pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/lang/python25 Add security patches for CVE-2008-2315, ...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/356e2709c55c
branches:  trunk
changeset: 546381:356e2709c55c
user:      tron <tron%pkgsrc.org@localhost>
date:      Sat Aug 30 10:02:33 2008 +0000

description:
Add security patches for CVE-2008-2315, CVE-2008-2316, CVE-2008-3142 and
CVE-2008-3144 (this one shouldn't affect platforms supported by pkgsrc)
all taken from Gentoo. Bump package revision.

diffstat:

 lang/python25/Makefile         |    6 +-
 lang/python25/distinfo         |   23 +++++-
 lang/python25/patches/patch-at |   19 +++-
 lang/python25/patches/patch-ba |  119 +++++++++++++++++++++++++++++
 lang/python25/patches/patch-bb |   21 +++++
 lang/python25/patches/patch-bc |   17 ++++
 lang/python25/patches/patch-bd |   15 +++
 lang/python25/patches/patch-be |   53 +++++++++++++
 lang/python25/patches/patch-bf |   25 ++++++
 lang/python25/patches/patch-bg |   32 +++++++
 lang/python25/patches/patch-bh |  167 +++++++++++++++++++++++++++++++++++++++++
 lang/python25/patches/patch-bi |   66 ++++++++++++++++
 lang/python25/patches/patch-bj |   35 ++++++++
 lang/python25/patches/patch-bk |   27 ++++++
 lang/python25/patches/patch-ca |   62 +++++++++++++++
 lang/python25/patches/patch-cb |   38 +++++++++
 lang/python25/patches/patch-cc |   18 ++++
 lang/python25/patches/patch-cd |   37 +++++++++
 lang/python25/patches/patch-ce |   20 ++++
 lang/python25/patches/patch-da |   45 +++++++++++
 lang/python25/patches/patch-db |  108 ++++++++++++++++++++++++++
 lang/python25/patches/patch-ea |   59 ++++++++++++++
 22 files changed, 1003 insertions(+), 9 deletions(-)

diffs (truncated from 1126 to 300 lines):

diff -r 61e2ff4996cb -r 356e2709c55c lang/python25/Makefile
--- a/lang/python25/Makefile    Sat Aug 30 08:50:39 2008 +0000
+++ b/lang/python25/Makefile    Sat Aug 30 10:02:33 2008 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.7 2008/07/14 14:42:51 joerg Exp $
+# $NetBSD: Makefile,v 1.8 2008/08/30 10:02:33 tron Exp $
 
 DISTNAME=      Python-2.5.2
 PKGNAME=       python25-2.5.2
-PKGREVISION=   2
+PKGREVISION=   3
 CATEGORIES=    lang python
 MASTER_SITES=  ftp://ftp.python.org/pub/python/2.5.2/ \
                http://www.python.org/ftp/python/2.5.2/
@@ -156,7 +156,7 @@
                ${DESTDIR}${PREFIX}/lib/libpython2.5.sl.1.0
 .endif
 
-USE_GNU_READLINE=      # defined
+USE_GNU_READLINE=                      yes
 BUILDLINK_DEPMETHOD.readline=          build
 
 .include "../../archivers/bzip2/buildlink3.mk"
diff -r 61e2ff4996cb -r 356e2709c55c lang/python25/distinfo
--- a/lang/python25/distinfo    Sat Aug 30 08:50:39 2008 +0000
+++ b/lang/python25/distinfo    Sat Aug 30 10:02:33 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.5 2008/06/27 20:08:20 wiz Exp $
+$NetBSD: distinfo,v 1.6 2008/08/30 10:02:33 tron Exp $
 
