diff options
Diffstat (limited to 'lang/python25')
28 files changed, 43 insertions, 1076 deletions
diff --git a/lang/python25/MESSAGE.SunOS b/lang/python25/MESSAGE.SunOS index 19c996508c9..f845cf9ef79 100644 --- a/lang/python25/MESSAGE.SunOS +++ b/lang/python25/MESSAGE.SunOS @@ -1,8 +1,8 @@ =========================================================================== -$NetBSD: MESSAGE.SunOS,v 1.1 2008/09/13 09:59:35 adrianp Exp $ +$NetBSD: MESSAGE.SunOS,v 1.2 2009/04/11 19:42:23 snj Exp $ -In order for the Python installation to successfuly compile the -"sunaudiodev" module you must install the SUNWaudh package to have +In order for the Python installation to successfuly compile the +"sunaudiodev" module you must install the SUNWaudh package to have the necessary headers installed. =========================================================================== diff --git a/lang/python25/Makefile b/lang/python25/Makefile index 5d5fb31d8bf..d6f0b4dbcb2 100644 --- a/lang/python25/Makefile +++ b/lang/python25/Makefile @@ -1,11 +1,10 @@ -# $NetBSD: Makefile,v 1.13 2009/03/20 18:19:20 joerg Exp $ +# $NetBSD: Makefile,v 1.14 2009/04/11 19:42:23 snj Exp $ -DISTNAME= Python-2.5.2 -PKGNAME= python25-2.5.2 -PKGREVISION= 5 +DISTNAME= Python-2.5.4 +PKGNAME= python25-2.5.4 CATEGORIES= lang python -MASTER_SITES= ftp://ftp.python.org/pub/python/2.5.2/ \ - http://www.python.org/ftp/python/2.5.2/ +MASTER_SITES= ftp://ftp.python.org/pub/python/2.5.4/ \ + http://www.python.org/ftp/python/2.5.4/ EXTRACT_SUFX= .tar.bz2 MAINTAINER= recht@NetBSD.org diff --git a/lang/python25/PLIST.common b/lang/python25/PLIST.common index 8a24cae6fa5..febe57da4a9 100644 --- a/lang/python25/PLIST.common +++ b/lang/python25/PLIST.common @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST.common,v 1.3 2008/04/25 11:51:13 tnn Exp $ +@comment $NetBSD: PLIST.common,v 1.4 2009/04/11 19:42:23 snj Exp $ bin/pydoc${PY_VER_SUFFIX} bin/python${PY_VER_SUFFIX} bin/python${PY_VER_SUFFIX}-config @@ -2138,7 +2138,6 @@ lib/python${PY_VER_SUFFIX}/test/output/test_profile lib/python${PY_VER_SUFFIX}/test/output/test_pty lib/python${PY_VER_SUFFIX}/test/output/test_pyexpat lib/python${PY_VER_SUFFIX}/test/output/test_regex -lib/python${PY_VER_SUFFIX}/test/output/test_resource lib/python${PY_VER_SUFFIX}/test/output/test_rgbimg lib/python${PY_VER_SUFFIX}/test/output/test_scope lib/python${PY_VER_SUFFIX}/test/output/test_signal diff --git a/lang/python25/distinfo b/lang/python25/distinfo index 7094cc81531..0c52dc4b1fb 100644 --- a/lang/python25/distinfo +++ b/lang/python25/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.7 2008/12/17 12:49:51 tron Exp $ +$NetBSD: distinfo,v 1.8 2009/04/11 19:42:23 snj Exp $ -SHA1 (Python-2.5.2.tar.bz2) = 4755d212f50af704c20224a6966e23acc5aea60f -RMD160 (Python-2.5.2.tar.bz2) = b23b02739833e6730799c5866e2b77aae884b63f -Size (Python-2.5.2.tar.bz2) = 9807597 bytes +SHA1 (Python-2.5.4.tar.bz2) = 0f2e819d6381f72f26c734e00a6780b3933ea404 +RMD160 (Python-2.5.4.tar.bz2) = 3a76c83464c3b1c38a60351ab054e33ac7195663 +Size (Python-2.5.4.tar.bz2) = 9821313 bytes SHA1 (patch-aa) = d44e67645dc86ff14f5daf5705de02c6f330cc48 SHA1 (patch-ab) = d35025df83e70d129f9fbcd277652b0eea83b026 SHA1 (patch-ac) = 4de5b8dc20b41dc3bb4acd38011ef59570318d3f @@ -13,32 +13,12 @@ SHA1 (patch-ah) = 98e9fa55c2af38d8032398cae693492c199dc5fa SHA1 (patch-ai) = a89bee00860910f53a23b1c670d9c091846a03c1 SHA1 (patch-aj) = a75d680a6b8b1ad3c9222dcb841f4fb10db6d16d SHA1 (patch-ak) = 948362c15ad59abeef46971f9b870b70655a62c7 -SHA1 (patch-al) = 85063c81a98de221eb5357aa2a0b172feb3ed950 -SHA1 (patch-am) = 8968853066d2d1a4f76a7ee4ce328ba372d19666 +SHA1 (patch-al) = 6247e3f85d555bae7850befbd7bfffbb233cecb3 +SHA1 (patch-am) = 7985a6e2edd3eef86bd2833a36818e3e1e315a25 SHA1 (patch-an) = 17b4e17b3b562c29a050e9bb20447084ce82b8ab SHA1 (patch-ao) = 9bbd5561c010e0a1ab8e0a70d27a5f77fd2089d2 SHA1 (patch-ap) = b864db92761c843a91374663bd2dbcfa57b317cf -SHA1 (patch-aq) = e1fb02560e95ce4d37e2894b4299c3eb3a1167d8 SHA1 (patch-ar) = 2a0c3f9a798afdfda7af4823e67579b2e000c072 -SHA1 (patch-at) = bb2ef2e30ebb6feb6ec796bc4cf6f2d4147353c1 -SHA1 (patch-au) = e3babf3537ed8cbed1720f1afe964914f4ae289f +SHA1 (patch-at) = 6fdd64ce70eb8c2de5336f3415f45bc467e46373 +SHA1 (patch-au) = c1a759765095d246151ba027ed06f423e05c9218 SHA1 (patch-av) = a1d41cb3a93879d54f0964ff84a63a297c333156 -SHA1 (patch-ba) = 23378360d4fb0d22a2e5f98993832888a672a748 -SHA1 (patch-bb) = 26b1426df46b947417ed755f1e61d238071e49f7 -SHA1 (patch-bc) = bfa88d1198b06737297e97e57ee98692096e0df5 -SHA1 (patch-bd) = 491dcb6731db871af2eb8bf418cd369a4af3b2b7 -SHA1 (patch-be) = ba2f8d299b86560172e55af067763e9224c41e3b -SHA1 (patch-bf) = 58809f824473be7a16cc0e7c4d0b132e023aea4c -SHA1 (patch-bg) = bf9dc3b3d51ab963804263e170c4247d19ab0d91 -SHA1 (patch-bh) = 96a2675f266144a6027fdc7445b9f93d0fdbe4eb -SHA1 (patch-bi) = 1fb1c40669fc54fc6d181f706c614d67fe16d42b -SHA1 (patch-bj) = dc2e3971dd4fd623a68cc9940738619cad4629b1 -SHA1 (patch-bk) = 61300258bdc9ee19195c5c7f62135d20d487507e -SHA1 (patch-ca) = 37f59fc143e69cbf458d2930f846156553f9178b -SHA1 (patch-cb) = 570ffec0f57acec984a401306f48c24e2128d9fe -SHA1 (patch-cc) = 04289f010fb0c0aef37dbfb1a5be77aaa8725b95 -SHA1 (patch-cd) = 24a2a9975c4393400935b885f1ec9fc8996632a0 -SHA1 (patch-ce) = 2a8cae6c30be57bb9e389c1957609f7b42317f69 -SHA1 (patch-da) = 2030f74fb0d6134e6bb4203536dc56d8c0d38c3a -SHA1 (patch-db) = 6ff4a9d4e33c2e08362d4417330eba47c170a84b -SHA1 (patch-ea) = 7c4b01d002b8e081967216c2e79f2cec9df24005 diff --git a/lang/python25/patches/patch-al b/lang/python25/patches/patch-al index 3798a0e1ad9..f69a242a6f7 100644 --- a/lang/python25/patches/patch-al +++ b/lang/python25/patches/patch-al @@ -1,17 +1,8 @@ -$NetBSD: patch-al,v 1.4 2008/12/17 12:49:51 tron Exp $ +$NetBSD: patch-al,v 1.5 2009/04/11 19:42:23 snj Exp $ ---- configure.orig 2008-02-13 13:17:17.000000000 -0600 -+++ configure -@@ -2019,6 +2019,8 @@ _ACEOF - # Marc Recht - NetBSD/1.5 | NetBSD/1.5.