diff options
| author | tron <tron@pkgsrc.org> | 2012-02-18 23:35:28 +0000 |
|---|---|---|
| committer | tron <tron@pkgsrc.org> | 2012-02-18 23:35:28 +0000 |
| commit | 87e8111e747a95d15611fec5c43eaa107a975553 (patch) | |
| tree | 151d676e4e00485a2d5eed711c146a1a309ce328 | |
| parent | 3b1a932fa347d0d28c21eda153330942aa3ef084 (diff) | |
| download | pkgsrc-87e8111e747a95d15611fec5c43eaa107a975553.tar.gz | |
Pullup ticket #3685 - requested by drochner
lang/python25: security patch
lang/python26: security patch
lang/python27: security patch
lang/python31: security patch
Revisions pulled up:
- lang/python25/Makefile 1.37 via patch
- lang/python25/distinfo 1.22
- lang/python25/patches/patch-CVE-2012-0845 1.1
- lang/python26/Makefile 1.45 via patch
- lang/python26/distinfo 1.43
- lang/python26/patches/patch-CVE-2012-0845 1.1
- lang/python27/Makefile 1.11 via patch
- lang/python27/distinfo 1.15
- lang/python27/patches/patch-CVE-2012-0845 1.1
- lang/python31/Makefile 1.6 via patch
- lang/python31/distinfo 1.8
- lang/python31/patches/patch-CVE-2012-0845 1.1
---
Module Name: pkgsrc
Committed By: drochner
Date: Wed Feb 15 12:21:41 UTC 2012
Modified Files:
pkgsrc/lang/python26: Makefile distinfo
Added Files:
pkgsrc/lang/python26/patches: patch-CVE-2012-0845
Log Message:
add patch from Python issue#14001 to fix xmlrpc server endless loop
by malformed request
bump PKGREV
---
Module Name: pkgsrc
Committed By: drochner
Date: Wed Feb 15 16:08:26 UTC 2012
Modified Files:
pkgsrc/lang/python25: Makefile distinfo
pkgsrc/lang/python27: Makefile distinfo
pkgsrc/lang/python31: Makefile distinfo
Added Files:
pkgsrc/lang/python25/patches: patch-CVE-2012-0845
pkgsrc/lang/python27/patches: patch-CVE-2012-0845
pkgsrc/lang/python31/patches: patch-CVE-2012-0845
Log Message:
apply fix for CVE-2012-0845 to other Python versions too
(2.4 is not affected)
| -rw-r--r-- | lang/python25/Makefile | 3 | ||||
| -rw-r--r-- | lang/python25/distinfo | 3 | ||||
| -rw-r--r-- | lang/python25/patches/patch-CVE-2012-0845 | 18 | ||||
| -rw-r--r-- | lang/python26/Makefile | 3 | ||||
| -rw-r--r-- | lang/python26/distinfo | 3 | ||||
| -rw-r--r-- | lang/python26/patches/patch-CVE-2012-0845 | 18 | ||||
| -rw-r--r-- | lang/python27/Makefile | 3 | ||||
| -rw-r--r-- | lang/python27/distinfo | 3 | ||||
| -rw-r--r-- | lang/python27/patches/patch-CVE-2012-0845 | 18 | ||||
| -rw-r--r-- | lang/python31/Makefile | 4 | ||||
| -rw-r--r-- | lang/python31/distinfo | 3 | ||||
| -rw-r--r-- | lang/python31/patches/patch-CVE-2012-0845 | 18 |
12 files changed, 88 insertions, 9 deletions
diff --git a/lang/python25/Makefile b/lang/python25/Makefile index ceecd4961b3..450143e4dd8 100644 --- a/lang/python25/Makefile +++ b/lang/python25/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.35 2011/06/04 05:08:19 obache Exp $ +# $NetBSD: Makefile,v 1.35.6.1 2012/02/18 23:35:28 tron Exp $ .include "dist.mk" PKGNAME= python25-${PY_DISTVERSION} +PKGREVISION= 2 CATEGORIES= lang python MAINTAINER= pkgsrc-users@NetBSD.org diff --git a/lang/python25/distinfo b/lang/python25/distinfo index d1f5773d4c6..715a30f9c95 100644 --- a/lang/python25/distinfo +++ b/lang/python25/distinfo @@ -1,8 +1,9 @@ -$NetBSD: distinfo,v 1.21 2011/12/16 17:04:17 hans Exp $ +$NetBSD: distinfo,v 1.21.2.1 2012/02/18 23:35:28 tron Exp $ SHA1 (Python-2.5.6.tar.bz2) = 29f6dd41bf09c5e04311b367cbb7604fa016e699 RMD160 (Python-2.5.6.tar.bz2) = 92f0a955971f187a7d50c6422168202ec551bf22 Size (Python-2.5.6.tar.bz2) = 9821788 