pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2008Q2]: pkgsrc/lang/python24 Pullup ticket 2480 - requested b...
details: https://anonhg.NetBSD.org/pkgsrc/rev/e364535850b4
branches: pkgsrc-2008Q2
changeset: 544233:e364535850b4
user: tron <tron%pkgsrc.org@localhost>
date: Sun Aug 10 17:02:25 2008 +0000
description:
Pullup ticket 2480 - requested by drochner
Security patches for python24
Revisions pulled up:
- lang/python24/Makefile 1.44-1.45
- lang/python24/distinfo 1.29-1.31
- lang/python24/patches/patch-ba 1.1
- lang/python24/patches/patch-bb 1.1
- lang/python24/patches/patch-bc 1.1
- lang/python24/patches/patch-bd 1.1
- lang/python24/patches/patch-be 1.1
- lang/python24/patches/patch-bf 1.1
- lang/python24/patches/patch-bg 1.1
- lang/python24/patches/patch-bh 1.1
- lang/python24/patches/patch-bi 1.1
- lang/python24/patches/patch-bj 1.1
- lang/python24/patches/patch-bk 1.1
- lang/python24/patches/patch-bl 1.1
- lang/python24/patches/patch-bm 1.1
---
Module Name: pkgsrc
Committed By: joerg
Date: Mon Jul 14 14:42:51 UTC 2008
Modified Files:
pkgsrc/lang/python24: Makefile
Log Message:
Always build depend on readline, so that devel/py-readline can pick up
the right config. Bump revision.
---
Module Name: pkgsrc
Committed By: drochner
Date: Tue Aug 5 10:13:34 UTC 2008
Modified Files:
pkgsrc/lang/python24: Makefile distinfo
Added Files:
pkgsrc/lang/python24/patches: patch-ba patch-bb patch-bc patch-bd
patch-be patch-bf patch-bg
Log Message:
add patches from upstream svn rev.65333, fix integer overflows in
memory allocation (CVE-2008-2315)
---
Module Name: pkgsrc
Committed By: drochner
Date: Tue Aug 5 10:45:46 UTC 2008
Modified Files:
pkgsrc/lang/python24: distinfo
Added Files:
pkgsrc/lang/python24/patches: patch-bh patch-bi patch-bj patch-bk
patch-bl
Log Message:
also apply upstream svn rev.65262, fixes overflow checks in memory
allocation (CVE-2008-3142), ride on PKGREVISION bump some minutes ago
---
Module Name: pkgsrc
Committed By: drochner
Date: Thu Aug 7 11:20:18 UTC 2008
Modified Files:
pkgsrc/lang/python24: distinfo
Added Files:
pkgsrc/lang/python24/patches: patch-bm
Log Message:
Add a patch from the upstream 2.5 branch (svn rev.63883) to fix an
integer overflow in the vsnprintf replacement function.
This is likely not a real problem, and the patch wasn't pulled to
the upstream 2.4 branch, but so we can formally declare our 2.4
as not vulnerable now.
diffstat:
lang/python24/Makefile | 7 ++-
lang/python24/distinfo | 15 +++++-
lang/python24/patches/patch-ba | 25 ++++++++
lang/python24/patches/patch-bb | 13 ++++
lang/python24/patches/patch-bc | 33 +++++++++++
lang/python24/patches/patch-bd | 15 +++++
lang/python24/patches/patch-be | 44 +++++++++++++++
lang/python24/patches/patch-bf | 19 ++++++
lang/python24/patches/patch-bg | 114 +++++++++++++++++++++++++++++++++++++++++
lang/python24/patches/patch-bh | 60 +++++++++++++++++++++
lang/python24/patches/patch-bi | 16 +++++
lang/python24/patches/patch-bj | 35 ++++++++++++
lang/python24/patches/patch-bk | 18 ++++++
lang/python24/patches/patch-bl | 36 ++++++++++++
lang/python24/patches/patch-bm | 57 ++++++++++++++++++++
15 files changed, 505 insertions(+), 2 deletions(-)
diffs (truncated from 589 to 300 lines):
diff -r 8052829fb8b3 -r e364535850b4 lang/python24/Makefile
--- a/lang/python24/Makefile Sun Aug 10 15:30:12 2008 +0000
+++ b/lang/python24/Makefile Sun Aug 10 17:02:25 2008 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.43 2008/04/12 22:43:02 jlam Exp $
