Add fix for CVE-2014-2667. Bump PKGREVISION.

3 files changed, 61 insertions, 2 deletions

diff --git a/lang/python34/Makefile b/lang/python34/Makefile
index ae7e6850c67..5d6a80c11e8 100644
--- a/lang/python34/Makefile
+++ b/lang/python34/Makefile
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.2 2014/05/09 05:59:09 obache Exp $
+# $NetBSD: Makefile,v 1.3 2014/05/15 12:43:52 wiz Exp $
 
 .include "dist.mk"
 
 PKGNAME=	python34-${PY_DISTVERSION}
+PKGREVISION=	1
 CATEGORIES=	lang python
 
 MAINTAINER=	pkgsrc-users@NetBSD.org
diff --git a/lang/python34/distinfo b/lang/python34/distinfo
index 3665db490e6..cd7be471dd5 100644
--- a/lang/python34/distinfo
+++ b/lang/python34/distinfo
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.6 2014/05/10 08:11:02 wiz Exp $
+$NetBSD: distinfo,v 1.7 2014/05/15 12:43:52 wiz Exp $
 
 SHA1 (Python-3.4.0.tar.xz) = f54d7cf6af5dbd9bddbe31cf4772f39711381dbe
 RMD160 (Python-3.4.0.tar.xz) = f6b4664a4333a2010f8e168e252de7c22013e4a8
 Size (Python-3.4.0.tar.xz) = 14084912 bytes
 SHA1 (patch-Lib_distutils_unixccompiler.py) = 39cb8d1e1e3e76e2b6b5dbc1a6b5e0815300b2ce
+SHA1 (patch-Lib_os.py) = 0e834a55d4c2ac70a1daaddbed439dff2de37c8e
 SHA1 (patch-aa) = 14359f8d0527eff08073c0aea60dfe8961d9255d
 SHA1 (patch-ah) = b3a1363f6d210f855f3769650e3891b0df5c531d
 SHA1 (patch-al) = 0944fb5b807985723070ac44358505c3053f9997
diff --git a/lang/python34/patches/patch-Lib_os.py b/lang/python34/patches/patch-Lib_os.py
new file mode 100644
index 00000000000..fc7f684cca8
--- /dev/null
+++ b/lang/python34/patches/patch-Lib_os.py
@@ -0,0 +1,57 @@
+$NetBSD: patch-Lib_os.py,v 1.1 2014/05/15 12:43:52 wiz Exp $
+
+Fix for CVE-2014-2667 based on
+http://hg.python.org/cpython/rev/6370d44013f7
+
+--- Lib/os.py.orig	2014-03-17 02:31:29.000000000 +0000
++++ Lib/os.py
+@@ -206,23 +206,16 @@ SEEK_SET = 0
+ SEEK_CUR = 1
+ SEEK_END = 2
+ 
+-
+-def _get_masked_mode(mode):
+-    mask = umask(0)
+-    umask(mask)
+-    return mode & ~mask
+-
+ # Super directory utilities.
+ # (Inspired by Eric Raymond; the doc strings are mostly his)
+ 
+ def makedirs(name, mode=0o777, exist_ok=False):
+     """makedirs(path [, mode=0o777][, exist_ok=False])
+ 
+-    Super-mkdir; create a leaf directory and all intermediate ones.
+-    Works like mkdir, except that any intermediate path segment (not
+-    just the rightmost) will be created if it does not exist. If the
+-    target directory with the same mode as we specified already exists,
+-    raises an OSError if exist_ok is False, otherwise no exception is
++    Super-mkdir; create a leaf directory and all intermediate ones.  Works like
++    mkdir, except that any intermediate path segment (not just the rightmost)
++    will be created if it does not exist. If the target directory already
++    exists, raise an OSError if exist_ok is False. Otherwise no exception is
+     raised.  This is recursive.
+ 
+     """
+@@ -243,20 +236,7 @@ def makedirs(name, mode=0o777, exist_ok=
+     try:
+         mkdir(name, mode)
+     except OSError as e:
+-        dir_exists = path.isdir(name)
+-        expected_mode = _get_masked_mode(mode)
+-        if dir_exists:
+-            # S_ISGID is automatically copied by the OS from parent to child
+-            # directories on mkdir.  Don't consider it being set to be a mode
+-            # mismatch as mkdir does not unset it when not specified in mode.
+-            actual_mode = st.S_IMODE(lstat(name).st_mode) & ~st.S_ISGID
+-        else:
+-            actual_mode = -1
+-        if not (e.errno == errno.EEXIST and exist_ok and dir_exists and
+-                actual_mode == expected_mode):
+-            if dir_exists and actual_mode != expected_mode:
+-                e.strerror += ' (mode %o != expected mode %o)' % (
+-                        actual_mode, expected_mode)
++        if not exist_ok or e.errno != errno.EEXIST or not path.isdir(name):
+             raise
+ 
+ def removedirs(name):