summaryrefslogtreecommitdiff
path: root/lang/python24
diff options
context:
space:
mode:
authorobache <obache@pkgsrc.org>2011-04-23 08:53:53 +0000
committerobache <obache@pkgsrc.org>2011-04-23 08:53:53 +0000
commite8a8422d81556ba83b8c34ca8dd27bf6670d2a8e (patch)
treebe182dd138eb488b87f9a7d19ba75afb18989669 /lang/python24
parented000dceaa8fe843abacea796e092d2f9a872ad7 (diff)
downloadpkgsrc-e8a8422d81556ba83b8c34ca8dd27bf6670d2a8e.tar.gz
Update python24 to 2.4.6.
What's New in Python 2.4.6? =========================== *Release date: 19-Dec-2008* What's New in Python 2.4.6c1? ============================= *Release date: 13-Dec-2008* Core and builtins ----------------- - Issue #4469: Prevent expandtabs() on string and unicode objects from causing a segfault when a large width is passed on 32-bit platforms. CVE-2008-5031. - Issue #4317: Fixed a crash in the imageop.rgb2rgb8() function. - Issue #4230: Fix a crash when a class has a custom __getattr__ and an __getattribute__ method that deletes the __getattr__ attribute. - Apply security patches from Apple. CVE-2008-2315. - Issue #2620: Overflow checking when allocating or reallocating memory was not always being done properly in some python types and extension modules. PyMem_MALLOC, PyMem_REALLOC, PyMem_NEW and PyMem_RESIZE have all been updated to perform better checks and places in the code that would previously leak memory on the error path when such an allocation failed have been fixed. - Issue #1179: Fix CVE-2007-4965 and CVE-2008-1679, multiple integer overflows in the imageop and rgbimgmodule modules. - Issue #2586: Fix CVE-2008-1721, zlib crash from zlib.decompressobj().flush(val) when val is not positive. - Issues #2588, #2589: Fix potential integer underflow and overflow conditions in the PyOS_vsnprintf C API function. CVE-2008-3144. - Issue #2587: In the C API, PyString_FromStringAndSize() takes a signed size parameter but was not verifying that it was greater than zero. Values less than zero will now raise a SystemError and return NULL to indicate a bug in the calling C code. CVE-2008-1887. - Security Issue #2: imageop did not validate arguments correctly and could segfault as a result. CVE-2008-4864. Extension Modules ----------------- Library ------- Tests ----- Build ----- Tools/Demos ----------- - Tools/faqwiz/move-faqwiz.sh: Fix unsecure use of temporary files.
Diffstat (limited to 'lang/python24')
-rw-r--r--lang/python24/Makefile5
-rw-r--r--lang/python24/PLIST.common3
-rw-r--r--lang/python24/dist.mk4
-rw-r--r--lang/python24/distinfo24
-rw-r--r--lang/python24/patches/patch-aq26
-rw-r--r--lang/python24/patches/patch-au15
-rw-r--r--lang/python24/patches/patch-ba25
-rw-r--r--lang/python24/patches/patch-bb13
-rw-r--r--lang/python24/patches/patch-bc33
-rw-r--r--lang/python24/patches/patch-bd15
-rw-r--r--lang/python24/patches/patch-be44
-rw-r--r--lang/python24/patches/patch-bf19
-rw-r--r--lang/python24/patches/patch-bg114
-rw-r--r--lang/python24/patches/patch-bh60
-rw-r--r--lang/python24/patches/patch-bi16
-rw-r--r--lang/python24/patches/patch-bj35
-rw-r--r--lang/python24/patches/patch-bk18
-rw-r--r--lang/python24/patches/patch-bl36
-rw-r--r--lang/python24/patches/patch-bm57
19 files changed, 25 insertions, 537 deletions
diff --git a/lang/python24/Makefile b/lang/python24/Makefile
index abf5f8e011c..098edd2c69a 100644
--- a/lang/python24/Makefile
+++ b/lang/python24/Makefile
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.55 2011/04/22 13:42:00 obache Exp $
+# $NetBSD: Makefile,v 1.56 2011/04/23 08:53:53 obache Exp $
.include "dist.mk"
