pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/lang Add a patch for CAN-2005-2491 (uffer overflow vul...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/93d9f78d933e
branches:  trunk
changeset: 500056:93d9f78d933e
user:      recht <recht%pkgsrc.org@localhost>
date:      Sat Oct 01 19:36:01 2005 +0000

description:
Add a patch for CAN-2005-2491 (uffer overflow vulnerability in the PCRE
library) from ubuntu Linux (via gentoo).
For details see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491

Bump PKGREVISION's.

diffstat:

 lang/python23-nth/Makefile         |   4 +-
 lang/python23-nth/distinfo         |   5 ++-
 lang/python23-nth/patches/patch-ea |  12 ++++++
 lang/python23-nth/patches/patch-eb |  19 ++++++++++
 lang/python23-nth/patches/patch-ec |  69 ++++++++++++++++++++++++++++++++++++++
 lang/python23-pth/Makefile         |   5 +-
 lang/python23/Makefile             |   4 +-
 lang/python23/distinfo             |   5 ++-
 lang/python23/patches/patch-ea     |  12 ++++++
 lang/python23/patches/patch-eb     |  19 ++++++++++
 lang/python23/patches/patch-ec     |  69 ++++++++++++++++++++++++++++++++++++++
 11 files changed, 215 insertions(+), 8 deletions(-)

diffs (truncated from 307 to 300 lines):

diff -r 437719581422 -r 93d9f78d933e lang/python23-nth/Makefile
--- a/lang/python23-nth/Makefile        Sat Oct 01 18:54:10 2005 +0000
+++ b/lang/python23-nth/Makefile        Sat Oct 01 19:36:01 2005 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.5 2005/07/03 19:49:06 recht Exp $
+# $NetBSD: Makefile,v 1.6 2005/10/01 19:36:01 recht Exp $
 #
 
 PKGNAME=       python23-nth-2.3.5
-PKGREVISION=   1
+PKGREVISION=   2
 
 CONFLICTS+=    python-[0-9]*
 
diff -r 437719581422 -r 93d9f78d933e lang/python23-nth/distinfo
--- a/lang/python23-nth/distinfo        Sat Oct 01 18:54:10 2005 +0000
+++ b/lang/python23-nth/distinfo        Sat Oct 01 19:36:01 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.5 2005/06/30 03:12:42 minskim Exp $
+$NetBSD: distinfo,v 1.6 2005/10/01 19:36:01 recht Exp $
 