* | NetBSD/1.6 | NetBSD/1.6.* | NetBSD/1.6A-S) - define_xopen_source=no;; -+ NetBSD/1.5 | NetBSD/1.5.* | NetBSD/1.6 | NetBSD/1.6.* | NetBSD/1.6[A-S]) -+ define_xopen_source=no;; - # On Solaris 2.6, sys/wait.h is inconsistent in the usage - # of union __?sigval. Reported by Stuart Bishop. - SunOS/5.6) -@@ -4018,17 +4020,18 @@ _ACEOF +--- configure.orig 2008-12-13 06:13:52.000000000 -0800 ++++ configure 2009-03-20 14:28:16.000000000 -0700 +@@ -4014,17 +4014,18 @@ _ACEOF RUNSHARED=LD_LIBRARY_PATH=`pwd`:${LD_LIBRARY_PATH} INSTSONAME="$LDLIBRARY".$SOVERSION ;; @@ -36,7 +27,7 @@ $NetBSD: patch-al,v 1.4 2008/12/17 12:49:51 tron Exp $ hp*|HP*) case `uname -m` in ia64) -@@ -4538,7 +4541,12 @@ echo "${ECHO_T}$ac_cv_no_strict_aliasing +@@ -4534,7 +4535,12 @@ echo "${ECHO_T}$ac_cv_no_strict_aliasing ;; # is there any other compiler on Darwin besides gcc? Darwin*) @@ -50,7 +41,7 @@ $NetBSD: patch-al,v 1.4 2008/12/17 12:49:51 tron Exp $ if test "${enable_universalsdk}"; then BASECFLAGS="-arch ppc -arch i386 -isysroot ${UNIVERSALSDK} ${BASECFLAGS}" fi -@@ -11540,12 +11548,12 @@ then +@@ -11536,12 +11542,12 @@ then LDSHARED="$LDSHARED "'$(PYTHONFRAMEWORKPREFIX)/$(PYTHONFRAMEWORKDIR)/Versions/$(VERSION)/$(PYTHONFRAMEWORK)' else # No framework, use the Python app as bundle-loader @@ -66,7 +57,7 @@ $NetBSD: patch-al,v 1.4 2008/12/17 12:49:51 tron Exp $ BSD/OS*/4*) LDSHARED="gcc -shared";; FreeBSD*) if [ "`$CC -dM -E - </dev/null | grep __ELF__`" != "" ] -@@ -11569,6 +11577,7 @@ then +@@ -11565,6 +11571,7 @@ then esac fi;; NetBSD*|DragonFly*) LDSHARED="cc -shared ${LDFLAGS}";; @@ -74,7 +65,7 @@ $NetBSD: patch-al,v 1.4 2008/12/17 12:49:51 tron Exp $ OpenUNIX*|UnixWare*) if test "$GCC" = "yes" then LDSHARED='$(CC) -shared' -@@ -11604,6 +11613,7 @@ then +@@ -11600,6 +11607,7 @@ then Linux*|GNU*) CCSHARED="-fPIC";; BSD/OS*/4*) CCSHARED="-fpic";; FreeBSD*|NetBSD*|OpenBSD*|DragonFly*) CCSHARED="-fPIC";; @@ -82,7 +73,7 @@ $NetBSD: patch-al,v 1.4 2008/12/17 12:49:51 tron Exp $ OpenUNIX*|UnixWare*) if test "$GCC" = "yes" then CCSHARED="-fPIC" -@@ -11661,6 +11671,7 @@ then +@@ -11657,6 +11665,7 @@ then then LINKFORSHARED="-Wl,--export-dynamic" fi;; diff --git a/lang/python25/patches/patch-am b/lang/python25/patches/patch-am index b445c0d99e8..1d91fe656d5 100644 --- a/lang/python25/patches/patch-am +++ b/lang/python25/patches/patch-am @@ -1,7 +1,7 @@ -$NetBSD: patch-am,v 1.1.1.1 2008/04/24 01:50:58 tnn Exp $ +$NetBSD: patch-am,v 1.2 2009/04/11 19:42:23 snj Exp $ ---- setup.py.orig 2008-02-05 00:41:02.000000000 +0100 -+++ setup.py +--- setup.py.orig 2008-10-16 11:58:19.000000000 -0700 ++++ setup.py 2009-03-20 15:01:44.000000000 -0700 @@ -15,7 +15,7 @@ from distutils.command.install import in from distutils.command.install_lib import install_lib @@ -30,7 +30,7 @@ $NetBSD: patch-am,v 1.1.1.1 2008/04/24 01:50:58 tnn Exp $ # Add paths specified in the environment variables LDFLAGS and # CPPFLAGS for header and library files. -@@ -533,9 +539,7 @@ class PyBuildExt(build_ext): +@@ -534,9 +540,7 @@ class PyBuildExt(build_ext): if krb5_h: ssl_incs += krb5_h ssl_libs = find_library_file(self.compiler, 'ssl',lib_dirs, @@ -41,7 +41,7 @@ $NetBSD: patch-am,v 1.1.1.1 2008/04/24 01:50:58 tnn Exp $ if (ssl_incs is not None and ssl_libs is not None): -@@ -608,269 +612,51 @@ class PyBuildExt(build_ext): +@@ -609,269 +613,51 @@ class PyBuildExt(build_ext): # a release. Most open source OSes come with one or more # versions of BerkeleyDB already installed. @@ -233,7 +233,7 @@ $NetBSD: patch-am,v 1.1.1.1 2008/04/24 01:50:58 tnn Exp $ - break - else: - if sqlite_setup_debug: -- print "%s: version %d is too old, need >= %s"%(d, +- print "%s: version %r is too old, need >= %r"%(d, - sqlite_version, MIN_SQLITE_VERSION) - elif sqlite_setup_debug: - print "sqlite: %s had no SQLITE_VERSION"%(f,) @@ -350,7 +350,7 @@ $NetBSD: patch-am,v 1.1.1.1 2008/04/24 01:50:58 tnn Exp $ # The standard Unix dbm module: if platform not in ['cygwin']: -@@ -883,6 +669,13 @@ class PyBuildExt(build_ext): +@@ -884,6 +670,13 @@ class PyBuildExt(build_ext): exts.append( Extension('dbm', ['dbmmodule.c'], define_macros=[('HAVE_NDBM_H',None)], libraries = ndbm_libs ) ) @@ -364,7 +364,7 @@ $NetBSD: patch-am,v 1.1.1.1 2008/04/24 01:50:58 tnn Exp $ elif (self.compiler.find_library_file(lib_dirs, 'gdbm') and find_file("gdbm/ndbm.h", inc_dirs, []) is not None): exts.append( Extension('dbm', ['dbmmodule.c'], -@@ -1535,8 +1328,8 @@ def main(): +@@ -1536,8 +1329,8 @@ def main(): ext_modules=[Extension('_struct', ['_struct.c'])], # Scripts to install diff --git a/lang/python25/patches/patch-aq b/lang/python25/patches/patch-aq deleted file mode 100644 index 12187749ba7..00000000000 --- a/lang/python25/patches/patch-aq +++ /dev/null @@ -1,26 +0,0 @@ -$NetBSD: patch-aq,v 1.1.1.1 2008/04/24 01:50:58 tnn Exp $ - -Fixed warnings from the portability checks: -- test(1) doesn't need to know the == operator. -- $RANDOM is not required by POSIX. - ---- Tools/faqwiz/move-faqwiz.sh.orig 2002-03-18 03:56:23.000000000 -0500 -+++ Tools/faqwiz/move-faqwiz.sh -@@ -9,7 +9,7 @@ - # blackjesus:~> ./move-faqwiz.sh 2\.1 3\.2 - # Moving FAQ question 02.001 to 03.002 - --if [ x$2 == x ]; then -+if [ $# -ne 2 ]; then - echo "Need 2 args: original_version final_version." - exit 2 - fi -@@ -28,7 +28,7 @@ cut_n_pad $1 1 prefix1 - cut_n_pad $1 2 suffix1 - cut_n_pad $2 1 prefix2 - cut_n_pad $2 2 suffix2 --tmpfile=tmp$RANDOM.tmp -+tmpfile=tmp-$$-$RANDOM.tmp - file1=faq$prefix1.$suffix1.htp - file2=faq$prefix2.