PKGNAME= python24-${PY_DISTVERSION}
-PKGREVISION= 7
CATEGORIES= lang python
MAINTAINER= pkgsrc-users@NetBSD.org
@@ -139,6 +138,8 @@ REPLACE.py24.new= ${PREFIX}/bin/python${PY_VER_SUFFIX}
REPLACE_FILES.py24= Lib/cgi.py # explicitly demanded to be patched
REPLACE_FILES.py24+= Lib/bsddb/dbshelve.py Lib/test/test_bz2.py
REPLACE_FILES.py24+= Lib/test/test_largefile.py Lib/test/test_optparse.py
+REPLACE_FILES.py24+= Lib/*.py
+REPLACE_FILES.py24+= Lib/test/*.py
post-extract:
${MV} ${WRKSRC}/Lib/smtpd.py ${WRKSRC}/Lib/smtpd${PY_VER_SUFFIX}.py
diff --git a/lang/python24/PLIST.common b/lang/python24/PLIST.common
index 482c1dab2d5..72e3742adda 100644
--- a/lang/python24/PLIST.common
+++ b/lang/python24/PLIST.common
@@ -1,8 +1,9 @@
-@comment $NetBSD: PLIST.common,v 1.11 2008/04/13 11:03:33 tnn Exp $
+@comment $NetBSD: PLIST.common,v 1.12 2011/04/23 08:53:53 obache Exp $
bin/pydoc${PY_VER_SUFFIX}
bin/python${PY_VER_SUFFIX}
bin/smtpd${PY_VER_SUFFIX}.py
include/python${PY_VER_SUFFIX}/Python.h
+include/python${PY_VER_SUFFIX}/Python-ast.h
include/python${PY_VER_SUFFIX}/abstract.h
include/python${PY_VER_SUFFIX}/bitset.h
include/python${PY_VER_SUFFIX}/boolobject.h
diff --git a/lang/python24/dist.mk b/lang/python24/dist.mk
index 4296afb26e6..2f324668d90 100644
--- a/lang/python24/dist.mk
+++ b/lang/python24/dist.mk
@@ -1,6 +1,6 @@
-# $NetBSD: dist.mk,v 1.1 2010/09/17 07:11:41 obache Exp $
+# $NetBSD: dist.mk,v 1.2 2011/04/23 08:53:53 obache Exp $
-PY_DISTVERSION= 2.4.5
+PY_DISTVERSION= 2.4.6
DISTNAME= Python-${PY_DISTVERSION}
EXTRACT_SUFX= .tar.bz2
DISTINFO_FILE= ${.CURDIR}/../../lang/python24/distinfo
diff --git a/lang/python24/distinfo b/lang/python24/distinfo
index e5c81c1fcab..ee35ed61fdf 100644
--- a/lang/python24/distinfo
+++ b/lang/python24/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.33 2009/09/19 09:30:41 obache Exp $
+$NetBSD: distinfo,v 1.34 2011/04/23 08:53:53 obache Exp $
-SHA1 (Python-2.4.5.tar.bz2) = 6e9e1ac2b70cc10c36063a25ab5a5ddb53177107
-RMD160 (Python-2.4.5.tar.bz2) = b43f2114697be751f03ec7cfb46f8c4946a73097
-Size (Python-2.4.5.tar.bz2) = 8159705 bytes
+SHA1 (Python-2.4.6.tar.bz2) = cb1972a554a458f6a26d3e047b359251865d7c96
+RMD160 (Python-2.4.6.tar.bz2) = 0687989193dec2ac108142759281be7ddcf7f31e
+Size (Python-2.4.6.tar.bz2) = 8154677 bytes
SHA1 (patch-aa) = 310309e6778fd809b7758efa8db7333ed498e5e5
SHA1 (patch-ab) = 98b94620baf5d9d5e8681529297124c2d07a901b
SHA1 (patch-ac) = 4a7a83c9a7bb26254d17907fe15f895276910364
@@ -19,20 +19,6 @@ SHA1 (patch-am) = 31158eee32363963e2f6d0bd528f0b291453de74
SHA1 (patch-an) = 0ae5b3d547c7dbe1366c5ae6c60c11516e4550b8
SHA1 (patch-ao) = 1ef48142acd8b591b11013b46048d9145f235843
SHA1 (patch-ap) = 8fbfecdb80ee851db569b64201ccd94bd3552a81
-SHA1 (patch-aq) = 10f1964892763e0d1b2345bd053d7929dd4b317e
+SHA1 (patch-aq) = 3d13cd79d50b70302d1b6ee598759a51f0b98532
SHA1 (patch-ar) = f132998e3e81f3093f9bddf32fe6dcb40fcfa76f
SHA1 (patch-at) = 9d66115cc561c99dcc3478678aa286c1c0c3df6b
-SHA1 (patch-au) = d0a234efabe7d6a1f2b1dcbf26780fdc6b452214
-SHA1 (patch-ba) = c9b88da8efc334771eff578585e2e9e7e21a0634
-SHA1 (patch-bb) = 89829819c5a38f3bbd8be1737568f87b9ffbd598
-SHA1 (patch-bc) = e72dc346087f78760e623344e9eff147283c202c
-SHA1 (patch-bd) = f760e4995888e22997d27598872fcf25cb89cbfe
-SHA1 (patch-be) = ce192dc8ec7b53b691288f1fecc8abbd9b61e9ea
-SHA1 (patch-bf) = c0ae4152a0991d1c814462a5a8e925c9a9a6c254
-SHA1 (patch-bg) = 30a6d65a10bc0e6df5229635ad89a27e1093a347
-SHA1 (patch-bh) = 4eee3ae6ff7ea9ca5c599dd782d78fb35a0562f4
-SHA1 (patch-bi) = 735906d3fb35bfe0d3b8d410b3a240e358215e05
