diff options
Diffstat (limited to 'lang/python26/patches/patch-CVE-2012-1150-Modules_main.c')
| -rw-r--r-- | lang/python26/patches/patch-CVE-2012-1150-Modules_main.c | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/lang/python26/patches/patch-CVE-2012-1150-Modules_main.c b/lang/python26/patches/patch-CVE-2012-1150-Modules_main.c new file mode 100644 index 00000000000..44d0491b9d7 --- /dev/null +++ b/lang/python26/patches/patch-CVE-2012-1150-Modules_main.c @@ -0,0 +1,59 @@ +$NetBSD: patch-CVE-2012-1150-Modules_main.c,v 1.1 2012/03/25 09:09:05 tron Exp $ + +Fix for CVE-2012-1150 taken from here: + +http://hg.python.org/cpython/rev/6b7704fe1be1 + +--- Modules/main.c.orig 2010-05-09 16:15:40.000000000 +0100 ++++ Modules/main.c 2012-03-25 09:51:50.000000000 +0100 +@@ -40,7 +40,7 @@ + static int orig_argc; + + /* command line options */ +-#define BASE_OPTS "3bBc:dEhiJm:OQ:sStuUvVW:xX?" ++#define BASE_OPTS "3bBc:dEhiJm:OQ:RsStuUvVW:xX?" + + #ifndef RISCOS + #define PROGRAM_OPTS BASE_OPTS +@@ -71,6 +71,9 @@ + -m mod : run library module as a script (terminates option list)\n\ + -O : optimize generated bytecode slightly; also PYTHONOPTIMIZE=x\n\ + -OO : remove doc-strings in addition to the -O optimizations\n\ ++-R : use a pseudo-random salt to make hash() values of various types be\n\ ++ unpredictable between separate invocations of the interpreter, as\n\ ++ a defense against denial-of-service attacks\n\ + -Q arg : division options: -Qold (default), -Qwarn, -Qwarnall, -Qnew\n\ + -s : don't add user site directory to sys.path; also PYTHONNOUSERSITE\n\ + -S : don't imply 'import site' on initialization\n\ +@@ -101,6 +104,12 @@ + PYTHONCASEOK : ignore case in 'import' statements (Windows).\n\ + PYTHONIOENCODING: Encoding[:errors] used for stdin/stdout/stderr.\n\ + "; ++static char *usage_6 = "\ ++PYTHONHASHSEED: if this variable is set to ``random``, the effect is the same \n\ ++ as specifying the :option:`-R` option: a random value is used to seed the\n\ ++ hashes of str, bytes and datetime objects. It can also be set to an integer\n\ ++ in the range [0,4294967295] to get hash values with a predictable seed.\n\ ++"; + + + static int +@@ -117,6 +126,7 @@ + fputs(usage_3, f); + fprintf(f, usage_4, DELIM); + fprintf(f, usage_5, DELIM, PYTHONHOMEHELP); ++ fputs(usage_6, f); + } + #if defined(__VMS) + if (exitcode == 0) { +@@ -388,6 +398,10 @@ + PySys_AddWarnOption(_PyOS_optarg); + break; + ++ case 'R': ++ Py_HashRandomizationFlag++; ++ break; ++ + /* This space reserved for other options */ + + default: |