$suffix2.htp - diff --git a/lang/python25/patches/patch-at b/lang/python25/patches/patch-at index 0a09ce43a34..a4c44c1068a 100644 --- a/lang/python25/patches/patch-at +++ b/lang/python25/patches/patch-at @@ -1,25 +1,13 @@ -$NetBSD: patch-at,v 1.2 2008/08/30 10:02:33 tron Exp $ +$NetBSD: patch-at,v 1.3 2009/04/11 19:42:23 snj Exp $ -The first change is part of the fix for CVE-2008-2315 taken from Gentto. - ---- Modules/mmapmodule.c.orig 2006-08-22 14:57:07.000000000 +0100 -+++ Modules/mmapmodule.c 2008-08-30 10:16:13.000000000 +0100 -@@ -223,7 +223,7 @@ - return(NULL); - - /* silently 'adjust' out-of-range requests */ -- if ((self->pos + num_bytes) > self->size) { -+ if (num_bytes > self->size - self->pos) { - num_bytes -= (self->pos+num_bytes) - self->size; - } - result = Py_BuildValue("s#", self->data+self->pos, num_bytes); -@@ -449,6 +449,9 @@ +--- Modules/mmapmodule.c.orig 2009-03-20 15:07:16.000000000 -0700 ++++ Modules/mmapmodule.c 2009-03-20 15:07:34.000000000 -0700 +@@ -449,6 +449,8 @@ mmap_resize_method(mmap_object *self, #ifdef MREMAP_MAYMOVE newmap = mremap(self->data, self->size, new_size, MREMAP_MAYMOVE); +#elif defined(__NetBSD__) -+ newmap = mremap(self->data, self->size, self->data, new_size, 0); -+ ++ newmap = mremap(self->data, self->size, self->data, new_size, 0); #else newmap = mremap(self->data, self->size, new_size, 0); #endif diff --git a/lang/python25/patches/patch-au b/lang/python25/patches/patch-au index 895dbe2552f..64453682356 100644 --- a/lang/python25/patches/patch-au +++ b/lang/python25/patches/patch-au @@ -1,10 +1,10 @@ -$NetBSD: patch-au,v 1.2 2008/06/27 19:57:49 tron Exp $ +$NetBSD: patch-au,v 1.3 2009/04/11 19:42:23 snj Exp $ ---- Makefile.pre.in.orig 2007-12-05 14:43:57.000000000 -0600 -+++ Makefile.pre.in +--- Makefile.pre.in.orig 2008-09-21 17:22:44.000000000 -0700 ++++ Makefile.pre.in 2009-03-20 15:09:36.000000000 -0700 @@ -376,6 +376,12 @@ libpython$(VERSION).so: $(LIBRARY_OBJS) libpython$(VERSION).sl: $(LIBRARY_OBJS) - $(LDSHARED) -o $@ $(LIBRARY_OBJS) $(SHLIBS) $(LIBC) $(LIBM) + $(LDSHARED) $(LDFLAGS) -o $@ $(LIBRARY_OBJS) $(SHLIBS) $(LIBC) $(LIBM) $(LDLAST) +libpython$(VERSION).dylib: $(LIBRARY_OBJS) + $(LINKCC) -dynamiclib -install_name $(LIBDIR)/$@ \ diff --git a/lang/python25/patches/patch-ba b/lang/python25/patches/patch-ba deleted file mode 100644 index 3188215190a..00000000000 --- a/lang/python25/patches/patch-ba +++ /dev/null @@ -1,119 +0,0 @@ -$NetBSD: patch-ba,v 1.1 2008/08/30 10:02:33 tron Exp $ - -Patch for CVE-2008-2315 taken from Gentoo. - ---- Objects/unicodeobject.c.orig 2007-11-02 22:46:38.000000000 +0000 -+++ Objects/unicodeobject.c 2008-08-30 10:16:13.000000000 +0100 -@@ -239,6 +239,11 @@ - return unicode_empty; - } - -+ /* Ensure we won't overflow the size. */ -+ if (length > ((PY_SSIZE_T_MAX / sizeof(Py_UNICODE)) - 1)) { -+ return (PyUnicodeObject *)PyErr_NoMemory(); -+ } -+ - /* Unicode freelist & memory allocation */ - if (unicode_freelist) { - unicode = unicode_freelist; -@@ -1091,6 +1096,9 @@ - char * out; - char * start; - -+ if (cbAllocated / 5 != size) -+ return PyErr_NoMemory(); -+ - if (size == 0) - return PyString_FromStringAndSize(NULL, 0); - -@@ -1689,8 +1697,9 @@ - { - PyObject *v; - unsigned char *p; -+ Py_ssize_t nsize, bytesize; - #ifdef Py_UNICODE_WIDE -- int i, pairs; -+ Py_ssize_t i, pairs; - #else - const int pairs = 0; - #endif -@@ -1713,8 +1722,15 @@ - if (s[i] >= 0x10000) - pairs++; - #endif -- v = PyString_FromStringAndSize(NULL, -- 2 * (size + pairs + (byteorder == 0))); -+ /* 2 * (size + pairs + (byteorder == 0)) */ -+ if (size > PY_SSIZE_T_MAX || -+ size > PY_SSIZE_T_MAX - pairs - (byteorder == 0)) -+ return PyErr_NoMemory(); -+ nsize = (size + pairs + (byteorder == 0)); -+ bytesize = nsize * 2; -+ if (bytesize / 2 != nsize) -+ return PyErr_NoMemory(); -+ v = PyString_FromStringAndSize(NULL, bytesize); - if (v == NULL) - return NULL; - -@@ -2042,6 +2058,11 @@ - char *p; - - static const char *hexdigit = "0123456789abcdef"; -+#ifdef Py_UNICODE_WIDE -+ const Py_ssize_t expandsize = 10; -+#else -+ const Py_ssize_t expandsize = 6; -+#endif - - /* Initial allocation is based on the longest-possible unichr - escape. -@@ -2057,13 +2078,12 @@ - escape. - */ - -+ if (size > (PY_SSIZE_T_MAX - 2 - 1) / expandsize) -+ return PyErr_NoMemory(); -+ - repr = PyString_FromStringAndSize(NULL, - 2 --#ifdef Py_UNICODE_WIDE -- + 10*size --#else -- + 6*size --#endif -+ + expandsize*size - + 1); - if (repr == NULL) - return NULL; -@@ -2304,12 +2324,16 @@ - char *q; - - static const char *hexdigit = "0123456789abcdef"; -- - #ifdef Py_UNICODE_WIDE -- repr = PyString_FromStringAndSize(NULL, 10 * size); -+ const Py_ssize_t expandsize = 10; - #else -- repr = PyString_FromStringAndSize(NULL, 6 * size); -+ const Py_ssize_t expandsize = 6; - #endif -+ -+ if (size > PY_SSIZE_T_MAX / expandsize) -+ return PyErr_NoMemory(); -+ -+ repr = PyString_FromStringAndSize(NULL, expandsize * size); - if (repr == NULL) - return NULL; - if (size == 0) -@@ -4719,6 +4743,11 @@ - return self; - } - -+ if (left > PY_SSIZE_T_MAX - self->length || -+ right > PY_SSIZE_T_MAX - (left + self->length)) { -+ PyErr_SetString(PyExc_OverflowError, "padded string is too long"); -+ return NULL; -+ } - u = _PyUnicode_New(left + self->length + right); - if (u) { - if (left) diff --git a/lang/python25/patches/patch-bb b/lang/python25/patches/patch-bb deleted file mode 100644 index 5b50f048265..00000000000 --- a/lang/python25/patches/patch-bb +++ /dev/null @@ -1,21 +0,0 @@ -$NetBSD: patch-bb,v 1.1 2008/08/30 10:02:33 tron Exp $ - -Patch for CVE-2008-2315 taken from Gentoo. - ---- Objects/tupleobject.c.orig 2006-08-12 18:03:09.000000000 +0100 -+++ Objects/tupleobject.c 2008-08-30 10:16:13.000000000 +0100 -@@ -60,11 +60,12 @@ - Py_ssize_t nbytes = size * sizeof(PyObject *); - /* Check for overflow */ - if (nbytes / sizeof(PyObject *) != (size_t)size || -- (nbytes += sizeof(PyTupleObject) - sizeof(PyObject *)) -- <= 0) -+ (nbytes > PY_SSIZE_T_MAX - sizeof(PyTupleObject) - sizeof(PyObject *))) - { - return PyErr_NoMemory(); - } -+ nbytes += sizeof(PyTupleObject) - sizeof(PyObject *); -+ - op = PyObject_GC_NewVar(PyTupleObject, &PyTuple_Type, size); - if (op == NULL) - return NULL; diff --git a/lang/python25/patches/patch-bc b/lang/python25/patches/patch-bc deleted file mode 100644 index 975bfb0b0a1..00000000000 --- a/lang/python25/patches/patch-bc +++ /dev/null @@ -1,17 +0,0 @@ -$NetBSD: patch-bc,v 1.1 2008/08/30 10:02:33 tron Exp $ - -Patch for CVE-2008-2315 taken from Gentoo. - ---- Objects/bufferobject.c.orig 2008-02-14 11:26:18.000000000 +0000 -+++ Objects/bufferobject.c 2008-08-30 10:16:13.000000000 +0100 -@@ -427,6 +427,10 @@ - count = 0; - if (!get_buf(self, &ptr, &size, ANY_BUFFER)) - return NULL; -+ if (count > PY_SSIZE_T_MAX / size) { -+ PyErr_SetString(PyExc_MemoryError, "result too large"); -+ return NULL; -+ } - ob = PyString_FromStringAndSize(NULL, size * count); - if ( ob == NULL ) - return NULL; diff --git a/lang/python25/patches/patch-bd b/lang/python25/patches/patch-bd deleted file mode 100644 index 06ae261508e..00000000000 --- a/lang/python25/patches/patch-bd +++ /dev/null @@ -1,15 +0,0 @@ -$NetBSD: patch-bd,v 1.1 2008/08/30 10:02:33 tron Exp $ - -Patch for CVE-2008-2315 taken from Gentoo. - ---- Objects/longobject.c.orig 2007-05-07 19:30:48.000000000 +0100 -+++ Objects/longobject.c 2008-08-30 10:16:13.000000000 +0100 -@@ -70,6 +70,8 @@ - PyErr_NoMemory(); - return NULL; - } -+ /* XXX(nnorwitz): This can overflow -- -+ PyObject_NEW_VAR / _PyObject_VAR_SIZE need to detect overflow */ - return PyObject_NEW_VAR(PyLongObject, &PyLong_Type, size); - } - diff --git a/lang/python25/patches/patch-be b/lang/python25/patches/patch-be deleted file mode 100644 index 81798e3a973..00000000000 --- a/lang/python25/patches/patch-be +++ /dev/null @@ -1,53 +0,0 @@ -$NetBSD: patch-be,v 1.1 2008/08/30 10:02:33 tron Exp $ - -Patch for CVE-2008-2315 taken from Gentoo. - ---- Objects/stringobject.c.orig 2007-11-07 01:19:49.000000000 +0000 -+++ Objects/stringobject.c 2008-08-30 10:16:13.000000000 +0100 -@@ -71,6 +71,11 @@ - return (PyObject *)op; - } - -+ if (size > PY_SSIZE_T_MAX - sizeof(PyStringObject)) { -+ PyErr_SetString(PyExc_OverflowError, "string is too large"); -+ return NULL; -+ } -+ - /* Inline PyObject_NewVar */ - op = (PyStringObject *)PyObject_MALLOC(sizeof(PyStringObject) + size); - if (op == NULL) -@@ -106,7 +111,7 @@ - - assert(str != NULL); - size = strlen(str); -- if (size > PY_SSIZE_T_MAX) { -+ if (size > PY_SSIZE_T_MAX - sizeof(PyStringObject)) { - PyErr_SetString(PyExc_OverflowError, - "string is too long for a Python string"); - return NULL; -@@ -967,14 +972,24 @@ - Py_INCREF(a); - return (PyObject *)a; - } -+ /* Check that string sizes are not negative, to prevent an -+ overflow in cases where we are passed incorrectly-created -+ strings with negative lengths (due to a bug in other code). -+ */ - size = a->ob_size + b->ob_size; -- if (size < 0) { -+ if (a->ob_size < 0 || b->ob_size < 0 || -+ a->ob_size > PY_SSIZE_T_MAX - b->ob_size) { - PyErr_SetString(PyExc_OverflowError, - "strings are too large to concat"); - return NULL; - } - - /* Inline PyObject_NewVar */ -+ if (size > PY_SSIZE_T_MAX - sizeof(PyStringObject)) { -+ PyErr_SetString(PyExc_OverflowError, -+ "strings are too large to concat"); -+ return NULL; -+ } - op = (PyStringObject *)PyObject_MALLOC(sizeof(PyStringObject) + size); - if (op == NULL) - return PyErr_NoMemory(); diff --git a/lang/python25/patches/patch-bf b/lang/python25/patches/patch-bf deleted file mode 100644 index ff7211e0a2c..00000000000 --- a/lang/python25/patches/patch-bf +++ /dev/null @@ -1,25 +0,0 @@ -$NetBSD: patch-bf,v 1.1 2008/08/30 10:02:33 tron Exp $ - -Patch for CVE-2008-2315 taken from Gentoo. - ---- Lib/test/seq_tests.py.orig 2007-11-12 20:04:41.000000000 +0000 -+++ Lib/test/seq_tests.py 2008-08-30 10:16:13.000000000 +0100 -@@ -307,11 +307,13 @@ - self.assertEqual(id(s), id(s*1)) - - def test_bigrepeat(self): -- x = self.type2test([0]) -- x *= 2**16 -- self.assertRaises(MemoryError, x.__mul__, 2**16) -- if hasattr(x, '__imul__'): -- self.assertRaises(MemoryError, x.__imul__, 2**16) -+ import sys -+ if sys.maxint <= 2147483647: -+ x = self.type2test([0]) -+ x *= 2**16 -+ self.assertRaises(MemoryError, x.__mul__, 2**16) -+ if hasattr(x, '__imul__'): -+ self.assertRaises(MemoryError, x.__imul__, 2**16) - - def test_subscript(self): - a = self.type2test([10, 11]) diff --git a/lang/python25/patches/patch-bg b/lang/python25/patches/patch-bg deleted file mode 100644 index 82b6d143a38..00000000000 --- a/lang/python25/patches/patch-bg +++ /dev/null @@ -1,32 +0,0 @@ -$NetBSD: patch-bg,v 1.1 2008/08/30 10:02:33 tron Exp $ - -Patch for CVE-2008-2315 taken from Gentoo. - ---- Lib/test/test_strop.py.orig 2002-07-31 00:27:12.000000000 +0100 -+++ Lib/test/test_strop.py 2008-08-30 10:16:13.000000000 +0100 -@@ -115,6 +115,25 @@ - strop.uppercase - strop.whitespace - -+ @test_support.precisionbigmemtest(size=test_support._2G - 1, memuse=5) -+ def test_stropjoin_huge_list(self, size): -+ a = "A" * size -+ try: -+ r = strop.join([a, a], a) -+ except OverflowError: -+ pass -+ else: -+ self.assertEquals(len(r), len(a) * 3) -+ -+ @test_support.precisionbigmemtest(size=test_support._2G - 1, memuse=1) -+ def test_stropjoin_huge_tup(self, size): -+ a = "A" * size -+ try: -+ r = strop.join((a, a), a) -+ except OverflowError: -+ pass # acceptable on 32-bit -+ else: -+ self.assertEquals(len(r), len(a) * 3) - - transtable = '\000\001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037 !