summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortron <tron>2014-02-15 14:33:33 +0000
committertron <tron>2014-02-15 14:33:33 +0000
commitd496b3f2c0a66882cac0f63eb22ffecca5abd61f (patch)
tree25e59bed421d91295ec5f0ff925caeac0643ed22
parent7b143d8a1777e6cb659e1b789d12d02fd78f96ba (diff)
downloadpkgsrc-d496b3f2c0a66882cac0f63eb22ffecca5abd61f.tar.gz
Pullup ticket #4327 - requested by drochner
lang/python26: security patch Revisions pulled up: - lang/python26/Makefile 1.57 - lang/python26/distinfo 1.53 - lang/python26/patches/patch-ap 1.4 --- Module Name: pkgsrc Committed By: drochner Date: Sun Feb 9 13:47:10 UTC 2014 Modified Files: pkgsrc/lang/python26: Makefile distinfo pkgsrc/lang/python26/patches: patch-ap Log Message: adopt the socket.recvfrom_into() security fix from Python-2.7 bump PKGREV
-rw-r--r--lang/python26/Makefile4
-rw-r--r--lang/python26/distinfo4
-rw-r--r--lang/python26/patches/patch-ap21
3 files changed, 23 insertions, 6 deletions
diff --git a/lang/python26/Makefile b/lang/python26/Makefile
index c5d2ee3d48d..2858778301e 100644
--- a/lang/python26/Makefile
+++ b/lang/python26/Makefile
@@ -1,7 +1,9 @@
-# $NetBSD: Makefile,v 1.56 2013/11/06 07:25:49 adam Exp $
+# $NetBSD: Makefile,v 1.56.2.1 2014/02/15 14:33:33 tron Exp $
.include "dist.mk"
+PKGREVISION= 1
+
PKGNAME= python26-${PY_DISTVERSION}
CATEGORIES= lang python
diff --git a/lang/python26/distinfo b/lang/python26/distinfo
index d5e8418e97f..0c5c49ed69f 100644
--- a/lang/python26/distinfo
+++ b/lang/python26/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.52 2013/11/06 07:25:49 adam Exp $
+$NetBSD: distinfo,v 1.52.2.1 2014/02/15 14:33:33 tron Exp $
SHA1 (Python-2.6.9.tar.xz) = 2fc159946dfcceffbe4a8638de32d0cd8059c2f8
RMD160 (Python-2.6.9.tar.xz) = 42edf7c9f2f64b77ab173de30ea453257c2c06b3
@@ -19,7 +19,7 @@ SHA1 (patch-al) = 45dd16af8e7a45aa323138f712c034aa79a91019
SHA1 (patch-am) = 380dfaa8ca90532a52dcca972e34965f6e64fce1
SHA1 (patch-an) = 17b4e17b3b562c29a050e9bb20447084ce82b8ab
SHA1 (patch-ao) = 8c6a156b0f0c2a6d319658477fff348e6a0c3603
-SHA1 (patch-ap) = d23a869a449ab9dc166cfa149913b20c9acad9cb
+SHA1 (patch-ap) = 5ad6f248027be369bd27f69210ff3c7b97a297a2
SHA1 (patch-au) = 230d74342997021e957105786e93600f5d03cf7b
SHA1 (patch-av) = d6bf0419015656a8d2f13d3132873e453c8a6b6e
SHA1 (patch-az) = 473419352f6e1ff3c6e6268e81457e6f8a1fccb8
diff --git a/lang/python26/patches/patch-ap b/lang/python26/patches/patch-ap
index 4d9f889e6c3..e673990309c 100644
--- a/lang/python26/patches/patch-ap
+++ b/lang/python26/patches/patch-ap
@@ -1,6 +1,10 @@
-$NetBSD: patch-ap,v 1.3 2010/09/04 05:12:00 obache Exp $
+$NetBSD: patch-ap,v 1.3.28.1 2014/02/15 14:33:33 tron Exp $
---- Modules/socketmodule.c.orig 2010-05-23 15:22:08.000000000 +0000
+Fix vulnerability reported in SA56624. Patch taken from here:
+
+http://hg.python.org/cpython/rev/87673659d8f7
+
+--- Modules/socketmodule.c.orig 2014-02-09 12:58:52.000000000 +0000
+++ Modules/socketmodule.c
@@ -379,7 +379,7 @@ const char *inet_ntop(int af, const void
#define SOCKETCLOSE close
@@ -66,7 +70,18 @@ $NetBSD: patch-ap,v 1.3 2010/09/04 05:12:00 obache Exp $
*len_ret = sizeof *addr;
return 1;
}
-@@ -4588,9 +4607,13 @@ init_socket(void)
+@@ -2625,6 +2644,10 @@ sock_recvfrom_into(PySocketSockObject *s
+ if (recvlen == 0) {
+ /* If nbytes was not specified, use the buffer's length */
+ recvlen = buflen;
++ } else if (recvlen > buflen) {
++ PyErr_SetString(PyExc_ValueError,
++ "nbytes is greater than the length of the buffer");
++ return NULL;
+ }
+
+ readlen = sock_recvfrom_guts(s, buf, recvlen, flags, &addr);
+@@ -4588,9 +4611,13 @@ init_socket(void)
PyModule_AddIntConstant(m, "BTPROTO_L2CAP", BTPROTO_L2CAP);
PyModule_AddIntConstant(m, "BTPROTO_HCI", BTPROTO_HCI);
PyModule_AddIntConstant(m, "SOL_HCI", SOL_HCI);