 SHA1 (Python-2.5.2.tar.bz2) = 4755d212f50af704c20224a6966e23acc5aea60f
 RMD160 (Python-2.5.2.tar.bz2) = b23b02739833e6730799c5866e2b77aae884b63f
@@ -20,6 +20,25 @@
 SHA1 (patch-ap) = b864db92761c843a91374663bd2dbcfa57b317cf
 SHA1 (patch-aq) = e1fb02560e95ce4d37e2894b4299c3eb3a1167d8
 SHA1 (patch-ar) = 2a0c3f9a798afdfda7af4823e67579b2e000c072
-SHA1 (patch-at) = 200646b0b0292fd3c3517f10eda24b4e94dca7c4
+SHA1 (patch-at) = bb2ef2e30ebb6feb6ec796bc4cf6f2d4147353c1
 SHA1 (patch-au) = e3babf3537ed8cbed1720f1afe964914f4ae289f
 SHA1 (patch-av) = a1d41cb3a93879d54f0964ff84a63a297c333156
+SHA1 (patch-ba) = 23378360d4fb0d22a2e5f98993832888a672a748
+SHA1 (patch-bb) = 26b1426df46b947417ed755f1e61d238071e49f7
+SHA1 (patch-bc) = bfa88d1198b06737297e97e57ee98692096e0df5
+SHA1 (patch-bd) = 491dcb6731db871af2eb8bf418cd369a4af3b2b7
+SHA1 (patch-be) = ba2f8d299b86560172e55af067763e9224c41e3b
+SHA1 (patch-bf) = 58809f824473be7a16cc0e7c4d0b132e023aea4c
+SHA1 (patch-bg) = bf9dc3b3d51ab963804263e170c4247d19ab0d91
+SHA1 (patch-bh) = 96a2675f266144a6027fdc7445b9f93d0fdbe4eb
+SHA1 (patch-bi) = 1fb1c40669fc54fc6d181f706c614d67fe16d42b
+SHA1 (patch-bj) = dc2e3971dd4fd623a68cc9940738619cad4629b1
+SHA1 (patch-bk) = 61300258bdc9ee19195c5c7f62135d20d487507e
+SHA1 (patch-ca) = 37f59fc143e69cbf458d2930f846156553f9178b
+SHA1 (patch-cb) = 570ffec0f57acec984a401306f48c24e2128d9fe
+SHA1 (patch-cc) = 04289f010fb0c0aef37dbfb1a5be77aaa8725b95
+SHA1 (patch-cd) = 24a2a9975c4393400935b885f1ec9fc8996632a0
+SHA1 (patch-ce) = 2a8cae6c30be57bb9e389c1957609f7b42317f69
+SHA1 (patch-da) = 2030f74fb0d6134e6bb4203536dc56d8c0d38c3a
+SHA1 (patch-db) = 6ff4a9d4e33c2e08362d4417330eba47c170a84b
+SHA1 (patch-ea) = 7c4b01d002b8e081967216c2e79f2cec9df24005
diff -r 61e2ff4996cb -r 356e2709c55c lang/python25/patches/patch-at
--- a/lang/python25/patches/patch-at    Sat Aug 30 08:50:39 2008 +0000
+++ b/lang/python25/patches/patch-at    Sat Aug 30 10:02:33 2008 +0000
@@ -1,8 +1,19 @@
-$NetBSD: patch-at,v 1.1.1.1 2008/04/24 01:50:58 tnn Exp $
+$NetBSD: patch-at,v 1.2 2008/08/30 10:02:33 tron Exp $
+
+The first change is part of the fix for CVE-2008-2315 taken from Gentto.
 
---- Modules/mmapmodule.c.orig  2006-08-22 09:57:07.000000000 -0400
-+++ Modules/mmapmodule.c
-@@ -449,6 +449,9 @@ mmap_resize_method(mmap_object *self,
+--- Modules/mmapmodule.c.orig  2006-08-22 14:57:07.000000000 +0100
++++ Modules/mmapmodule.c       2008-08-30 10:16:13.000000000 +0100
+@@ -223,7 +223,7 @@
+               return(NULL);
+ 
+       /* silently 'adjust' out-of-range requests */
+-      if ((self->pos + num_bytes) > self->size) {
++      if (num_bytes > self->size - self->pos) {
+               num_bytes -= (self->pos+num_bytes) - self->size;
+       }
+       result = Py_BuildValue("s#", self->data+self->pos, num_bytes);
+@@ -449,6 +449,9 @@
  