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`xyzdefghijklmnopqrstuvwxyz{|}~\177\200\201\202\203\204\205\206\207\210\211\212\213\214\215\216\217\220\221\222\223\224\225\226\227\230\231\232\233\234\235\236\237\240\241\242\243\244\245\246\247\250\251\252\253\254\255\256\257\260\261\262\263\264\265\266\267\270\271\272\273\274\275\276\277\300\301\302\303\304\305\306\307\310\311\312\313\314\315\316\317\320\321\322\323\324\325\326\327\330\331\332\333\334\335\336\337\340\341\342\343\344\345\346\347\350\351\352\353\354\355\356\357\360\361\362\363\364\365\366\367\370\371\372\373\374\375\376\377' - diff --git a/lang/python25/patches/patch-bh b/lang/python25/patches/patch-bh deleted file mode 100644 index 2f1ecfb0384..00000000000 --- a/lang/python25/patches/patch-bh +++ /dev/null @@ -1,167 +0,0 @@ -$NetBSD: patch-bh,v 1.1 2008/08/30 10:02:33 tron Exp $ - -Patch for CVE-2008-2315 taken from Gentoo. - ---- Lib/test/test_bigmem.py.orig 2007-11-30 21:53:17.000000000 +0000 -+++ Lib/test/test_bigmem.py 2008-08-30 10:16:13.000000000 +0100 -@@ -1,5 +1,5 @@ - from test import test_support --from test.test_support import bigmemtest, _1G, _2G -+from test.test_support import bigmemtest, _1G, _2G, _4G, precisionbigmemtest - - import unittest - import operator -@@ -54,6 +54,22 @@ - self.assertEquals(s[lpadsize:-rpadsize], SUBSTR) - self.assertEquals(s.strip(), SUBSTR.strip()) - -+ @precisionbigmemtest(size=_2G - 1, memuse=1) -+ def test_center_unicode(self, size): -+ SUBSTR = u' abc def ghi' -+ try: -+ s = SUBSTR.center(size) -+ except OverflowError: -+ pass # acceptable on 32-bit -+ else: -+ self.assertEquals(len(s), size) -+ lpadsize = rpadsize = (len(s) - len(SUBSTR)) // 2 -+ if len(s) % 2: -+ lpadsize += 1 -+ self.assertEquals(s[lpadsize:-rpadsize], SUBSTR) -+ self.assertEquals(s.strip(), SUBSTR.strip()) -+ del s -+ - @bigmemtest(minsize=_2G, memuse=2) - def test_count(self, size): - SUBSTR = ' abc def ghi' -@@ -70,10 +86,44 @@ - s = '.' * size - self.assertEquals(len(s.decode('utf-8')), size) - -+ def basic_encode_test(self, size, enc, c=u'.', expectedsize=None): -+ if expectedsize is None: -+ expectedsize = size -+ -+ s = c * size -+ self.assertEquals(len(s.encode(enc)), expectedsize) -+ - @bigmemtest(minsize=_2G + 2, memuse=3) - def test_encode(self, size): -- s = u'.' * size -- self.assertEquals(len(s.encode('utf-8')), size) -+ return self.basic_encode_test(size, 'utf-8') -+ -+ @precisionbigmemtest(size=_4G / 6 + 2, memuse=2) -+ def test_encode_raw_unicode_escape(self, size): -+ try: -+ return self.basic_encode_test(size, 'raw_unicode_escape') -+ except MemoryError: -+ pass # acceptable on 32-bit -+ -+ @precisionbigmemtest(size=_4G / 5 + 70, memuse=3) -+ def test_encode_utf7(self, size): -+ try: -+ return self.basic_encode_test(size, 'utf7') -+ except MemoryError: -+ pass # acceptable on 32-bit -+ -+ @precisionbigmemtest(size=_2G-1, memuse=2) -+ def test_decodeascii(self, size): -+ return self.basic_encode_test(size, 'ascii', c='A') -+ -+ @precisionbigmemtest(size=_4G / 5, memuse=6+2) -+ def test_unicode_repr_oflw(self, size): -+ try: -+ s = u"\uAAAA"*size -+ r = repr(s) -+ except MemoryError: -+ pass # acceptable on 32-bit -+ else: -+ self.failUnless(s == eval(r)) - - @bigmemtest(minsize=_2G, memuse=2) - def test_endswith(self, size): -@@ -459,6 +509,11 @@ - self.assertEquals(s.count('\\'), size) - self.assertEquals(s.count('0'), size * 2) - -+ @bigmemtest(minsize=2**32 / 5, memuse=6+2) -+ def test_unicode_repr(self, size): -+ s = u"\uAAAA" * size -+ self.failUnless(len(repr(s)) > size) -+ - # This test is meaningful even with size < 2G, as long as the - # doubled string is > 2G (but it tests more if both are > 2G :) - @bigmemtest(minsize=_1G + 2, memuse=3) -@@ -642,6 +697,35 @@ - def test_repeat_large(self, size): - return self.basic_test_repeat(size) - -+ @bigmemtest(minsize=_1G - 1, memuse=12) -+ def test_repeat_large_2(self, size): -+ return self.basic_test_repeat(size) -+ -+ @precisionbigmemtest(size=_1G - 1, memuse=9) -+ def test_from_2G_generator(self, size): -+ try: -+ t = tuple(xrange(size)) -+ except MemoryError: -+ pass # acceptable on 32-bit -+ else: -+ count = 0 -+ for item in t: -+ self.assertEquals(item, count) -+ count += 1 -+ self.assertEquals(count, size) -+ -+ @precisionbigmemtest(size=_1G - 25, memuse=9) -+ def test_from_almost_2G_generator(self, size): -+ try: -+ t = tuple(xrange(size)) -+ count = 0 -+ for item in t: -+ self.assertEquals(item, count) -+ count += 1 -+ self.assertEquals(count, size) -+ except MemoryError: -+ pass # acceptable, expected on 32-bit -+ - # Like test_concat, split in two. - def basic_test_repr(self, size): - t = (0,) * size -@@ -957,8 +1041,34 @@ - self.assertEquals(l[:10], [1] * 10) - self.assertEquals(l[-10:], [5] * 10) - -+class BufferTest(unittest.TestCase): -+ -+ @precisionbigmemtest(size=_1G, memuse=4) -+ def test_repeat(self, size): -+ try: -+ b = buffer("AAAA")*size -+ except MemoryError: -+ pass # acceptable on 32-bit -+ else: -+ count = 0 -+ for c in b: -+ self.assertEquals(c, 'A') -+ count += 1 -+ self.assertEquals(count, size*4) -+ - def test_main(): -- test_support.run_unittest(StrTest, TupleTest, ListTest) -+ test_support.run_unittest(StrTest, TupleTest, ListTest, BufferTest) -+ -+# Expected failures (crashers) -+# del StrTest.test_center_unicode -+del StrTest.test_decodeascii -+# del StrTest.test_encode_utf32 -+# del StrTest.test_encode_utf7 -+# del StrTest.test_encode_raw_unicode_escape -+# -+# del TupleTest.test_from_2G_generator -+# -+# del BufferTest.test_repeat - - if __name__ == '__main__': - if len(sys.argv) > 1: diff --git a/lang/python25/patches/patch-bi b/lang/python25/patches/patch-bi deleted file mode 100644 index ba8dd943ed5..00000000000 --- a/lang/python25/patches/patch-bi +++ /dev/null @@ -1,66 +0,0 @@ -$NetBSD: patch-bi,v 1.1 2008/08/30 10:02:33 tron Exp $ - -Patch for CVE-2008-2315 taken from Gentoo. - ---- Lib/test/test_support.py.orig 2008-01-27 01:24:44.000000000 +0000 -+++ Lib/test/test_support.py 2008-08-30 