diff options
| author | obache <obache@pkgsrc.org> | 2014-02-11 05:52:56 +0000 |
|---|---|---|
| committer | obache <obache@pkgsrc.org> | 2014-02-11 05:52:56 +0000 |
| commit | 237d1b45b3936f42652e1052c5a40a27bc0935a3 (patch) | |
| tree | d72aa8ba50f3e96fba5ec391347cfe4bfcb2e74d /lang/python33 | |
| parent | 2cb674c6570f966cf657040c559e2b33f379483f (diff) | |
| download | pkgsrc-237d1b45b3936f42652e1052c5a40a27bc0935a3.tar.gz | |
Fixes SA56624, taken from upstream.
Bump PKGREVISION.
Diffstat (limited to 'lang/python33')
| -rw-r--r-- | lang/python33/Makefile | 3 | ||||
| -rw-r--r-- | lang/python33/distinfo | 3 | ||||
| -rw-r--r-- | lang/python33/patches/patch-Modules_socketmodule.c | 19 |
3 files changed, 23 insertions, 2 deletions
diff --git a/lang/python33/Makefile b/lang/python33/Makefile index bbe84abd49d..47cd3bbdf7c 100644 --- a/lang/python33/Makefile +++ b/lang/python33/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.13 2013/11/21 14:06:43 adam Exp $ +# $NetBSD: Makefile,v 1.14 2014/02/11 05:52:56 obache Exp $ .include "dist.mk" PKGNAME= python33-${PY_DISTVERSION} +PKGREVISION= 1 CATEGORIES= lang python MAINTAINER= pkgsrc-users@NetBSD.org diff --git a/lang/python33/distinfo b/lang/python33/distinfo index dc66d40a967..7f73310e5d8 100644 --- a/lang/python33/distinfo +++ b/lang/python33/distinfo @@ -1,9 +1,10 @@ -$NetBSD: distinfo,v 1.7 2013/11/21 14:06:43 adam Exp $ +$NetBSD: distinfo,v 1.8 2014/02/11 05:52:56 obache Exp $ SHA1 (Python-3.3.3.tar.xz) = af4e75a34bd538c79b9871227c2e7f56569ac107 RMD160 (Python-3.3.3.tar.xz) = 62e262879f871fc2e9c5b3e85debd51c2691ca32 Size (Python-3.3.3.tar.xz) = 12057744 bytes SHA1 (patch-Lib_distutils_unixccompiler.py) = 39cb8d1e1e3e76e2b6b5dbc1a6b5e0815300b2ce +SHA1 (patch-Modules_socketmodule.c) = 789b05d27f5821ee9968dacd4dedc9133cc73775 SHA1 (patch-aa) = 99ebcbbfc53b855a32b424dec27012e1e969c3d0 SHA1 (patch-ab) = 1c0a25bf7ec6ee76e84c799619ec7cd8910f16e1 SHA1 (patch-ah) = bb43aaab260935a5a0d5e7ce1ccc30f4832cab1d diff --git a/lang/python33/patches/patch-Modules_socketmodule.c b/lang/python33/patches/patch-Modules_socketmodule.c new file mode 100644 index 00000000000..4e00ccc91cc --- /dev/null +++ b/lang/python33/patches/patch-Modules_socketmodule.c @@ -0,0 +1,19 @@ +$NetBSD: patch-Modules_socketmodule.c,v 1.1 2014/02/11 05:52:56 obache Exp $ + +* Fix vulnerability reported in SA56624, taken from upstream: + http://hg.python.org/cpython/rev/7f176a45211f/ + +--- Modules/socketmodule.c.orig 2013-11-17 07:23:02.000000000 +0000 ++++ Modules/socketmodule.c +@@ -2935,6 +2935,11 @@ sock_recvfrom_into(PySocketSockObject *s + if (recvlen == 0) { + /* If nbytes was not specified, use the buffer's length */ + recvlen = buflen; ++ } else if (recvlen > buflen) { ++ PyBuffer_Release(&pbuf); ++ PyErr_SetString(PyExc_ValueError, ++ "nbytes is greater than the length of the buffer"); ++ return NULL; + } + + readlen = sock_recvfrom_guts(s, buf, recvlen, flags, &addr); |