summaryrefslogtreecommitdiff
path: root/lang/python23
diff options
context:
space:
mode:
authorrecht <recht>2005-10-01 19:36:01 +0000
committerrecht <recht>2005-10-01 19:36:01 +0000
commitaba2e9255c71c527dc9085787dde04094b6eaa58 (patch)
tree6c917c231b80d429d3282fb058c5be62b49bbdef /lang/python23
parent268400e1e4a080c49765f654e00410d6d49494d3 (diff)
downloadpkgsrc-aba2e9255c71c527dc9085787dde04094b6eaa58.tar.gz
Add a patch for CAN-2005-2491 (uffer overflow vulnerability in the PCRE
library) from ubuntu Linux (via gentoo). For details see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491 Bump PKGREVISION's.
Diffstat (limited to 'lang/python23')
-rw-r--r--lang/python23/Makefile4
-rw-r--r--lang/python23/distinfo5
-rw-r--r--lang/python23/patches/patch-ea12
-rw-r--r--lang/python23/patches/patch-eb19
-rw-r--r--lang/python23/patches/patch-ec69
5 files changed, 106 insertions, 3 deletions
diff --git a/lang/python23/Makefile b/lang/python23/Makefile
index ff484033d47..e875065fd46 100644
--- a/lang/python23/Makefile
+++ b/lang/python23/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.29 2005/08/02 05:06:56 kristerw Exp $
+# $NetBSD: Makefile,v 1.30 2005/10/01 19:36:01 recht Exp $
#
PKGNAME= python23-2.3.5
-PKGREVISION= 2
+PKGREVISION= 3
CONFLICTS+= python-[0-9]*
diff --git a/lang/python23/distinfo b/lang/python23/distinfo
index 7d8bc3d6a65..733c95fa92e 100644
--- a/lang/python23/distinfo
+++ b/lang/python23/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.33 2005/09/21 09:39:26 joerg Exp $
+$NetBSD: distinfo,v 1.34 2005/10/01 19:36:01 recht Exp $
SHA1 (Python-2.3.5.tgz) = 2729d068f5d1abe7b743f32012d4f7c4b0508a3c
RMD160 (Python-2.3.5.tgz) = 2104a393ca7c91b72b990ced53a0da752ccf42ef
@@ -18,3 +18,6 @@ SHA1 (patch-cd) = 5e980fcb567dcfc23b1ccac54a2457d5d9dba69a
SHA1 (patch-ce) = 6b88d8177d0b1f900ee5898f113eccf8426ea756
SHA1 (patch-da) = b082eff79571726701aab53c37d8d53a8115e204
SHA1 (patch-dc) = 3f2f9c37ae7ee35550669a3e517833e68dc0ab61
+SHA1 (patch-ea) = babfed4a0e5ae599441423a06622d4820ab237b1
+SHA1 (patch-eb) = b72694d414b55d11e324cc76d6ed03b7c8e7630c
+SHA1 (patch-ec) = 9bec8cc75868ca785810b92ffe60406117bdc3fd
diff --git a/lang/python23/patches/patch-ea b/lang/python23/patches/patch-ea
new file mode 100644
index 00000000000..b5c47557b5b
--- /dev/null
+++ b/lang/python23/patches/patch-ea
@@ -0,0 +1,12 @@
+$NetBSD: patch-ea,v 1.1 2005/10/01 19:36:01 recht Exp $
+
+--- Modules/pcre.h.orig 2000-06-28 22:56:30.000000000 +0200
++++ Modules/pcre.h 2005-10-01 21:13:56.000000000 +0200
+@@ -40,6 +40,7 @@
+ #ifdef FOR_PYTHON
+ #define PCRE_LOCALE 0x0200
+ #endif
++#define PCRE_NO_AUTO_CAPTURE 0x1000
+
+ /* Exec-time error codes */
+
diff --git a/lang/python23/patches/patch-eb b/lang/python23/patches/patch-eb
new file mode 100644
index 00000000000..0c88d4339fc