+# $NetBSD: Makefile,v 1.43.4.1 2008/08/10 17:02:25 tron Exp $
DISTNAME= Python-2.4.5
PKGNAME= python24-2.4.5
+PKGREVISION= 2
CATEGORIES= lang python
MASTER_SITES= http://www.python.org/ftp/python/2.4.5/
EXTRACT_SUFX= .tar.bz2
@@ -163,8 +164,12 @@
${DESTDIR}${PREFIX}/lib/libpython2.4.sl.1.0
.endif
+USE_GNU_READLINE= # defined
+BUILDLINK_DEPMETHOD.readline= build
+
.include "../../archivers/bzip2/buildlink3.mk"
.include "../../devel/gettext-lib/buildlink3.mk"
+.include "../../devel/readline/buildlink3.mk"
.include "../../devel/zlib/buildlink3.mk"
.include "../../security/openssl/buildlink3.mk"
.include "../../mk/dlopen.buildlink3.mk"
diff -r 8052829fb8b3 -r e364535850b4 lang/python24/distinfo
--- a/lang/python24/distinfo Sun Aug 10 15:30:12 2008 +0000
+++ b/lang/python24/distinfo Sun Aug 10 17:02:25 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.28 2008/04/11 10:44:08 drochner Exp $
+$NetBSD: distinfo,v 1.28.4.1 2008/08/10 17:02:25 tron Exp $
SHA1 (Python-2.4.5.tar.bz2) = 6e9e1ac2b70cc10c36063a25ab5a5ddb53177107
RMD160 (Python-2.4.5.tar.bz2) = b43f2114697be751f03ec7cfb46f8c4946a73097
@@ -23,3 +23,16 @@
SHA1 (patch-ar) = f132998e3e81f3093f9bddf32fe6dcb40fcfa76f
SHA1 (patch-at) = 9d66115cc561c99dcc3478678aa286c1c0c3df6b
SHA1 (patch-au) = d0a234efabe7d6a1f2b1dcbf26780fdc6b452214
+SHA1 (patch-ba) = c9b88da8efc334771eff578585e2e9e7e21a0634
+SHA1 (patch-bb) = 89829819c5a38f3bbd8be1737568f87b9ffbd598
+SHA1 (patch-bc) = e72dc346087f78760e623344e9eff147283c202c
+SHA1 (patch-bd) = f760e4995888e22997d27598872fcf25cb89cbfe
+SHA1 (patch-be) = ce192dc8ec7b53b691288f1fecc8abbd9b61e9ea
+SHA1 (patch-bf) = c0ae4152a0991d1c814462a5a8e925c9a9a6c254
+SHA1 (patch-bg) = 30a6d65a10bc0e6df5229635ad89a27e1093a347
+SHA1 (patch-bh) = 4eee3ae6ff7ea9ca5c599dd782d78fb35a0562f4
+SHA1 (patch-bi) = 735906d3fb35bfe0d3b8d410b3a240e358215e05
+SHA1 (patch-bj) = ee23fac376746e48ee00e73b9ecc688086b7bc98
+SHA1 (patch-bk) = 4af3c66a3f6b773dc5fc14943a36b0906024e885
+SHA1 (patch-bl) = 9a192f5f4afd4296493599414a714bba6085d897
+SHA1 (patch-bm) = bd8a9f5b2cc3909bc69d9b585b42643057dae646
diff -r 8052829fb8b3 -r e364535850b4 lang/python24/patches/patch-ba
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python24/patches/patch-ba Sun Aug 10 17:02:25 2008 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-ba,v 1.1.2.2 2008/08/10 17:02:25 tron Exp $
+
+--- Modules/gcmodule.c.orig 2006-09-28 19:08:01.000000000 +0200
++++ Modules/gcmodule.c
+@@ -1249,7 +1249,10 @@ PyObject *
+ _PyObject_GC_Malloc(size_t basicsize)
+ {
+ PyObject *op;
+- PyGC_Head *g = PyObject_MALLOC(sizeof(PyGC_Head) + basicsize);
++ PyGC_Head *g;
++ if (basicsize > INT_MAX - sizeof(PyGC_Head))
++ return PyErr_NoMemory();
++ g = PyObject_MALLOC(sizeof(PyGC_Head) + basicsize);
+ if (g == NULL)
+ return PyErr_NoMemory();
+ g->gc.gc_refs = GC_UNTRACKED;
+@@ -1291,6 +1294,8 @@ _PyObject_GC_Resize(PyVarObject *op, int
+ {
+ const size_t basicsize = _PyObject_VAR_SIZE(op->ob_type, nitems);
+ PyGC_Head *g = AS_GC(op);
++ if (basicsize > INT_MAX - sizeof(PyGC_Head))
++ return (PyVarObject *)PyErr_NoMemory();
+ g = PyObject_REALLOC(g, sizeof(PyGC_Head) + basicsize);
+ if (g == NULL)
+ return (PyVarObject *)PyErr_NoMemory();
diff -r 8052829fb8b3 -r e364535850b4 lang/python24/patches/patch-bb
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python24/patches/patch-bb Sun Aug 10 17:02:25 2008 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-bb,v 1.1.2.2 2008/08/10 17:02:25 tron Exp $
+
+--- Modules/mmapmodule.c.orig 2008-08-05 12:00:52.000000000 +0200