 SHA1 (Python-2.3.5.tgz) = 2729d068f5d1abe7b743f32012d4f7c4b0508a3c
 RMD160 (Python-2.3.5.tgz) = 2104a393ca7c91b72b990ced53a0da752ccf42ef
@@ -17,3 +17,6 @@
 SHA1 (patch-cb) = 301205b29db1ca60f06b2dc0423f5f911eabcd18
 SHA1 (patch-da) = b082eff79571726701aab53c37d8d53a8115e204
 SHA1 (patch-dc) = 3f2f9c37ae7ee35550669a3e517833e68dc0ab61
+SHA1 (patch-ea) = babfed4a0e5ae599441423a06622d4820ab237b1
+SHA1 (patch-eb) = b72694d414b55d11e324cc76d6ed03b7c8e7630c
+SHA1 (patch-ec) = 9bec8cc75868ca785810b92ffe60406117bdc3fd
diff -r 437719581422 -r 93d9f78d933e lang/python23-nth/patches/patch-ea
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python23-nth/patches/patch-ea        Sat Oct 01 19:36:01 2005 +0000
@@ -0,0 +1,12 @@
+$NetBSD: patch-ea,v 1.1 2005/10/01 19:36:01 recht Exp $
+
+--- Modules/pcre.h.orig        2000-06-28 22:56:30.000000000 +0200
++++ Modules/pcre.h     2005-10-01 21:13:56.000000000 +0200
+@@ -40,6 +40,7 @@
+ #ifdef FOR_PYTHON
+ #define PCRE_LOCALE          0x0200
+ #endif
++#define PCRE_NO_AUTO_CAPTURE    0x1000
+ 
+ /* Exec-time error codes */
+ 
diff -r 437719581422 -r 93d9f78d933e lang/python23-nth/patches/patch-eb
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python23-nth/patches/patch-eb        Sat Oct 01 19:36:01 2005 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-eb,v 1.1 2005/10/01 19:36:01 recht Exp $
+
+--- Modules/pcre-int.h.orig    1998-05-07 17:32:38.000000000 +0200
++++ Modules/pcre-int.h 2005-10-01 21:13:56.000000000 +0200
+@@ -81,11 +81,12 @@
+ #define PUBLIC_OPTIONS \
+   (PCRE_CASELESS|PCRE_EXTENDED|PCRE_ANCHORED|PCRE_MULTILINE| \
+    PCRE_DOTALL|PCRE_DOLLAR_ENDONLY|PCRE_EXTRA|PCRE_UNGREEDY| \
+-   PCRE_LOCALE)
++   PCRE_NO_AUTO_CAPTURE|PCRE_LOCALE)
+ #else
+ #define PUBLIC_OPTIONS \
+   (PCRE_CASELESS|PCRE_EXTENDED|PCRE_ANCHORED|PCRE_MULTILINE| \
+-   PCRE_DOTALL|PCRE_DOLLAR_ENDONLY|PCRE_EXTRA|PCRE_UNGREEDY)
++   PCRE_DOTALL|PCRE_DOLLAR_ENDONLY|PCRE_EXTRA|PCRE_UNGREEDY| \
++   PCRE_NO_AUTO_CAPTURE)
+ #endif
+ #define PUBLIC_EXEC_OPTIONS \
+   (PCRE_CASELESS|PCRE_ANCHORED|PCRE_MULTILINE|PCRE_NOTBOL|PCRE_NOTEOL| \
diff -r 437719581422 -r 93d9f78d933e lang/python23-nth/patches/patch-ec
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python23-nth/patches/patch-ec        Sat Oct 01 19:36:01 2005 +0000
@@ -0,0 +1,69 @@
+$NetBSD: patch-ec,v 1.1 2005/10/01 19:36:01 recht Exp $
+
+--- Modules/pypcre.c.orig      2003-10-20 16:34:47.000000000 +0200
++++ Modules/pypcre.c   2005-10-01 21:13:56.000000000 +0200
+@@ -1163,14 +1163,31 @@
+ int min = 0;
+ int max = -1;
+ 
++/* Read the minimum value and do a paranoid check: a negative value indicates
++an integer overflow. */
++
+ while ((pcre_ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0';
+ 
++if (min < 0 || min > 65535)
++  {
++  *errorptr = ERR5;
++  return p;
++  }
++
++/* Read the maximum value if there is one, and again do a paranoid on its size
++. Also, max must not be less than min. */
++
+ if (*p == '}') max = min; else
+   {
+   if (*(++p) != '}')
+     {
+     max = 0;
+     while((pcre_ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0';
++    if (max < 0 || max > 65535)
++      {
++      *errorptr = ERR5;
++      return p;
++      }
+     if (max < min)
+       {
+       *errorptr = ERR4;
+@@ -2267,6 +2284,7 @@
+ int bracount = 0;
+ int brastack[200];
+ int top_backref = 0;
++BOOL capturing;
+ unsigned int brastackptr = 0;
+ uschar *code;
+ const uschar *ptr;
+@@ -2446,6 +2464,7 @@
+     /* Brackets may be genuine groups or special things */
+ 
+     case '(':
++    capturing = FALSE;
+ 
+     /* Handle special forms of bracket, which all start (? */
+ 
+@@ -2543,10 +2562,15 @@
+       continue;                      /* End of this bracket handling */
+       }
+ 
++    /* Ordinary parentheses, not followed by '?', are capturing unless
++    PCRE_NO_AUTO_CAPTURE is set. */
++
++    else capturing = (options & PCRE_NO_AUTO_CAPTURE) == 0;
++    
+     /* Extracting brackets must be counted so we can process escapes in a
+     Perlish way. */
+ 
+-    else bracount++;
++    if (capturing) bracount++;
+ 
+     /* Non-special forms of bracket. Save length for computing whole length
+     at end if there's a repeat that requires duplication of the group. */
diff -r 437719581422 -r 93d9f78d933e lang/python23-pth/Makefile
--- a/lang/python23-pth/Makefile        Sat Oct 01 18:54:10 2005 +0000
+++ b/lang/python23-pth/Makefile        Sat Oct 01 19:36:01 2005 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.29 2005/07/03 19:49:06 recht Exp $
+# $NetBSD: Makefile,v 1.30 2005/10/01 19:36:01 recht Exp $
 #
 
