 000000000000..48e177fb23f1
--- /dev/null
+++ b/dev-python/hiredis/hiredis-2.0.0-r2.ebuild
@@ -0,0 +1,36 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{8..10} pypy3 )
+inherit distutils-r1
+
+DESCRIPTION="Python extension that wraps hiredis"
+HOMEPAGE="https://github.com/redis/hiredis-py/"
+SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="system-libs"
+
+DEPEND="system-libs? ( >=dev-libs/hiredis-1.0.0:= )"
+RDEPEND="${DEPEND}"
+
+PATCHES=(
+	"${FILESDIR}"/${P}-CVE-2021-32765.patch
+)
+
+src_prepare() {
+	use system-libs && PATCHES+=(
+		"${FILESDIR}"/${P}-system-libs.patch
+	)
+	sed -i -e 's:description-file:description_file:' setup.cfg || die
+	default
+}
+
+python_test() {
+	cd test || die
+	"${EPYTHON}" -m unittest -v reader.ReaderTest || die "tests failed"
+}
-- 
cgit v1.2.3-65-gdbad