Add a fix for the DoS vulnerability reported in CVE-2012-1150 taken

from the Python Mercurial repository.

1 files changed, 37 insertions, 0 deletions

diff --git a/lang/python26/patches/patch-CVE-2012-1150-Python_pythonrun.c b/lang/python26/patches/patch-CVE-2012-1150-Python_pythonrun.c
new file mode 100644
index 00000000000..1f43d303369
--- /dev/null
+++ b/lang/python26/patches/patch-CVE-2012-1150-Python_pythonrun.c
@@ -0,0 +1,37 @@
+$NetBSD: patch-CVE-2012-1150-Python_pythonrun.c,v 1.1 2012/03/25 09:09:05 tron Exp $
+
+Fix for CVE-2012-1150 taken from here:
+
+http://hg.python.org/cpython/rev/6b7704fe1be1
+
+--- Python/pythonrun.c.orig	2010-05-25 23:40:38.000000000 +0100
++++ Python/pythonrun.c	2012-03-25 09:51:50.000000000 +0100
+@@ -67,6 +67,7 @@
+ static void call_ll_exitfuncs(void);
+ extern void _PyUnicode_Init(void);
+ extern void _PyUnicode_Fini(void);
++extern void _PyRandom_Init(void);
+ 
+ #ifdef WITH_THREAD
+ extern void _PyGILState_Init(PyInterpreterState *, PyThreadState *);
+@@ -89,6 +90,7 @@
+   true divisions (which they will be in 2.3). */
+ int _Py_QnewFlag = 0;
+ int Py_NoUserSiteDirectory = 0; /* for -s and site.py */
++int Py_HashRandomizationFlag = 0; /* for -R and PYTHONHASHSEED */
+ 
+ /* PyModule_GetWarningsModule is no longer necessary as of 2.6
+ since _warnings is builtin.  This API should not be used. */
+@@ -166,6 +168,12 @@
+         Py_OptimizeFlag = add_flag(Py_OptimizeFlag, p);
+     if ((p = Py_GETENV("PYTHONDONTWRITEBYTECODE")) && *p != '\0')
+         Py_DontWriteBytecodeFlag = add_flag(Py_DontWriteBytecodeFlag, p);
++    /* The variable is only tested for existence here; _PyRandom_Init will
++       check its value further. */
++    if ((p = Py_GETENV("PYTHONHASHSEED")) && *p != '\0')
++        Py_HashRandomizationFlag = add_flag(Py_HashRandomizationFlag, p);
++
++    _PyRandom_Init();
+ 
+     interp = PyInterpreterState_New();
+     if (interp == NULL)