 DISTNAME=      Python-2.3.5
 PKGNAME=       python23-pth-2.3.5
+PKGREVISION=   1
 CATEGORIES=    lang python
 MASTER_SITES=  # empty
 DISTFILES=     # empty
@@ -11,7 +12,7 @@
 HOMEPAGE=      http://www.python.org/
 COMMENT=       Interpreted, interactive, object-oriented programming language
 
-DEPENDS+=      python23>=2.3.4:../../lang/python23
+DEPENDS+=      python23>=2.3.5nb3:../../lang/python23
 
 EXTRACT_ONLY=  # empty
 NO_CHECKSUM=   yes
diff -r 437719581422 -r 93d9f78d933e lang/python23/Makefile
--- a/lang/python23/Makefile    Sat Oct 01 18:54:10 2005 +0000
+++ b/lang/python23/Makefile    Sat Oct 01 19:36:01 2005 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.29 2005/08/02 05:06:56 kristerw Exp $
+# $NetBSD: Makefile,v 1.30 2005/10/01 19:36:01 recht Exp $
 #
 
 PKGNAME=       python23-2.3.5
-PKGREVISION=   2
+PKGREVISION=   3
 
 CONFLICTS+=    python-[0-9]*
 
diff -r 437719581422 -r 93d9f78d933e lang/python23/distinfo
--- a/lang/python23/distinfo    Sat Oct 01 18:54:10 2005 +0000
+++ b/lang/python23/distinfo    Sat Oct 01 19:36:01 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.33 2005/09/21 09:39:26 joerg Exp $
+$NetBSD: distinfo,v 1.34 2005/10/01 19:36:01 recht Exp $
 
