pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/lang/python25 Add security patches for CVE-2008-2315, ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/356e2709c55c
branches: trunk
changeset: 546381:356e2709c55c
user: tron <tron%pkgsrc.org@localhost>
date: Sat Aug 30 10:02:33 2008 +0000
description:
Add security patches for CVE-2008-2315, CVE-2008-2316, CVE-2008-3142 and
CVE-2008-3144 (this one shouldn't affect platforms supported by pkgsrc)
all taken from Gentoo. Bump package revision.
diffstat:
lang/python25/Makefile | 6 +-
lang/python25/distinfo | 23 +++++-
lang/python25/patches/patch-at | 19 +++-
lang/python25/patches/patch-ba | 119 +++++++++++++++++++++++++++++
lang/python25/patches/patch-bb | 21 +++++
lang/python25/patches/patch-bc | 17 ++++
lang/python25/patches/patch-bd | 15 +++
lang/python25/patches/patch-be | 53 +++++++++++++
lang/python25/patches/patch-bf | 25 ++++++
lang/python25/patches/patch-bg | 32 +++++++
lang/python25/patches/patch-bh | 167 +++++++++++++++++++++++++++++++++++++++++
lang/python25/patches/patch-bi | 66 ++++++++++++++++
lang/python25/patches/patch-bj | 35 ++++++++
lang/python25/patches/patch-bk | 27 ++++++
lang/python25/patches/patch-ca | 62 +++++++++++++++
lang/python25/patches/patch-cb | 38 +++++++++
lang/python25/patches/patch-cc | 18 ++++
lang/python25/patches/patch-cd | 37 +++++++++
lang/python25/patches/patch-ce | 20 ++++
lang/python25/patches/patch-da | 45 +++++++++++
lang/python25/patches/patch-db | 108 ++++++++++++++++++++++++++
lang/python25/patches/patch-ea | 59 ++++++++++++++
22 files changed, 1003 insertions(+), 9 deletions(-)
diffs (truncated from 1126 to 300 lines):
diff -r 61e2ff4996cb -r 356e2709c55c lang/python25/Makefile
--- a/lang/python25/Makefile Sat Aug 30 08:50:39 2008 +0000
+++ b/lang/python25/Makefile Sat Aug 30 10:02:33 2008 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.7 2008/07/14 14:42:51 joerg Exp $
+# $NetBSD: Makefile,v 1.8 2008/08/30 10:02:33 tron Exp $
DISTNAME= Python-2.5.2
PKGNAME= python25-2.5.2
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= lang python
MASTER_SITES= ftp://ftp.python.org/pub/python/2.5.2/ \
http://www.python.org/ftp/python/2.5.2/
@@ -156,7 +156,7 @@
${DESTDIR}${PREFIX}/lib/libpython2.5.sl.1.0
.endif
-USE_GNU_READLINE= # defined
+USE_GNU_READLINE= yes
BUILDLINK_DEPMETHOD.readline= build
.include "../../archivers/bzip2/buildlink3.mk"
diff -r 61e2ff4996cb -r 356e2709c55c lang/python25/distinfo
--- a/lang/python25/distinfo Sat Aug 30 08:50:39 2008 +0000
+++ b/lang/python25/distinfo Sat Aug 30 10:02:33 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.5 2008/06/27 20:08:20 wiz Exp $
+$NetBSD: distinfo,v 1.6 2008/08/30 10:02:33 tron Exp $
SHA1 (Python-2.5.2.tar.bz2) = 4755d212f50af704c20224a6966e23acc5aea60f
RMD160 (Python-2.5.2.tar.bz2) = b23b02739833e6730799c5866e2b77aae884b63f
@@ -20,6 +20,25 @@
SHA1 (patch-ap) = b864db92761c843a91374663bd2dbcfa57b317cf