-SHA1 (patch-bj) = ee23fac376746e48ee00e73b9ecc688086b7bc98
-SHA1 (patch-bk) = 4af3c66a3f6b773dc5fc14943a36b0906024e885
-SHA1 (patch-bl) = 9a192f5f4afd4296493599414a714bba6085d897
-SHA1 (patch-bm) = bd8a9f5b2cc3909bc69d9b585b42643057dae646
diff --git a/lang/python24/patches/patch-aq b/lang/python24/patches/patch-aq
index a309814d7fb..ce4da0e2bc5 100644
--- a/lang/python24/patches/patch-aq
+++ b/lang/python24/patches/patch-aq
@@ -1,22 +1,22 @@
-$NetBSD: patch-aq,v 1.1 2006/10/11 18:20:37 rillig Exp $
+$NetBSD: patch-aq,v 1.2 2011/04/23 08:53:53 obache Exp $
---- Tools/faqwiz/move-faqwiz.sh.orig 2006-10-11 20:11:32.000000000 +0200
-+++ Tools/faqwiz/move-faqwiz.sh 2006-10-11 20:12:11.000000000 +0200
+--- Tools/faqwiz/move-faqwiz.sh.orig 2008-11-30 13:33:28.000000000 +0000
++++ Tools/faqwiz/move-faqwiz.sh
@@ -9,7 +9,7 @@
# blackjesus:~> ./move-faqwiz.sh 2\.1 3\.2
# Moving FAQ question 02.001 to 03.002
--if [ x$2 == x ]; then
+-if [ x$2 = x ]; then
+if [ $# -ne 2 ]; then
echo "Need 2 args: original_version final_version."
exit 2
fi
-@@ -28,7 +28,7 @@ cut_n_pad $1 1 prefix1
- cut_n_pad $1 2 suffix1
- cut_n_pad $2 1 prefix2
- cut_n_pad $2 2 suffix2
--tmpfile=tmp$RANDOM.tmp
-+tmpfile=tmp-$$-$RANDOM.tmp
- file1=faq$prefix1.$suffix1.htp
- file2=faq$prefix2.$suffix2.htp
-
+@@ -31,7 +31,7 @@ cut_n_pad $2 2 suffix2
+ if which tempfile >/dev/null; then
+ tmpfile=$(tempfile -d .)
+ elif [ -n "$RANDOM" ]; then
+- tmpfile=tmp$RANDOM.tmp
++ tmpfile=tmp-$$-$RANDOM.tmp
+ else
+ tmpfile=tmp$$.tmp
+ fi
diff --git a/lang/python24/patches/patch-au b/lang/python24/patches/patch-au
deleted file mode 100644
index 7c22037abeb..00000000000
--- a/lang/python24/patches/patch-au
+++ /dev/null
@@ -1,15 +0,0 @@
-$NetBSD: patch-au,v 1.1 2008/04/11 10:32:33 drochner Exp $
-
---- Modules/zlibmodule.c.orig 2008-04-11 12:21:45.000000000 +0200
-+++ Modules/zlibmodule.c
-@@ -669,6 +669,10 @@ PyZlib_unflush(compobject *self, PyObjec
-
- if (!PyArg_ParseTuple(args, "|i:flush", &length))
- return NULL;
-+ if (length <= 0) {
-+ PyErr_SetString(PyExc_ValueError, "length must be greater than zero");
-+ return NULL;
-+ }
- if (!(retval = PyString_FromStringAndSize(NULL, length)))
- return NULL;
-
diff --git a/lang/python24/patches/patch-ba b/lang/python24/patches/patch-ba
deleted file mode 100644
index 3a4c47fe2d4..00000000000
--- a/lang/python24/patches/patch-ba
+++ /dev/null
@@ -1,25 +0,0 @@
-$NetBSD: patch-ba,v 1.1 2008/08/05 10:13:34 drochner Exp $
-
---- Modules/gcmodule.c.orig 2006-09-28 19:08:01.000000000 +0200
-+++ Modules/gcmodule.c
-@@ -1249,7 +1249,10 @@ PyObject *
- _PyObject_GC_Malloc(size_t basicsize)
- {
- PyObject *op;
-- PyGC_Head *g = PyObject_MALLOC(sizeof(PyGC_Head) + basicsize);
-+ PyGC_Head *g;
-+ if (basicsize > INT_MAX - sizeof(PyGC_Head))
-+ return PyErr_NoMemory();
-+ g = PyObject_MALLOC(sizeof(PyGC_Head) + basicsize);
- if (g == NULL)
- return PyErr_NoMemory();
- g->gc.gc_refs = GC_UNTRACKED;
-@@ -1291,6 +1294,8 @@ _PyObject_GC_Resize(PyVarObject *op, int
- {
- const size_t basicsize = _PyObject_VAR_SIZE(op->ob_type, nitems);
- PyGC_Head *g = AS_GC(op);
-+ if (basicsize > INT_MAX - sizeof(PyGC_Head))
-+ return (PyVarObject *)PyErr_NoMemory();
- g = PyObject_REALLOC(g, sizeof(PyGC_Head) + basicsize);
- if (g == NULL)
- return (PyVarObject *)PyErr_NoMemory();
diff --git a/lang/python24/patches/patch-bb b/lang/python24/patches/patch-bb
deleted file mode 100644
index 7e6baf459ea..00000000000
--- a/lang/python24/patches/patch-bb
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-bb,v 1.1 2008/08/05 10:13:34 drochner Exp $
-