++++ Modules/mmapmodule.c
+@@ -223,7 +223,7 @@ mmap_read_method(mmap_object *self,
+ return(NULL);
+
+ /* silently 'adjust' out-of-range requests */
+- if ((self->pos + num_bytes) > self->size) {
++ if (num_bytes > self->size - self->pos) {
+ num_bytes -= (self->pos+num_bytes) - self->size;
+ }
+ result = Py_BuildValue("s#", self->data+self->pos, num_bytes);
diff -r 8052829fb8b3 -r e364535850b4 lang/python24/patches/patch-bc
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python24/patches/patch-bc Sun Aug 10 17:02:25 2008 +0000
@@ -0,0 +1,33 @@
+$NetBSD: patch-bc,v 1.1.2.2 2008/08/10 17:02:25 tron Exp $
+
+--- Modules/stropmodule.c.orig 2008-03-02 20:20:32.000000000 +0100
++++ Modules/stropmodule.c
+@@ -214,6 +214,13 @@ strop_joinfields(PyObject *self, PyObjec
+ return NULL;
+ }
+ slen = PyString_GET_SIZE(item);
++ if (slen > INT_MAX - reslen ||
++ seplen > INT_MAX - reslen - seplen) {
++ PyErr_SetString(PyExc_OverflowError,
++ "input too long");
++ Py_DECREF(res);
++ return NULL;
++ }
+ while (reslen + slen + seplen >= sz) {
+ if (_PyString_Resize(&res, sz * 2) < 0)
+ return NULL;
+@@ -251,6 +258,14 @@ strop_joinfields(PyObject *self, PyObjec
+ return NULL;
+ }
+ slen = PyString_GET_SIZE(item);
++ if (slen > INT_MAX - reslen ||
++ seplen > INT_MAX - reslen - seplen) {
++ PyErr_SetString(PyExc_OverflowError,
++ "input too long");
++ Py_DECREF(res);
++ Py_XDECREF(item);
++ return NULL;
++ }
+ while (reslen + slen + seplen >= sz) {
+ if (_PyString_Resize(&res, sz * 2) < 0) {
+ Py_DECREF(item);
diff -r 8052829fb8b3 -r e364535850b4 lang/python24/patches/patch-bd
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python24/patches/patch-bd Sun Aug 10 17:02:25 2008 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-bd,v 1.1.2.2 2008/08/10 17:02:25 tron Exp $
+
+--- Objects/bufferobject.c.orig 2008-03-02 20:20:32.000000000 +0100
++++ Objects/bufferobject.c
+@@ -384,6 +384,10 @@ buffer_repeat(PyBufferObject *self, int
+ count = 0;
+ if (!get_buf(self, &ptr, &size))
+ return NULL;
++ if (count > INT_MAX / size) {
++ PyErr_SetString(PyExc_MemoryError, "result too large");
++ return NULL;
++ }
+ ob = PyString_FromStringAndSize(NULL, size * count);
+ if ( ob == NULL )
+ return NULL;
diff -r 8052829fb8b3 -r e364535850b4 lang/python24/patches/patch-be
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python24/patches/patch-be Sun Aug 10 17:02:25 2008 +0000
@@ -0,0 +1,44 @@
+$NetBSD: patch-be,v 1.1.2.2 2008/08/10 17:02:25 tron Exp $
+
+--- Objects/stringobject.c.orig 2006-10-06 21:26:14.000000000 +0200
++++ Objects/stringobject.c
+@@ -69,6 +69,11 @@ PyString_FromStringAndSize(const char *s
+ return (PyObject *)op;
+ }
+
++ if (size > INT_MAX - sizeof(PyStringObject)) {
++ PyErr_SetString(PyExc_OverflowError, "string is too large");
++ return NULL;
++ }
++
+ /* Inline PyObject_NewVar */
+ op = (PyStringObject *)PyObject_MALLOC(sizeof(PyStringObject) + size);
+ if (op == NULL)
+@@ -104,7 +109,7 @@ PyString_FromString(const char *str)
+
+ assert(str != NULL);
+ size = strlen(str);
+- if (size > INT_MAX) {
++ if (size > INT_MAX - sizeof(PyStringObject)) {
+ PyErr_SetString(PyExc_OverflowError,
+ "string is too long for a Python string");
+ return NULL;
+@@ -907,7 +912,18 @@ string_concat(register PyStringObject *a
+ Py_INCREF(a);
+ return (PyObject *)a;
+ }
++ /* Check that string sizes are not negative, to prevent an
++ overflow in cases where we are passed incorrectly-created
++ strings with negative lengths (due to a bug in other code).