10:16:13.000000000 +0100 -@@ -33,6 +33,7 @@ - use_resources = None # Flag set to [] by regrtest.py - max_memuse = 0 # Disable bigmem tests (they will still be run with - # small sizes, to make sure they work.) -+real_max_memuse = 0 - - # _original_stdout is meant to hold stdout at the time regrtest began. - # This may be "the real" stdout, or IDLE's emulation of stdout, or whatever. -@@ -323,6 +324,7 @@ - _1M = 1024*1024 - _1G = 1024 * _1M - _2G = 2 * _1G -+_4G = 4 * _1G - - # Hack to get at the maximum value an internal index can take. - class _Dummy: -@@ -333,6 +335,7 @@ - def set_memlimit(limit): - import re - global max_memuse -+ global real_max_memuse - sizes = { - 'k': 1024, - 'm': _1M, -@@ -344,6 +347,7 @@ - if m is None: - raise ValueError('Invalid memory limit %r' % (limit,)) - memlimit = int(float(m.group(1)) * sizes[m.group(3).lower()]) -+ real_max_memuse = memlimit - if memlimit > MAX_Py_ssize_t: - memlimit = MAX_Py_ssize_t - if memlimit < _2G - 1: -@@ -389,6 +393,27 @@ - return wrapper - return decorator - -+def precisionbigmemtest(size, memuse, overhead=5*_1M): -+ def decorator(f): -+ def wrapper(self): -+ if not real_max_memuse: -+ maxsize = 5147 -+ else: -+ maxsize = size -+ -+ if real_max_memuse and real_max_memuse < maxsize * memuse: -+ if verbose: -+ sys.stderr.write("Skipping %s because of memory " -+ "constraint\n" % (f.__name__,)) -+ return -+ -+ return f(self, maxsize) -+ wrapper.size = size -+ wrapper.memuse = memuse -+ wrapper.overhead = overhead -+ return wrapper -+ return decorator -+ - def bigaddrspacetest(f): - """Decorator for tests that fill the address space.""" - def wrapper(self): diff --git a/lang/python25/patches/patch-bj b/lang/python25/patches/patch-bj deleted file mode 100644 index b5358ed12ef..00000000000 --- a/lang/python25/patches/patch-bj +++ /dev/null @@ -1,35 +0,0 @@ -$NetBSD: patch-bj,v 1.1 2008/08/30 10:02:33 tron Exp $ - -Patch for CVE-2008-2315 taken from Gentoo. - ---- Modules/stropmodule.c.orig 2008-02-14 11:26:18.000000000 +0000 -+++ Modules/stropmodule.c 2008-08-30 10:16:13.000000000 +0100 -@@ -216,6 +216,13 @@ - return NULL; - } - slen = PyString_GET_SIZE(item); -+ if (slen > PY_SSIZE_T_MAX - reslen || -+ seplen > PY_SSIZE_T_MAX - reslen - seplen) { -+ PyErr_SetString(PyExc_OverflowError, -+ "input too long"); -+ Py_DECREF(res); -+ return NULL; -+ } - while (reslen + slen + seplen >= sz) { - if (_PyString_Resize(&res, sz * 2) < 0) - return NULL; -@@ -253,6 +260,14 @@ - return NULL; - } - slen = PyString_GET_SIZE(item); -+ if (slen > PY_SSIZE_T_MAX - reslen || -+ seplen > PY_SSIZE_T_MAX - reslen - seplen) { -+ PyErr_SetString(PyExc_OverflowError, -+ "input too long"); -+ Py_DECREF(res); -+ Py_XDECREF(item); -+ return NULL; -+ } - while (reslen + slen + seplen >= sz) { - if (_PyString_Resize(&res, sz * 2) < 0) { - Py_DECREF(item); diff --git a/lang/python25/patches/patch-bk b/lang/python25/patches/patch-bk deleted file mode 100644 index 4bf068cc01a..00000000000 --- a/lang/python25/patches/patch-bk +++ /dev/null @@ -1,27 +0,0 @@ -$NetBSD: patch-bk,v 1.1 2008/08/30 10:02:33 tron Exp $ - -Patch for CVE-2008-2315 taken from Gentoo. - ---- Modules/gcmodule.c.orig 2006-10-09 20:42:33.000000000 +0100 -+++ Modules/gcmodule.c 2008-08-30 10:16:13.000000000 +0100 -@@ -1318,7 +1318,10 @@ - _PyObject_GC_Malloc(size_t basicsize) - { - PyObject *op; -- PyGC_Head *g = (PyGC_Head *)PyObject_MALLOC( -+ PyGC_Head *g; -+ if (basicsize > PY_SSIZE_T_MAX - sizeof(PyGC_Head)) -+ return PyErr_NoMemory(); -+ g = (PyGC_Head *)PyObject_MALLOC( - sizeof(PyGC_Head) + basicsize); - if (g == NULL) - return PyErr_NoMemory(); -@@ -1361,6 +1364,8 @@ - { - const size_t basicsize = _PyObject_VAR_SIZE(op->ob_type, nitems); - PyGC_Head *g = AS_GC(op); -+ if (basicsize > PY_SSIZE_T_MAX - sizeof(PyGC_Head)) -+ return (PyVarObject *)PyErr_NoMemory(); - g = (PyGC_Head *)PyObject_REALLOC(g, sizeof(PyGC_Head) + basicsize); - if (g == NULL) - return (PyVarObject *)PyErr_NoMemory(); diff --git a/lang/python25/patches/patch-ca b/lang/python25/patches/patch-ca deleted file mode 100644 index 1db3615f669..00000000000 --- a/lang/python25/patches/patch-ca +++ /dev/null @@ -1,62 +0,0 @@ -$NetBSD: patch-ca,v 1.1 2008/08/30 10:02:33 tron Exp $ - -Patch for CVE-2008-3142 taken from Gentoo. - ---- Include/pymem.h.orig 2008-02-14 11:26:18.000000000 +0000 -+++ Include/pymem.h 2008-08-30 10:39:43.000000000 +0100 -@@ -67,8 +67,12 @@ - for malloc(0), which would be treated as an error. Some platforms - would return a pointer with no memory behind it, which would break - pymalloc. To solve these problems, allocate an extra byte. */ --#define PyMem_MALLOC(n) malloc((n) ? (n) : 1) --#define PyMem_REALLOC(p, n) realloc((p), (n) ? (n) : 1) -+/* Returns NULL to indicate error if a negative size or size larger than -+ Py_ssize_t can represent is supplied. Helps prevents security holes. */ -+#define PyMem_MALLOC(n) (((n) < 0 || (n) > PY_SSIZE_T_MAX) ? NULL \ -+ : malloc((n) ? (n) : 1)) -+#define PyMem_REALLOC(p, n) (((n) < 0 || (n) > PY_SSIZE_T_MAX) ? NULL \ -+ : realloc((p), (n) ? (n) : 1)) - #define PyMem_FREE free - - #endif /* PYMALLOC_DEBUG */ -@@ -77,24 +81,31 @@ - * Type-oriented memory interface - * ============================== - * -- * These are carried along for historical reasons. There's rarely a good -- * reason to use them anymore (you can just as easily do the multiply and -- * cast yourself). -+ * Allocate memory for n objects of the given type. Returns a new pointer -+ * or NULL if the request was too large or memory allocation failed. Use -+ * these macros rather than doing the multiplication yourself so that proper -+ * overflow checking is always done. - */ - - #define PyMem_New(type, n) \ -- ( assert((n) <= PY_SIZE_MAX / sizeof(type)) , \ -+ ( ((n) > PY_SSIZE_T_MAX / sizeof(type)) ? NULL : \ - ( (type *) PyMem_Malloc((n) * sizeof(type)) ) ) - #define PyMem_NEW(type, n) \ -- ( assert((n) <= PY_SIZE_MAX / sizeof(type)) , \ -+ ( ((n) > PY_SSIZE_T_MAX / sizeof(type)) ? NULL : \ - ( (type *) PyMem_MALLOC((n) * sizeof(type)) ) ) - -+/* -+ * The value of (p) is always clobbered by this macro regardless of success. -+ * The caller MUST check if (p) is NULL afterwards and deal with the memory -+ * error if so. This means the original value of (p) MUST be saved for the -+ * caller's memory error handler to not lose track of it. -+ */ - #define PyMem_Resize(p, type, n) \ -- ( assert((n) <= PY_SIZE_MAX / sizeof(type)) , \ -- ( (p) = (type *) PyMem_Realloc((p), (n) * sizeof(type)) ) ) -+ ( (p) = ((n) > PY_SSIZE_T_MAX / sizeof(type)) ? NULL : \ -+ (type *) PyMem_Realloc((p), (n) * sizeof(type)) ) - #define PyMem_RESIZE(p, type, n) \ -- ( assert((n) <= PY_SIZE_MAX / sizeof(type)) , \ -- ( (p) = (type *) PyMem_REALLOC((p), (n) * sizeof(type)) ) ) -+ ( (p) = ((n) > PY_SSIZE_T_MAX / sizeof(type)) ? NULL : \ -+ (type *) PyMem_REALLOC((p), (n) * sizeof(type)) ) - - /* PyMem{Del,DEL} are left over from ancient days, and shouldn't be used - * anymore. They're just confusing aliases for PyMem_{Free,FREE} now. diff --git a/lang/python25/patches/patch-cb b/lang/python25/patches/patch-cb deleted file mode 100644 index 6710f26e275..00000000000 --- a/lang/python25/patches/patch-cb +++ /dev/null @@ -1,38 +0,0 @@ -$NetBSD: patch-cb,v 1.1 2008/08/30 10:02:33 tron Exp $ - -Patch for CVE-2008-3142 taken from Gentoo. - ---- Objects/obmalloc.c.orig 2008-02-14 11:26:18.000000000 +0000 -+++ Objects/obmalloc.c 2008-08-30 10:39:43.000000000 +0100 -@@ -727,6 +727,15 @@ - uint size; - - /* -+ * Limit ourselves to PY_SSIZE_T_MAX bytes to prevent security holes. -+ * Most python internals blindly use a signed Py_ssize_t to track -+ * things without checking for overflows or negatives. -+ * As size_t is unsigned, checking for nbytes < 0 is not required. -+ */ -+ if (nbytes > PY_SSIZE_T_MAX) -+ return NULL; -+ -+ /* - * This implicitly redirects malloc(0). - */ - if ((nbytes - 1) < SMALL_REQUEST_THRESHOLD) { -@@ -1130,6 +1139,15 @@ - if (p == NULL) - return PyObject_Malloc(nbytes); - -+ /* -+ * Limit ourselves to PY_SSIZE_T_MAX bytes to prevent security holes. -+ * Most python internals blindly use a signed Py_ssize_t to track -+ * things without checking for overflows or negatives. -+ * As size_t is unsigned, checking for nbytes < 0 is not required. -+ */ -+ if (nbytes > PY_SSIZE_T_MAX) -+ return NULL; -+ - pool = POOL_ADDR(p); - if (Py_ADDRESS_IN_RANGE(p, pool)) { - /* We're in charge of this block */ diff --git a/lang/python25/patches/patch-cc b/lang/python25/patches/patch-cc deleted file mode 100644 index e7d9558fa3f..00000000000 --- a/lang/python25/patches/patch-cc +++ /dev/null @@ -1,18 +0,0 @@ -$NetBSD: patch-cc,v 1.1 2008/08/30 10:02:33 tron Exp $ - -Patch for CVE-2008-3142 taken from Gentoo. - ---- Modules/almodule.c.orig 2006-09-25 07:53:42.000000000 +0100 -+++ Modules/almodule.c 2008-08-30 10:39:43.000000000 +0100 -@@ -1633,9 +1633,11 @@ - if (nvals < 0) - goto cleanup; - if (nvals > setsize) { -+ ALvalue *old_return_set = return_set; - setsize = nvals; - PyMem_RESIZE(return_set, ALvalue, setsize); - if (return_set == NULL) { -+ return_set = old_return_set; - PyErr_NoMemory(); - goto cleanup; - } diff --git a/lang/python25/patches/patch-cd b/lang/python25/patches/patch-cd deleted file mode 100644 index 8abf9cfe79f..00000000000 --- a/lang/python25/patches/patch-cd +++ /dev/null @@ -1,37 +0,0 @@ -$NetBSD: patch-cd,v 1.1 2008/08/30 10:02:33 tron Exp $ - -Patch for CVE-2008-3142 taken from Gentoo. - ---- Modules/arraymodule.c.orig 2008-02-15 19:11:46.000000000 +0000 -+++ Modules/arraymodule.c 2008-08-30 10:39:43.000000000 +0100 -@@ -816,6 +816,7 @@ - array_do_extend(arrayobject *self, PyObject *bb) - { - Py_ssize_t size; -+ char *old_item; - - if (!array_Check(bb)) - return array_iter_extend(self, bb); -@@ -831,10 +832,11 @@ - return -1; - } - size = self->ob_size + b->ob_size; -+ old_item = self->ob_item; - PyMem_RESIZE(self->ob_item, char, size*self->ob_descr->itemsize); - if (self->ob_item == NULL) { -- PyObject_Del(self); -- PyErr_NoMemory(); -+ self->ob_item = old_item; -+ PyErr_NoMemory(); - return -1; - } - memcpy(self->ob_item + self->ob_size*self->ob_descr->itemsize, -@@ -886,7 +888,7 @@ - if (size > PY_SSIZE_T_MAX / n) { - return PyErr_NoMemory(); - } -- PyMem_Resize(items, char, n * size); -+ PyMem_RESIZE(items, char, n * size); - if (items == NULL) - return PyErr_NoMemory(); - p = items; diff --git a/lang/python25/patches/patch-ce b/lang/python25/patches/patch-ce deleted file mode 100644 index 27f9fd6baf8..00000000000 --- a/lang/python25/patches/patch-ce +++ /dev/null @@ -1,20 +0,0 @@ -$NetBSD: patch-ce,v 1.1 2008/08/30 10:02:33 tron Exp $ - -Patch for CVE-2008-3142 taken from Gentoo. - ---- Modules/selectmodule.c.orig 2006-07-10 02:18:57.000000000 +0100 -+++ Modules/selectmodule.c 2008-08-30 10:39:43.000000000 +0100 -@@ -349,10 +349,12 @@ - { - Py_ssize_t i, pos; - PyObject *key, *value; -+ struct pollfd *old_ufds = self->ufds; - - self->ufd_len = PyDict_Size(self->dict); -- PyMem_Resize(self->ufds, struct pollfd, self->ufd_len); -+ PyMem_RESIZE(self->ufds, struct pollfd, self->ufd_len); - if (self->ufds == NULL) { -+ self->ufds = old_ufds; - PyErr_NoMemory(); - return 0; - } diff --git a/lang/python25/patches/patch-da b/lang/python25/patches/patch-da deleted file mode 100644 index 499a7c340e7..00000000000 --- a/lang/python25/patches/patch-da +++ /dev/null @@ -1,45 +0,0 @@ -$NetBSD: patch-da,v 1.1 2008/08/30 10:02:33 tron Exp $ - -Patch for CVE-2008-2316 taken from Gentoo. - ---- Lib/test/test_hashlib.py.orig 2005-08-21 19:45:59.000000000 +0100 -+++ Lib/test/test_hashlib.py 2008-08-30 