diff options
| author | tron <tron@pkgsrc.org> | 2012-03-24 12:04:36 +0000 |
|---|---|---|
| committer | tron <tron@pkgsrc.org> | 2012-03-24 12:04:36 +0000 |
| commit | ae75825fac917a92fc2d23616af0bd2dd46f8d9d (patch) | |
| tree | d9d825efe987f0d093e868c18af3cbb510e7a694 /lang | |
| parent | 5cfa4e0119ec09521befaae3024b32f5452abb13 (diff) | |
| download | pkgsrc-ae75825fac917a92fc2d23616af0bd2dd46f8d9d.tar.gz | |
Add a fix for the DoS vulnerability reported in CVE-2012-1150 taken
from the Python Mercurial repository.
Diffstat (limited to 'lang')
29 files changed, 3238 insertions, 9 deletions
diff --git a/lang/python27/Makefile b/lang/python27/Makefile index 24adc2005da..bf2d1d416fd 100644 --- a/lang/python27/Makefile +++ b/lang/python27/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.13 2012/03/16 14:21:36 abs Exp $ +# $NetBSD: Makefile,v 1.14 2012/03/24 12:04:36 tron Exp $ .include "dist.mk" PKGNAME= python27-${PY_DISTVERSION} -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= lang python MAINTAINER= pkgsrc-users@NetBSD.org diff --git a/lang/python27/distinfo b/lang/python27/distinfo index 56309c3aad7..22705482483 100644 --- a/lang/python27/distinfo +++ b/lang/python27/distinfo @@ -1,9 +1,35 @@ -$NetBSD: distinfo,v 1.15 2012/02/15 16:08:26 drochner Exp $ +$NetBSD: distinfo,v 1.16 2012/03/24 12:04:36 tron Exp $ SHA1 (Python-2.7.2.tar.bz2) = 417bdeea77abfaf1b9257fc6b4a04aaa209f4547 RMD160 (Python-2.7.2.tar.bz2) = c3bf4f09b7c429a4d9f4cc251c795304cd5232c5 Size (Python-2.7.2.tar.bz2) = 11754834 bytes SHA1 (patch-CVE-2012-0845) = 1c0a8d7224b6b5cb65b24d38ac0967f8f8fb2da9 +SHA1 (patch-CVE-2012-1150-Doc_library_sys.rst) = 8580d187abaed9dce948988e50749be7527ee0f8 +SHA1 (patch-CVE-2012-1150-Doc_reference_datamodel.rst) = f145207d4cc32643e78fcac9d204089406dc96fe +SHA1 (patch-CVE-2012-1150-Doc_using_cmdline.rst) = fadd6f4822219adccd2268fd1fd0bf2bc330c994 +SHA1 (patch-CVE-2012-1150-Include_object.h) = 18559b16c80e08b8df62bb5c06a34c92105e56d9 +SHA1 (patch-CVE-2012-1150-Include_pydebug.h) = f71040bfbf930384c1fd4f3258c89e86259e7a52 +SHA1 (patch-CVE-2012-1150-Include_pythonrun.h) = cd8b8dfd673a81b231f1a35074ec73aba3c999ce +SHA1 (patch-CVE-2012-1150-Lib_os.py) = b7217bb7c7a3aeb974e65754f4314e76d65e0e12 +SHA1 (patch-CVE-2012-1150-Lib_test_test_cmd_line.py) = e55f48b43a4d41d05e2aa2b40f1a4f43d0d99eb9 +SHA1 (patch-CVE-2012-1150-Lib_test_test_compiler.py) = 27186659371dacee553a2fc9065db639f3336425 +SHA1 (patch-CVE-2012-1150-Lib_test_test_hash.py) = 8107307dc1bd6516280c464e631cf811e0cd59b4 +SHA1 (patch-CVE-2012-1150-Lib_test_test_os.py) = c3724a7346e3fc8d3003bd26a0556668b0896f5c +SHA1 (patch-CVE-2012-1150-Lib_test_test_set.py) = a19cfff0a38411a19aadc4294b6f24deabaa4aab +SHA1 (patch-CVE-2012-1150-Lib_test_test_support.py) = f635d3135f9a3e3387f6a2e6e00b054969f78d3c +SHA1 (patch-CVE-2012-1150-Lib_test_test_sys.py) = 887f1f50b5e6102e334a73a451211addb9d4263a +SHA1 (patch-CVE-2012-1150-Misc_NEWS) = 807b7bb73542861262890ea0a57dd13e193042ab +SHA1 (patch-CVE-2012-1150-Misc_python.man) = d89d9258a4dad8de5a22e8625df03d6da34ea92c +SHA1 (patch-CVE-2012-1150-Modules_main.c) = b79a20d671062039ba580921cfa1f06634cca135 +SHA1 (patch-CVE-2012-1150-Modules_posixmodule.c) = 1a252303f6adc29150e0a109f78ceb1a54bbc28d +SHA1 (patch-CVE-2012-1150-Objects_bufferobject.c) = 383878c6b8767b3cce7a9b83890f8f79d1deac94 +SHA1 (patch-CVE-2012-1150-Objects_object.c) = bd134011028c0c73d95007878ad16499a3125a98 +SHA1 (patch-CVE-2012-1150-Objects_stringobject.c) = 6efc29891d04fd0112d88ce2898ef2bdd5f47718 +SHA1 (patch-CVE-2012-1150-Objects_unicodeobject.c) = 499b80ed541b49dfb3fbf49c2a18b30f89703f2c +SHA1 (patch-CVE-2012-1150-PCbuild_pythoncore.vcproj) = 17277d7d82a10cd32c9cb35510a8c76f620536ed +SHA1 (patch-CVE-2012-1150-Python_pythonrun.c) = 8ae9796a18145d3d6261aad1390ede9ab4c6d6c9 +SHA1 (patch-CVE-2012-1150-Python_random.c) = 71c4bcc6e781240ad91b1679c9790e77b770eeb9 +SHA1 (patch-CVE-2012-1150-Python_sysmodule.c) = cb14822430f9dcbaf34c10b211065cb9f244d963 SHA1 (patch-Mac_Modules_fm___Fmmodule.c) = b9314bccb51b4fe672b81559068f7a79d2965f94 SHA1 (patch-Mac_Modules_qd___Qdmodule.c) = 45c748b15b9436d45ba137460389638aa7108c8d SHA1 (patch-Mac_Modules_qdoffs___Qdoffsmodule.c) = 9994f0c1a908f18f1f3df3f05b184f082c018365 @@ -16,7 +42,7 @@ SHA1 (patch-al) = b97c2e73b9038e22f55ec226c2cbcc671466ad19 SHA1 (patch-am) = f56a53eb9f4694913d317c09e162bdd413f8f38f SHA1 (patch-an) = 6098fbf0fc31422196cc40d3a227934523db11ca SHA1 (patch-ao) = 9996a444fc0034c9f01fd18f4ad7bf714a8c8d04 -SHA1 (patch-au) = 18fce68df48e43c2927cc83e6b4b404b5e1103b7 +SHA1 (patch-au) = 15b30cb5c77d2916538a390d9a08c0675ac01970 SHA1 (patch-av) = a14eaf4d5db6fc3b79ed896fbfcc34ca98051af2 SHA1 (patch-aw) = 15652e241f371a22c7300f46771825ea74514fa0 SHA1 (patch-ax) = bdb8e6555f36b1603c553e03a2d6d772e50c623b diff --git a/lang/python27/patches/patch-CVE-2012-1150-Doc_library_sys.rst b/lang/python27/patches/patch-CVE-2012-1150-Doc_library_sys.rst new file mode 100644 index 00000000000..7be9d0a2c7c --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-Doc_library_sys.rst @@ -0,0 +1,16 @@ +$NetBSD: patch-CVE-2012-1150-Doc_library_sys.rst,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 + +--- Doc/library/sys.rst.orig 2011-06-11 16:46:23.000000000 +0100 ++++ Doc/library/sys.rst 2012-03-24 11:02:25.000000000 +0000 +@@ -287,6 +287,7 @@ + :const:`verbose` :option:`-v` + :const:`unicode` :option:`-U` + :const:`bytes_warning` :option:`-b` ++ :const:`hash_randomization` :option:`-R` + ============================= =================================== + + .. versionadded:: 2.6 diff --git a/lang/python27/patches/patch-CVE-2012-1150-Doc_reference_datamodel.rst b/lang/python27/patches/patch-CVE-2012-1150-Doc_reference_datamodel.rst new file mode 100644 index 00000000000..860c5c28c03 --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-Doc_reference_datamodel.rst @@ -0,0 +1,17 @@ +$NetBSD: patch-CVE-2012-1150-Doc_reference_datamodel.rst,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 + +--- Doc/reference/datamodel.rst.orig 2011-06-11 16:46:23.000000000 +0100 ++++ Doc/reference/datamodel.rst 2012-03-24 11:02:25.000000000 +0000 +@@ -1282,6 +1282,8 @@ + modules are still available at the time when the :meth:`__del__` method is + called. + ++ See also the :option:`-R` command-line option. ++ + + .. method:: object.__repr__(self) + diff --git a/lang/python27/patches/patch-CVE-2012-1150-Doc_using_cmdline.rst b/lang/python27/patches/patch-CVE-2012-1150-Doc_using_cmdline.rst new file mode 100644 index 00000000000..95824763a3f --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-Doc_using_cmdline.rst @@ -0,0 +1,75 @@ +$NetBSD: patch-CVE-2012-1150-Doc_using_cmdline.rst,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 + +--- Doc/using/cmdline.rst.orig 2011-06-11 16:46:23.000000000 +0100 ++++ Doc/using/cmdline.rst 2012-03-24 11:02:25.000000000 +0000 +@@ -24,7 +24,7 @@ + + When invoking Python, you may specify any of these options:: + +- python [-BdEiOQsStuUvVWxX3?] [-c command | -m module-name | script | - ] [args] ++ python [-BdEiOQsRStuUvVWxX3?] [-c command | -m module-name | script | - ] [args] + + The most common use case is, of course, a simple invocation of a script:: + +@@ -253,6 +253,29 @@ + :pep:`238` -- Changing the division operator + + ++.. cmdoption:: -R ++ ++ Turn on hash randomization, so that the :meth:`__hash__` values of str, ++ bytes and datetime objects are "salted" with an unpredictable random value. ++ Although they remain constant within an individual Python process, they are ++ not predictable between repeated invocations of Python. ++ ++ This is intended to provide protection against a denial-of-service caused by ++ carefully-chosen inputs that exploit the worst case performance of a dict ++ insertion, O(n^2) complexity. See ++ http://www.ocert.org/advisories/ocert-2011-003.html for details. ++ ++ Changing hash values affects the order in which keys are retrieved from a ++ dict. Although Python has never made guarantees about this ordering (and it ++ typically varies between 32-bit and 64-bit builds), enough real-world code ++ implicitly relies on this non-guaranteed behavior that the randomization is ++ disabled by default. ++ ++ See also :envvar:`PYTHONHASHSEED`. ++ ++ .. versionadded:: 2.6.8 ++ ++ + .. cmdoption:: -s + + Don't add user site directory to sys.path +@@ -521,6 +544,27 @@ + + .. versionadded:: 2.6 + ++.. envvar:: PYTHONHASHSEED ++ ++ If this variable is set to ``random``, the effect is the same as specifying ++ the :option:`-R` option: a random value is used to seed the hashes of str, ++ bytes and datetime objects. ++ ++ If :envvar:`PYTHONHASHSEED` is set to an integer value, it is used as a ++ fixed seed for generating the hash() of the types covered by the hash ++ randomization. ++ ++ Its purpose is to allow repeatable hashing, such as for selftests for the ++ interpreter itself, or to allow a cluster of python processes to share hash ++ values. ++ ++ The integer must be a decimal number in the range [0,4294967295]. ++ Specifying the value 0 will lead to the same hash values as when hash ++ randomization is disabled. ++ ++ .. versionadded:: 2.6.8 ++ ++ + .. envvar:: PYTHONIOENCODING + + Overrides the encoding used for stdin/stdout/stderr, in the syntax diff --git a/lang/python27/patches/patch-CVE-2012-1150-Include_object.h b/lang/python27/patches/patch-CVE-2012-1150-Include_object.h new file mode 100644 index 00000000000..a63bc2f1e8e --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-Include_object.h @@ -0,0 +1,21 @@ +$NetBSD: patch-CVE-2012-1150-Include_object.h,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 + +--- Include/object.h.orig 2011-06-11 16:46:23.000000000 +0100 ++++ Include/object.h 2012-03-24 11:02:25.000000000 +0000 +@@ -517,6 +517,12 @@ + PyAPI_FUNC(long) _Py_HashDouble(double); + PyAPI_FUNC(long) _Py_HashPointer(void*); + ++typedef struct { ++ long prefix; ++ long suffix; ++} _Py_HashSecret_t; ++PyAPI_DATA(_Py_HashSecret_t) _Py_HashSecret; ++ + /* Helper for passing objects to printf and the like */ + #define PyObject_REPR(obj) PyString_AS_STRING(PyObject_Repr(obj)) + diff --git a/lang/python27/patches/patch-CVE-2012-1150-Include_pydebug.h b/lang/python27/patches/patch-CVE-2012-1150-Include_pydebug.h new file mode 100644 index 00000000000..5395e087bc3 --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-Include_pydebug.h @@ -0,0 +1,16 @@ +$NetBSD: patch-CVE-2012-1150-Include_pydebug.h,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 + +--- Include/pydebug.h.orig 2011-06-11 16:46:23.000000000 +0100 ++++ Include/pydebug.h 2012-03-24 11:02:25.000000000 +0000 +@@ -26,6 +26,7 @@ + PyAPI_DATA(int) _Py_QnewFlag; + /* Warn about 3.x issues */ + PyAPI_DATA(int) Py_Py3kWarningFlag; ++PyAPI_DATA(int) Py_HashRandomizationFlag; + + /* this is a wrapper around getenv() that pays attention to + Py_IgnoreEnvironmentFlag. It should be used for getting variables like diff --git a/lang/python27/patches/patch-CVE-2012-1150-Include_pythonrun.h b/lang/python27/patches/patch-CVE-2012-1150-Include_pythonrun.h new file mode 100644 index 00000000000..c7368b49d0a --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-Include_pythonrun.h @@ -0,0 +1,17 @@ +$NetBSD: patch-CVE-2012-1150-Include_pythonrun.h,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 + +--- Include/pythonrun.h.orig 2011-06-11 16:46:23.000000000 +0100 ++++ Include/pythonrun.h 2012-03-24 11:02:25.000000000 +0000 +@@ -171,6 +171,8 @@ + PyAPI_FUNC(PyOS_sighandler_t) PyOS_getsig(int); + PyAPI_FUNC(PyOS_sighandler_t) PyOS_setsig(int, PyOS_sighandler_t); + ++/* Random */ ++PyAPI_FUNC(int) _PyOS_URandom (void *buffer, Py_ssize_t size); + + #ifdef __cplusplus + } diff --git a/lang/python27/patches/patch-CVE-2012-1150-Lib_os.py b/lang/python27/patches/patch-CVE-2012-1150-Lib_os.py new file mode 100644 index 00000000000..ebbb7749a35 --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-Lib_os.py @@ -0,0 +1,31 @@ +$NetBSD: patch-CVE-2012-1150-Lib_os.py,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 + +--- Lib/os.py.orig 2011-06-11 16:46:24.000000000 +0100 ++++ Lib/os.py 2012-03-24 11:02:25.000000000 +0000 +@@ -738,22 +738,3 @@ + _make_statvfs_result) + except NameError: # statvfs_result may not exist + pass +- +-if not _exists("urandom"): +- def urandom(n): +- """urandom(n) -> str +- +- Return a string of n random bytes suitable for cryptographic use. +- +- """ +- try: +- _urandomfd = open("/dev/urandom", O_RDONLY) +- except (OSError, IOError): +- raise NotImplementedError("/dev/urandom (or equivalent) not found") +- try: +- bs = b"" +- while n > len(bs): +- bs += read(_urandomfd, n - len(bs)) +- finally: +- close(_urandomfd) +- return bs diff --git a/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_cmd_line.py b/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_cmd_line.py new file mode 100644 index 00000000000..86dc010262e --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_cmd_line.py @@ -0,0 +1,29 @@ +$NetBSD: patch-CVE-2012-1150-Lib_test_test_cmd_line.py,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 + +--- Lib/test/test_cmd_line.py.orig 2011-06-11 16:46:25.000000000 +0100 ++++ Lib/test/test_cmd_line.py 2012-03-24 11:02:25.000000000 +0000 +@@ -86,6 +86,20 @@ + self.exit_code('-c', 'pass'), + 0) + ++ def test_hash_randomization(self): ++ # Verify that -R enables hash randomization: ++ self.verify_valid_flag('-R') ++ hashes = [] ++ for i in range(2): ++ code = 'print(hash("spam"))' ++ data = self.start_python('-R', '-c', code) ++ hashes.append(data) ++ self.assertNotEqual(hashes[0], hashes[1]) ++ ++ # Verify that sys.flags contains hash_randomization ++ code = 'import sys; print sys.flags' ++ data = self.start_python('-R', '-c', code) ++ self.assertTrue('hash_randomization=1' in data) + + def test_main(): + test.test_support.run_unittest(CmdLineTest) diff --git a/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_compiler.py b/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_compiler.py new file mode 100644 index 00000000000..ac82658b69d --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_compiler.py @@ -0,0 +1,19 @@ +$NetBSD: patch-CVE-2012-1150-Lib_test_test_compiler.py,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/e3fb353b3fd4 + +--- Lib/test/test_compiler.py.orig 2011-06-11 16:46:25.000000000 +0100 ++++ Lib/test/test_compiler.py 2012-03-24 11:48:09.000000000 +0000 +@@ -28,8 +28,8 @@ + libdir = os.path.dirname(os.__file__) + testdir = os.path.dirname(test.test_support.__file__) + +- for dir in [libdir, testdir]: +- for basename in os.listdir(dir): ++ for dir in [testdir]: ++ for basename in "test_os.py",: + # Print still working message since this test can be really slow + if next_time <= time.time(): + next_time = time.time() + _PRINT_WORKING_MSG_INTERVAL diff --git a/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_hash.py b/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_hash.py new file mode 100644 index 00000000000..19263f3c9f0 --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_hash.py @@ -0,0 +1,129 @@ +$NetBSD: patch-CVE-2012-1150-Lib_test_test_hash.py,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 + +--- Lib/test/test_hash.py.orig 2011-06-11 16:46:25.000000000 +0100 ++++ Lib/test/test_hash.py 2012-03-24 11:02:25.000000000 +0000 +@@ -3,10 +3,18 @@ + # + # Also test that hash implementations are inherited as expected + ++import os ++import sys ++import struct ++import datetime + import unittest ++import subprocess ++ + from test import test_support + from collections import Hashable + ++IS_64BIT = (struct.calcsize('l') == 8) ++ + + class HashEqualityTestCase(unittest.TestCase): + +@@ -134,10 +142,100 @@ + for obj in self.hashes_to_check: + self.assertEqual(hash(obj), _default_hash(obj)) + ++class HashRandomizationTests(unittest.TestCase): ++ ++ # Each subclass should define a field "repr_", containing the repr() of ++ # an object to be tested ++ ++ def get_hash_command(self, repr_): ++ return 'print(hash(%s))' % repr_ ++ ++ def get_hash(self, repr_, seed=None): ++ env = os.environ.copy() ++ if seed is not None: ++ env['PYTHONHASHSEED'] = str(seed) ++ else: ++ env.pop('PYTHONHASHSEED', None) ++ cmd_line = [sys.executable, '-c', self.get_hash_command(repr_)] ++ p = subprocess.Popen(cmd_line, stdin=subprocess.PIPE, ++ stdout=subprocess.PIPE, stderr=subprocess.STDOUT, ++ env=env) ++ out, err = p.communicate() ++ out = test_support.strip_python_stderr(out) ++ return int(out.strip()) ++ ++ def test_randomized_hash(self): ++ # two runs should return different hashes ++ run1 = self.get_hash(self.repr_, seed='random') ++ run2 = self.get_hash(self.repr_, seed='random') ++ self.assertNotEqual(run1, run2) ++ ++class StringlikeHashRandomizationTests(HashRandomizationTests): ++ def test_null_hash(self): ++ # PYTHONHASHSEED=0 disables the randomized hash ++ if IS_64BIT: ++ known_hash_of_obj = 1453079729188098211 ++ else: ++ known_hash_of_obj = -1600925533 ++ ++ # Randomization is disabled by default: ++ self.assertEqual(self.get_hash(self.repr_), known_hash_of_obj) ++ ++ # It can also be disabled by setting the seed to 0: ++ self.assertEqual(self.get_hash(self.repr_, seed=0), known_hash_of_obj) ++ ++ def test_fixed_hash(self): ++ # test a fixed seed for the randomized hash ++ # Note that all types share the same values: ++ if IS_64BIT: ++ h = -4410911502303878509 ++ else: ++ h = -206076799 ++ self.assertEqual(self.get_hash(self.repr_, seed=42), h) ++ ++class StrHashRandomizationTests(StringlikeHashRandomizationTests): ++ repr_ = repr('abc') ++ ++ def test_empty_string(self): ++ self.assertEqual(hash(""), 0) ++ ++class UnicodeHashRandomizationTests(StringlikeHashRandomizationTests): ++ repr_ = repr(u'abc') ++ ++ def test_empty_string(self): ++ self.assertEqual(hash(u""), 0) ++ ++class BufferHashRandomizationTests(StringlikeHashRandomizationTests): ++ repr_ = 'buffer("abc")' ++ ++ def test_empty_string(self): ++ self.assertEqual(hash(buffer("")), 0) ++ ++class DatetimeTests(HashRandomizationTests): ++ def get_hash_command(self, repr_): ++ return 'import datetime; print(hash(%s))' % repr_ ++ ++class DatetimeDateTests(DatetimeTests): ++ repr_ = repr(datetime.date(1066, 10, 14)) ++ ++class DatetimeDatetimeTests(DatetimeTests): ++ repr_ = repr(datetime.datetime(1, 2, 3, 4, 5, 6, 7)) ++ ++class DatetimeTimeTests(DatetimeTests): ++ repr_ = repr(datetime.time(0)) ++ ++ + def test_main(): + test_support.run_unittest(HashEqualityTestCase, + HashInheritanceTestCase, +- HashBuiltinsTestCase) ++ HashBuiltinsTestCase, ++ StrHashRandomizationTests, ++ UnicodeHashRandomizationTests, ++ BufferHashRandomizationTests, ++ DatetimeDateTests, ++ DatetimeDatetimeTests, ++ DatetimeTimeTests) ++ + + + if __name__ == "__main__": diff --git a/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_os.py b/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_os.py new file mode 100644 index 00000000000..2b5cfb2f0f0 --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_os.py @@ -0,0 +1,67 @@ +$NetBSD: patch-CVE-2012-1150-Lib_test_test_os.py,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 +http://hg.python.org/cpython/rev/e3fb353b3fd4 + +--- Lib/test/test_os.py.orig 2011-06-11 16:46:25.000000000 +0100 ++++ Lib/test/test_os.py 2012-03-24 11:48:51.000000000 +0000 +@@ -10,6 +10,7 @@ + import signal + import subprocess + import time ++ + from test import test_support + import mmap + import uuid +@@ -512,18 +513,37 @@ + f.close() + + class URandomTests (unittest.TestCase): +- def test_urandom(self): +- try: +- self.assertEqual(len(os.urandom(1)), 1) +- self.assertEqual(len(os.urandom(10)), 10) +- self.assertEqual(len(os.urandom(100)), 100) +- self.assertEqual(len(os.urandom(1000)), 1000) +- # see http://bugs.python.org/issue3708 +- self.assertRaises(TypeError, os.urandom, 0.9) +- self.assertRaises(TypeError, os.urandom, 1.1) +- self.assertRaises(TypeError, os.urandom, 2.0) +- except NotImplementedError: +- pass ++ ++ def test_urandom_length(self): ++ self.assertEqual(len(os.urandom(0)), 0) ++ self.assertEqual(len(os.urandom(1)), 1) ++ self.assertEqual(len(os.urandom(10)), 10) ++ self.assertEqual(len(os.urandom(100)), 100) ++ self.assertEqual(len(os.urandom(1000)), 1000) ++ ++ def test_urandom_value(self): ++ data1 = os.urandom(16) ++ data2 = os.urandom(16) ++ self.assertNotEqual(data1, data2) ++ ++ def get_urandom_subprocess(self, count): ++ code = '\n'.join(( ++ 'import os, sys', ++ 'data = os.urandom(%s)' % count, ++ 'sys.stdout.write(data)', ++ 'sys.stdout.flush()')) ++ cmd_line = [sys.executable, '-c', code] ++ p = subprocess.Popen(cmd_line, stdin=subprocess.PIPE, ++ stdout=subprocess.PIPE, stderr=subprocess.STDOUT) ++ out, err = p.communicate() ++ out = test_support.strip_python_stderr(out) ++ self.assertEqual(len(out), count) ++ return out ++ ++ def test_urandom_subprocess(self): ++ data1 = self.get_urandom_subprocess(16) ++ data2 = self.get_urandom_subprocess(16) ++ self.assertNotEqual(data1, data2) + + def test_execvpe_with_bad_arglist(self): + self.assertRaises(ValueError, os.execvpe, 'notepad', [], None) diff --git a/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_set.py b/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_set.py new file mode 100644 index 00000000000..342fa13370a --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_set.py @@ -0,0 +1,73 @@ +$NetBSD: patch-CVE-2012-1150-Lib_test_test_set.py,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 + +--- Lib/test/test_set.py.orig 2011-06-11 16:46:25.000000000 +0100 ++++ Lib/test/test_set.py 2012-03-24 11:02:25.000000000 +0000 +@@ -687,6 +687,17 @@ + if self.repr is not None: + self.assertEqual(repr(self.set), self.repr) + ++ def check_repr_against_values(self): ++ text = repr(self.set) ++ self.assertTrue(text.startswith('{')) ++ self.assertTrue(text.endswith('}')) ++ ++ result = text[1:-1].split(', ') ++ result.sort() ++ sorted_repr_values = [repr(value) for value in self.values] ++ sorted_repr_values.sort() ++ self.assertEqual(result, sorted_repr_values) ++ + def test_print(self): + fo = open(test_support.TESTFN, "wb") + try: +@@ -836,6 +847,46 @@ + self.length = 3 + self.repr = None + ++#------------------------------------------------------------------------------ ++ ++class TestBasicOpsString(TestBasicOps): ++ def setUp(self): ++ self.case = "string set" ++ self.values = ["a", "b", "c"] ++ self.set = set(self.values) ++ self.dup = set(self.values) ++ self.length = 3 ++ ++ def test_repr(self): ++ self.check_repr_against_values() ++ ++#------------------------------------------------------------------------------ ++ ++class TestBasicOpsUnicode(TestBasicOps): ++ def setUp(self): ++ self.case = "unicode set" ++ self.values = [u"a", u"b", u"c"] ++ self.set = set(self.values) ++ self.dup = set(self.values) ++ self.length = 3 ++ ++ def test_repr(self): ++ self.check_repr_against_values() ++ ++#------------------------------------------------------------------------------ ++ ++class TestBasicOpsMixedStringUnicode(TestBasicOps): ++ def setUp(self): ++ self.case = "string and bytes set" ++ self.values = ["a", "b", u"a", u"b"] ++ self.set = set(self.values) ++ self.dup = set(self.values) ++ self.length = 4 ++ ++ def test_repr(self): ++ with test_support.check_warnings(): ++ self.check_repr_against_values() ++ + #============================================================================== + + def baditer(): diff --git a/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_support.py b/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_support.py new file mode 100644 index 00000000000..cccbfb8d074 --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_support.py @@ -0,0 +1,19 @@ +$NetBSD: patch-CVE-2012-1150-Lib_test_test_support.py,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 + +--- Lib/test/test_support.py.orig 2011-06-11 16:46:26.000000000 +0100 ++++ Lib/test/test_support.py 2012-03-24 11:02:25.000000000 +0000 +@@ -36,8 +36,8 @@ + "BasicTestRunner", "run_unittest", "run_doctest", "threading_setup", + "threading_cleanup", "reap_children", "cpython_only", + "check_impl_detail", "get_attribute", "py3k_bytes", +- "import_fresh_module"] +- ++ "import_fresh_module", "threading_cleanup", "reap_children", ++ "strip_python_stderr"] + + class Error(Exception): + """Base class for regression test exceptions.""" diff --git a/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_sys.py b/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_sys.py new file mode 100644 index 00000000000..e6f5da477bc --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_sys.py @@ -0,0 +1,17 @@ +$NetBSD: patch-CVE-2012-1150-Lib_test_test_sys.py,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 + +--- Lib/test/test_sys.py.orig 2011-06-11 16:46:26.000000000 +0100 ++++ Lib/test/test_sys.py 2012-03-24 11:02:25.000000000 +0000 +@@ -426,7 +426,7 @@ + attrs = ("debug", "py3k_warning", "division_warning", "division_new", + "inspect", "interactive", "optimize", "dont_write_bytecode", + "no_site", "ignore_environment", "tabcheck", "verbose", +- "unicode", "bytes_warning") ++ "unicode", "bytes_warning", "hash_randomization") + for attr in attrs: + self.assertTrue(hasattr(sys.flags, attr), attr) + self.assertEqual(type(getattr(sys.flags, attr)), int, attr) diff --git a/lang/python27/patches/patch-CVE-2012-1150-Misc_NEWS b/lang/python27/patches/patch-CVE-2012-1150-Misc_NEWS new file mode 100644 index 00000000000..479ef475576 --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-Misc_NEWS @@ -0,0 +1,20 @@ +$NetBSD: patch-CVE-2012-1150-Misc_NEWS,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 + +--- Misc/NEWS.orig 2011-06-11 16:46:26.000000000 +0100 ++++ Misc/NEWS 2012-03-24 11:03:47.000000000 +0000 +@@ -12,6 +12,11 @@ + + - Issue #12009: Fixed regression in netrc file comment handling. + ++- Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED ++ environment variable, to provide an opt-in way to protect against denial of ++ service attacks due to hash collisions within the dict and set types. Patch ++ by David Malcolm, based on work by Victor Stinner. ++ + Extension Modules + ----------------- + diff --git a/lang/python27/patches/patch-CVE-2012-1150-Misc_python.man b/lang/python27/patches/patch-CVE-2012-1150-Misc_python.man new file mode 100644 index 00000000000..e79470115cb --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-Misc_python.man @@ -0,0 +1,58 @@ +$NetBSD: patch-CVE-2012-1150-Misc_python.man,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 + +--- Misc/python.man.orig 2011-06-11 16:46:26.000000000 +0100 ++++ Misc/python.man 2012-03-24 11:02:25.000000000 +0000 +@@ -34,6 +34,9 @@ + .B \-OO + ] + [ ++.B \-R ++] ++[ + .B -Q + .I argument + ] +@@ -151,6 +154,18 @@ + .B \-OO + Discard docstrings in addition to the \fB-O\fP optimizations. + .TP ++.B \-R ++Turn on "hash randomization", so that the hash() values of str, bytes and ++datetime objects are "salted" with an unpredictable pseudo-random value. ++Although they remain constant within an individual Python process, they are ++not predictable between repeated invocations of Python. ++.IP ++This is intended to provide protection against a denial of service ++caused by carefully-chosen inputs that exploit the worst case performance ++of a dict insertion, O(n^2) complexity. See ++http://www.ocert.org/advisories/ocert-2011-003.html ++for details. ++.TP + .BI "\-Q " argument + Division control; see PEP 238. The argument must be one of "old" (the + default, int/int and long/long return an int or long), "new" (new +@@ -423,6 +438,20 @@ + .IP PYTHONWARNINGS + If this is set to a comma-separated string it is equivalent to + specifying the \fB\-W\fP option for each separate value. ++.IP PYTHONHASHSEED ++If this variable is set to "random", the effect is the same as specifying ++the \fB-R\fP option: a random value is used to seed the hashes of str, ++bytes and datetime objects. ++ ++If PYTHONHASHSEED is set to an integer value, it is used as a fixed seed for ++generating the hash() of the types covered by the hash randomization. Its ++purpose is to allow repeatable hashing, such as for selftests for the ++interpreter itself, or to allow a cluster of python processes to share hash ++values. ++ ++The integer must be a decimal number in the range [0,4294967295]. Specifying ++the value 0 will lead to the same hash values as when hash randomization is ++disabled. + .SH AUTHOR + The Python Software Foundation: http://www.python.org/psf + .SH INTERNET RESOURCES diff --git a/lang/python27/patches/patch-CVE-2012-1150-Modules_main.c b/lang/python27/patches/patch-CVE-2012-1150-Modules_main.c new file mode 100644 index 00000000000..ae52bc963f4 --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-Modules_main.c @@ -0,0 +1,59 @@ +$NetBSD: patch-CVE-2012-1150-Modules_main.c,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 + +--- Modules/main.c.orig 2011-06-11 16:46:27.000000000 +0100 ++++ Modules/main.c 2012-03-24 11:02:25.000000000 +0000 +@@ -40,7 +40,7 @@ + static int orig_argc; + + /* command line options */ +-#define BASE_OPTS "3bBc:dEhiJm:OQ:sStuUvVW:xX?" ++#define BASE_OPTS "3bBc:dEhiJm:OQ:RsStuUvVW:xX?" + + #ifndef RISCOS + #define PROGRAM_OPTS BASE_OPTS +@@ -71,6 +71,9 @@ + -m mod : run library module as a script (terminates option list)\n\ + -O : optimize generated bytecode slightly; also PYTHONOPTIMIZE=x\n\ + -OO : remove doc-strings in addition to the -O optimizations\n\ ++-R : use a pseudo-random salt to make hash() values of various types be\n\ ++ unpredictable between separate invocations of the interpreter, as\n\ ++ a defense against denial-of-service attacks\n\ + -Q arg : division options: -Qold (default), -Qwarn, -Qwarnall, -Qnew\n\ + -s : don't add user site directory to sys.path; also PYTHONNOUSERSITE\n\ + -S : don't imply 'import site' on initialization\n\ +@@ -102,6 +105,12 @@ + PYTHONCASEOK : ignore case in 'import' statements (Windows).\n\ + PYTHONIOENCODING: Encoding[:errors] used for stdin/stdout/stderr.\n\ + "; ++static char *usage_6 = "\ ++PYTHONHASHSEED: if this variable is set to ``random``, the effect is the same \n\ ++ as specifying the :option:`-R` option: a random value is used to seed the\n\ ++ hashes of str, bytes and datetime objects. It can also be set to an integer\n\ ++ in the range [0,4294967295] to get hash values with a predictable seed.\n\ ++"; + + + static int +@@ -118,6 +127,7 @@ + fputs(usage_3, f); + fprintf(f, usage_4, DELIM); + fprintf(f, usage_5, DELIM, PYTHONHOMEHELP); ++ fputs(usage_6, f); + } + #if defined(__VMS) + if (exitcode == 0) { +@@ -389,6 +399,10 @@ + PySys_AddWarnOption(_PyOS_optarg); + break; + ++ case 'R': ++ Py_HashRandomizationFlag++; ++ break; ++ + /* This space reserved for other options */ + + default: diff --git a/lang/python27/patches/patch-CVE-2012-1150-Modules_posixmodule.c b/lang/python27/patches/patch-CVE-2012-1150-Modules_posixmodule.c new file mode 100644 index 00000000000..2c87d2a662d --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-Modules_posixmodule.c @@ -0,0 +1,165 @@ +$NetBSD: patch-CVE-2012-1150-Modules_posixmodule.c,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 + +--- Modules/posixmodule.c.orig 2011-06-11 16:46:27.000000000 +0100 ++++ Modules/posixmodule.c 2012-03-24 11:02:25.000000000 +0000 +@@ -8476,117 +8476,35 @@ + } + #endif + +-#ifdef MS_WINDOWS +- +-PyDoc_STRVAR(win32_urandom__doc__, ++PyDoc_STRVAR(posix_urandom__doc__, + "urandom(n) -> str\n\n\ +-Return a string of n random bytes suitable for cryptographic use."); +- +-typedef BOOL (WINAPI *CRYPTACQUIRECONTEXTA)(HCRYPTPROV *phProv,\ +- LPCSTR pszContainer, LPCSTR pszProvider, DWORD dwProvType,\ +- DWORD dwFlags ); +-typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV hProv, DWORD dwLen,\ +- BYTE *pbBuffer ); +- +-static CRYPTGENRANDOM pCryptGenRandom = NULL; +-/* This handle is never explicitly released. Instead, the operating +- system will release it when the process terminates. */ +-static HCRYPTPROV hCryptProv = 0; ++Return n random bytes