SHA1 (patch-aq) = e1fb02560e95ce4d37e2894b4299c3eb3a1167d8
SHA1 (patch-ar) = 2a0c3f9a798afdfda7af4823e67579b2e000c072
-SHA1 (patch-at) = 200646b0b0292fd3c3517f10eda24b4e94dca7c4
+SHA1 (patch-at) = bb2ef2e30ebb6feb6ec796bc4cf6f2d4147353c1
SHA1 (patch-au) = e3babf3537ed8cbed1720f1afe964914f4ae289f
SHA1 (patch-av) = a1d41cb3a93879d54f0964ff84a63a297c333156
+SHA1 (patch-ba) = 23378360d4fb0d22a2e5f98993832888a672a748
+SHA1 (patch-bb) = 26b1426df46b947417ed755f1e61d238071e49f7
+SHA1 (patch-bc) = bfa88d1198b06737297e97e57ee98692096e0df5
+SHA1 (patch-bd) = 491dcb6731db871af2eb8bf418cd369a4af3b2b7
+SHA1 (patch-be) = ba2f8d299b86560172e55af067763e9224c41e3b
+SHA1 (patch-bf) = 58809f824473be7a16cc0e7c4d0b132e023aea4c
+SHA1 (patch-bg) = bf9dc3b3d51ab963804263e170c4247d19ab0d91
+SHA1 (patch-bh) = 96a2675f266144a6027fdc7445b9f93d0fdbe4eb
+SHA1 (patch-bi) = 1fb1c40669fc54fc6d181f706c614d67fe16d42b
+SHA1 (patch-bj) = dc2e3971dd4fd623a68cc9940738619cad4629b1
+SHA1 (patch-bk) = 61300258bdc9ee19195c5c7f62135d20d487507e
+SHA1 (patch-ca) = 37f59fc143e69cbf458d2930f846156553f9178b
+SHA1 (patch-cb) = 570ffec0f57acec984a401306f48c24e2128d9fe
+SHA1 (patch-cc) = 04289f010fb0c0aef37dbfb1a5be77aaa8725b95
+SHA1 (patch-cd) = 24a2a9975c4393400935b885f1ec9fc8996632a0
+SHA1 (patch-ce) = 2a8cae6c30be57bb9e389c1957609f7b42317f69
+SHA1 (patch-da) = 2030f74fb0d6134e6bb4203536dc56d8c0d38c3a
+SHA1 (patch-db) = 6ff4a9d4e33c2e08362d4417330eba47c170a84b
+SHA1 (patch-ea) = 7c4b01d002b8e081967216c2e79f2cec9df24005
diff -r 61e2ff4996cb -r 356e2709c55c lang/python25/patches/patch-at
--- a/lang/python25/patches/patch-at Sat Aug 30 08:50:39 2008 +0000
+++ b/lang/python25/patches/patch-at Sat Aug 30 10:02:33 2008 +0000
@@ -1,8 +1,19 @@
-$NetBSD: patch-at,v 1.1.1.1 2008/04/24 01:50:58 tnn Exp $
+$NetBSD: patch-at,v 1.2 2008/08/30 10:02:33 tron Exp $
+
+The first change is part of the fix for CVE-2008-2315 taken from Gentto.
---- Modules/mmapmodule.c.orig 2006-08-22 09:57:07.000000000 -0400
-+++ Modules/mmapmodule.c
-@@ -449,6 +449,9 @@ mmap_resize_method(mmap_object *self,
+--- Modules/mmapmodule.c.orig 2006-08-22 14:57:07.000000000 +0100
++++ Modules/mmapmodule.c 2008-08-30 10:16:13.000000000 +0100
+@@ -223,7 +223,7 @@
+ return(NULL);
+
+ /* silently 'adjust' out-of-range requests */
+- if ((self->pos + num_bytes) > self->size) {
++ if (num_bytes > self->size - self->pos) {
+ num_bytes -= (self->pos+num_bytes) - self->size;
+ }
+ result = Py_BuildValue("s#", self->data+self->pos, num_bytes);
+@@ -449,6 +449,9 @@
#ifdef MREMAP_MAYMOVE
newmap = mremap(self->data, self->size, new_size, MREMAP_MAYMOVE);
diff -r 61e2ff4996cb -r 356e2709c55c lang/python25/patches/patch-ba
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python25/patches/patch-ba Sat Aug 30 10:02:33 2008 +0000
@@ -0,0 +1,119 @@
+$NetBSD: patch-ba,v 1.1 2008/08/30 10:02:33 tron Exp $
+
+Patch for CVE-2008-2315 taken from Gentoo.
