From d195b34c83b6710541aa0885e844115af5911f87 Mon Sep 17 00:00:00 2001 From: recht Date: Sat, 1 Oct 2005 19:59:39 +0000 Subject: Add a patch for CAN-2005-2491 (buffer overflow vulnerability in the PCRE library) from ubuntu Linux (via gentoo). For details see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491 --- lang/python22-pth/Makefile | 6 ++-- lang/python22/Makefile | 4 +-- lang/python22/distinfo | 5 ++- lang/python22/patches/patch-ea | 12 ++++++++ lang/python22/patches/patch-eb | 19 ++++++++++++ lang/python22/patches/patch-ec | 69 ++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 109 insertions(+), 6 deletions(-) create mode 100644 lang/python22/patches/patch-ea create mode 100644 lang/python22/patches/patch-eb create mode 100644 lang/python22/patches/patch-ec (limited to 'lang') diff --git a/lang/python22-pth/Makefile b/lang/python22-pth/Makefile index a7f9ba0ed1f..eb7d456e3b6 100644 --- a/lang/python22-pth/Makefile +++ b/lang/python22-pth/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.16 2005/04/11 21:46:15 tv Exp $ +# $NetBSD: Makefile,v 1.17 2005/10/01 19:59:39 recht Exp $ # DISTNAME= Python-2.2.3 PKGNAME= python22-pth-2.2.3 -PKGREVISION= 3 +PKGREVISION= 6 CATEGORIES= lang python MASTER_SITES= # empty DISTFILES= # empty @@ -12,7 +12,7 @@ MAINTAINER= tech-pkg@NetBSD.org HOMEPAGE= http://www.python.org/ COMMENT= Interpreted, interactive, object-oriented programming language -DEPENDS+= python22>=2.2.3:../../lang/python22 +DEPENDS+= python22>=2.2.3nb6:../../lang/python22 EXTRACT_ONLY= # empty NO_CHECKSUM= yes diff --git a/lang/python22/Makefile b/lang/python22/Makefile index 2d763acc1af..63fc8a7db8e 100644 --- a/lang/python22/Makefile +++ b/lang/python22/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.27 2005/04/11 21:46:15 tv Exp $ +# $NetBSD: Makefile,v 1.28 2005/10/01 19:59:39 recht Exp $ # DISTNAME= Python-2.2.3 PKGNAME= python22-2.2.3 -PKGREVISION= 5 +PKGREVISION= 6 CATEGORIES= lang python MASTER_SITES= ftp://ftp.python.org/pub/python/2.2.3/ EXTRACT_SUFX= .tgz diff --git a/lang/python22/distinfo b/lang/python22/distinfo index 72d1d0289c4..10ca5c533a4 100644 --- a/lang/python22/distinfo +++ b/lang/python22/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.16 2005/07/29 13:27:26 drochner Exp $ +$NetBSD: distinfo,v 1.17 2005/10/01 19:59:39 recht Exp $ SHA1 (Python-2.2.3.tgz) = 177d587e77e0eaa14131ab0d0d0b470777de4400 RMD160 (Python-2.2.3.tgz) = 3590f813582d65194b467f4ab450e360e35eb40e @@ -12,3 +12,6 @@ SHA1 (patch-al) = e114392656703cfda734d3a9ae0072a9fbcc8123 SHA1 (patch-an) = 8e5b93bc65bb6d271e8e111949f715f7234f4371 SHA1 (patch-bb) = f1c1ae2b8f654132a991a3ced9467cea45f0bef9 SHA1 (patch-bc) = 9fbe77ff35519a290ef1f70fcaa72a60009a36a1 +SHA1 (patch-ea) = babfed4a0e5ae599441423a06622d4820ab237b1 +SHA1 (patch-eb) = b72694d414b55d11e324cc76d6ed03b7c8e7630c +SHA1 (patch-ec) = 3744382c5c58814129548f0529e3a5605c7ee0c8 diff --git a/lang/python22/patches/patch-ea b/lang/python22/patches/patch-ea new file mode 100644 index 00000000000..eec2419bb5f --- /dev/null +++ b/lang/python22/patches/patch-ea @@ -0,0 +1,12 @@ +$NetBSD: patch-ea,v 1.1 2005/10/01 19:59:39 recht Exp $ + +--- Modules/pcre.h.orig 2000-06-28 