From 01fbd779f0f419b30a5892521aaecbe2a1eb7c06 Mon Sep 17 00:00:00 2001 From: salo Date: Sat, 5 Nov 2005 15:47:36 +0000 Subject: Pullup ticket 895 - requested by Adrian Portelli security fix for python21 Revisions pulled up: - pkgsrc/lang/python21/Makefile 1.24 - pkgsrc/lang/python21/distinfo 1.20 - pkgsrc/lang/python21/patches/patch-bd 1.1 - pkgsrc/lang/python21/patches/patch-be 1.1 - pkgsrc/lang/python21/patches/patch-bf 1.1 - pkgsrc/lang/python21-pth/Makefile 1.17 Module Name: pkgsrc Committed By: adrianp Date: Tue Nov 1 21:48:32 UTC 2005 Modified Files: pkgsrc/lang/python21-pth: Makefile Log Message: nb bump for security fix --- Module Name: pkgsrc Committed By: adrianp Date: Tue Nov 1 21:49:31 UTC 2005 Modified Files: pkgsrc/lang/python21: Makefile distinfo Added Files: pkgsrc/lang/python21/patches: patch-bd patch-be patch-bf Log Message: Bump to nb8 for PCRE security issue --- lang/python21-pth/Makefile | 4 +-- lang/python21/Makefile | 4 +-- lang/python21/distinfo | 5 ++- lang/python21/patches/patch-bd | 12 +++++++ lang/python21/patches/patch-be | 19 +++++++++++ lang/python21/patches/patch-bf | 73 ++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 112 insertions(+), 5 deletions(-) create mode 100644 lang/python21/patches/patch-bd create mode 100644 lang/python21/patches/patch-be create mode 100644 lang/python21/patches/patch-bf diff --git a/lang/python21-pth/Makefile b/lang/python21-pth/Makefile index 62231985c61..81fb4479ba9 100644 --- a/lang/python21-pth/Makefile +++ b/lang/python21-pth/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.16 2005/04/11 21:46:15 tv Exp $ +# $NetBSD: Makefile,v 1.16.4.1 2005/11/05 15:47:36 salo Exp $ # DISTNAME= Python-2.1.3 PKGNAME= python21-pth-2.1.3 -PKGREVISION= 6 +PKGREVISION= 7 CATEGORIES= lang python MASTER_SITES= # empty DISTFILES= # empty diff --git a/lang/python21/Makefile b/lang/python21/Makefile index a6ede3da49c..eae8c1421db 100644 --- a/lang/python21/Makefile +++ b/lang/python21/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.23 2005/05/29 11:18:35 minskim Exp $ +# $NetBSD: Makefile,v 1.23.4.1 2005/11/05 15:47:36 salo Exp $ # DISTNAME= Python-2.1.3 PKGNAME= python21-2.1.3 -PKGREVISION= 7 +PKGREVISION= 8 CATEGORIES= lang python MASTER_SITES= ftp://ftp.python.org/pub/python/2.1.3/ EXTRACT_SUFX= .tgz diff --git a/lang/python21/distinfo b/lang/python21/distinfo index 4db1a7fe0b2..4744aeb86e1 100644 --- a/lang/python21/distinfo +++ b/lang/python21/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.19 2005/05/29 11:07:49 minskim Exp $ +$NetBSD: distinfo,v 1.19.4.1 2005/11/05 15:47:36 salo Exp $ SHA1 (Python-2.1.3.tgz) = 7042a5c5fd60d334c0ac227885d68a4c305713b4 RMD160 (Python-2.1.3.tgz) = d7216480cf884507d97bf7932767871977fc1ccc @@ -14,3 +14,6 @@ SHA1 (patch-ai) = 6420f2994109b8cce55674ea14d7a974f9e039c6 SHA1 (patch-aj) = ca232f769b57f617496f5c8701a0a32fe55f1fd9 SHA1 (patch-bb) = 81780dd270791238687e57fb2969abe3547ea79d SHA1 (patch-bc) = 6761f59c7403b76420970288dc89330c094f7b2c +SHA1 (patch-bd) = 1fcff14864fbd52f350f63bec57e2952a4715ca4 +SHA1 (patch-be) = e1e5675e8b1059bd7836f8f23382a8305382a91b +SHA1 (patch-bf) = 5a4f05c563d46c66485780c8dd8badac624c4f49 diff --git a/lang/python21/patches/patch-bd b/lang/python21/patches/patch-bd new file mode 100644 index 00000000000..e22d0bf4b66 --- /dev/null +++ b/lang/python21/patches/patch-bd @@ -0,0 +1,12 @@ +$NetBSD: patch-bd,v 1.1.2.2 2005/11/05 15:47:36 salo Exp $ + +--- Modules/pcre.h.orig 2000-06-28 21:56:30.000000000 +0100 ++++ Modules/pcre.h +@@ -40,6 +40,7 @@ extern "C" { + #ifdef FOR_PYTHON + #define PCRE_LOCALE 0x0200 + #endif ++#define PCRE_NO_AUTO_CAPTURE 0x1000 + + /* Exec-time error codes */ + diff --git a/lang/python21/patches/patch-be b/lang/python21/patches/patch-be new file mode 100644 index 00000000000..ad4348480cd --- /dev/null +++ b/lang/python21/patches/patch-be @@ -0,0 +1,19 @@ +$NetBSD: patch-be,v 1.1.2.2 2005/11/05 15:47:36 salo Exp $ + +--- Modules/pcre-int.h.orig 1998-05-07 16:32:38.000000000 +0100 ++++ Modules/pcre-int.h +@@ -81,11 +81,12 @@ only some permitted at run or study time + #define PUBLIC_OPTIONS \ + (PCRE_CASELESS|PCRE_EXTENDED|PCRE_ANCHORED|PCRE_MULTILINE| \ + PCRE_DOTALL|PCRE_DOLLAR_ENDONLY|PCRE_EXTRA|PCRE_UNGREEDY| \ +- PCRE_LOCALE) ++ PCRE_NO_AUTO_CAPTURE|PCRE_LOCALE) + #else + #define PUBLIC_OPTIONS \ + (PCRE_CASELESS|PCRE_EXTENDED|PCRE_ANCHORED|PCRE_MULTILINE| \ +- PCRE_DOTALL|PCRE_DOLLAR_ENDONLY|PCRE_EXTRA|PCRE_UNGREEDY) ++ PCRE_DOTALL|PCRE_DOLLAR_ENDONLY|PCRE_EXTRA|PCRE_UNGREEDY| \ ++ PCRE_NO_AUTO_CAPTURE) + #endif + #define PUBLIC_EXEC_OPTIONS \ + (PCRE_CASELESS|PCRE_ANCHORED|PCRE_MULTILINE|PCRE_NOTBOL|PCRE_NOTEOL| \ diff --git a/lang/python21/patches/patch-bf b/lang/python21/patches/patch-bf new file mode 100644 index 00000000000..e063fe88001 --- /dev/null +++ b/lang/python21/patches/patch-bf @@ -0,0 +1,73 @@ +$NetBSD: patch-bf,v 1.1.2.2 2005/11/05 15:47:36 salo Exp $ + +--- Modules/pypcre.c.orig 2000-08-02 14:41:18.000000000 +0100 ++++ Modules/pypcre.c +@@ -1162,14 +1162,31 @@ read_repeat_counts(const uschar *p, int + int min = 0; + int max = -1; + ++/* Read the minimum value and do a paranoid check: a negative value indicates ++an integer overflow. */ ++ + while ((pcre_ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0'; + ++if (min < 0 || min > 65535) ++ { ++ *errorptr = ERR5; ++ return p; ++ } ++ ++/* Read the maximum value if there is one, and again do a paranoid on its size ++. Also, max must not be less than min. */ ++ + if (*p == '}') max = min; else + { + if (*(++p) != '}') + { + max = 0; + while((pcre_ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0'; ++ if (max < 0 || max > 65535) ++ { ++ *errorptr = ERR5; ++ return p; ++ } + if (max < min) + { + *errorptr = ERR4; +@@ -2266,6 +2283,7 @@ int c, size; + int bracount = 0; + int brastack[200]; + int top_backref = 0; ++BOOL capturing; + unsigned int brastackptr = 0; + uschar *code; + const uschar *ptr; +@@ -2445,7 +2463,8 @@ while ((c = *(++ptr)) != 0) + /* Brackets may be genuine groups or special things */ + + case '(': +- ++ capturing = FALSE; ++ + /* Handle special forms of bracket, which all start (? */ + + if (ptr[1] == '?') switch (c = ptr[2]) +@@ -2541,11 +2560,16 @@ while ((c = *(++ptr)) != 0) + } + continue; /* End of this bracket handling */ + } ++ ++ /* Ordinary parentheses, not followed by '?', are capturing unless ++ PCRE_NO_AUTO_CAPTURE is set. */ + ++ else capturing = (options & PCRE_NO_AUTO_CAPTURE) == 0; ++ + /* Extracting brackets must be counted so we can process escapes in a + Perlish way. */ +- +- else bracount++; ++ ++ if (capturing) bracount++; + + /* Non-special forms of bracket. Save length for computing whole length + at end if there's a repeat that requires duplication of the group. */ -- cgit v1.2.3