---- Modules/mmapmodule.c.orig 2008-08-05 12:00:52.000000000 +0200
-+++ Modules/mmapmodule.c
-@@ -223,7 +223,7 @@ mmap_read_method(mmap_object *self,
- return(NULL);
-
- /* silently 'adjust' out-of-range requests */
-- if ((self->pos + num_bytes) > self->size) {
-+ if (num_bytes > self->size - self->pos) {
- num_bytes -= (self->pos+num_bytes) - self->size;
- }
- result = Py_BuildValue("s#", self->data+self->pos, num_bytes);
diff --git a/lang/python24/patches/patch-bc b/lang/python24/patches/patch-bc
deleted file mode 100644
index f23f91f370c..00000000000
--- a/lang/python24/patches/patch-bc
+++ /dev/null
@@ -1,33 +0,0 @@
-$NetBSD: patch-bc,v 1.1 2008/08/05 10:13:34 drochner Exp $
-
---- Modules/stropmodule.c.orig 2008-03-02 20:20:32.000000000 +0100
-+++ Modules/stropmodule.c
-@@ -214,6 +214,13 @@ strop_joinfields(PyObject *self, PyObjec
- return NULL;
- }
- slen = PyString_GET_SIZE(item);
-+ if (slen > INT_MAX - reslen ||
-+ seplen > INT_MAX - reslen - seplen) {
-+ PyErr_SetString(PyExc_OverflowError,
-+ "input too long");
-+ Py_DECREF(res);
-+ return NULL;
-+ }
- while (reslen + slen + seplen >= sz) {
- if (_PyString_Resize(&res, sz * 2) < 0)
- return NULL;
-@@ -251,6 +258,14 @@ strop_joinfields(PyObject *self, PyObjec
- return NULL;
- }
- slen = PyString_GET_SIZE(item);
-+ if (slen > INT_MAX - reslen ||
-+ seplen > INT_MAX - reslen - seplen) {
-+ PyErr_SetString(PyExc_OverflowError,
-+ "input too long");
-+ Py_DECREF(res);
-+ Py_XDECREF(item);
-+ return NULL;
-+ }
- while (reslen + slen + seplen >= sz) {
- if (_PyString_Resize(&res, sz * 2) < 0) {
- Py_DECREF(item);
diff --git a/lang/python24/patches/patch-bd b/lang/python24/patches/patch-bd
deleted file mode 100644
index 14abc020380..00000000000
--- a/lang/python24/patches/patch-bd
+++ /dev/null
@@ -1,15 +0,0 @@
-$NetBSD: patch-bd,v 1.1 2008/08/05 10:13:34 drochner Exp $
-
---- Objects/bufferobject.c.orig 2008-03-02 20:20:32.000000000 +0100
-+++ Objects/bufferobject.c
-@@ -384,6 +384,10 @@ buffer_repeat(PyBufferObject *self, int
- count = 0;
- if (!get_buf(self, &ptr, &size))
- return NULL;
-+ if (count > INT_MAX / size) {
-+ PyErr_SetString(PyExc_MemoryError, "result too large");
-+ return NULL;
-+ }
- ob = PyString_FromStringAndSize(NULL, size * count);
- if ( ob == NULL )
- return NULL;
diff --git a/lang/python24/patches/patch-be b/lang/python24/patches/patch-be
deleted file mode 100644
index f76f00086b2..00000000000
--- a/lang/python24/patches/patch-be
+++ /dev/null
@@ -1,44 +0,0 @@
-$NetBSD: patch-be,v 1.1 2008/08/05 10:13:34 drochner Exp $
-
---- Objects/stringobject.c.orig 2006-10-06 21:26:14.000000000 +0200
-+++ Objects/stringobject.c
-@@ -69,6 +69,11 @@ PyString_FromStringAndSize(const char *s
- return (PyObject *)op;
- }
-
-+ if (size > INT_MAX - sizeof(PyStringObject)) {
-+ PyErr_SetString(PyExc_OverflowError, "string is too large");
-+ return NULL;
-+ }
-+
- /* Inline PyObject_NewVar */
- op = (PyStringObject *)PyObject_MALLOC(sizeof(PyStringObject) + size);
- if (op == NULL)
-@@ -104,7 +109,7 @@ PyString_FromString(const char *str)
-
- assert(str != NULL);
- size = strlen(str);
-- if (size > INT_MAX) {
-+ if (size > INT_MAX - sizeof(PyStringObject)) {
- PyErr_SetString(PyExc_OverflowError,
- "string is too long for a Python string");
- return NULL;
-@@ -907,7 +912,18 @@ string_concat(register PyStringObject *a
- Py_INCREF(a);
- return (PyObject *)a;
- }
-+ /* Check that string sizes are not negative, to prevent an
-+ overflow in cases where we are passed incorrectly-created
-+ strings with negative lengths (due to a bug in other code).