bytes +SHA1 (patch-CVE-2012-0845) = 1c0a8d7224b6b5cb65b24d38ac0967f8f8fb2da9 SHA1 (patch-SA43463) = df776e171f1794bae52b6e98bc71ae63734b7693 SHA1 (patch-aa) = d44e67645dc86ff14f5daf5705de02c6f330cc48 SHA1 (patch-ab) = d35025df83e70d129f9fbcd277652b0eea83b026 diff --git a/lang/python25/patches/patch-CVE-2012-0845 b/lang/python25/patches/patch-CVE-2012-0845 new file mode 100644 index 00000000000..d26f2d3241e --- /dev/null +++ b/lang/python25/patches/patch-CVE-2012-0845 @@ -0,0 +1,18 @@ +$NetBSD: patch-CVE-2012-0845,v 1.1.2.2 2012/02/18 23:35:28 tron Exp $ + +see python bug #14001 + +--- Lib/SimpleXMLRPCServer.py.orig 2009-04-05 21:34:15.000000000 +0000 ++++ Lib/SimpleXMLRPCServer.py +@@ -459,7 +459,10 @@ class SimpleXMLRPCRequestHandler(BaseHTT + L = [] + while size_remaining: + chunk_size = min(size_remaining, max_chunk_size) +- L.append(self.rfile.read(chunk_size)) ++ chunk = self.rfile.read(chunk_size) ++ if not chunk: ++ break ++ L.append(chunk) + size_remaining -= len(L[-1]) + data = ''.join(L) + diff --git a/lang/python26/Makefile b/lang/python26/Makefile index 05a27f17663..bc8c27551d4 100644 --- a/lang/python26/Makefile +++ b/lang/python26/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.43 2011/10/28 10:38:07 dsainty Exp $ +# $NetBSD: Makefile,v 1.43.2.1 2012/02/18 23:35:28 tron Exp $ .include "dist.mk" PKGNAME= python26-${PY_DISTVERSION} +PKGREVISION= 2 CATEGORIES= lang python MAINTAINER= pkgsrc-users@NetBSD.org diff --git a/lang/python26/distinfo b/lang/python26/distinfo index 4b6810de6c4..81389a45b59 100644 --- a/lang/python26/distinfo +++ b/lang/python26/distinfo @@ -1,8 +1,9 @@ -$NetBSD: distinfo,v 1.42 2011/12/16 17:04:18 hans Exp $ +$NetBSD: distinfo,v 1.42.2.1 2012/02/18 23:35:28 tron Exp $ SHA1 (Python-2.6.7.tar.bz2) = 5d35eb746e85fb3deaff8518448137c9b9fb6daa RMD160 (Python-2.6.7.tar.bz2) = 513e84a7cb76ca876e3803bb03ed558bd0378063 Size (Python-2.6.7.tar.bz2) = 11084667 bytes +SHA1 (patch-CVE-2012-0845) = 1c0a8d7224b6b5cb65b24d38ac0967f8f8fb2da9 SHA1 (patch-Mac_Modules_fm___Fmmodule.c) = b9314bccb51b4fe672b81559068f7a79d2965f94 SHA1 (patch-Mac_Modules_qd___Qdmodule.c) = 45c748b15b9436d45ba137460389638aa7108c8d SHA1 (patch-Mac_Modules_qdoffs___Qdoffsmodule.c) = 9994f0c1a908f18f1f3df3f05b184f082c018365 diff --git a/lang/python26/patches/patch-CVE-2012-0845 b/lang/python26/patches/patch-CVE-2012-0845 new file mode 100644 index 00000000000..d26f2d3241e --- /dev/null +++ b/lang/python26/patches/patch-CVE-2012-0845 @@ -0,0 +1,18 @@ +$NetBSD: patch-CVE-2012-0845,v 1.1.2.2 2012/02/18 23:35:28 tron Exp $ + +see python bug #14001 + +--- Lib/SimpleXMLRPCServer.py.orig 2009-04-05 21:34:15.000000000 +0000 ++++ Lib/SimpleXMLRPCServer.py +@@ -459,7 +459,10 @@ class SimpleXMLRPCRequestHandler(BaseHTT + L = [] + while size_remaining: + chunk_size = min(size_remaining, max_chunk_size) +- L.append(self.rfile.read(chunk_size)) ++ chunk = self.rfile.read(chunk_size) ++ if not chunk: ++ break ++ L.append(chunk) + size_remaining -= len(L[-1]) + data = ''.join(L) + diff --git a/lang/python27/Makefile b/lang/python27/Makefile index 47c852f5641..65e3992322b 100644 --- a/lang/python27/Makefile +++ b/lang/python27/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.9 2011/10/29 14:40:00 obache Exp $ +# $NetBSD: Makefile,v 1.9.2.1 2012/02/18 23:35:28 tron Exp $ .include "dist.mk" PKGNAME= python27-${PY_DISTVERSION} +PKGREVISION= 2 CATEGORIES= lang python MAINTAINER= pkgsrc-users@NetBSD.org diff --git