Revision - 11d258c - [3.5] bpo-41004: Resolve hash collisions for IPv4Interface and [...] - origin: https://github.com/python/cpython

Staging
v0.8.1

visit type:

https://github.com/python/cpython

09 December 2020, 11:06:31 UTC

Revision 11d258ceafdf60ab3840f9a5700f2d0ad3e2e2d1 authored by Tapas Kundu on 04 August 2020, 02:33:30 UTC, committed by GitHub on 04 August 2020, 02:33:30 UTC

[3.5] bpo-41004: Resolve hash collisions for IPv4Interface and IPv6Interface (GH-21033) (#21233)

CVE-2020-14422: The __hash__() methods of classes IPv4Interface and IPv6Interface had issue
of generating constant hash values of 32 and 128 respectively causing hash collisions.
The fix uses the hash() function to generate hash values for the objects
instead of XOR operation.

(cherry picked from commit b30ee26e366bf509b7538d79bfec6c6d38d53f28)

Co-authored-by: Ravi Teja P <rvteja92@gmail.com>

Signed-off-by: Tapas Kundu <tkundu@vmware.com>

1 parent f205f10

Files
Changes

Permalinks

Tip revision: 11d258ceafdf60ab3840f9a5700f2d0ad3e2e2d1 authored by Tapas Kundu on 04 August 2020, 02:33:30 UTC
[3.5] bpo-41004: Resolve hash collisions for IPv4Interface and IPv6Interface (GH-21033) (#21233)

Tip revision: 11d258c

.travis.yml

language: c
dist: xenial

# To cache doc-building dependencies.
cache: pip

branches:
  only:
    - master
    - /^\d\.\d$/

matrix:
  fast_finish: true
  allow_failures:
    - env: OPTIONAL=true
  include:
    - os: linux
      language: c
      compiler: clang
      # gcc also works, but to keep the # of concurrent builds down, we use one C
      # compiler here and the other to run the coverage build. Clang is preferred
      # in this instance for its better error messages.
      env: TESTING=cpython
    - os: osx
      language: c
      compiler: clang
      # Testing under macOS is optional until testing stability has been demonstrated.
      env: OPTIONAL=true
      before_install:
        - brew install openssl xz
        - export CPPFLAGS="-I$(brew --prefix openssl)/include"
        - export LDFLAGS="-L$(brew --prefix openssl)/lib"
    - os: linux
      language: python
      python: 3.6
      env: TESTING=docs
      before_script:
        - cd Doc
        # Sphinx is pinned so that new versions that introduce new warnings won't suddenly cause build failures.
        # (Updating the version is fine as long as no warnings are raised by doing so.)
        - python -m pip install sphinx==1.8.2 blurb
      script:
        - make check suspicious html SPHINXOPTS="-q -W -j4"
    - os: linux
      language: c
      compiler: gcc
      env: OPTIONAL=true
      before_script:
        - |
            if ! git diff --name-only $TRAVIS_COMMIT_RANGE | grep -qvE '(\.rst$)|(^Doc)|(^Misc)'
            then
              echo "Only docs were updated, stopping build process."
              exit
            fi
            ./configure
            make -s -j4
            # Need a venv that can parse covered code.
            ./python -m venv venv
            ./venv/bin/python -m pip install -U coverage
      script:
        # Skip tests that re-run the entire test suite.
        - ./venv/bin/python -m coverage run --pylib -m test -uall,-cpu -x test_multiprocessing_fork -x test_multiprocessing_forkserver -x test_multiprocessing_spawn
      after_script:  # Probably should be after_success once test suite updated to run under coverage.py.
        # Make the `coverage` command available to Codecov w/ a version of Python that can parse all source files.
        - source ./venv/bin/activate
        - bash <(curl -s https://codecov.io/bash)

# Travis provides only 2 cores, so don't overdo the parallelism and waste memory.
before_script:
  - |
      set -e
      if ! git diff --name-only $TRAVIS_COMMIT_RANGE | grep -qvE '(\.rst$)|(^Doc)|(^Misc)'
      then
        echo "Only docs were updated, stopping build process."
        exit
      fi
      ./configure --with-pydebug
      make -j4
      make -j4 regen-all clinic
      changes=`git status --porcelain`
      if ! test -z "$changes"
      then
        echo "Generated files not up to date"
        echo "$changes"
        exit 1
      fi

script:
  # Using the built Python as patchcheck.py is built around the idea of using
  # a checkout-build of CPython to know things like what base branch the changes
  # should be compared against.
  # Only run on Linux as the check only needs to be run once.
  - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then ./python Tools/scripts/patchcheck.py --travis $TRAVIS_PULL_REQUEST; fi
  # `-r -w` implicitly provided through `make buildbottest`.
  - make buildbottest TESTOPTS="-j4 -uall,-cpu"

notifications:
  email: false
  irc:
    channels:
      # This is set to a secure variable to prevent forks from notifying the
      # IRC channel whenever they fail a build. This can be removed when travis
      # implements https://github.com/travis-ci/travis-ci/issues/1094.
      # The actual value here is: irc.freenode.net#python-dev
      - secure: "s7kAkpcom2yUJ8XqyjFI0obJmhAGrn1xmoivdaPdgBIA++X47TBp1x4pgDsbEsoalef7bEwa4l07KdT4qa+DOd/c4QxaWom7fbN3BuLVsZuVfODnl79+gYq/TAbGfyH+yDs18DXrUfPgwD7C5aW32ugsqAOd4iWzfGJQ5OrOZzqzGjYdYQUEkJFXgxDEIb4aHvxNDWGO3Po9uKISrhb5saQ0l776yLo1Ur7M4oxl8RTbCdgX0vf5TzPg52BgvZpOgt3DHOUYPeiJLKNjAE6ibg0U95sEvMfHX77nz4aFY4/3UI6FFaRla34rZ+mYKrn0TdxOhera1QOgPmM6HzdO4K44FpfK1DS0Xxk9U9/uApq+cG0bU3W+cVUHDBe5+90lpRBAXHeHCgT7TI8gec614aiT8lEr3+yH8OBRYGzkjNK8E2LJZ/SxnVxDe7aLF6AWcoWLfS6/ziAIBFQ5Nc4U72CT8fGVSkl8ywPiRlvixKdvTODMSZo0jMqlfZSNaAPTsNRx4wu5Uis4qekwe32Fz4aB6KGpsuuVjBi+H6v0RKxNJNGY3JKDiEH2TK0UE2auJ5GvLW48aUVFcQMB7euCWYXlSWVRHh3WLU8QXF29Dw4JduRZqUpOdRgMHU79UHRq+mkE0jAS/nBcS6CvsmxCpTSrfVYuMOu32yt18QQoTyU="
    on_success: change
    on_failure: always
    skip_join: true

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...