-+ */
- size = a->ob_size + b->ob_size;
-+ if (a->ob_size < 0 || b->ob_size < 0 ||
-+ a->ob_size > INT_MAX - b->ob_size) {
-+ PyErr_SetString(PyExc_OverflowError,
-+ "strings are too large to concat");
-+ return NULL;
-+ }
-+
- /* Inline PyObject_NewVar */
- op = (PyStringObject *)PyObject_MALLOC(sizeof(PyStringObject) + size);
- if (op == NULL)
diff --git a/lang/python24/patches/patch-bf b/lang/python24/patches/patch-bf
deleted file mode 100644
index 28e193d7827..00000000000
--- a/lang/python24/patches/patch-bf
+++ /dev/null
@@ -1,19 +0,0 @@
-$NetBSD: patch-bf,v 1.1 2008/08/05 10:13:34 drochner Exp $
-
---- Objects/tupleobject.c.orig 2006-03-17 20:04:15.000000000 +0100
-+++ Objects/tupleobject.c
-@@ -60,11 +60,12 @@ PyTuple_New(register int size)
- int nbytes = size * sizeof(PyObject *);
- /* Check for overflow */
- if (nbytes / sizeof(PyObject *) != (size_t)size ||
-- (nbytes += sizeof(PyTupleObject) - sizeof(PyObject *))
-- <= 0)
-+ (nbytes > INT_MAX - sizeof(PyTupleObject) - sizeof(PyObject *)))
- {
- return PyErr_NoMemory();
- }
-+ nbytes += sizeof(PyTupleObject) - sizeof(PyObject *);
-+
- op = PyObject_GC_NewVar(PyTupleObject, &PyTuple_Type, size);
- if (op == NULL)
- return NULL;
diff --git a/lang/python24/patches/patch-bg b/lang/python24/patches/patch-bg
deleted file mode 100644
index 17dea7b6f6d..00000000000
--- a/lang/python24/patches/patch-bg
+++ /dev/null
@@ -1,114 +0,0 @@
-$NetBSD: patch-bg,v 1.1 2008/08/05 10:13:34 drochner Exp $
-
---- Objects/unicodeobject.c.orig 2006-10-05 20:08:58.000000000 +0200
-+++ Objects/unicodeobject.c
-@@ -186,6 +186,11 @@ PyUnicodeObject *_PyUnicode_New(int leng
- return unicode_empty;
- }
-
-+ /* Ensure we won't overflow the size. */
-+ if (length > ((INT_MAX / sizeof(Py_UNICODE)) - 1)) {
-+ return (PyUnicodeObject *)PyErr_NoMemory();
-+ }
-+
- /* Unicode freelist & memory allocation */
- if (unicode_freelist) {
- unicode = unicode_freelist;
-@@ -1040,6 +1045,9 @@ PyObject *PyUnicode_EncodeUTF7(const Py_
- char * out;
- char * start;
-
-+ if (cbAllocated / 5 != size)
-+ return PyErr_NoMemory();
-+
- if (size == 0)
- return PyString_FromStringAndSize(NULL, 0);
-
-@@ -1638,6 +1646,7 @@ PyUnicode_EncodeUTF16(const Py_UNICODE *
- {
- PyObject *v;
- unsigned char *p;
-+ int nsize, bytesize;
- #ifdef Py_UNICODE_WIDE
- int i, pairs;
- #else
-@@ -1662,8 +1671,15 @@ PyUnicode_EncodeUTF16(const Py_UNICODE *
- if (s[i] >= 0x10000)
- pairs++;
- #endif
-- v = PyString_FromStringAndSize(NULL,
-- 2 * (size + pairs + (byteorder == 0)));
-+ /* 2 * (size + pairs + (byteorder == 0)) */
-+ if (size > INT_MAX ||
-+ size > INT_MAX - pairs - (byteorder == 0))
-+ return PyErr_NoMemory();
-+ nsize = (size + pairs + (byteorder == 0));
-+ bytesize = nsize * 2;
-+ if (bytesize / 2 != nsize)
-+ return PyErr_NoMemory();
-+ v = PyString_FromStringAndSize(NULL, bytesize);
- if (v == NULL)
- return NULL;
-
-@@ -1977,6 +1993,11 @@ PyObject *unicodeescape_string(const Py_
- char *p;
-
- static const char *hexdigit = "0123456789abcdef";
-+#ifdef Py_UNICODE_WIDE
-+ const int expandsize = 10;
-+#else
-+ const int expandsize = 6;
-+#endif
-
- /* Initial allocation is based on the longest-possible unichr
- escape.