++ */
+ size = a->ob_size + b->ob_size;
++ if (a->ob_size < 0 || b->ob_size < 0 ||
++ a->ob_size > INT_MAX - b->ob_size) {
++ PyErr_SetString(PyExc_OverflowError,
++ "strings are too large to concat");
++ return NULL;
++ }
++
+ /* Inline PyObject_NewVar */
+ op = (PyStringObject *)PyObject_MALLOC(sizeof(PyStringObject) + size);
+ if (op == NULL)
diff -r 8052829fb8b3 -r e364535850b4 lang/python24/patches/patch-bf
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python24/patches/patch-bf Sun Aug 10 17:02:25 2008 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-bf,v 1.1.2.2 2008/08/10 17:02:26 tron Exp $
+
+--- Objects/tupleobject.c.orig 2006-03-17 20:04:15.000000000 +0100
++++ Objects/tupleobject.c
+@@ -60,11 +60,12 @@ PyTuple_New(register int size)
+ int nbytes = size * sizeof(PyObject *);
+ /* Check for overflow */
+ if (nbytes / sizeof(PyObject *) != (size_t)size ||
+- (nbytes += sizeof(PyTupleObject) - sizeof(PyObject *))
+- <= 0)
++ (nbytes > INT_MAX - sizeof(PyTupleObject) - sizeof(PyObject *)))
+ {
+ return PyErr_NoMemory();
+ }
++ nbytes += sizeof(PyTupleObject) - sizeof(PyObject *);
++
+ op = PyObject_GC_NewVar(PyTupleObject, &PyTuple_Type, size);
+ if (op == NULL)
+ return NULL;
diff -r 8052829fb8b3 -r e364535850b4 lang/python24/patches/patch-bg
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python24/patches/patch-bg Sun Aug 10 17:02:25 2008 +0000
@@ -0,0 +1,114 @@
+$NetBSD: patch-bg,v 1.1.2.2 2008/08/10 17:02:26 tron Exp $
+
+--- Objects/unicodeobject.c.orig 2006-10-05 20:08:58.000000000 +0200
++++ Objects/unicodeobject.c
+@@ -186,6 +186,11 @@ PyUnicodeObject *_PyUnicode_New(int leng
+ return unicode_empty;
+ }
+
++ /* Ensure we won't overflow the size. */
++ if (length > ((INT_MAX / sizeof(Py_UNICODE)) - 1)) {
++ return (PyUnicodeObject *)PyErr_NoMemory();
++ }
++
+ /* Unicode freelist & memory allocation */
+ if (unicode_freelist) {
+ unicode = unicode_freelist;
+@@ -1040,6 +1045,9 @@ PyObject *PyUnicode_EncodeUTF7(const Py_
+ char * out;
+ char * start;
+
++ if (cbAllocated / 5 != size)
++ return PyErr_NoMemory();
++
+ if (size == 0)
+ return PyString_FromStringAndSize(NULL, 0);
+
+@@ -1638,6 +1646,7 @@ PyUnicode_EncodeUTF16(const Py_UNICODE *
+ {
+ PyObject *v;
+ unsigned char *p;
++ int nsize, bytesize;
+ #ifdef Py_UNICODE_WIDE
+ int i, pairs;
+ #else
+@@ -1662,8 +1671,15 @@ PyUnicode_EncodeUTF16(const Py_UNICODE *
+ if (s[i] >= 0x10000)
+ pairs++;
+ #endif
+- v = PyString_FromStringAndSize(NULL,
+- 2 * (size + pairs + (byteorder == 0)));
++ /* 2 * (size + pairs + (byteorder == 0)) */
++ if (size > INT_MAX ||
++ size > INT_MAX - pairs - (byteorder == 0))
++ return PyErr_NoMemory();
++ nsize = (size + pairs + (byteorder == 0));
++ bytesize = nsize * 2;
++ if (bytesize / 2 != nsize)
++ return PyErr_NoMemory();
++ v = PyString_FromStringAndSize(NULL, bytesize);
+ if (v == NULL)
+ return NULL;
+
+@@ -1977,6 +1993,11 @@ PyObject *unicodeescape_string(const Py_
+ char *p;
+
+ static const char *hexdigit = "0123456789abcdef";
++#ifdef Py_UNICODE_WIDE
++ const int expandsize = 10;
++#else
++ const int expandsize = 6;
++#endif
+
+ /* Initial allocation is based on the longest-possible unichr
+ escape.
+@@ -1992,13 +2013,12 @@ PyObject *unicodeescape_string(const Py_
+ escape.
+ */
+
++ if (size > (INT_MAX - 2 - 1) / expandsize)
++ return PyErr_NoMemory();
++
Home |
Main Index |
Thread Index |
Old Index