suitable for cryptographic use."); + +-static PyObject* +-win32_urandom(PyObject *self, PyObject *args) ++static PyObject * ++posix_urandom(PyObject *self, PyObject *args) + { +- int howMany; +- PyObject* result; ++ Py_ssize_t size; ++ PyObject *result; ++ int ret; + +- /* Read arguments */ +- if (! PyArg_ParseTuple(args, "i:urandom", &howMany)) ++ /* Read arguments */ ++ if (!PyArg_ParseTuple(args, "n:urandom", &size)) + return NULL; +- if (howMany < 0) ++ if (size < 0) + return PyErr_Format(PyExc_ValueError, + "negative argument not allowed"); +- +- if (hCryptProv == 0) { +- HINSTANCE hAdvAPI32 = NULL; +- CRYPTACQUIRECONTEXTA pCryptAcquireContext = NULL; +- +- /* Obtain handle to the DLL containing CryptoAPI +- This should not fail */ +- hAdvAPI32 = GetModuleHandle("advapi32.dll"); +- if(hAdvAPI32 == NULL) +- return win32_error("GetModuleHandle", NULL); +- +- /* Obtain pointers to the CryptoAPI functions +- This will fail on some early versions of Win95 */ +- pCryptAcquireContext = (CRYPTACQUIRECONTEXTA)GetProcAddress( +- hAdvAPI32, +- "CryptAcquireContextA"); +- if (pCryptAcquireContext == NULL) +- return PyErr_Format(PyExc_NotImplementedError, +- "CryptAcquireContextA not found"); +- +- pCryptGenRandom = (CRYPTGENRANDOM)GetProcAddress( +- hAdvAPI32, "CryptGenRandom"); +- if (pCryptGenRandom == NULL) +- return PyErr_Format(PyExc_NotImplementedError, +- "CryptGenRandom not found"); +- +- /* Acquire context */ +- if (! pCryptAcquireContext(&hCryptProv, NULL, NULL, +- PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) +- return win32_error("CryptAcquireContext", NULL); +- } +- +- /* Allocate bytes */ +- result = PyString_FromStringAndSize(NULL, howMany); +- if (result != NULL) { +- /* Get random data */ +- memset(PyString_AS_STRING(result), 0, howMany); /* zero seed */ +- if (! pCryptGenRandom(hCryptProv, howMany, (unsigned char*) +- PyString_AS_STRING(result))) { +- Py_DECREF(result); +- return win32_error("CryptGenRandom", NULL); +- } +- } +- return result; +-} +-#endif +- +-#ifdef __VMS +-/* Use openssl random routine */ +-#include <openssl/rand.h> +-PyDoc_STRVAR(vms_urandom__doc__, +-"urandom(n) -> str\n\n\ +-Return a string of n random bytes suitable for cryptographic use."); +- +-static PyObject* +-vms_urandom(PyObject *self, PyObject *args) +-{ +- int howMany; +- PyObject* result; +- +- /* Read arguments */ +- if (! PyArg_ParseTuple(args, "i:urandom", &howMany)) ++ result = PyBytes_FromStringAndSize(NULL, size); ++ if (result == NULL) + return NULL; +- if (howMany < 0) +- return PyErr_Format(PyExc_ValueError, +- "negative argument not allowed"); + +- /* Allocate bytes */ +- result = PyString_FromStringAndSize(NULL, howMany); +- if (result != NULL) { +- /* Get random data */ +- if (RAND_pseudo_bytes((unsigned char*) +- PyString_AS_STRING(result), +- howMany) < 0) { +- Py_DECREF(result); +- return PyErr_Format(PyExc_ValueError, +- "RAND_pseudo_bytes"); +- } ++ ret = _PyOS_URandom(PyBytes_AS_STRING(result), ++ PyBytes_GET_SIZE(result)); ++ if (ret == -1) { ++ Py_DECREF(result); ++ return NULL; + } + return result; + } +-#endif + + #ifdef HAVE_SETRESUID + PyDoc_STRVAR(posix_setresuid__doc__, +@@ -8972,12 +8890,6 @@ + #ifdef HAVE_GETLOADAVG + {"getloadavg", posix_getloadavg, METH_NOARGS, posix_getloadavg__doc__}, + #endif +- #ifdef MS_WINDOWS +- {"urandom", win32_urandom, METH_VARARGS, win32_urandom__doc__}, +- #endif +- #ifdef __VMS +- {"urandom", vms_urandom, METH_VARARGS, vms_urandom__doc__}, +- #endif + #ifdef HAVE_SETRESUID + {"setresuid", posix_setresuid, METH_VARARGS, posix_setresuid__doc__}, + #endif +@@ -8990,7 +8902,7 @@ + #ifdef HAVE_GETRESGID + {"getresgid", posix_getresgid, METH_NOARGS, posix_getresgid__doc__}, + #endif +- ++ {"urandom", posix_urandom, METH_VARARGS, posix_urandom__doc__}, + {NULL, NULL} /* Sentinel */ + }; + diff --git a/lang/python27/patches/patch-CVE-2012-1150-Objects_bufferobject.c b/lang/python27/patches/patch-CVE-2012-1150-Objects_bufferobject.c new file mode 100644 index 00000000000..71661719084 --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-Objects_bufferobject.c @@ -0,0 +1,30 @@ +$NetBSD: patch-CVE-2012-1150-Objects_bufferobject.c,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 + +--- Objects/bufferobject.c.orig 2011-06-11 16:46:27.000000000 +0100 ++++ Objects/bufferobject.c 2012-03-24 11:02:25.000000000 +0000 +@@ -334,10 +334,20 @@ + return -1; + p = (unsigned char *) ptr; + len = size; +- x = *p << 7; ++ /* ++ We make the hash of the empty buffer be 0, rather than using ++ (prefix ^ suffix), since this slightly obfuscates the hash secret ++ */ ++ if (len == 0) { ++ self->b_hash = 0; ++ return 0; ++ } ++ x = _Py_HashSecret.prefix; ++ x ^= *p << 7; + while (--len >= 0) + x = (1000003*x) ^ *p++; + x ^= size; ++ x ^= _Py_HashSecret.suffix; + if (x == -1) + x = -2; + self->b_hash = x; diff --git a/lang/python27/patches/patch-CVE-2012-1150-Objects_object.c b/lang/python27/patches/patch-CVE-2012-1150-Objects_object.c new file mode 100644 index 00000000000..4af52555b13 --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-Objects_object.c @@ -0,0 +1,17 @@ +$NetBSD: patch-CVE-2012-1150-Objects_object.c,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 + +--- Objects/object.c.orig 2011-06-11 16:46:27.000000000 +0100 ++++ Objects/object.c 2012-03-24 11:02:25.000000000 +0000 +@@ -1094,6 +1094,8 @@ + return -1; + } + ++_Py_HashSecret_t _Py_HashSecret; ++ + long + PyObject_Hash(PyObject *v) + { diff --git a/lang/python27/patches/patch-CVE-2012-1150-Objects_stringobject.c b/lang/python27/patches/patch-CVE-2012-1150-Objects_stringobject.c new file mode 100644 index 00000000000..33f059a278e --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-Objects_stringobject.c @@ -0,0 +1,31 @@ +$NetBSD: patch-CVE-2012-1150-Objects_stringobject.c,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 + +--- Objects/stringobject.c.orig 2011-06-11 16:46:27.000000000 +0100 ++++ Objects/stringobject.c 2012-03-24 11:02:25.000000000 +0000 +@@ -1265,11 +1265,21 @@ + if (a->ob_shash != -1) + return a->ob_shash; + len = Py_SIZE(a); ++ /* ++ We make the hash of the empty string be 0, rather than using ++ (prefix ^ suffix), since this slightly obfuscates the hash secret ++ */ ++ if (len == 0) { ++ a->ob_shash = 0; ++ return 0; ++ } + p = (unsigned char *) a->ob_sval; +- x = *p << 7; ++ x = _Py_HashSecret.prefix; ++ x ^= *p << 7; + while (--len >= 0) + x = (1000003*x) ^ *p++; + x ^= Py_SIZE(a); ++ x ^= _Py_HashSecret.suffix; + if (x == -1) + x = -2; + a->ob_shash = x; diff --git a/lang/python27/patches/patch-CVE-2012-1150-Objects_unicodeobject.c b/lang/python27/patches/patch-CVE-2012-1150-Objects_unicodeobject.c new file mode 100644 index 00000000000..1e6212cbc3c --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-Objects_unicodeobject.c @@ -0,0 +1,31 @@ +$NetBSD: patch-CVE-2012-1150-Objects_unicodeobject.c,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 + +--- Objects/unicodeobject.c.orig 2011-06-11 16:46:27.000000000 +0100 ++++ Objects/unicodeobject.c 2012-03-24 11:02:25.000000000 +0000 +@@ -6546,11 +6546,21 @@ + if (self->hash != -1) + return self->hash; + len = PyUnicode_GET_SIZE(self); ++ /* ++ We make the hash of the empty string be 0, rather than using ++ (prefix ^ suffix), since this slightly obfuscates the hash secret ++ */ ++ if (len == 0) { ++ self->hash = 0; ++ return 0; ++ } + p = PyUnicode_AS_UNICODE(self); +- x = *p << 7; ++ x = _Py_HashSecret.prefix; ++ x ^= *p << 7; + while (--len >= 0) + x = (1000003*x) ^ *p++; + x ^= PyUnicode_GET_SIZE(self); ++ x ^= _Py_HashSecret.suffix; + if (x == -1) + x = -2; + self->hash = x; diff --git a/lang/python27/patches/patch-CVE-2012-1150-PCbuild_pythoncore.vcproj b/lang/python27/patches/patch-CVE-2012-1150-PCbuild_pythoncore.vcproj new file mode 100644 index 00000000000..f93d00fc114 --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-PCbuild_pythoncore.vcproj @@ -0,0 +1,1840 @@ +$NetBSD: patch-CVE-2012-1150-PCbuild_pythoncore.vcproj,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 + +--- PCbuild/pythoncore.vcproj.orig 2011-06-11 16:46:27.000000000 +0100 ++++ PCbuild/pythoncore.vcproj 2012-03-24 11:02:25.000000000 +0000 +@@ -1,3 +1,4 @@ ++<<<<<<< local
+ <?xml version="1.0" encoding="Windows-1252"?>
+ <VisualStudioProject
+ ProjectType="Visual C++"
+@@ -1871,3 +1872,1826 @@ + <Globals>
+ </Globals>
+ </VisualStudioProject>
++=======
++<?xml version="1.0" encoding="Windows-1252"?> ++<VisualStudioProject ++ ProjectType="Visual C++" ++ Version="9,00" ++ Name="pythoncore" ++ ProjectGUID="{CF7AC3D1-E2DF-41D2-BEA6-1E2556CDEA26}" ++ RootNamespace="pythoncore" ++ TargetFrameworkVersion="131072" ++ > ++ <Platforms> ++ <Platform ++ Name="Win32" ++ /> ++ <Platform ++ Name="x64" ++ /> ++ </Platforms> ++ <ToolFiles> ++ </ToolFiles> ++ <Configurations> ++ <Configuration ++ Name="Release|Win32" ++ ConfigurationType="2" ++ InheritedPropertySheets=".\pyproject.vsprops;.\release.vsprops" ++ UseOfMFC="0" ++ ATLMinimizesCRunTimeLibraryUsage="false" ++ > ++ <Tool ++ Name="VCPreBuildEventTool" ++ /> ++ <Tool ++ Name="VCCustomBuildTool" ++ /> ++ <Tool ++ Name="VCXMLDataGeneratorTool" ++ /> ++ <Tool ++ Name="VCWebServiceProxyGeneratorTool" ++ /> ++ <Tool ++ Name="VCMIDLTool" ++ /> ++ <Tool ++ Name="VCCLCompilerTool" ++ AdditionalOptions="/Zm200 " ++ AdditionalIncludeDirectories="..\Python;..\Modules\zlib" ++ PreprocessorDefinitions="_USRDLL;Py_BUILD_CORE;Py_ENABLE_SHARED;WIN32" ++ RuntimeLibrary="2" ++ /> ++ <Tool ++ Name="VCManagedResourceCompilerTool" ++ /> ++ <Tool ++ Name="VCResourceCompilerTool" ++ PreprocessorDefinitions="NDEBUG" ++ Culture="1033" ++ AdditionalIncludeDirectories="..\Include" ++ /> ++ <Tool ++ Name="VCPreLinkEventTool" ++ Description="Generate build information..." ++ CommandLine=""$(SolutionDir)make_buildinfo.exe" Release" ++ /> ++ <Tool ++ Name="VCLinkerTool" ++ AdditionalDependencies="getbuildinfo.o" ++ OutputFile="$(OutDir)\$(PyDllName).dll" ++ IgnoreDefaultLibraryNames="libc" ++ ProgramDatabaseFile="$(OutDir)$(PyDllName).pdb" ++ BaseAddress="0x1e000000" ++ ImportLibrary="$(OutDir)$(PyDllName).lib" ++ /> ++ <Tool ++ Name="VCALinkTool" ++ /> ++ <Tool ++ Name="VCManifestTool" ++ /> ++ <Tool ++ Name="VCXDCMakeTool" ++ /> ++ <Tool ++ Name="VCBscMakeTool" ++ /> ++ <Tool ++ Name="VCFxCopTool" ++ /> ++ <Tool ++ Name="VCAppVerifierTool" ++ /> ++ <Tool ++ Name="VCPostBuildEventTool" ++ /> ++ </Configuration> ++ <Configuration ++ Name="Release|x64" ++ ConfigurationType="2" ++ InheritedPropertySheets=".\pyproject.vsprops;.\x64.vsprops;.