--- /dev/null
+
+# HG changeset patch
+# User Benjamin Peterson <benjamin@python.org>
+# Date 1453357506 28800
+# Node ID 10dad6da1b28ea4af78ad9529e469fdbf4ebbc8f
+# Parent a3ac2cd93db9d5336dfd7b5b27efde2c568d8794# Parent 01ddd608b85c85952537d95a43bbabf4fb655057
+merge 3.4 (#26171)
+
+Upstream-Status: Backport
+CVE: CVE-2016-5636
+
+https://hg.python.org/cpython/raw-rev/10dad6da1b28
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+Index: Python-3.5.1/Misc/NEWS
+===================================================================
+--- Python-3.5.1.orig/Misc/NEWS
++++ Python-3.5.1/Misc/NEWS
+@@ -91,6 +91,9 @@ Core and Builtins
+ Python.h header to fix a compilation error with OpenMP. PyThreadState_GET()
+ becomes an alias to PyThreadState_Get() to avoid ABI incompatibilies.
+
++- Issue #26171: Fix possible integer overflow and heap corruption in
++ zipimporter.get_data().
++
+ Library
+ -------
+
+Index: Python-3.5.1/Modules/zipimport.c
+===================================================================
+--- Python-3.5.1.orig/Modules/zipimport.c
++++ Python-3.5.1/Modules/zipimport.c
+@@ -1112,6 +1112,11 @@ get_data(PyObject *archive, PyObject *to
+ }
+ file_offset += l; /* Start of file data */
+
++ if (data_size > LONG_MAX - 1) {
++ fclose(fp);
++ PyErr_NoMemory();
++ return NULL;
++ }
+ bytes_size = compress == 0 ? data_size : data_size + 1;
+ if (bytes_size == 0)
+ bytes_size++;
file://setup.py-find-libraries-in-staging-dirs.patch \
file://use_packed_importlib.patch \
file://configure.ac-fix-LIBPL.patch \
+ file://CVE-2016-5636.patch \
"
SRC_URI[md5sum] = "e9ea6f2623fffcdd871b7b19113fde80"
SRC_URI[sha256sum] = "c6d57c0c366d9060ab6c0cdf889ebf3d92711d466cc0119c441dbf2746f725c9"
