diff options
author | recht <recht> | 2005-10-01 19:36:01 +0000 |
---|---|---|
committer | recht <recht> | 2005-10-01 19:36:01 +0000 |
commit | aba2e9255c71c527dc9085787dde04094b6eaa58 (patch) | |
tree | 6c917c231b80d429d3282fb058c5be62b49bbdef /lang/python23 | |
parent | 268400e1e4a080c49765f654e00410d6d49494d3 (diff) | |
download | pkgsrc-aba2e9255c71c527dc9085787dde04094b6eaa58.tar.gz |
Add a patch for CAN-2005-2491 (uffer overflow vulnerability in the PCRE
library) from ubuntu Linux (via gentoo).
For details see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
Bump PKGREVISION's.
Diffstat (limited to 'lang/python23')
-rw-r--r-- | lang/python23/Makefile | 4 | ||||
-rw-r--r-- | lang/python23/distinfo | 5 | ||||
-rw-r--r-- | lang/python23/patches/patch-ea | 12 | ||||
-rw-r--r-- | lang/python23/patches/patch-eb | 19 | ||||
-rw-r--r-- | lang/python23/patches/patch-ec | 69 |
5 files changed, 106 insertions, 3 deletions
diff --git a/lang/python23/Makefile b/lang/python23/Makefile index ff484033d47..e875065fd46 100644 --- a/lang/python23/Makefile +++ b/lang/python23/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.29 2005/08/02 05:06:56 kristerw Exp $ +# $NetBSD: Makefile,v 1.30 2005/10/01 19:36:01 recht Exp $ # PKGNAME= python23-2.3.5 -PKGREVISION= 2 +PKGREVISION= 3 CONFLICTS+= python-[0-9]* diff --git a/lang/python23/distinfo b/lang/python23/distinfo index 7d8bc3d6a65..733c95fa92e 100644 --- a/lang/python23/distinfo +++ b/lang/python23/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.33 2005/09/21 09:39:26 joerg Exp $ +$NetBSD: distinfo,v 1.34 2005/10/01 19:36:01 recht Exp $ SHA1 (Python-2.3.5.tgz) = 2729d068f5d1abe7b743f32012d4f7c4b0508a3c RMD160 (Python-2.3.5.tgz) = 2104a393ca7c91b72b990ced53a0da752ccf42ef @@ -18,3 +18,6 @@ SHA1 (patch-cd) = 5e980fcb567dcfc23b1ccac54a2457d5d9dba69a SHA1 (patch-ce) = 6b88d8177d0b1f900ee5898f113eccf8426ea756 SHA1 (patch-da) = b082eff79571726701aab53c37d8d53a8115e204 SHA1 (patch-dc) = 3f2f9c37ae7ee35550669a3e517833e68dc0ab61 +SHA1 (patch-ea) = babfed4a0e5ae599441423a06622d4820ab237b1 +SHA1 (patch-eb) = b72694d414b55d11e324cc76d6ed03b7c8e7630c +SHA1 (patch-ec) = 9bec8cc75868ca785810b92ffe60406117bdc3fd diff --git a/lang/python23/patches/patch-ea b/lang/python23/patches/patch-ea new file mode 100644 index 00000000000..b5c47557b5b --- /dev/null +++ b/lang/python23/patches/patch-ea @@ -0,0 +1,12 @@ +$NetBSD: patch-ea,v 1.1 2005/10/01 19:36:01 recht Exp $ + +--- Modules/pcre.h.orig 2000-06-28 22:56:30.000000000 +0200 ++++ Modules/pcre.h 2005-10-01 21:13:56.000000000 +0200 +@@ -40,6 +40,7 @@ + #ifdef FOR_PYTHON + #define PCRE_LOCALE 0x0200 + #endif ++#define PCRE_NO_AUTO_CAPTURE 0x1000 + + /* Exec-time error codes */ + diff --git a/lang/python23/patches/patch-eb b/lang/python23/patches/patch-eb new file mode 100644 index 00000000000..0c88d4339fc --- /dev/null +++ b/lang/python23/patches/patch-eb @@ -0,0 +1,19 @@ +$NetBSD: patch-eb,v 1.1 2005/10/01 19:36:01 recht Exp $ + +--- Modules/pcre-int.h.orig 1998-05-07 17:32:38.000000000 +0200 ++++ Modules/pcre-int.h 2005-10-01 21:13:56.000000000 +0200 +@@ -81,11 +81,12 @@ + #define PUBLIC_OPTIONS \ + (PCRE_CASELESS|PCRE_EXTENDED|PCRE_ANCHORED|PCRE_MULTILINE| \ + PCRE_DOTALL|PCRE_DOLLAR_ENDONLY|PCRE_EXTRA|PCRE_UNGREEDY| \ +- PCRE_LOCALE) ++ PCRE_NO_AUTO_CAPTURE|PCRE_LOCALE) + #else + #define PUBLIC_OPTIONS \ + (PCRE_CASELESS|PCRE_EXTENDED|PCRE_ANCHORED|PCRE_MULTILINE| \ +- PCRE_DOTALL|PCRE_DOLLAR_ENDONLY|PCRE_EXTRA|PCRE_UNGREEDY) ++ PCRE_DOTALL|PCRE_DOLLAR_ENDONLY|PCRE_EXTRA|PCRE_UNGREEDY| \ ++ PCRE_NO_AUTO_CAPTURE) + #endif + #define PUBLIC_EXEC_OPTIONS \ + (PCRE_CASELESS|PCRE_ANCHORED|PCRE_MULTILINE|PCRE_NOTBOL|PCRE_NOTEOL| \ diff --git a/lang/python23/patches/patch-ec b/lang/python23/patches/patch-ec new file mode 100644 index 00000000000..8d4d0cf13b1 --- /dev/null +++ b/lang/python23/patches/patch-ec @@ -0,0 +1,69 @@ +$NetBSD: patch-ec,v 1.1 2005/10/01 19:36:01 recht Exp $ + +--- Modules/pypcre.c.orig 2003-10-20 16:34:47.000000000 +0200 ++++ Modules/pypcre.c 2005-10-01 21:13:56.000000000 +0200 +@@ -1163,14 +1163,31 @@ + int min = 0; + int max = -1; + ++/* Read the minimum value and do a paranoid check: a negative value indicates ++an integer overflow. */ ++ + while ((pcre_ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0'; + ++if (min < 0 || min > 65535) ++ { ++ *errorptr = ERR5; ++ return p; ++ } ++ ++/* Read the maximum value if there is one, and again do a paranoid on its size ++. Also, max must not be less than min. */ ++ + if (*p == '}') max = min; else + { + if (*(++p) != '}') + { + max = 0; + while((pcre_ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0'; ++ if (max < 0 || max > 65535) ++ { ++ *errorptr = ERR5; ++ return p; ++ } + if (max < min) + { + *errorptr = ERR4; +@@ -2267,6 +2284,7 @@ + int bracount = 0; + int brastack[200]; + int top_backref = 0; ++BOOL capturing; + unsigned int brastackptr = 0; + uschar *code; + const uschar *ptr; +@@ -2446,6 +2464,7 @@ + /* Brackets may be genuine groups or special things */ + + case '(': ++ capturing = FALSE; + + /* Handle special forms of bracket, which all start (? */ + +@@ -2543,10 +2562,15 @@ + continue; /* End of this bracket handling */ + } + ++ /* Ordinary parentheses, not followed by '?', are capturing unless ++ PCRE_NO_AUTO_CAPTURE is set. */ ++ ++ else capturing = (options & PCRE_NO_AUTO_CAPTURE) == 0; ++ + /* Extracting brackets must be counted so we can process escapes in a + Perlish way. */ + +- else bracount++; ++ if (capturing) bracount++; + + /* Non-special forms of bracket. Save length for computing whole length + at end if there's a repeat that requires duplication of the group. */ |