pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/lang Add a patch for CAN-2005-2491 (buffer overflow vu...
details: https://anonhg.NetBSD.org/pkgsrc/rev/fb5305dcf8be
branches: trunk
changeset: 500058:fb5305dcf8be
user: recht <recht%pkgsrc.org@localhost>
date: Sat Oct 01 19:59:39 2005 +0000
description:
Add a patch for CAN-2005-2491 (buffer overflow vulnerability in the PCRE
library) from ubuntu Linux (via gentoo).
For details see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
diffstat:
lang/python22-pth/Makefile | 6 +-
lang/python22/Makefile | 4 +-
lang/python22/distinfo | 5 ++-
lang/python22/patches/patch-ea | 12 +++++++
lang/python22/patches/patch-eb | 19 +++++++++++
lang/python22/patches/patch-ec | 69 ++++++++++++++++++++++++++++++++++++++++++
6 files changed, 109 insertions(+), 6 deletions(-)
diffs (167 lines):
diff -r 820701c5f8e6 -r fb5305dcf8be lang/python22-pth/Makefile
--- a/lang/python22-pth/Makefile Sat Oct 01 19:54:41 2005 +0000
+++ b/lang/python22-pth/Makefile Sat Oct 01 19:59:39 2005 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.16 2005/04/11 21:46:15 tv Exp $
+# $NetBSD: Makefile,v 1.17 2005/10/01 19:59:39 recht Exp $
#
DISTNAME= Python-2.2.3
PKGNAME= python22-pth-2.2.3
-PKGREVISION= 3
+PKGREVISION= 6
CATEGORIES= lang python
MASTER_SITES= # empty
DISTFILES= # empty
@@ -12,7 +12,7 @@
HOMEPAGE= http://www.python.org/
COMMENT= Interpreted, interactive, object-oriented programming language
-DEPENDS+= python22>=2.2.3:../../lang/python22
+DEPENDS+= python22>=2.2.3nb6:../../lang/python22
EXTRACT_ONLY= # empty
NO_CHECKSUM= yes
diff -r 820701c5f8e6 -r fb5305dcf8be lang/python22/Makefile
--- a/lang/python22/Makefile Sat Oct 01 19:54:41 2005 +0000
+++ b/lang/python22/Makefile Sat Oct 01 19:59:39 2005 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.27 2005/04/11 21:46:15 tv Exp $
+# $NetBSD: Makefile,v 1.28 2005/10/01 19:59:39 recht Exp $
#
DISTNAME= Python-2.2.3
PKGNAME= python22-2.2.3
-PKGREVISION= 5
+PKGREVISION= 6
CATEGORIES= lang python
MASTER_SITES= ftp://ftp.python.org/pub/python/2.2.3/
EXTRACT_SUFX= .tgz
diff -r 820701c5f8e6 -r fb5305dcf8be lang/python22/distinfo
--- a/lang/python22/distinfo Sat Oct 01 19:54:41 2005 +0000
+++ b/lang/python22/distinfo Sat Oct 01 19:59:39 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.16 2005/07/29 13:27:26 drochner Exp $
+$NetBSD: distinfo,v 1.17 2005/10/01 19:59:39 recht Exp $
SHA1 (Python-2.2.3.tgz) = 177d587e77e0eaa14131ab0d0d0b470777de4400
RMD160 (Python-2.2.3.tgz) = 3590f813582d65194b467f4ab450e360e35eb40e
@@ -12,3 +12,6 @@
SHA1 (patch-an) = 8e5b93bc65bb6d271e8e111949f715f7234f4371
SHA1 (patch-bb) = f1c1ae2b8f654132a991a3ced9467cea45f0bef9
SHA1 (patch-bc) = 9fbe77ff35519a290ef1f70fcaa72a60009a36a1
+SHA1 (patch-ea) = babfed4a0e5ae599441423a06622d4820ab237b1
+SHA1 (patch-eb) = b72694d414b55d11e324cc76d6ed03b7c8e7630c
+SHA1 (patch-ec) = 3744382c5c58814129548f0529e3a5605c7ee0c8
diff -r 820701c5f8e6 -r fb5305dcf8be lang/python22/patches/patch-ea
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python22/patches/patch-ea Sat Oct 01 19:59:39 2005 +0000
@@ -0,0 +1,12 @@
+$NetBSD: patch-ea,v 1.1 2005/10/01 19:59:39 recht Exp $
+
+--- Modules/pcre.h.orig 2000-06-28 22:56:30.000000000 +0200