-@@ -1992,13 +2013,12 @@ PyObject *unicodeescape_string(const Py_
- escape.
- */
-
-+ if (size > (INT_MAX - 2 - 1) / expandsize)
-+ return PyErr_NoMemory();
-+
- repr = PyString_FromStringAndSize(NULL,
- 2
--#ifdef Py_UNICODE_WIDE
-- + 10*size
--#else
-- + 6*size
--#endif
-+ + expandsize*size
- + 1);
- if (repr == NULL)
- return NULL;
-@@ -2239,12 +2259,16 @@ PyObject *PyUnicode_EncodeRawUnicodeEsca
- char *q;
-
- static const char *hexdigit = "0123456789abcdef";
--
- #ifdef Py_UNICODE_WIDE
-- repr = PyString_FromStringAndSize(NULL, 10 * size);
-+ const int expandsize = 10;
- #else
-- repr = PyString_FromStringAndSize(NULL, 6 * size);
-+ const int expandsize = 6;
- #endif
-+
-+ if (size > INT_MAX / expandsize)
-+ return PyErr_NoMemory();
-+
-+ repr = PyString_FromStringAndSize(NULL, expandsize * size);
- if (repr == NULL)
- return NULL;
- if (size == 0)
-@@ -4289,6 +4313,11 @@ PyUnicodeObject *pad(PyUnicodeObject *se
- return self;
- }
-
-+ if (left > INT_MAX - self->length ||
-+ right > INT_MAX - (left + self->length)) {
-+ PyErr_SetString(PyExc_OverflowError, "padded string is too long");
-+ return NULL;
-+ }
- u = _PyUnicode_New(left + self->length + right);
- if (u) {
- if (left)
diff --git a/lang/python24/patches/patch-bh b/lang/python24/patches/patch-bh
deleted file mode 100644
index 51ffc629d48..00000000000
--- a/lang/python24/patches/patch-bh
+++ /dev/null
@@ -1,60 +0,0 @@
-$NetBSD: patch-bh,v 1.1 2008/08/05 10:45:45 drochner Exp $
-
---- Include/pymem.h.orig 2008-03-02 20:20:32.000000000 +0100
-+++ Include/pymem.h
-@@ -66,8 +66,12 @@ PyAPI_FUNC(void) PyMem_Free(void *);
- for malloc(0), which would be treated as an error. Some platforms
- would return a pointer with no memory behind it, which would break
- pymalloc. To solve these problems, allocate an extra byte. */
--#define PyMem_MALLOC(n) malloc((n) ? (n) : 1)
--#define PyMem_REALLOC(p, n) realloc((p), (n) ? (n) : 1)
-+/* Returns NULL to indicate error if a negative size or size larger than
-+ Py_ssize_t can represent is supplied. Helps prevents security holes. */
-+#define PyMem_MALLOC(n) (((n) < 0 || (n) > INT_MAX) ? NULL \
-+ : malloc((n) ? (n) : 1))
-+#define PyMem_REALLOC(p, n) (((n) < 0 || (n) > INT_MAX) ? NULL \
-+ : realloc((p), (n) ? (n) : 1))
-
- #endif /* PYMALLOC_DEBUG */
-
-@@ -80,24 +84,31 @@ PyAPI_FUNC(void) PyMem_Free(void *);
- * Type-oriented memory interface
- * ==============================
- *
-- * These are carried along for historical reasons. There's rarely a good
-- * reason to use them anymore (you can just as easily do the multiply and
-- * cast yourself).
-+ * Allocate memory for n objects of the given type. Returns a new pointer
-+ * or NULL if the request was too large or memory allocation failed. Use
-+ * these macros rather than doing the multiplication yourself so that proper
-+ * overflow checking is always done.
- */
-
- #define PyMem_New(type, n) \
-- ( assert((n) <= PY_SIZE_MAX / sizeof(type)) , \
-+ ( ((n) > INT_MAX / sizeof(type)) ? NULL : \
- ( (type *) PyMem_Malloc((n) * sizeof(type)) ) )
- #define PyMem_NEW(type, n) \
-- ( assert((n) <= PY_SIZE_MAX / sizeof(type)) , \
-+ ( ((n) > INT_MAX / sizeof(type)) ? NULL : \
- ( (type *) PyMem_MALLOC((n) * sizeof(type)) ) )
-
-+/*
-+ * The value of (p) is always clobbered by this macro regardless of success.