10:43:27.000000000 +0100 -@@ -9,7 +9,7 @@ - import hashlib - import unittest - from test import test_support -- -+from test.test_support import _4G, precisionbigmemtest - - def hexstr(s): - import string -@@ -55,7 +55,6 @@ - m2.update(aas + bees + cees) - self.assertEqual(m1.digest(), m2.digest()) - -- - def check(self, name, data, digest): - # test the direct constructors - computed = getattr(hashlib, name)(data).hexdigest() -@@ -75,6 +74,21 @@ - self.check('md5', 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789', - 'd174ab98d277d9f5a5611c2c9f419d9f') - -+ @precisionbigmemtest(size=_4G + 5, memuse=1) -+ def test_case_md5_huge(self, size): -+ if size == _4G + 5: -+ try: -+ self.check('md5', 'A'*size, 'c9af2dff37468ce5dfee8f2cfc0a9c6d') -+ except OverflowError: -+ pass # 32-bit arch -+ -+ @precisionbigmemtest(size=_4G - 1, memuse=1) -+ def test_case_md5_uintmax(self, size): -+ if size == _4G - 1: -+ try: -+ self.check('md5', 'A'*size, '28138d306ff1b8281f1a9067e1a1a2b3') -+ except OverflowError: -+ pass # 32-bit arch - - # use the three examples from Federal Information Processing Standards - # Publication 180-1, Secure Hash Standard, 1995 April 17 diff --git a/lang/python25/patches/patch-db b/lang/python25/patches/patch-db deleted file mode 100644 index db449ee7388..00000000000 --- a/lang/python25/patches/patch-db +++ /dev/null @@ -1,108 +0,0 @@ -$NetBSD: patch-db,v 1.1 2008/08/30 10:02:33 tron Exp $ - -Patch for CVE-2008-2316 taken from Gentoo. - ---- Modules/_hashopenssl.c.orig 2006-05-29 22:04:52.000000000 +0100 -+++ Modules/_hashopenssl.c 2008-08-30 10:43:27.000000000 +0100 -@@ -19,6 +19,8 @@ - /* EVP is the preferred interface to hashing in OpenSSL */ - #include <openssl/evp.h> - -+#define MUNCH_SIZE INT_MAX -+ - - #ifndef HASH_OBJ_CONSTRUCTOR - #define HASH_OBJ_CONSTRUCTOR 0 -@@ -164,9 +166,18 @@ - if (!PyArg_ParseTuple(args, "s#:update", &cp, &len)) - return NULL; - -+ if (len > 0 && len <= MUNCH_SIZE) { - EVP_DigestUpdate(&self->ctx, cp, Py_SAFE_DOWNCAST(len, Py_ssize_t, - unsigned int)); -- -+ } else { -+ Py_ssize_t offset = 0; -+ while (len) { -+ unsigned int process = len > MUNCH_SIZE ? MUNCH_SIZE : len; -+ EVP_DigestUpdate(&self->ctx, cp + offset, process); -+ len -= process; -+ offset += process; -+ } -+ } - Py_INCREF(Py_None); - return Py_None; - } -@@ -255,9 +266,20 @@ - self->name = name_obj; - Py_INCREF(self->name); - -- if (cp && len) -+ if (cp && len) { -+ if (len > 0 && len <= MUNCH_SIZE) { - EVP_DigestUpdate(&self->ctx, cp, Py_SAFE_DOWNCAST(len, Py_ssize_t, - unsigned int)); -+ } else { -+ Py_ssize_t offset = 0; -+ while (len) { -+ unsigned int process = len > MUNCH_SIZE ? MUNCH_SIZE : len; -+ EVP_DigestUpdate(&self->ctx, cp + offset, process); -+ len -= process; -+ offset += process; -+ } -+ } -+ } - - return 0; - } -@@ -328,7 +350,7 @@ - static PyObject * - EVPnew(PyObject *name_obj, - const EVP_MD *digest, const EVP_MD_CTX *initial_ctx, -- const unsigned char *cp, unsigned int len) -+ const unsigned char *cp, Py_ssize_t len) - { - EVPobject *self; - -@@ -346,8 +368,20 @@ - EVP_DigestInit(&self->ctx, digest); - } - -- if (cp && len) -- EVP_DigestUpdate(&self->ctx, cp, len); -+ if (cp && len) { -+ if (len > 0 && len <= MUNCH_SIZE) { -+ EVP_DigestUpdate(&self->ctx, cp, Py_SAFE_DOWNCAST(len, Py_ssize_t, -+ unsigned int)); -+ } else { -+ Py_ssize_t offset = 0; -+ while (len) { -+ unsigned int process = len > MUNCH_SIZE ? MUNCH_SIZE : len; -+ EVP_DigestUpdate(&self->ctx, cp + offset, process); -+ len -= process; -+ offset += process; -+ } -+ } -+ } - - return (PyObject *)self; - } -@@ -384,8 +418,7 @@ - - digest = EVP_get_digestbyname(name); - -- return EVPnew(name_obj, digest, NULL, cp, Py_SAFE_DOWNCAST(len, Py_ssize_t, -- unsigned int)); -+ return EVPnew(name_obj, digest, NULL, cp, len); - } - - /* -@@ -410,7 +443,7 @@ - CONST_ ## NAME ## _name_obj, \ - NULL, \ - CONST_new_ ## NAME ## _ctx_p, \ -- cp, Py_SAFE_DOWNCAST(len, Py_ssize_t, unsigned int)); \ -+ cp, len); \ - } - - /* a PyMethodDef structure for the constructor */ diff --git a/lang/python25/patches/patch-ea b/lang/python25/patches/patch-ea deleted file mode 100644 index c0b391fc066..00000000000 --- a/lang/python25/patches/patch-ea +++ /dev/null @@ -1,59 +0,0 @@ -$NetBSD: patch-ea,v 1.1 2008/08/30 10:02:33 tron Exp $ - -Patch for CVE-2008-3144 taken from Gentoo. - ---- Python/mysnprintf.c.orig 2001-12-21 16:32:15.000000000 +0000 -+++ Python/mysnprintf.c 2008-08-30 10:46:31.000000000 +0100 -@@ -54,18 +54,28 @@ - PyOS_vsnprintf(char *str, size_t size, const char *format, va_list va) - { - int len; /* # bytes written, excluding \0 */ --#ifndef HAVE_SNPRINTF -+#ifdef HAVE_SNPRINTF -+#define _PyOS_vsnprintf_EXTRA_SPACE 1 -+#else -+#define _PyOS_vsnprintf_EXTRA_SPACE 512 - char *buffer; - #endif - assert(str != NULL); - assert(size > 0); - assert(format != NULL); -+ /* We take a size_t as input but return an int. Sanity check -+ * our input so that it won't cause an overflow in the -+ * vsnprintf return value or the buffer malloc size. */ -+ if (size > INT_MAX - _PyOS_vsnprintf_EXTRA_SPACE) { -+ len = -666; -+ goto Done; -+ } - - #ifdef HAVE_SNPRINTF - len = vsnprintf(str, size, format, va); - #else - /* Emulate it. */ -- buffer = PyMem_MALLOC(size + 512); -+ buffer = PyMem_MALLOC(size + _PyOS_vsnprintf_EXTRA_SPACE); - if (buffer == NULL) { - len = -666; - goto Done; -@@ -75,7 +85,7 @@ - if (len < 0) - /* ignore the error */; - -- else if ((size_t)len >= size + 512) -+ else if ((size_t)len >= size + _PyOS_vsnprintf_EXTRA_SPACE) - Py_FatalError("Buffer overflow in PyOS_snprintf/PyOS_vsnprintf"); - - else { -@@ -86,8 +96,10 @@ - str[to_copy] = '\0'; - } - PyMem_FREE(buffer); --Done: - #endif -- str[size-1] = '\0'; -+Done: -+ if (size > 0) -+ str[size-1] = '\0'; - return len; -+#undef _PyOS_vsnprintf_EXTRA_SPACE - } |