\release.vsprops" ++ UseOfMFC="0" ++ ATLMinimizesCRunTimeLibraryUsage="false" ++ > ++ <Tool ++ Name="VCPreBuildEventTool" ++ /> ++ <Tool ++ Name="VCCustomBuildTool" ++ /> ++ <Tool ++ Name="VCXMLDataGeneratorTool" ++ /> ++ <Tool ++ Name="VCWebServiceProxyGeneratorTool" ++ /> ++ <Tool ++ Name="VCMIDLTool" ++ TargetEnvironment="3" ++ /> ++ <Tool ++ Name="VCCLCompilerTool" ++ AdditionalOptions="/Zm200 " ++ AdditionalIncludeDirectories="..\Python;..\Modules\zlib" ++ PreprocessorDefinitions="_USRDLL;Py_BUILD_CORE;Py_ENABLE_SHARED;WIN32" ++ RuntimeLibrary="2" ++ /> ++ <Tool ++ Name="VCManagedResourceCompilerTool" ++ /> ++ <Tool ++ Name="VCResourceCompilerTool" ++ PreprocessorDefinitions="NDEBUG" ++ Culture="1033" ++ AdditionalIncludeDirectories="..\Include" ++ /> ++ <Tool ++ Name="VCPreLinkEventTool" ++ Description="Generate build information..." ++ CommandLine=""$(SolutionDir)make_buildinfo.exe" Release" ++ /> ++ <Tool ++ Name="VCLinkerTool" ++ AdditionalDependencies="getbuildinfo.o" ++ OutputFile="$(OutDir)\$(PyDllName).dll" ++ IgnoreDefaultLibraryNames="libc" ++ ProgramDatabaseFile="$(OutDir)$(PyDllName).pdb" ++ BaseAddress="0x1e000000" ++ ImportLibrary="$(OutDir)$(PyDllName).lib" ++ /> ++ <Tool ++ Name="VCALinkTool" ++ /> ++ <Tool ++ Name="VCManifestTool" ++ /> ++ <Tool ++ Name="VCXDCMakeTool" ++ /> ++ <Tool ++ Name="VCBscMakeTool" ++ /> ++ <Tool ++ Name="VCFxCopTool" ++ /> ++ <Tool ++ Name="VCAppVerifierTool" ++ /> ++ <Tool ++ Name="VCPostBuildEventTool" ++ /> ++ </Configuration> ++ <Configuration ++ Name="Debug|Win32" ++ ConfigurationType="2" ++ InheritedPropertySheets=".\pyproject.vsprops;.\debug.vsprops" ++ UseOfMFC="0" ++ ATLMinimizesCRunTimeLibraryUsage="false" ++ CharacterSet="0" ++ > ++ <Tool ++ Name="VCPreBuildEventTool" ++ /> ++ <Tool ++ Name="VCCustomBuildTool" ++ /> ++ <Tool ++ Name="VCXMLDataGeneratorTool" ++ /> ++ <Tool ++ Name="VCWebServiceProxyGeneratorTool" ++ /> ++ <Tool ++ Name="VCMIDLTool" ++ /> ++ <Tool ++ Name="VCCLCompilerTool" ++ AdditionalOptions="/Zm200 " ++ Optimization="0" ++ InlineFunctionExpansion="0" ++ EnableIntrinsicFunctions="false" ++ AdditionalIncludeDirectories="..\Python;..\Modules\zlib" ++ PreprocessorDefinitions="_USRDLL;Py_BUILD_CORE;Py_ENABLE_SHARED;WIN32" ++ RuntimeLibrary="3" ++ /> ++ <Tool ++ Name="VCManagedResourceCompilerTool" ++ /> ++ <Tool ++ Name="VCResourceCompilerTool" ++ PreprocessorDefinitions="_DEBUG" ++ Culture="1033" ++ AdditionalIncludeDirectories="..\Include" ++ /> ++ <Tool ++ Name="VCPreLinkEventTool" ++ Description="Generate build information..." ++ CommandLine=""$(SolutionDir)make_buildinfo.exe" Debug" ++ /> ++ <Tool ++ Name="VCLinkerTool" ++ AdditionalDependencies="getbuildinfo.o" ++ OutputFile="$(OutDir)\$(PyDllName)_d.dll" ++ IgnoreDefaultLibraryNames="libc" ++ ProgramDatabaseFile="$(OutDir)$(PyDllName)_d.pdb" ++ BaseAddress="0x1e000000" ++ ImportLibrary="$(OutDir)$(PyDllName)_d.lib" ++ /> ++ <Tool ++ Name="VCALinkTool" ++ /> ++ <Tool ++ Name="VCManifestTool" ++ /> ++ <Tool ++ Name="VCXDCMakeTool" ++ /> ++ <Tool ++ Name="VCBscMakeTool" ++ /> ++ <Tool ++ Name="VCFxCopTool" ++ /> ++ <Tool ++ Name="VCAppVerifierTool" ++ /> ++ <Tool ++ Name="VCPostBuildEventTool" ++ /> ++ </Configuration> ++ <Configuration ++ Name="Debug|x64" ++ ConfigurationType="2" ++ InheritedPropertySheets=".\pyproject.vsprops;.\x64.vsprops;.\debug.vsprops" ++ UseOfMFC="0" ++ ATLMinimizesCRunTimeLibraryUsage="false" ++ > ++ <Tool ++ Name="VCPreBuildEventTool" ++ /> ++ <Tool ++ Name="VCCustomBuildTool" ++ /> ++ <Tool ++ Name="VCXMLDataGeneratorTool" ++ /> ++ <Tool ++ Name="VCWebServiceProxyGeneratorTool" ++ /> ++ <Tool ++ Name="VCMIDLTool" ++ TargetEnvironment="3" ++ /> ++ <Tool ++ Name="VCCLCompilerTool" ++ AdditionalOptions="/Zm200 " ++ Optimization="0" ++ InlineFunctionExpansion="0" ++ EnableIntrinsicFunctions="false" ++ AdditionalIncludeDirectories="..\Python;..\Modules\zlib" ++ PreprocessorDefinitions="_USRDLL;Py_BUILD_CORE;Py_ENABLE_SHARED;WIN32" ++ RuntimeLibrary="3" ++ /> ++ <Tool ++ Name="VCManagedResourceCompilerTool" ++ /> ++ <Tool ++ Name="VCResourceCompilerTool" ++ PreprocessorDefinitions="_DEBUG" ++ Culture="1033" ++ AdditionalIncludeDirectories="..\Include" ++ /> ++ <Tool ++ Name="VCPreLinkEventTool" ++ Description="Generate build information..." ++ CommandLine=""$(SolutionDir)make_buildinfo.exe" Debug" ++ /> ++ <Tool ++ Name="VCLinkerTool" ++ AdditionalDependencies="getbuildinfo.o" ++ OutputFile="$(OutDir)\$(PyDllName)_d.dll" ++ IgnoreDefaultLibraryNames="libc" ++ ProgramDatabaseFile="$(OutDir)$(PyDllName)_d.pdb" ++ BaseAddress="0x1e000000" ++ ImportLibrary="$(OutDir)$(PyDllName)_d.lib" ++ /> ++ <Tool ++ Name="VCALinkTool" ++ /> ++ <Tool ++ Name="VCManifestTool" ++ /> ++ <Tool ++ Name="VCXDCMakeTool" ++ /> ++ <Tool ++ Name="VCBscMakeTool" ++ /> ++ <Tool ++ Name="VCFxCopTool" ++ /> ++ <Tool ++ Name="VCAppVerifierTool" ++ /> ++ <Tool ++ Name="VCPostBuildEventTool" ++ /> ++ </Configuration> ++ <Configuration ++ Name="PGInstrument|Win32" ++ ConfigurationType="2" ++ InheritedPropertySheets=".\pyproject.vsprops;.\release.vsprops;.\pginstrument.vsprops" ++ UseOfMFC="0" ++ ATLMinimizesCRunTimeLibraryUsage="false" ++ > ++ <Tool ++ Name="VCPreBuildEventTool" ++ /> ++ <Tool ++ Name="VCCustomBuildTool" ++ /> ++ <Tool ++ Name="VCXMLDataGeneratorTool" ++ /> ++ <Tool ++ Name="VCWebServiceProxyGeneratorTool" ++ /> ++ <Tool ++ Name="VCMIDLTool" ++ /> ++ <Tool ++ Name="VCCLCompilerTool" ++ AdditionalOptions="/Zm200 " ++ AdditionalIncludeDirectories="..\Python;..\Modules\zlib" ++ PreprocessorDefinitions="_USRDLL;Py_BUILD_CORE;Py_ENABLE_SHARED;WIN32" ++ RuntimeLibrary="2" ++ /> ++ <Tool ++ Name="VCManagedResourceCompilerTool" ++ /> ++ <Tool ++ Name="VCResourceCompilerTool" ++ PreprocessorDefinitions="NDEBUG" ++ Culture="1033" ++ AdditionalIncludeDirectories="..\Include" ++ /> ++ <Tool ++ Name="VCPreLinkEventTool" ++ Description="Generate build information..." ++ CommandLine=""$(SolutionDir)make_buildinfo.exe" Release" ++ /> ++ <Tool ++ Name="VCLinkerTool" ++ AdditionalDependencies="getbuildinfo.o" ++ OutputFile="$(OutDir)\$(PyDllName).dll" ++ IgnoreDefaultLibraryNames="libc" ++ ProgramDatabaseFile="$(OutDir)$(PyDllName).pdb" ++ BaseAddress="0x1e000000" ++ ImportLibrary="$(OutDirPGI)$(PyDllName).lib" ++ /> ++ <Tool ++ Name="VCALinkTool" ++ /> ++ <Tool ++ Name="VCManifestTool" ++ /> ++ <Tool ++ Name="VCXDCMakeTool" ++ /> ++ <Tool ++ Name="VCBscMakeTool" ++ /> ++ <Tool ++ Name="VCFxCopTool" ++ /> ++ <Tool ++ Name="VCAppVerifierTool" ++ /> ++ <Tool ++ Name="VCPostBuildEventTool" ++ /> ++ </Configuration> ++ <Configuration ++ Name="PGInstrument|x64" ++ ConfigurationType="2" ++ InheritedPropertySheets=".\pyproject.vsprops;.\x64.vsprops;.\release.vsprops;.\pginstrument.vsprops" ++ UseOfMFC="0" ++ ATLMinimizesCRunTimeLibraryUsage="false" ++ > ++ <Tool ++ Name="VCPreBuildEventTool" ++ /> ++ <Tool ++ Name="VCCustomBuildTool" ++ /> ++ <Tool ++ Name="VCXMLDataGeneratorTool" ++ /> ++ <Tool ++ Name="VCWebServiceProxyGeneratorTool" ++ /> ++ <Tool ++ Name="VCMIDLTool" ++ TargetEnvironment="3" ++ /> ++ <Tool ++ Name="VCCLCompilerTool" ++ AdditionalOptions="/Zm200 " ++ AdditionalIncludeDirectories="..\Python;..\Modules\zlib" ++ PreprocessorDefinitions="_USRDLL;Py_BUILD_CORE;Py_ENABLE_SHARED;WIN32" ++ RuntimeLibrary="2" ++ /> ++ <Tool ++ Name="VCManagedResourceCompilerTool" ++ /> ++ <Tool ++ Name="VCResourceCompilerTool" ++ PreprocessorDefinitions="NDEBUG" ++ Culture="1033" ++ AdditionalIncludeDirectories="..\Include" ++ /> ++ <Tool ++ Name="VCPreLinkEventTool" ++ Description="Generate build information..." ++ CommandLine=""$(SolutionDir)make_buildinfo.exe" Release" ++ /> ++ <Tool ++ Name="VCLinkerTool" ++ AdditionalDependencies="getbuildinfo.o" ++ OutputFile="$(OutDir)\$(PyDllName).dll" ++ IgnoreDefaultLibraryNames="libc" ++ ProgramDatabaseFile="$(OutDir)$(PyDllName).pdb" ++ BaseAddress="0x1e000000" ++ ImportLibrary="$(OutDirPGI)$(PyDllName).lib" ++ TargetMachine="17" ++ /> ++ <Tool ++ Name="VCALinkTool" ++ /> ++ <Tool ++ Name="VCManifestTool" ++ /> ++ <Tool ++ Name="VCXDCMakeTool" ++ /> ++ <Tool ++ Name="VCBscMakeTool" ++ /> ++ <Tool ++ Name="VCFxCopTool" ++ /> ++ <Tool ++ Name="VCAppVerifierTool" ++ /> ++ <Tool ++ Name="VCPostBuildEventTool" ++ /> ++ </Configuration> ++ <Configuration ++ Name="PGUpdate|Win32" ++ ConfigurationType="2" ++ InheritedPropertySheets=".\pyproject.vsprops;.\release.vsprops;.\pgupdate.vsprops" ++ UseOfMFC="0" ++ ATLMinimizesCRunTimeLibraryUsage="false" ++ > ++ <Tool ++ Name="VCPreBuildEventTool" ++ /> ++ <Tool ++ Name="VCCustomBuildTool" ++ /> ++ <Tool ++ Name="VCXMLDataGeneratorTool" ++ /> ++ <Tool ++ Name="VCWebServiceProxyGeneratorTool" ++ /> ++ <Tool ++ Name="VCMIDLTool" ++ /> ++ <Tool ++ Name="VCCLCompilerTool" ++ AdditionalOptions="/Zm200 " ++ AdditionalIncludeDirectories="..\Python;..\Modules\zlib" ++ PreprocessorDefinitions="_USRDLL;Py_BUILD_CORE;Py_ENABLE_SHARED;WIN32" ++ RuntimeLibrary="2" ++ /> ++ <Tool ++ Name="VCManagedResourceCompilerTool" ++ /> ++ <Tool ++ Name="VCResourceCompilerTool" ++ PreprocessorDefinitions="NDEBUG" ++ Culture="1033" ++ AdditionalIncludeDirectories="..\Include" ++ /> ++ <Tool ++ Name="VCPreLinkEventTool" ++ Description="Generate build information..." ++ CommandLine=""$(SolutionDir)make_buildinfo.exe" Release" ++ /> ++ <Tool ++ Name="VCLinkerTool" ++ AdditionalDependencies="getbuildinfo.o" ++ OutputFile="$(OutDir)\$(PyDllName).dll" ++ IgnoreDefaultLibraryNames="libc" ++ ProgramDatabaseFile="$(OutDir)$(PyDllName).pdb" ++ BaseAddress="0x1e000000" ++ ImportLibrary="$(OutDirPGI)$(PyDllName).lib" ++ /> ++ <Tool ++ Name="VCALinkTool" ++ /> ++ <Tool ++ Name="VCManifestTool" ++ /> ++ <Tool ++ Name="VCXDCMakeTool" ++ /> ++ <Tool ++ Name="VCBscMakeTool" ++ /> ++ <Tool ++ Name="VCFxCopTool" ++ /> ++ <Tool ++ Name="VCAppVerifierTool" ++ /> ++ <Tool ++ Name="VCPostBuildEventTool" ++ /> ++ </Configuration> ++ <Configuration ++ Name="PGUpdate|x64" ++ ConfigurationType="2" ++ InheritedPropertySheets=".\pyproject.vsprops;.\x64.vsprops;.\release.vsprops;.\pgupdate.vsprops" ++ UseOfMFC="0" ++ ATLMinimizesCRunTimeLibraryUsage="false" ++ > ++ <Tool ++ Name="VCPreBuildEventTool" ++ /> ++ <Tool ++ Name="VCCustomBuildTool" ++ /> ++ <Tool ++ Name="VCXMLDataGeneratorTool" ++ /> ++ <Tool ++ Name="VCWebServiceProxyGeneratorTool" ++ /> ++ <Tool ++ Name="VCMIDLTool" ++ TargetEnvironment="3" ++ /> ++ <Tool ++ Name="VCCLCompilerTool" ++ AdditionalOptions="/Zm200 " ++ AdditionalIncludeDirectories="..\Python;..\Modules\zlib" ++ PreprocessorDefinitions="_USRDLL;Py_BUILD_CORE;Py_ENABLE_SHARED;WIN32" ++ RuntimeLibrary="2" ++ /> ++ <Tool ++ Name="VCManagedResourceCompilerTool" ++ /> ++ <Tool ++ Name="VCResourceCompilerTool" ++ PreprocessorDefinitions="NDEBUG" ++ Culture="1033" ++ AdditionalIncludeDirectories="..