a/lang/python27/distinfo b/lang/python27/distinfo index 86b4b2fccaf..0ea27d0b494 100644 --- a/lang/python27/distinfo +++ b/lang/python27/distinfo @@ -1,8 +1,9 @@ -$NetBSD: distinfo,v 1.14 2011/12/16 17:04:18 hans Exp $ +$NetBSD: distinfo,v 1.14.2.1 2012/02/18 23:35:28 tron Exp $ SHA1 (Python-2.7.2.tar.bz2) = 417bdeea77abfaf1b9257fc6b4a04aaa209f4547 RMD160 (Python-2.7.2.tar.bz2) = c3bf4f09b7c429a4d9f4cc251c795304cd5232c5 Size (Python-2.7.2.tar.bz2) = 11754834 bytes +SHA1 (patch-CVE-2012-0845) = 1c0a8d7224b6b5cb65b24d38ac0967f8f8fb2da9 SHA1 (patch-Mac_Modules_fm___Fmmodule.c) = b9314bccb51b4fe672b81559068f7a79d2965f94 SHA1 (patch-Mac_Modules_qd___Qdmodule.c) = 45c748b15b9436d45ba137460389638aa7108c8d SHA1 (patch-Mac_Modules_qdoffs___Qdoffsmodule.c) = 9994f0c1a908f18f1f3df3f05b184f082c018365 diff --git a/lang/python27/patches/patch-CVE-2012-0845 b/lang/python27/patches/patch-CVE-2012-0845 new file mode 100644 index 00000000000..d26f2d3241e --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-0845 @@ -0,0 +1,18 @@ +$NetBSD: patch-CVE-2012-0845,v 1.1.2.2 2012/02/18 23:35:28 tron Exp $ + +see python bug #14001 + +--- Lib/SimpleXMLRPCServer.py.orig 2009-04-05 21:34:15.000000000 +0000 ++++ Lib/SimpleXMLRPCServer.py +@@ -459,7 +459,10 @@ class SimpleXMLRPCRequestHandler(BaseHTT + L = [] + while size_remaining: + chunk_size = min(size_remaining, max_chunk_size) +- L.append(self.rfile.read(chunk_size)) ++ chunk = self.rfile.read(chunk_size) ++ if not chunk: ++ break ++ L.append(chunk) + size_remaining -= len(L[-1]) + data = ''.join(L) + diff --git a/lang/python31/Makefile b/lang/python31/Makefile index c827545d952..37f8bd2d2c6 100644 --- a/lang/python31/Makefile +++ b/lang/python31/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.4 2011/09/10 11:23:12 obache Exp $ +# $NetBSD: Makefile,v 1.4.4.1 2012/02/18 23:35:28 tron Exp $ .include "dist.mk" PKGNAME= python31-${PY_DISTVERSION} -PKGREVISION= 1 +PKGREVISION= 3 CATEGORIES= lang python MAINTAINER= pkgsrc-users@NetBSD.org diff --git a/lang/python31/distinfo b/lang/python31/distinfo index a89f4afaddb..feea63f502a 100644 --- a/lang/python31/distinfo +++ b/lang/python31/distinfo @@ -1,8 +1,9 @@ -$NetBSD: distinfo,v 1.7 2011/12/16 17:04:18 hans Exp $ +$NetBSD: distinfo,v 1.7.2.1 2012/02/18 23:35:28 tron Exp $ SHA1 (Python-3.1.4.tar.bz2) = 043d0240247f289205deeb0e620d799005202b3c RMD160 (Python-3.1.4.tar.bz2) = d537706808b00989a636418b6b6a06357b6bb94b Size (Python-3.1.4.tar.bz2) = 9887870 bytes +SHA1 (patch-CVE-2012-0845) = 747ee5649e0f4062f4c5b6bfb9a7fce24d6e3647 SHA1 (patch-aa) = ae156c486007cfd14d378dd211108d3af4b841b1 SHA1 (patch-ab) = 7d4d6aa9239f53f1ce9ecd377890d71557c58ca4 SHA1 (patch-ah) = f93c0aab7b0d5e8e9f80433dda5ed5a22861f6b9 diff --git a/lang/python31/patches/patch-CVE-2012-0845 b/lang/python31/patches/patch-CVE-2012-0845 new file mode 100644 index 00000000000..b4d5bf52203 --- /dev/null +++ b/lang/python31/patches/patch-CVE-2012-0845 @@ -0,0 +1,18 @@ +$NetBSD: patch-CVE-2012-0845,v 1.1.2.2 2012/02/18 23:35:28 tron Exp $ + +see python bug #14001 + +--- Lib/xmlrpc/server.py.orig 2011-06-11 15:48:51.000000000 +0000 ++++ Lib/xmlrpc/server.py +@@ -449,7 +449,10 @@ class SimpleXMLRPCRequestHandler(BaseHTT + L = [] + while size_remaining: + chunk_size = min(size_remaining, max_chunk_size) +- L.append(self.rfile.read(chunk_size)) ++ chunk = self.rfile.read(chunk_size) ++ if not chunk: ++ break ++ L.append(chunk) + size_remaining -= len(L[-1]) + data = b''.join(L) + |