  #ifdef MREMAP_MAYMOVE
                newmap = mremap(self->data, self->size, new_size, MREMAP_MAYMOVE);
diff -r 61e2ff4996cb -r 356e2709c55c lang/python25/patches/patch-ba
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python25/patches/patch-ba    Sat Aug 30 10:02:33 2008 +0000
@@ -0,0 +1,119 @@
+$NetBSD: patch-ba,v 1.1 2008/08/30 10:02:33 tron Exp $
+
+Patch for CVE-2008-2315 taken from Gentoo.
+
+--- Objects/unicodeobject.c.orig       2007-11-02 22:46:38.000000000 +0000
++++ Objects/unicodeobject.c    2008-08-30 10:16:13.000000000 +0100
+@@ -239,6 +239,11 @@
+         return unicode_empty;
+     }
+ 
++    /* Ensure we won't overflow the size. */
++    if (length > ((PY_SSIZE_T_MAX / sizeof(Py_UNICODE)) - 1)) {
++        return (PyUnicodeObject *)PyErr_NoMemory();
++    }
++
+     /* Unicode freelist & memory allocation */
+     if (unicode_freelist) {
+         unicode = unicode_freelist;
+@@ -1091,6 +1096,9 @@
+     char * out;
+     char * start;
+ 
++    if (cbAllocated / 5 != size)
++        return PyErr_NoMemory();
++
+     if (size == 0)
+               return PyString_FromStringAndSize(NULL, 0);
+ 
+@@ -1689,8 +1697,9 @@
+ {
+     PyObject *v;
+     unsigned char *p;
++    Py_ssize_t nsize, bytesize;
+ #ifdef Py_UNICODE_WIDE
+-    int i, pairs;
++    Py_ssize_t i, pairs;
+ #else
+     const int pairs = 0;
+ #endif
+@@ -1713,8 +1722,15 @@
+       if (s[i] >= 0x10000)
+           pairs++;
+ #endif
+-    v = PyString_FromStringAndSize(NULL,
+-                2 * (size + pairs + (byteorder == 0)));
++    /* 2 * (size + pairs + (byteorder == 0)) */
++    if (size > PY_SSIZE_T_MAX ||
++      size > PY_SSIZE_T_MAX - pairs - (byteorder == 0))
++      return PyErr_NoMemory();
++    nsize = (size + pairs + (byteorder == 0));
++    bytesize = nsize * 2;
++    if (bytesize / 2 != nsize)
++      return PyErr_NoMemory();
++    v = PyString_FromStringAndSize(NULL, bytesize);
+     if (v == NULL)
+         return NULL;
+ 
+@@ -2042,6 +2058,11 @@
+     char *p;
+ 
+     static const char *hexdigit = "0123456789abcdef";
++#ifdef Py_UNICODE_WIDE
++    const Py_ssize_t expandsize = 10;
++#else
++    const Py_ssize_t expandsize = 6;
++#endif
+ 
+     /* Initial allocation is based on the longest-possible unichr
+        escape.
+@@ -2057,13 +2078,12 @@
+        escape.
+     */
+ 
++    if (size > (PY_SSIZE_T_MAX - 2 - 1) / expandsize)
++      return PyErr_NoMemory();
++
+     repr = PyString_FromStringAndSize(NULL,
+         2
+-#ifdef Py_UNICODE_WIDE
+-        + 10*size
+-#else
+-        + 6*size
+-#endif
++        + expandsize*size
+         + 1);
+     if (repr == NULL)
+         return NULL;
+@@ -2304,12 +2324,16 @@
+     char *q;
+ 
+     static const char *hexdigit = "0123456789abcdef";
+-
+ #ifdef Py_UNICODE_WIDE
+-    repr = PyString_FromStringAndSize(NULL, 10 * size);
++    const Py_ssize_t expandsize = 10;
+ #else
+-    repr = PyString_FromStringAndSize(NULL, 6 * size);
++    const Py_ssize_t expandsize = 6;
+ #endif
++
++    if (size > PY_SSIZE_T_MAX / expandsize)
++      return PyErr_NoMemory();
++
++    repr = PyString_FromStringAndSize(NULL, expandsize * size);
+     if (repr == NULL)
+         return NULL;
+     if (size == 0)
+@@ -4719,6 +4743,11 @@
+         return self;
+     }
+ 
++    if (left > PY_SSIZE_T_MAX - self->length ||
++      right > PY_SSIZE_T_MAX - (left + self->length)) {
++        PyErr_SetString(PyExc_OverflowError, "padded string is too long");
++        return NULL;
++    }
+     u = _PyUnicode_New(left + self->length + right);
+     if (u) {
+         if (left)
diff -r 61e2ff4996cb -r 356e2709c55c lang/python25/patches/patch-bb