 SHA1 (Python-2.3.5.tgz) = 2729d068f5d1abe7b743f32012d4f7c4b0508a3c
 RMD160 (Python-2.3.5.tgz) = 2104a393ca7c91b72b990ced53a0da752ccf42ef
@@ -18,3 +18,6 @@
 SHA1 (patch-ce) = 6b88d8177d0b1f900ee5898f113eccf8426ea756
 SHA1 (patch-da) = b082eff79571726701aab53c37d8d53a8115e204
 SHA1 (patch-dc) = 3f2f9c37ae7ee35550669a3e517833e68dc0ab61
+SHA1 (patch-ea) = babfed4a0e5ae599441423a06622d4820ab237b1
+SHA1 (patch-eb) = b72694d414b55d11e324cc76d6ed03b7c8e7630c
+SHA1 (patch-ec) = 9bec8cc75868ca785810b92ffe60406117bdc3fd
diff -r 437719581422 -r 93d9f78d933e lang/python23/patches/patch-ea
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python23/patches/patch-ea    Sat Oct 01 19:36:01 2005 +0000
@@ -0,0 +1,12 @@
+$NetBSD: patch-ea,v 1.1 2005/10/01 19:36:01 recht Exp $
+
+--- Modules/pcre.h.orig        2000-06-28 22:56:30.000000000 +0200
++++ Modules/pcre.h     2005-10-01 21:13:56.000000000 +0200
+@@ -40,6 +40,7 @@
+ #ifdef FOR_PYTHON
+ #define PCRE_LOCALE          0x0200
+ #endif
++#define PCRE_NO_AUTO_CAPTURE    0x1000
+ 
+ /* Exec-time error codes */
+ 
diff -r 437719581422 -r 93d9f78d933e lang/python23/patches/patch-eb
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python23/patches/patch-eb    Sat Oct 01 19:36:01 2005 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-eb,v 1.1 2005/10/01 19:36:01 recht Exp $
+
+--- Modules/pcre-int.h.orig    1998-05-07 17:32:38.000000000 +0200
++++ Modules/pcre-int.h 2005-10-01 21:13:56.000000000 +0200
+@@ -81,11 +81,12 @@
+ #define PUBLIC_OPTIONS \
+   (PCRE_CASELESS|PCRE_EXTENDED|PCRE_ANCHORED|PCRE_MULTILINE| \
+    PCRE_DOTALL|PCRE_DOLLAR_ENDONLY|PCRE_EXTRA|PCRE_UNGREEDY| \
+-   PCRE_LOCALE)
++   PCRE_NO_AUTO_CAPTURE|PCRE_LOCALE)
+ #else
+ #define PUBLIC_OPTIONS \
+   (PCRE_CASELESS|PCRE_EXTENDED|PCRE_ANCHORED|PCRE_MULTILINE| \
+-   PCRE_DOTALL|PCRE_DOLLAR_ENDONLY|PCRE_EXTRA|PCRE_UNGREEDY)
++   PCRE_DOTALL|PCRE_DOLLAR_ENDONLY|PCRE_EXTRA|PCRE_UNGREEDY| \
++   PCRE_NO_AUTO_CAPTURE)
+ #endif
+ #define PUBLIC_EXEC_OPTIONS \
+   (PCRE_CASELESS|PCRE_ANCHORED|PCRE_MULTILINE|PCRE_NOTBOL|PCRE_NOTEOL| \
diff -r 437719581422 -r 93d9f78d933e lang/python23/patches/patch-ec
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python23/patches/patch-ec    Sat Oct 01 19:36:01 2005 +0000
@@ -0,0 +1,69 @@
+$NetBSD: patch-ec,v 1.1 2005/10/01 19:36:01 recht Exp $
+
+--- Modules/pypcre.c.orig      2003-10-20 16:34:47.000000000 +0200
++++ Modules/pypcre.c   2005-10-01 21:13:56.000000000 +0200
+@@ -1163,14 +1163,31 @@
+ int min = 0;
+ int max = -1;
+ 
++/* Read the minimum value and do a paranoid check: a negative value indicates
++an integer overflow. */
++
+ while ((pcre_ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0';
+ 
++if (min < 0 || min > 65535)
++  {
++  *errorptr = ERR5;
++  return p;
++  }
++
++/* Read the maximum value if there is one, and again do a paranoid on its size
++. Also, max must not be less than min. */
++
+ if (*p == '}') max = min; else
+   {
+   if (*(++p) != '}')
+     {
+     max = 0;
+     while((pcre_ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0';
++    if (max < 0 || max > 65535)
++      {
++      *errorptr = ERR5;
++      return p;
++      }
+     if (max < min)
+       {
+       *errorptr = ERR4;
+@@ -2267,6 +2284,7 @@
+ int bracount = 0;
+ int brastack[200];
+ int top_backref = 0;
++BOOL capturing;
+ unsigned int brastackptr = 0;
+ uschar *code;
+ const uschar *ptr;
+@@ -2446,6 +2464,7 @@
+     /* Brackets may be genuine groups or special things */
+ 
+     case '(':
++    capturing = FALSE;
+ 
+     /* Handle special forms of bracket, which all start (? */
+ 
+@@ -2543,10 +2562,15 @@
+       continue;                      /* End of this bracket handling */
+       }
+ 
++    /* Ordinary parentheses, not followed by '?', are capturing unless
++    PCRE_NO_AUTO_CAPTURE is set. */
++
++    else capturing = (options & PCRE_NO_AUTO_CAPTURE) == 0;
++    
+     /* Extracting brackets must be counted so we can process escapes in a



Home | Main Index | Thread Index | Old Index