\Include" ++ /> ++ <Tool ++ Name="VCPreLinkEventTool" ++ Description="Generate build information..." ++ CommandLine=""$(SolutionDir)make_buildinfo.exe" Release" ++ /> ++ <Tool ++ Name="VCLinkerTool" ++ AdditionalDependencies="getbuildinfo.o" ++ OutputFile="$(OutDir)\$(PyDllName).dll" ++ IgnoreDefaultLibraryNames="libc" ++ ProgramDatabaseFile="$(OutDir)$(PyDllName).pdb" ++ BaseAddress="0x1e000000" ++ ImportLibrary="$(OutDirPGI)$(PyDllName).lib" ++ TargetMachine="17" ++ /> ++ <Tool ++ Name="VCALinkTool" ++ /> ++ <Tool ++ Name="VCManifestTool" ++ /> ++ <Tool ++ Name="VCXDCMakeTool" ++ /> ++ <Tool ++ Name="VCBscMakeTool" ++ /> ++ <Tool ++ Name="VCFxCopTool" ++ /> ++ <Tool ++ Name="VCAppVerifierTool" ++ /> ++ <Tool ++ Name="VCPostBuildEventTool" ++ /> ++ </Configuration> ++ </Configurations> ++ <References> ++ </References> ++ <Files> ++ <Filter ++ Name="Include" ++ > ++ <File ++ RelativePath="..\Include\abstract.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\asdl.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\ast.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\bitset.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\boolobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\bufferobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\bytes_methods.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\bytearrayobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\bytesobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\cellobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\ceval.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\classobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\cobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\code.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\codecs.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\compile.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\complexobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\cStringIO.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\datetime.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\descrobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\dictobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\enumobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\errcode.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\eval.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\fileobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\floatobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\frameobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\funcobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\genobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\graminit.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\grammar.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\import.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\intobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\intrcheck.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\iterobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\listobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\longintrepr.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\longobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\marshal.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\memoryobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\metagrammar.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\methodobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\modsupport.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\moduleobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\node.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\object.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\objimpl.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\opcode.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\osdefs.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\parsetok.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\patchlevel.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\pgen.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\pgenheaders.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\py_curses.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\pyarena.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\pydebug.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\pyerrors.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\pyexpat.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\pyfpe.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\pygetopt.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\pymactoolbox.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\pymath.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\pymem.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\pyport.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\pystate.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\pystrcmp.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\pystrtod.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\Python-ast.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\Python.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\pythonrun.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\pythread.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\rangeobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\setobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\sliceobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\stringobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\structmember.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\structseq.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\symtable.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\sysmodule.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\timefuncs.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\token.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\traceback.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\tupleobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\ucnhash.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\unicodeobject.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Include\weakrefobject.h" ++ > ++ </File> ++ </Filter> ++ <Filter ++ Name="Modules" ++ > ++ <File ++ RelativePath="..\Modules\_bisectmodule.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\_codecsmodule.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\_collectionsmodule.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\_csv.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\_fileio.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\_bytesio.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\_functoolsmodule.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\_heapqmodule.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\_hotshot.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\_json.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\_localemodule.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\_lsprof.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\_randommodule.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\_sre.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\_struct.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\_weakref.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\arraymodule.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\audioop.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\binascii.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\cmathmodule.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\cPickle.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\cStringIO.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\datetimemodule.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\errnomodule.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\future_builtins.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\gcmodule.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\imageop.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\itertoolsmodule.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\main.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\mathmodule.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\md5.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\md5.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\md5module.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\mmapmodule.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\operator.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\parsermodule.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\posixmodule.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\rotatingtree.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\rotatingtree.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\sha256module.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\sha512module.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\shamodule.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\signalmodule.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\stropmodule.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\symtablemodule.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\threadmodule.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\timemodule.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\xxsubtype.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\yuv.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\yuvconvert.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\zipimport.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\zlibmodule.c" ++ > ++ </File> ++ <Filter ++ Name="zlib" ++ > ++ <File ++ RelativePath="..\Modules\zlib\adler32.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\zlib\compress.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\zlib\crc32.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\zlib\crc32.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\zlib\deflate.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\zlib\deflate.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\zlib\gzio.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\zlib\infback.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\zlib\inffast.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\zlib\inffast.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\zlib\inffixed.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\zlib\inflate.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\zlib\inflate.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\zlib\inftrees.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\zlib\inftrees.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\zlib\trees.