22:56:30.000000000 +0200 ++++ Modules/pcre.h 2005-10-01 21:13:56.000000000 +0200 +@@ -40,6 +40,7 @@ + #ifdef FOR_PYTHON + #define PCRE_LOCALE 0x0200 + #endif ++#define PCRE_NO_AUTO_CAPTURE 0x1000 + + /* Exec-time error codes */ + diff --git a/lang/python22/patches/patch-eb b/lang/python22/patches/patch-eb new file mode 100644 index 00000000000..4ff01123922 --- /dev/null +++ b/lang/python22/patches/patch-eb @@ -0,0 +1,19 @@ +$NetBSD: patch-eb,v 1.1 2005/10/01 19:59:39 recht Exp $ + +--- Modules/pcre-int.h.orig 1998-05-07 17:32:38.000000000 +0200 ++++ Modules/pcre-int.h 2005-10-01 21:13:56.000000000 +0200 +@@ -81,11 +81,12 @@ + #define PUBLIC_OPTIONS \ + (PCRE_CASELESS|PCRE_EXTENDED|PCRE_ANCHORED|PCRE_MULTILINE| \ + PCRE_DOTALL|PCRE_DOLLAR_ENDONLY|PCRE_EXTRA|PCRE_UNGREEDY| \ +- PCRE_LOCALE) ++ PCRE_NO_AUTO_CAPTURE|PCRE_LOCALE) + #else + #define PUBLIC_OPTIONS \ + (PCRE_CASELESS|PCRE_EXTENDED|PCRE_ANCHORED|PCRE_MULTILINE| \ +- PCRE_DOTALL|PCRE_DOLLAR_ENDONLY|PCRE_EXTRA|PCRE_UNGREEDY) ++ PCRE_DOTALL|PCRE_DOLLAR_ENDONLY|PCRE_EXTRA|PCRE_UNGREEDY| \ ++ PCRE_NO_AUTO_CAPTURE) + #endif + #define PUBLIC_EXEC_OPTIONS \ + (PCRE_CASELESS|PCRE_ANCHORED|PCRE_MULTILINE|PCRE_NOTBOL|PCRE_NOTEOL| \ diff --git a/lang/python22/patches/patch-ec b/lang/python22/patches/patch-ec new file mode 100644 index 00000000000..462b02f8e13 --- /dev/null +++ b/lang/python22/patches/patch-ec @@ -0,0 +1,69 @@ +$NetBSD: patch-ec,v 1.1 2005/10/01 19:59:39 recht Exp $ + +--- Modules/pypcre.c.orig 2002-03-16 18:58:21.000000000 +0100 ++++ Modules/pypcre.c 2005-10-01 21:38:57.000000000 +0200 +@@ -1162,14 +1162,31 @@ + int min = 0; + int max = -1; + ++/* Read the minimum value and do a paranoid check: a negative value indicates ++an integer overflow. */ ++ + while ((pcre_ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0'; + ++if (min < 0 || min > 65535) ++ { ++ *errorptr = ERR5; ++ return p; ++ } ++ ++/* Read the maximum value if there is one, and again do a paranoid on its size ++. Also, max must not be less than min. */ ++ + if (*p == '}') max = min; else + { + if (*(++p) != '}') + { + max = 0; + while((pcre_ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0'; ++ if (max < 0 || max > 65535) ++ { ++ *errorptr = ERR5; ++ return p; ++ } + if (max < min) + { + *errorptr = ERR4; +@@ -2266,6 +2283,7 @@ + int bracount = 0; + int brastack[200]; + int top_backref = 0; ++BOOL capturing; + unsigned int brastackptr = 0; + uschar *code; + const uschar *ptr; +@@ -2445,6 +2463,7 @@ + /* Brackets may be genuine groups or special things */ + + case '(': ++ capturing = FALSE; + + /* Handle special forms of bracket, which all start (? */ + +@@ -2542,10 +2561,15 @@ + continue; /* End of this bracket handling */ + } + ++ /* Ordinary parentheses, not followed by '?', are capturing unless ++ PCRE_NO_AUTO_CAPTURE is set. */ ++ ++ else capturing = (options & PCRE_NO_AUTO_CAPTURE) == 0; ++ + /* Extracting brackets must be counted so we can process escapes in a + Perlish way. */ + +- else bracount++; ++ if (capturing) bracount++; + + /* Non-special forms of bracket. Save length for computing whole length + at end if there's a repeat that requires duplication of the group. */ -- cgit v1.2.3