-+ * The caller MUST check if (p) is NULL afterwards and deal with the memory
-+ * error if so. This means the original value of (p) MUST be saved for the
-+ * caller's memory error handler to not lose track of it.
-+ */
- #define PyMem_Resize(p, type, n) \
-- ( assert((n) <= PY_SIZE_MAX / sizeof(type)) , \
-- ( (p) = (type *) PyMem_Realloc((p), (n) * sizeof(type)) ) )
-+ ( (p) = ((n) > INT_MAX / sizeof(type)) ? NULL : \
-+ (type *) PyMem_Realloc((p), (n) * sizeof(type)) )
- #define PyMem_RESIZE(p, type, n) \
-- ( assert((n) <= PY_SIZE_MAX / sizeof(type)) , \
-- ( (p) = (type *) PyMem_REALLOC((p), (n) * sizeof(type)) ) )
-+ ( (p) = ((n) > INT_MAX / sizeof(type)) ? NULL : \
-+ (type *) PyMem_REALLOC((p), (n) * sizeof(type)) )
-
- /* In order to avoid breaking old code mixing PyObject_{New, NEW} with
- PyMem_{Del, DEL} and PyMem_{Free, FREE}, the PyMem "release memory"
diff --git a/lang/python24/patches/patch-bi b/lang/python24/patches/patch-bi
deleted file mode 100644
index cb4d2c5e95d..00000000000
--- a/lang/python24/patches/patch-bi
+++ /dev/null
@@ -1,16 +0,0 @@
-$NetBSD: patch-bi,v 1.1 2008/08/05 10:45:45 drochner Exp $
-
---- Modules/almodule.c.orig 2006-09-27 21:17:32.000000000 +0200
-+++ Modules/almodule.c
-@@ -1633,9 +1633,11 @@ al_QueryValues(PyObject *self, PyObject
- if (nvals < 0)
- goto cleanup;
- if (nvals > setsize) {
-+ ALvalue *old_return_set = return_set;
- setsize = nvals;
- PyMem_RESIZE(return_set, ALvalue, setsize);
- if (return_set == NULL) {
-+ return_set = old_return_set;
- PyErr_NoMemory();
- goto cleanup;
- }
diff --git a/lang/python24/patches/patch-bj b/lang/python24/patches/patch-bj
deleted file mode 100644
index 6bf08ba39f6..00000000000
--- a/lang/python24/patches/patch-bj
+++ /dev/null
@@ -1,35 +0,0 @@
-$NetBSD: patch-bj,v 1.1 2008/08/05 10:45:45 drochner Exp $
-
---- Modules/arraymodule.c.orig 2008-03-02 20:20:32.000000000 +0100
-+++ Modules/arraymodule.c
-@@ -814,6 +814,7 @@ static int
- array_do_extend(arrayobject *self, PyObject *bb)
- {
- int size;
-+ char *old_item;
-
- if (!array_Check(bb))
- return array_iter_extend(self, bb);
-@@ -829,10 +830,11 @@ array_do_extend(arrayobject *self, PyObj
- return -1;
- }
- size = self->ob_size + b->ob_size;
-+ old_item = self->ob_item;
- PyMem_RESIZE(self->ob_item, char, size*self->ob_descr->itemsize);
- if (self->ob_item == NULL) {
-- PyObject_Del(self);
-- PyErr_NoMemory();
-+ self->ob_item = old_item;
-+ PyErr_NoMemory();
- return -1;
- }
- memcpy(self->ob_item + self->ob_size*self->ob_descr->itemsize,
-@@ -884,7 +886,7 @@ array_inplace_repeat(arrayobject *self,
- if (size > INT_MAX / n) {
- return PyErr_NoMemory();
- }
-- PyMem_Resize(items, char, n * size);
-+ PyMem_RESIZE(items, char, n * size);
- if (items == NULL)
- return PyErr_NoMemory();
- p = items;
diff --git a/lang/python24/patches/patch-bk b/lang/python24/patches/patch-bk
deleted file mode 100644
index 85c60356c3a..00000000000
--- a/lang/python24/patches/patch-bk
+++ /dev/null
@@ -1,18 +0,0 @@
-$NetBSD: patch-bk,v 1.1 2008/08/05 10:45:45 drochner Exp $
-
---- Modules/selectmodule.c.orig 2006-09-27 21:17:32.000000000 +0200
-+++ Modules/selectmodule.c
-@@ -342,10 +342,12 @@ update_ufd_array(pollObject *self)
- {
- int i, pos;
- PyObject *key, *value;
-+ struct pollfd *old_ufds = self->ufds;
-
- self->ufd_len = PyDict_Size(self->dict);
-- PyMem_Resize(self->ufds, struct pollfd, self->ufd_len);
-+ PyMem_RESIZE(self->ufds, struct pollfd, self->ufd_len);
- if (self->ufds == NULL) {
-+ self->ufds = old_ufds;
- PyErr_NoMemory();
- return 0;
- }
diff --git a/lang/python24/patches/patch-bl b/lang/python24/patches/patch-bl
deleted file mode 100644
index 8abfc2f0854..00000000000
--- a/lang/python24/patches/patch-bl
+++ /dev/null
@@ -1,36 +0,0 @@
-$NetBSD: patch-bl,v 1.1 2008/08/05 10:45:46 drochner Exp $
-
---- Objects/obmalloc.c.orig 2005-07-11 07:57:11.000000000 +0200
-+++ Objects/obmalloc.c
-@@ -585,6 +585,15 @@ PyObject_Malloc(size_t nbytes)
- uint size;
-
- /*
-+ * Limit ourselves to INT_MAX bytes to prevent security holes.