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python25/patches/patch-bb    Sat Aug 30 10:02:33 2008 +0000
@@ -0,0 +1,21 @@
+$NetBSD: patch-bb,v 1.1 2008/08/30 10:02:33 tron Exp $
+
+Patch for CVE-2008-2315 taken from Gentoo.
+
+--- Objects/tupleobject.c.orig 2006-08-12 18:03:09.000000000 +0100
++++ Objects/tupleobject.c      2008-08-30 10:16:13.000000000 +0100
+@@ -60,11 +60,12 @@
+               Py_ssize_t nbytes = size * sizeof(PyObject *);
+               /* Check for overflow */
+               if (nbytes / sizeof(PyObject *) != (size_t)size ||
+-                  (nbytes += sizeof(PyTupleObject) - sizeof(PyObject *))
+-                  <= 0)
++                  (nbytes > PY_SSIZE_T_MAX - sizeof(PyTupleObject) - sizeof(PyObject *)))
+               {
+                       return PyErr_NoMemory();
+               }
++              nbytes += sizeof(PyTupleObject) - sizeof(PyObject *);
++
+               op = PyObject_GC_NewVar(PyTupleObject, &PyTuple_Type, size);
+               if (op == NULL)
+                       return NULL;
diff -r 61e2ff4996cb -r 356e2709c55c lang/python25/patches/patch-bc
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python25/patches/patch-bc    Sat Aug 30 10:02:33 2008 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-bc,v 1.1 2008/08/30 10:02:33 tron Exp $
+
+Patch for CVE-2008-2315 taken from Gentoo.
+
+--- Objects/bufferobject.c.orig        2008-02-14 11:26:18.000000000 +0000
++++ Objects/bufferobject.c     2008-08-30 10:16:13.000000000 +0100
+@@ -427,6 +427,10 @@
+               count = 0;
+       if (!get_buf(self, &ptr, &size, ANY_BUFFER))
+               return NULL;
++      if (count > PY_SSIZE_T_MAX / size) {
++              PyErr_SetString(PyExc_MemoryError, "result too large");
++              return NULL;
++      }
+       ob = PyString_FromStringAndSize(NULL, size * count);
+       if ( ob == NULL )
+               return NULL;
diff -r 61e2ff4996cb -r 356e2709c55c lang/python25/patches/patch-bd
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python25/patches/patch-bd    Sat Aug 30 10:02:33 2008 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-bd,v 1.1 2008/08/30 10:02:33 tron Exp $
+
+Patch for CVE-2008-2315 taken from Gentoo.
+
+--- Objects/longobject.c.orig  2007-05-07 19:30:48.000000000 +0100
++++ Objects/longobject.c       2008-08-30 10:16:13.000000000 +0100
+@@ -70,6 +70,8 @@
+               PyErr_NoMemory();
+               return NULL;
+       }
++      /* XXX(nnorwitz): This can overflow --
++         PyObject_NEW_VAR /  _PyObject_VAR_SIZE need to detect overflow */
+       return PyObject_NEW_VAR(PyLongObject, &PyLong_Type, size);
+ }
+ 
diff -r 61e2ff4996cb -r 356e2709c55c lang/python25/patches/patch-be
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python25/patches/patch-be    Sat Aug 30 10:02:33 2008 +0000
@@ -0,0 +1,53 @@
+$NetBSD: patch-be,v 1.1 2008/08/30 10:02:33 tron Exp $
+
+Patch for CVE-2008-2315 taken from Gentoo.
+
+--- Objects/stringobject.c.orig        2007-11-07 01:19:49.000000000 +0000
++++ Objects/stringobject.c     2008-08-30 10:16:13.000000000 +0100
+@@ -71,6 +71,11 @@
+               return (PyObject *)op;
+       }
+ 
++      if (size > PY_SSIZE_T_MAX - sizeof(PyStringObject)) {
++              PyErr_SetString(PyExc_OverflowError, "string is too large");
++              return NULL;
++      }
++
+       /* Inline PyObject_NewVar */
+       op = (PyStringObject *)PyObject_MALLOC(sizeof(PyStringObject) + size);
+       if (op == NULL)
+@@ -106,7 +111,7 @@
+ 
+       assert(str != NULL);
+       size = strlen(str);



Home | Main Index | Thread Index | Old Index