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\zlib\trees.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\zlib\uncompr.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\zlib\zconf.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\zlib\zconf.in.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\zlib\zlib.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\zlib\zutil.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\zlib\zutil.h" ++ > ++ </File> ++ </Filter> ++ <Filter ++ Name="cjkcodecs" ++ > ++ <File ++ RelativePath="..\Modules\cjkcodecs\_codecs_cn.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\cjkcodecs\_codecs_hk.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\cjkcodecs\_codecs_iso2022.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\cjkcodecs\_codecs_jp.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\cjkcodecs\_codecs_kr.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\cjkcodecs\_codecs_tw.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\cjkcodecs\alg_jisx0201.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\cjkcodecs\cjkcodecs.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\cjkcodecs\emu_jisx0213_2000.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\cjkcodecs\mappings_cn.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\cjkcodecs\mappings_hk.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\cjkcodecs\mappings_jisx0213_pair.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\cjkcodecs\mappings_jp.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\cjkcodecs\mappings_kr.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\cjkcodecs\mappings_tw.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\cjkcodecs\multibytecodec.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Modules\cjkcodecs\multibytecodec.h" ++ > ++ </File> ++ </Filter> ++ </Filter> ++ <Filter ++ Name="Objects" ++ > ++ <File ++ RelativePath="..\Objects\abstract.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\boolobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\bufferobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\bytes_methods.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\bytearrayobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\stringobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\cellobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\classobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\cobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\codeobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\complexobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\stringlib\count.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\descrobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\dictobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\enumobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\exceptions.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\stringlib\fastsearch.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\fileobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\stringlib\find.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\floatobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\frameobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\funcobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\genobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\intobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\iterobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\listobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\longobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\methodobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\moduleobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\object.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\obmalloc.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\stringlib\partition.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\rangeobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\setobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\sliceobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\structseq.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\tupleobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\typeobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\unicodectype.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\unicodeobject.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\unicodetype_db.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Objects\weakrefobject.c" ++ > ++ </File> ++ </Filter> ++ <Filter ++ Name="Parser" ++ > ++ <File ++ RelativePath="..\Parser\acceler.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Parser\bitset.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Parser\firstsets.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Parser\grammar.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Parser\grammar1.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Parser\listnode.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Parser\metagrammar.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Parser\myreadline.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Parser\node.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Parser\parser.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Parser\parser.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Parser\parsetok.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Parser\tokenizer.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Parser\tokenizer.h" ++ > ++ </File> ++ </Filter> ++ <Filter ++ Name="PC" ++ > ++ <File ++ RelativePath="..\PC\_subprocess.c" ++ > ++ </File> ++ <File ++ RelativePath="..\PC\_winreg.c" ++ > ++ </File> ++ <File ++ RelativePath="..\PC\config.c" ++ > ++ </File> ++ <File ++ RelativePath="..\PC\dl_nt.c" ++ > ++ </File> ++ <File ++ RelativePath="..\PC\errmap.h" ++ > ++ </File> ++ <File ++ RelativePath="..\PC\getpathp.c" ++ > ++ </File> ++ <File ++ RelativePath="..\PC\import_nt.c" ++ > ++ </File> ++ <File ++ RelativePath="..\PC\msvcrtmodule.c" ++ > ++ </File> ++ <File ++ RelativePath="..\PC\pyconfig.h" ++ > ++ </File> ++ </Filter> ++ <Filter ++ Name="Python" ++ > ++ <File ++ RelativePath="..\Python\_warnings.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\asdl.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\ast.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\bltinmodule.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\ceval.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\codecs.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\compile.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\dynload_win.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\errors.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\formatter_string.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\formatter_unicode.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\frozen.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\future.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\getargs.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\getcompiler.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\getcopyright.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\getmtime.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\getopt.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\getplatform.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\getversion.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\graminit.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\import.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\importdl.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\importdl.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\marshal.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\modsupport.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\mysnprintf.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\mystrtoul.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\peephole.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\pyarena.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\pyfpe.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\pymath.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\pystate.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\pystrcmp.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\pystrtod.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\Python-ast.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\pythonrun.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\random.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\structmember.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\symtable.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\sysmodule.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\thread.c" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\thread_nt.h" ++ > ++ </File> ++ <File ++ RelativePath="..\Python\traceback.c" ++ > ++ </File> ++ </Filter> ++ <Filter ++ Name="Resource Files" ++ > ++ <File ++ RelativePath="..\PC\python_nt.rc" ++ > ++ </File> ++ </Filter> ++ </Files> ++ <Globals> ++ </Globals> ++</VisualStudioProject> ++>>>>>>> other