+
+--- Objects/unicodeobject.c.orig 2007-11-02 22:46:38.000000000 +0000
++++ Objects/unicodeobject.c 2008-08-30 10:16:13.000000000 +0100
+@@ -239,6 +239,11 @@
+ return unicode_empty;
+ }
+
++ /* Ensure we won't overflow the size. */
++ if (length > ((PY_SSIZE_T_MAX / sizeof(Py_UNICODE)) - 1)) {
++ return (PyUnicodeObject *)PyErr_NoMemory();
++ }
++
+ /* Unicode freelist & memory allocation */
+ if (unicode_freelist) {
+ unicode = unicode_freelist;
+@@ -1091,6 +1096,9 @@
+ char * out;
+ char * start;
+
++ if (cbAllocated / 5 != size)
++ return PyErr_NoMemory();
++
+ if (size == 0)
+ return PyString_FromStringAndSize(NULL, 0);
+
+@@ -1689,8 +1697,9 @@
+ {
+ PyObject *v;
+ unsigned char *p;
++ Py_ssize_t nsize, bytesize;
+ #ifdef Py_UNICODE_WIDE
+- int i, pairs;
++ Py_ssize_t i, pairs;
+ #else
+ const int pairs = 0;
+ #endif
+@@ -1713,8 +1722,15 @@
+ if (s[i] >= 0x10000)
+ pairs++;
+ #endif
+- v = PyString_FromStringAndSize(NULL,
+- 2 * (size + pairs + (byteorder == 0)));
++ /* 2 * (size + pairs + (byteorder == 0)) */
++ if (size > PY_SSIZE_T_MAX ||
++ size > PY_SSIZE_T_MAX - pairs - (byteorder == 0))
++ return PyErr_NoMemory();
++ nsize = (size + pairs + (byteorder == 0));
++ bytesize = nsize * 2;
++ if (bytesize / 2 != nsize)
++ return PyErr_NoMemory();
++ v = PyString_FromStringAndSize(NULL, bytesize);
+ if (v == NULL)
+ return NULL;
+
+@@ -2042,6 +2058,11 @@
+ char *p;
+
+ static const char *hexdigit = "0123456789abcdef";
++#ifdef Py_UNICODE_WIDE
++ const Py_ssize_t expandsize = 10;
++#else
++ const Py_ssize_t expandsize = 6;
++#endif
+
+ /* Initial allocation is based on the longest-possible unichr
+ escape.
+@@ -2057,13 +2078,12 @@
+ escape.
+ */
+
++ if (size > (PY_SSIZE_T_MAX - 2 - 1) / expandsize)
++ return PyErr_NoMemory();
++
+ repr = PyString_FromStringAndSize(NULL,
+ 2
+-#ifdef Py_UNICODE_WIDE
+- + 10*size
+-#else
+- + 6*size
+-#endif
++ + expandsize*size
+ + 1);
+ if (repr == NULL)
+ return NULL;
+@@ -2304,12 +2324,16 @@
+ char *q;
+
+ static const char *hexdigit = "0123456789abcdef";
+-
+ #ifdef Py_UNICODE_WIDE
+- repr = PyString_FromStringAndSize(NULL, 10 * size);
++ const Py_ssize_t expandsize = 10;
+ #else
+- repr = PyString_FromStringAndSize(NULL, 6 * size);
++ const Py_ssize_t expandsize = 6;
+ #endif
++
++ if (size > PY_SSIZE_T_MAX / expandsize)
++ return PyErr_NoMemory();
++
++ repr = PyString_FromStringAndSize(NULL, expandsize * size);
+ if (repr == NULL)
+ return NULL;
+ if (size == 0)
+@@ -4719,6 +4743,11 @@
+ return self;
+ }
+
++ if (left > PY_SSIZE_T_MAX - self->length ||
++ right > PY_SSIZE_T_MAX - (left + self->length)) {
++ PyErr_SetString(PyExc_OverflowError, "padded string is too long");
++ return NULL;
++ }
+ u = _PyUnicode_New(left + self->length + right);
+ if (u) {
+ if (left)
diff -r 61e2ff4996cb -r 356e2709c55c lang/python25/patches/patch-bb
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python25/patches/patch-bb Sat Aug 30 10:02:33 2008 +0000
@@ -0,0 +1,21 @@
+$NetBSD: patch-bb,v 1.1 2008/08/30 10:02:33 tron Exp $
+
+Patch for CVE-2008-2315 taken from Gentoo.