++++ Modules/pcre.h 2005-10-01 21:13:56.000000000 +0200
+@@ -40,6 +40,7 @@
+ #ifdef FOR_PYTHON
+ #define PCRE_LOCALE 0x0200
+ #endif
++#define PCRE_NO_AUTO_CAPTURE 0x1000
+
+ /* Exec-time error codes */
+
diff -r 820701c5f8e6 -r fb5305dcf8be lang/python22/patches/patch-eb
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python22/patches/patch-eb Sat Oct 01 19:59:39 2005 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-eb,v 1.1 2005/10/01 19:59:39 recht Exp $
+
+--- Modules/pcre-int.h.orig 1998-05-07 17:32:38.000000000 +0200
++++ Modules/pcre-int.h 2005-10-01 21:13:56.000000000 +0200
+@@ -81,11 +81,12 @@
+ #define PUBLIC_OPTIONS \
+ (PCRE_CASELESS|PCRE_EXTENDED|PCRE_ANCHORED|PCRE_MULTILINE| \
+ PCRE_DOTALL|PCRE_DOLLAR_ENDONLY|PCRE_EXTRA|PCRE_UNGREEDY| \
+- PCRE_LOCALE)
++ PCRE_NO_AUTO_CAPTURE|PCRE_LOCALE)
+ #else
+ #define PUBLIC_OPTIONS \
+ (PCRE_CASELESS|PCRE_EXTENDED|PCRE_ANCHORED|PCRE_MULTILINE| \
+- PCRE_DOTALL|PCRE_DOLLAR_ENDONLY|PCRE_EXTRA|PCRE_UNGREEDY)
++ PCRE_DOTALL|PCRE_DOLLAR_ENDONLY|PCRE_EXTRA|PCRE_UNGREEDY| \
++ PCRE_NO_AUTO_CAPTURE)
+ #endif
+ #define PUBLIC_EXEC_OPTIONS \
+ (PCRE_CASELESS|PCRE_ANCHORED|PCRE_MULTILINE|PCRE_NOTBOL|PCRE_NOTEOL| \
diff -r 820701c5f8e6 -r fb5305dcf8be lang/python22/patches/patch-ec
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python22/patches/patch-ec Sat Oct 01 19:59:39 2005 +0000
@@ -0,0 +1,69 @@
+$NetBSD: patch-ec,v 1.1 2005/10/01 19:59:39 recht Exp $
+
+--- Modules/pypcre.c.orig 2002-03-16 18:58:21.000000000 +0100
++++ Modules/pypcre.c 2005-10-01 21:38:57.000000000 +0200
+@@ -1162,14 +1162,31 @@
+ int min = 0;
+ int max = -1;
+
++/* Read the minimum value and do a paranoid check: a negative value indicates
++an integer overflow. */
++
+ while ((pcre_ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0';
+
++if (min < 0 || min > 65535)
++ {
++ *errorptr = ERR5;
++ return p;
++ }
++
++/* Read the maximum value if there is one, and again do a paranoid on its size
++. Also, max must not be less than min. */
++
+ if (*p == '}') max = min; else
+ {
+ if (*(++p) != '}')
+ {
+ max = 0;
+ while((pcre_ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0';
++ if (max < 0 || max > 65535)
++ {
++ *errorptr = ERR5;
++ return p;
++ }
+ if (max < min)
+ {
+ *errorptr = ERR4;
+@@ -2266,6 +2283,7 @@
+ int bracount = 0;
+ int brastack[200];
+ int top_backref = 0;
++BOOL capturing;
+ unsigned int brastackptr = 0;
+ uschar *code;
+ const uschar *ptr;
+@@ -2445,6 +2463,7 @@
+ /* Brackets may be genuine groups or special things */
+
+ case '(':
++ capturing = FALSE;
+
+ /* Handle special forms of bracket, which all start (? */
+
+@@ -2542,10 +2561,15 @@
+ continue; /* End of this bracket handling */
+ }
+
++ /* Ordinary parentheses, not followed by '?', are capturing unless
++ PCRE_NO_AUTO_CAPTURE is set. */
++
++ else capturing = (options & PCRE_NO_AUTO_CAPTURE) == 0;
++
+ /* Extracting brackets must be counted so we can process escapes in a
+ Perlish way. */
+
+- else bracount++;
++ if (capturing) bracount++;
+
+ /* Non-special forms of bracket. Save length for computing whole length
+ at end if there's a repeat that requires duplication of the group. */
Home |
Main Index |
Thread Index |
Old Index