diff --git a/lang/python27/patches/patch-CVE-2012-1150-Python_pythonrun.c b/lang/python27/patches/patch-CVE-2012-1150-Python_pythonrun.c new file mode 100644 index 00000000000..d23d857607f --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-Python_pythonrun.c @@ -0,0 +1,37 @@ +$NetBSD: patch-CVE-2012-1150-Python_pythonrun.c,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 + +--- Python/pythonrun.c.orig 2011-06-11 16:46:27.000000000 +0100 ++++ Python/pythonrun.c 2012-03-24 11:02:25.000000000 +0000 +@@ -67,6 +67,7 @@ + static void call_ll_exitfuncs(void); + extern void _PyUnicode_Init(void); + extern void _PyUnicode_Fini(void); ++extern void _PyRandom_Init(void); + + #ifdef WITH_THREAD + extern void _PyGILState_Init(PyInterpreterState *, PyThreadState *); +@@ -89,6 +90,7 @@ + true divisions (which they will be in 2.3). */ + int _Py_QnewFlag = 0; + int Py_NoUserSiteDirectory = 0; /* for -s and site.py */ ++int Py_HashRandomizationFlag = 0; /* for -R and PYTHONHASHSEED */ + + /* PyModule_GetWarningsModule is no longer necessary as of 2.6 + since _warnings is builtin. This API should not be used. */ +@@ -166,6 +168,12 @@ + Py_OptimizeFlag = add_flag(Py_OptimizeFlag, p); + if ((p = Py_GETENV("PYTHONDONTWRITEBYTECODE")) && *p != '\0') + Py_DontWriteBytecodeFlag = add_flag(Py_DontWriteBytecodeFlag, p); ++ /* The variable is only tested for existence here; _PyRandom_Init will ++ check its value further. */ ++ if ((p = Py_GETENV("PYTHONHASHSEED")) && *p != '\0') ++ Py_HashRandomizationFlag = add_flag(Py_HashRandomizationFlag, p); ++ ++ _PyRandom_Init(); + + interp = PyInterpreterState_New(); + if (interp == NULL) diff --git a/lang/python27/patches/patch-CVE-2012-1150-Python_random.c b/lang/python27/patches/patch-CVE-2012-1150-Python_random.c new file mode 100644 index 00000000000..94a858fc0ff --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-Python_random.c @@ -0,0 +1,311 @@ +$NetBSD: patch-CVE-2012-1150-Python_random.c,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 + +--- Python/random.c.orig 2012-03-24 11:02:25.000000000 +0000 ++++ Python/random.c 2012-03-24 11:02:25.000000000 +0000 +@@ -0,0 +1,302 @@ ++#include "Python.h" ++#ifdef MS_WINDOWS ++#include <windows.h> ++#else ++#include <fcntl.h> ++#endif ++ ++static int random_initialized = 0; ++ ++#ifdef MS_WINDOWS ++typedef BOOL (WINAPI *CRYPTACQUIRECONTEXTA)(HCRYPTPROV *phProv,\ ++ LPCSTR pszContainer, LPCSTR pszProvider, DWORD dwProvType,\ ++ DWORD dwFlags ); ++typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV hProv, DWORD dwLen,\ ++ BYTE *pbBuffer ); ++ ++static CRYPTGENRANDOM pCryptGenRandom = NULL; ++/* This handle is never explicitly released. Instead, the operating ++ system will release it when the process terminates. */ ++static HCRYPTPROV hCryptProv = 0; ++ ++static int ++win32_urandom_init(int raise) ++{ ++ HINSTANCE hAdvAPI32 = NULL; ++ CRYPTACQUIRECONTEXTA pCryptAcquireContext = NULL; ++ ++ /* Obtain handle to the DLL containing CryptoAPI. This should not fail. */ ++ hAdvAPI32 = GetModuleHandle("advapi32.dll"); ++ if(hAdvAPI32 == NULL) ++ goto error; ++ ++ /* Obtain pointers to the CryptoAPI functions. This will fail on some early ++ versions of Win95. */ ++ pCryptAcquireContext = (CRYPTACQUIRECONTEXTA)GetProcAddress( ++ hAdvAPI32, "CryptAcquireContextA"); ++ if (pCryptAcquireContext == NULL) ++ goto error; ++ ++ pCryptGenRandom = (CRYPTGENRANDOM)GetProcAddress(hAdvAPI32, ++ "CryptGenRandom"); ++ if (pCryptGenRandom == NULL) ++ goto error; ++ ++ /* Acquire context */ ++ if (! pCryptAcquireContext(&hCryptProv, NULL, NULL, ++ PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) ++ goto error; ++ ++ return 0; ++ ++error: ++ if (raise) ++ PyErr_SetFromWindowsErr(0); ++ else ++ Py_FatalError("Failed to initialize Windows random API (CryptoGen)"); ++ return -1; ++} ++ ++/* Fill buffer with size pseudo-random bytes generated by the Windows CryptoGen ++ API. Return 0 on success, or -1 on error. */ ++static int ++win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise) ++{ ++ Py_ssize_t chunk; ++ ++ if (hCryptProv == 0) ++ { ++ if (win32_urandom_init(raise) == -1) ++ return -1; ++ } ++ ++ while (size > 0) ++ { ++ chunk = size > INT_MAX ? INT_MAX : size; ++ if (!pCryptGenRandom(hCryptProv, chunk, buffer)) ++ { ++ /* CryptGenRandom() failed */ ++ if (raise) ++ PyErr_SetFromWindowsErr(0); ++ else ++ Py_FatalError("Failed to initialized the randomized hash " ++ "secret using CryptoGen)"); ++ return -1; ++ } ++ buffer += chunk; ++ size -= chunk; ++ } ++ return 0; ++} ++#endif /* MS_WINDOWS */ ++ ++ ++#ifdef __VMS ++/* Use openssl random routine */ ++#include <openssl/rand.h> ++static int ++vms_urandom(unsigned char *buffer, Py_ssize_t size, int raise) ++{ ++ if (RAND_pseudo_bytes(buffer, size) < 0) { ++ if (raise) { ++ PyErr_Format(PyExc_ValueError, ++ "RAND_pseudo_bytes"); ++ } else { ++ Py_FatalError("Failed to initialize the randomized hash " ++ "secret using RAND_pseudo_bytes"); ++ } ++ return -1; ++ } ++ return 0; ++} ++#endif /* __VMS */ ++ ++ ++#if !defined(MS_WINDOWS) && !defined(__VMS) ++ ++/* Read size bytes from /dev/urandom into buffer. ++ Call Py_FatalError() on error. */ ++static void ++dev_urandom_noraise(char *buffer, Py_ssize_t size) ++{ ++ int fd; ++ Py_ssize_t n; ++ ++ assert (0 < size); ++ ++ fd = open("/dev/urandom", O_RDONLY); ++ if (fd < 0) ++ Py_FatalError("Failed to open /dev/urandom"); ++ ++ while (0 < size) ++ { ++ do { ++ n = read(fd, buffer, (size_t)size); ++ } while (n < 0 && errno == EINTR); ++ if (n <= 0) ++ { ++ /* stop on error or if read(size) returned 0 */ ++ Py_FatalError("Failed to read bytes from /dev/urandom"); ++ break; ++ } ++ buffer += n; ++ size -= (Py_ssize_t)n; ++ } ++ close(fd); ++} ++ ++/* Read size bytes from /dev/urandom into buffer. ++ Return 0 on success, raise an exception and return -1 on error. */ ++static int ++dev_urandom_python(char *buffer, Py_ssize_t size) ++{ ++ int fd; ++ Py_ssize_t n; ++ ++ if (size <= 0) ++ return 0; ++ ++ Py_BEGIN_ALLOW_THREADS ++ fd = open("/dev/urandom", O_RDONLY); ++ Py_END_ALLOW_THREADS ++ if (fd < 0) ++ { ++ PyErr_SetFromErrnoWithFilename(PyExc_OSError, "/dev/urandom"); ++ return -1; ++ } ++ ++ Py_BEGIN_ALLOW_THREADS ++ do { ++ do { ++ n = read(fd, buffer, (size_t)size); ++ } while (n < 0 && errno == EINTR); ++ if (n <= 0) ++ break; ++ buffer += n; ++ size -= (Py_ssize_t)n; ++ } while (0 < size); ++ Py_END_ALLOW_THREADS ++ ++ if (n <= 0) ++ { ++ /* stop on error or if read(size) returned 0 */ ++ if (n < 0) ++ PyErr_SetFromErrno(PyExc_OSError); ++ else ++ PyErr_Format(PyExc_RuntimeError, ++ "Failed to read %zi bytes from /dev/urandom", ++ size); ++ close(fd); ++ return -1; ++ } ++ close(fd); ++ return 0; ++} ++#endif /* !defined(MS_WINDOWS) && !defined(__VMS) */ ++ ++/* Fill buffer with pseudo-random bytes generated by a linear congruent ++ generator (LCG): ++ ++ x(n+1) = (x(n) * 214013 + 2531011) % 2^32 ++ ++ Use bits 23..16 of x(n) to generate a byte. */ ++static void ++lcg_urandom(unsigned int x0, unsigned char *buffer, size_t size) ++{ ++ size_t index; ++ unsigned int x; ++ ++ x = x0; ++ for (index=0; index < size; index++) { ++ x *= 214013; ++ x += 2531011; ++ /* modulo 2 ^ (8 * sizeof(int)) */ ++ buffer[index] = (x >> 16) & 0xff; ++ } ++} ++ ++/* Fill buffer with size pseudo-random bytes, not suitable for cryptographic ++ use, from the operating random number generator (RNG). ++ ++ Return 0 on success, raise an exception and return -1 on error. */ ++int ++_PyOS_URandom(void *buffer, Py_ssize_t size) ++{ ++ if (size < 0) { ++ PyErr_Format(PyExc_ValueError, ++ "negative argument not allowed"); ++ return -1; ++ } ++ if (size == 0) ++ return 0; ++ ++#ifdef MS_WINDOWS ++ return win32_urandom((unsigned char *)buffer, size, 1); ++#else ++# ifdef __VMS ++ return vms_urandom((unsigned char *)buffer, size, 1); ++# else ++ return dev_urandom_python((char*)buffer, size); ++# endif ++#endif ++} ++ ++void ++_PyRandom_Init(void) ++{ ++ char *env; ++ void *secret = &_Py_HashSecret; ++ Py_ssize_t secret_size = sizeof(_Py_HashSecret); ++ ++ if (random_initialized) ++ return; ++ random_initialized = 1; ++ ++ /* ++ By default, hash randomization is disabled, and only ++ enabled if PYTHONHASHSEED is set to non-empty or if ++ "-R" is provided at the command line: ++ */ ++ if (!Py_HashRandomizationFlag) { ++ /* Disable the randomized hash: */ ++ memset(secret, 0, secret_size); ++ return; ++ } ++ ++ /* ++ Hash randomization is enabled. Generate a per-process secret, ++ using PYTHONHASHSEED if provided. ++ */ ++ ++ env = Py_GETENV("PYTHONHASHSEED"); ++ if (env && *env != '\0' && strcmp(env, "random") != 0) { ++ char *endptr = env; ++ unsigned long seed; ++ seed = strtoul(env, &endptr, 10); ++ if (*endptr != '\0' ++ || seed > 4294967295UL ++ || (errno == ERANGE && seed == ULONG_MAX)) ++ { ++ Py_FatalError("PYTHONHASHSEED must be \"random\" or an integer " ++ "in range [0; 4294967295]"); ++ } ++ if (seed == 0) { ++ /* disable the randomized hash */ ++ memset(secret, 0, secret_size); ++ } ++ else { ++ lcg_urandom(seed, (unsigned char*)secret, secret_size); ++ } ++ } ++ else { ++#ifdef MS_WINDOWS ++ (void)win32_urandom((unsigned char *)secret, secret_size, 0); ++#else /* #ifdef MS_WINDOWS */ ++# ifdef __VMS ++ vms_urandom((unsigned char *)secret, secret_size, 0); ++# else ++ dev_urandom_noraise((char*)secret, secret_size); ++# endif ++#endif ++ } ++} diff --git a/lang/python27/patches/patch-CVE-2012-1150-Python_sysmodule.c b/lang/python27/patches/patch-CVE-2012-1150-Python_sysmodule.c new file mode 100644 index 00000000000..91b4618236d --- /dev/null +++ b/lang/python27/patches/patch-CVE-2012-1150-Python_sysmodule.c @@ -0,0 +1,36 @@ +$NetBSD: patch-CVE-2012-1150-Python_sysmodule.c,v 1.1 2012/03/24 12:04:37 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 + +--- Python/sysmodule.c.orig 2011-06-11 16:46:27.000000000 +0100 ++++ Python/sysmodule.c 2012-03-24 11:02:25.000000000 +0000 +@@ -1208,6 +1208,7 @@ + {"unicode", "-U"}, + /* {"skip_first", "-x"}, */ + {"bytes_warning", "-b"}, ++ {"hash_randomization", "-R"}, + {0} + }; + +@@ -1216,9 +1217,9 @@ + flags__doc__, /* doc */ + flags_fields, /* fields */ + #ifdef RISCOS +- 16 ++ 17 + #else +- 15 ++ 16 + #endif + }; + +@@ -1255,6 +1256,7 @@ + SetFlag(Py_UnicodeFlag); + /* SetFlag(skipfirstline); */ + SetFlag(Py_BytesWarningFlag); ++ SetFlag(Py_HashRandomizationFlag); + #undef SetFlag + + if (PyErr_Occurred()) { diff --git a/lang/python27/patches/patch-au b/lang/python27/patches/patch-au index 1841ab3e402..71b3517bea3 100644 --- a/lang/python27/patches/patch-au +++ b/lang/python27/patches/patch-au @@ -1,8 +1,21 @@ -$NetBSD: patch-au,v 1.3 2011/06/13 11:31:13 obache Exp $ +$NetBSD: patch-au,v 1.4 2012/03/24 12:04:37 tron Exp $ ---- Makefile.pre.in.orig 2011-06-11 15:46:26.000000000 +0000 -+++ Makefile.pre.in -@@ -447,7 +447,7 @@ gdbhooks: $(BUILDPYTHON)-gdb.py +1.) Fix for unpriviliged build. +2.) Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/a0f43f4481e0 + +--- Makefile.pre.in.orig 2011-06-11 16:46:26.000000000 +0100 ++++ Makefile.pre.in 2012-03-24 11:02:25.000000000 +0000 +@@ -290,6 +290,7 @@ + Python/pymath.o \ + Python/pystate.o \ + Python/pythonrun.o \ ++ Python/random.o \ + Python/structmember.o \ + Python/symtable.o \ + Python/sysmodule.o \ +@@ -447,7 +448,7 @@ SRC_GDB_HOOKS=$(srcdir)/Tools/gdb/libpython.py $(BUILDPYTHON)-gdb.py: $(SRC_GDB_HOOKS) @@ -11,7 +24,16 @@ $NetBSD: patch-au,v 1.3 2011/06/13 11:31:13 obache Exp $ # This rule is here for OPENSTEP/Rhapsody/MacOSX. It builds a temporary # minimal framework (not including the Lib directory and such) in the current -@@ -820,7 +820,8 @@ altbininstall: $(BUILDPYTHON) +@@ -739,7 +740,7 @@ + -@if which pybuildbot.identify >/dev/null 2>&1; then \ + pybuildbot.identify "CC='$(CC)'" "CXX='$(CXX)'"; \ + fi +- $(TESTPYTHON) $(TESTPROG) -uall -rwW $(TESTOPTS) ++ $(TESTPYTHON) -R $(TESTPROG) -uall -rwW $(TESTOPTS) + + QUICKTESTOPTS= $(TESTOPTS) -x test_subprocess test_io test_lib2to3 \ + test_multibytecodec test_urllib2_localnet test_itertools \ +@@ -820,7 +821,8 @@ (cd $(DESTDIR)$(LIBDIR); $(LN) -sf $(INSTSONAME) $(LDLIBRARY)) \ fi \ fi; \ |