+
+--- Objects/tupleobject.c.orig 2006-08-12 18:03:09.000000000 +0100
++++ Objects/tupleobject.c 2008-08-30 10:16:13.000000000 +0100
+@@ -60,11 +60,12 @@
+ Py_ssize_t nbytes = size * sizeof(PyObject *);
+ /* Check for overflow */
+ if (nbytes / sizeof(PyObject *) != (size_t)size ||
+- (nbytes += sizeof(PyTupleObject) - sizeof(PyObject *))
+- <= 0)
++ (nbytes > PY_SSIZE_T_MAX - sizeof(PyTupleObject) - sizeof(PyObject *)))
+ {
+ return PyErr_NoMemory();
+ }
++ nbytes += sizeof(PyTupleObject) - sizeof(PyObject *);
++
+ op = PyObject_GC_NewVar(PyTupleObject, &PyTuple_Type, size);
+ if (op == NULL)
+ return NULL;
diff -r 61e2ff4996cb -r 356e2709c55c lang/python25/patches/patch-bc
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python25/patches/patch-bc Sat Aug 30 10:02:33 2008 +0000
@@ -0,0 +1,17 @@
+$NetBSD: patch-bc,v 1.1 2008/08/30 10:02:33 tron Exp $
+
+Patch for CVE-2008-2315 taken from Gentoo.
+
+--- Objects/bufferobject.c.orig 2008-02-14 11:26:18.000000000 +0000
++++ Objects/bufferobject.c 2008-08-30 10:16:13.000000000 +0100
+@@ -427,6 +427,10 @@
+ count = 0;
+ if (!get_buf(self, &ptr, &size, ANY_BUFFER))
+ return NULL;
++ if (count > PY_SSIZE_T_MAX / size) {
++ PyErr_SetString(PyExc_MemoryError, "result too large");
++ return NULL;
++ }
+ ob = PyString_FromStringAndSize(NULL, size * count);
+ if ( ob == NULL )
+ return NULL;
diff -r 61e2ff4996cb -r 356e2709c55c lang/python25/patches/patch-bd
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python25/patches/patch-bd Sat Aug 30 10:02:33 2008 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-bd,v 1.1 2008/08/30 10:02:33 tron Exp $
+
+Patch for CVE-2008-2315 taken from Gentoo.
+
+--- Objects/longobject.c.orig 2007-05-07 19:30:48.000000000 +0100
++++ Objects/longobject.c 2008-08-30 10:16:13.000000000 +0100
+@@ -70,6 +70,8 @@
+ PyErr_NoMemory();
+ return NULL;
+ }
++ /* XXX(nnorwitz): This can overflow --
++ PyObject_NEW_VAR / _PyObject_VAR_SIZE need to detect overflow */
+ return PyObject_NEW_VAR(PyLongObject, &PyLong_Type, size);
+ }
+
diff -r 61e2ff4996cb -r 356e2709c55c lang/python25/patches/patch-be
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/python25/patches/patch-be Sat Aug 30 10:02:33 2008 +0000
@@ -0,0 +1,53 @@
+$NetBSD: patch-be,v 1.1 2008/08/30 10:02:33 tron Exp $
+
+Patch for CVE-2008-2315 taken from Gentoo.
+
+--- Objects/stringobject.c.orig 2007-11-07 01:19:49.000000000 +0000
++++ Objects/stringobject.c 2008-08-30 10:16:13.000000000 +0100
+@@ -71,6 +71,11 @@
+ return (PyObject *)op;
+ }
+
++ if (size > PY_SSIZE_T_MAX - sizeof(PyStringObject)) {
++ PyErr_SetString(PyExc_OverflowError, "string is too large");
++ return NULL;
++ }
++
+ /* Inline PyObject_NewVar */
+ op = (PyStringObject *)PyObject_MALLOC(sizeof(PyStringObject) + size);
+ if (op == NULL)
+@@ -106,7 +111,7 @@
+
+ assert(str != NULL);
+ size = strlen(str);
Home |
Main Index |
Thread Index |
Old Index