-+ * Most python internals blindly use a signed Py_ssize_t to track
-+ * things without checking for overflows or negatives.
-+ * As size_t is unsigned, checking for nbytes < 0 is not required.
-+ */
-+ if (nbytes > INT_MAX)
-+ return NULL;
-+
-+ /*
- * This implicitly redirects malloc(0).
- */
- if ((nbytes - 1) < SMALL_REQUEST_THRESHOLD) {
-@@ -814,6 +823,15 @@ PyObject_Realloc(void *p, size_t nbytes)
- if (p == NULL)
- return PyObject_Malloc(nbytes);
-
-+ /*
-+ * Limit ourselves to INT_MAX bytes to prevent security holes.
-+ * Most python internals blindly use a signed Py_ssize_t to track
-+ * things without checking for overflows or negatives.
-+ * As size_t is unsigned, checking for nbytes < 0 is not required.
-+ */
-+ if (nbytes > INT_MAX)
-+ return NULL;
-+
- pool = POOL_ADDR(p);
- if (Py_ADDRESS_IN_RANGE(p, pool)) {
- /* We're in charge of this block */
diff --git a/lang/python24/patches/patch-bm b/lang/python24/patches/patch-bm
deleted file mode 100644
index 2c1de4873a1..00000000000
--- a/lang/python24/patches/patch-bm
+++ /dev/null
@@ -1,57 +0,0 @@
-$NetBSD: patch-bm,v 1.1 2008/08/07 11:20:18 drochner Exp $
-
---- Python/mysnprintf.c.orig 2001-12-21 17:32:15.000000000 +0100
-+++ Python/mysnprintf.c
-@@ -54,18 +54,28 @@ int
- PyOS_vsnprintf(char *str, size_t size, const char *format, va_list va)
- {
- int len; /* # bytes written, excluding \0 */
--#ifndef HAVE_SNPRINTF
-+#ifdef HAVE_SNPRINTF
-+#define _PyOS_vsnprintf_EXTRA_SPACE 1
-+#else
-+#define _PyOS_vsnprintf_EXTRA_SPACE 512
- char *buffer;
- #endif
- assert(str != NULL);
- assert(size > 0);
- assert(format != NULL);
-+ /* We take a size_t as input but return an int. Sanity check
-+ * our input so that it won't cause an overflow in the
-+ * vsnprintf return value or the buffer malloc size. */
-+ if (size > INT_MAX - _PyOS_vsnprintf_EXTRA_SPACE) {
-+ len = -666;
-+ goto Done;
-+ }
-
- #ifdef HAVE_SNPRINTF
- len = vsnprintf(str, size, format, va);
- #else
- /* Emulate it. */
-- buffer = PyMem_MALLOC(size + 512);
-+ buffer = PyMem_MALLOC(size + _PyOS_vsnprintf_EXTRA_SPACE);
- if (buffer == NULL) {
- len = -666;
- goto Done;
-@@ -75,7 +85,7 @@ PyOS_vsnprintf(char *str, size_t size, c
- if (len < 0)
- /* ignore the error */;
-
-- else if ((size_t)len >= size + 512)
-+ else if ((size_t)len >= size + _PyOS_vsnprintf_EXTRA_SPACE)
- Py_FatalError("Buffer overflow in PyOS_snprintf/PyOS_vsnprintf");
-
- else {
-@@ -86,8 +96,10 @@ PyOS_vsnprintf(char *str, size_t size, c
- str[to_copy] = '\0';
- }
- PyMem_FREE(buffer);
--Done:
- #endif
-- str[size-1] = '\0';
-+Done:
-+ if (size > 0)
-+ str[size-1] = '\0';
- return len;
-+#undef _PyOS_vsnprintf_EXTRA_SPACE
- }