--- /dev/null
+++ b/lang/python23/patches/patch-eb
@@ -0,0 +1,19 @@
+$NetBSD: patch-eb,v 1.1 2005/10/01 19:36:01 recht Exp $
+
+--- Modules/pcre-int.h.orig 1998-05-07 17:32:38.000000000 +0200
++++ Modules/pcre-int.h 2005-10-01 21:13:56.000000000 +0200
+@@ -81,11 +81,12 @@
+ #define PUBLIC_OPTIONS \
+ (PCRE_CASELESS|PCRE_EXTENDED|PCRE_ANCHORED|PCRE_MULTILINE| \
+ PCRE_DOTALL|PCRE_DOLLAR_ENDONLY|PCRE_EXTRA|PCRE_UNGREEDY| \
+- PCRE_LOCALE)
++ PCRE_NO_AUTO_CAPTURE|PCRE_LOCALE)
+ #else
+ #define PUBLIC_OPTIONS \
+ (PCRE_CASELESS|PCRE_EXTENDED|PCRE_ANCHORED|PCRE_MULTILINE| \
+- PCRE_DOTALL|PCRE_DOLLAR_ENDONLY|PCRE_EXTRA|PCRE_UNGREEDY)
++ PCRE_DOTALL|PCRE_DOLLAR_ENDONLY|PCRE_EXTRA|PCRE_UNGREEDY| \
++ PCRE_NO_AUTO_CAPTURE)
+ #endif
+ #define PUBLIC_EXEC_OPTIONS \
+ (PCRE_CASELESS|PCRE_ANCHORED|PCRE_MULTILINE|PCRE_NOTBOL|PCRE_NOTEOL| \
diff --git a/lang/python23/patches/patch-ec b/lang/python23/patches/patch-ec
new file mode 100644
index 00000000000..8d4d0cf13b1
--- /dev/null
+++ b/lang/python23/patches/patch-ec
@@ -0,0 +1,69 @@
+$NetBSD: patch-ec,v 1.1 2005/10/01 19:36:01 recht Exp $
+
+--- Modules/pypcre.c.orig 2003-10-20 16:34:47.000000000 +0200
++++ Modules/pypcre.c 2005-10-01 21:13:56.000000000 +0200
+@@ -1163,14 +1163,31 @@
+ int min = 0;
+ int max = -1;
+
++/* Read the minimum value and do a paranoid check: a negative value indicates
++an integer overflow. */
++
+ while ((pcre_ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0';
+
++if (min < 0 || min > 65535)
++ {
++ *errorptr = ERR5;
++ return p;
++ }
++
++/* Read the maximum value if there is one, and again do a paranoid on its size
++. Also, max must not be less than min. */
++
+ if (*p == '}') max = min; else
+ {
+ if (*(++p) != '}')
+ {
+ max = 0;
+ while((pcre_ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0';
++ if (max < 0 || max > 65535)
++ {
++ *errorptr = ERR5;
++ return p;
++ }
+ if (max < min)
+ {
+ *errorptr = ERR4;
+@@ -2267,6 +2284,7 @@
+ int bracount = 0;
+ int brastack[200];
+ int top_backref = 0;
++BOOL capturing;
+ unsigned int brastackptr = 0;
+ uschar *code;
+ const uschar *ptr;
+@@ -2446,6 +2464,7 @@
+ /* Brackets may be genuine groups or special things */
+
+ case '(':
++ capturing = FALSE;
+
+ /* Handle special forms of bracket, which all start (? */
+
+@@ -2543,10 +2562,15 @@
+ continue; /* End of this bracket handling */
+ }
+
++ /* Ordinary parentheses, not followed by '?', are capturing unless
++ PCRE_NO_AUTO_CAPTURE is set. */
++
++ else capturing = (options & PCRE_NO_AUTO_CAPTURE) == 0;
++
+ /* Extracting brackets must be counted so we can process escapes in a
+ Perlish way. */
+
+- else bracount++;
++ if (capturing) bracount++;
+
+ /* Non-special forms of bracket. Save length for computing whole length
+ at end if there's a repeat that requires duplication of the group. */