diff options
| author | tron <tron> | 2014-02-15 14:33:33 +0000 |
|---|---|---|
| committer | tron <tron> | 2014-02-15 14:33:33 +0000 |
| commit | faa1857393470fc3671811afe6e307e021390a06 (patch) | |
| tree | 25e59bed421d91295ec5f0ff925caeac0643ed22 | |
| parent | 64cd30883f71586a942aff3791dde5a8bb98e52c (diff) | |
| download | pkgsrc-faa1857393470fc3671811afe6e307e021390a06.tar.gz | |
Pullup ticket #4327 - requested by drochner
lang/python26: security patch
Revisions pulled up:
- lang/python26/Makefile 1.57
- lang/python26/distinfo 1.53
- lang/python26/patches/patch-ap 1.4
---
Module Name: pkgsrc
Committed By: drochner
Date: Sun Feb 9 13:47:10 UTC 2014
Modified Files:
pkgsrc/lang/python26: Makefile distinfo
pkgsrc/lang/python26/patches: patch-ap
Log Message:
adopt the socket.recvfrom_into() security fix from Python-2.7
bump PKGREV
| -rw-r--r-- | lang/python26/Makefile | 4 | ||||
| -rw-r--r-- | lang/python26/distinfo | 4 | ||||
| -rw-r--r-- | lang/python26/patches/patch-ap | 21 |
3 files changed, 23 insertions, 6 deletions
diff --git a/lang/python26/Makefile b/lang/python26/Makefile index c5d2ee3d48d..2858778301e 100644 --- a/lang/python26/Makefile +++ b/lang/python26/Makefile @@ -1,7 +1,9 @@ -# $NetBSD: Makefile,v 1.56 2013/11/06 07:25:49 adam Exp $ +# $NetBSD: Makefile,v 1.56.2.1 2014/02/15 14:33:33 tron Exp $ .include "dist.mk" +PKGREVISION= 1 + PKGNAME= python26-${PY_DISTVERSION} CATEGORIES= lang python diff --git a/lang/python26/distinfo b/lang/python26/distinfo index d5e8418e97f..0c5c49ed69f 100644 --- a/lang/python26/distinfo +++ b/lang/python26/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.52 2013/11/06 07:25:49 adam Exp $ +$NetBSD: distinfo,v 1.52.2.1 2014/02/15 14:33:33 tron Exp $ SHA1 (Python-2.6.9.tar.xz) = 2fc159946dfcceffbe4a8638de32d0cd8059c2f8 RMD160 (Python-2.6.9.tar.xz) = 42edf7c9f2f64b77ab173de30ea453257c2c06b3 @@ -19,7 +19,7 @@ SHA1 (patch-al) = 45dd16af8e7a45aa323138f712c034aa79a91019 SHA1 (patch-am) = 380dfaa8ca90532a52dcca972e34965f6e64fce1 SHA1 (patch-an) = 17b4e17b3b562c29a050e9bb20447084ce82b8ab SHA1 (patch-ao) = 8c6a156b0f0c2a6d319658477fff348e6a0c3603 -SHA1 (patch-ap) = d23a869a449ab9dc166cfa149913b20c9acad9cb +SHA1 (patch-ap) = 5ad6f248027be369bd27f69210ff3c7b97a297a2 SHA1 (patch-au) = 230d74342997021e957105786e93600f5d03cf7b SHA1 (patch-av) = d6bf0419015656a8d2f13d3132873e453c8a6b6e SHA1 (patch-az) = 473419352f6e1ff3c6e6268e81457e6f8a1fccb8 diff --git a/lang/python26/patches/patch-ap b/lang/python26/patches/patch-ap index 4d9f889e6c3..e673990309c 100644 --- a/lang/python26/patches/patch-ap +++ b/lang/python26/patches/patch-ap @@ -1,6 +1,10 @@ -$NetBSD: patch-ap,v 1.3 2010/09/04 05:12:00 obache Exp $ +$NetBSD: patch-ap,v 1.3.28.1 2014/02/15 14:33:33 tron Exp $ ---- Modules/socketmodule.c.orig 2010-05-23 15:22:08.000000000 +0000 +Fix vulnerability reported in SA56624. Patch taken from here: + +http://hg.python.org/cpython/rev/87673659d8f7 + +--- Modules/socketmodule.c.orig 2014-02-09 12:58:52.000000000 +0000 +++ Modules/socketmodule.c @@ -379,7 +379,7 @@ const char *inet_ntop(int af, const void #define SOCKETCLOSE close @@ -66,7 +70,18 @@ $NetBSD: patch-ap,v 1.3 2010/09/04 05:12:00 obache Exp $ *len_ret = sizeof *addr; return 1; } -@@ -4588,9 +4607,13 @@ init_socket(void) +@@ -2625,6 +2644,10 @@ sock_recvfrom_into(PySocketSockObject *s + if (recvlen == 0) { + /* If nbytes was not specified, use the buffer's length */ + recvlen = buflen; ++ } else if (recvlen > buflen) { ++ PyErr_SetString(PyExc_ValueError, ++ "nbytes is greater than the length of the buffer"); ++ return NULL; + } + + readlen = sock_recvfrom_guts(s, buf, recvlen, flags, &addr); +@@ -4588,9 +4611,13 @@ init_socket(void) PyModule_AddIntConstant(m, "BTPROTO_L2CAP", BTPROTO_L2CAP); PyModule_AddIntConstant(m, "BTPROTO_HCI", BTPROTO_HCI); PyModule_AddIntConstant(m, "SOL_HCI", SOL_HCI); |