Pullup ticket 3279 - requested by tron
security fixes

Revisions pulled up:
- pkgsrc/lang/python26/Makefile		1.31
- pkgsrc/lang/python26/distinfo		1.29

Files added:
pkgsrc/lang/python26/patches/patch-ba
pkgsrc/lang/python26/patches/patch-bb
pkgsrc/lang/python26/patches/patch-bc

-------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   tez
   Date:           Wed Nov 17 18:44:07 UTC 2010

   Modified Files:
           pkgsrc/lang/python26: Makefile distinfo

   Log Message:
   Add fix for SA41968 (CVE-2010-3493) from the 2.7 branch repo
   http://svn.python.org/view/python/branches/release27-maint/Lib/smtpd.py?r1=86084&r2=82503&view=patch

   To generate a diff of this commit:
   cvs rdiff -u -r1.29 -r1.30 pkgsrc/lang/python26/Makefile
   cvs rdiff -u -r1.27 -r1.28 pkgsrc/lang/python26/distinfo

-------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   tron
   Date:           Tue Nov 23 08:24:05 UTC 2010

   Modified Files:
           pkgsrc/lang/python26: Makefile distinfo
   Added Files:
           pkgsrc/lang/python26/patches: patch-ba patch-bb patch-bc

   Log Message:
   Add fix for CVE-2010-3492 and update the fix for CVE-2010-3493. Both
   fixes taken from the Python 2.7 branch in the Python SVN repository.

   To generate a diff of this commit:
   cvs rdiff -u -r1.30 -r1.31 pkgsrc/lang/python26/Makefile
   cvs rdiff -u -r1.28 -r1.29 pkgsrc/lang/python26/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/lang/python26/patches/patch-ba \
       pkgsrc/lang/python26/patches/patch-bb \
       pkgsrc/lang/python26/patches/patch-bc


(spz)

$NetBSD: patch-ba,v 1.1.2.2 2010/11/23 21:50:06 spz Exp $

Fix for CVE-2010-3492, taken from the Python SVN repository:

http://svn.python.org/view?view=rev&revision=86084

--- Doc/library/asyncore.rst.orig	2010-05-19 15:14:45.000000000 +0100
+++ Doc/library/asyncore.rst	2010-11-22 18:11:58.000000000 +0000
@@ -211,10 +211,13 @@
    .. method:: accept()
 
       Accept a connection.  The socket must be bound to an address and listening
-      for connections.  The return value is a pair ``(conn, address)`` where
-      *conn* is a *new* socket object usable to send and receive data on the
-      connection, and *address* is the address bound to the socket on the other
-      end of the connection.
+      for connections.  The return value can be either ``None`` or a pair
+      ``(conn, address)`` where *conn* is a *new* socket object usable to send
+      and receive data on the connection, and *address* is the address bound to
+      the socket on the other end of the connection.
+      When ``None`` is returned it means the connection didn't take place, in
+      which case the server should just ignore this event and keep listening
+      for further incoming connections.
 
 
    .. method:: close()
@@ -224,6 +227,12 @@
       flushed).  Sockets are automatically closed when they are
       garbage-collected.
 
+.. class:: dispatcher_with_send()
+
+   A :class:`dispatcher` subclass which adds simple buffered output capability,
+   useful for simple clients. For more sophisticated usage use
+   :class:`asynchat.async_chat`.
+
 .. class:: file_dispatcher()
 
    A file_dispatcher takes a file descriptor or file object along with an
@@ -240,7 +249,7 @@
    socket for use by the :class:`file_dispatcher` class.  Availability: UNIX.
 
 
-.. _asyncore-example:
+.. _asyncore-example-1:
 
 asyncore Example basic HTTP client
 ----------------------------------
@@ -250,7 +259,7 @@
 
    import asyncore, socket
 
-   class http_client(asyncore.dispatcher):
+   class HTTPClient(asyncore.dispatcher):
 
        def __init__(self, host, path):
            asyncore.dispatcher.__init__(self)
@@ -274,6 +283,45 @@
            sent = self.send(self.buffer)
            self.buffer = self.buffer[sent:]
 
-   c = http_client('www.python.org', '/')
 
+   client = HTTPClient('www.python.org', '/')
    asyncore.loop()
+
+.. _asyncore-example-2:
+
+asyncore Example basic echo server
+----------------------------------
+
+Here is abasic echo server that uses the :class:`dispatcher` class to accept
+connections and dispatches the incoming connections to a handler::
+
+    import asyncore
+    import socket
+
+    class EchoHandler(asyncore.dispatcher_with_send):
+
+        def handle_read(self):
+            data = self.recv(8192)
+            self.send(data)
+
+    class EchoServer(asyncore.dispatcher):
+
+        def __init__(self, host, port):
+            asyncore.dispatcher.__init__(self)
+            self.create_socket(socket.AF_INET, socket.SOCK_STREAM)
+            self.set_reuse_addr()
+            self.bind((host, port))
+            self.listen(5)
+
+        def handle_accept(self):
+            pair = self.accept()
+            if pair is None:
+                pass
+            else:
+                sock, addr = pair
+                print 'Incoming connection from %s' % repr(addr)
+                handler = EchoHandler(sock)
+
+    server = EchoServer('localhost', 8080)
+    asyncore.loop()
+

$NetBSD: patch-bb,v 1.1.2.2 2010/11/23 21:50:06 spz Exp $

Fix for CVE-2010-3492, taken from the Python SVN repository:

http://svn.python.org/view?view=rev&revision=86084

--- Lib/asyncore.py.orig	2010-08-13 02:30:39.000000000 +0100
+++ Lib/asyncore.py	2010-11-22 18:13:52.000000000 +0000
@@ -348,12 +348,15 @@
         # XXX can return either an address pair or None
         try:
             conn, addr = self.socket.accept()
-            return conn, addr
-        except socket.error, why:
-            if why.args[0] == EWOULDBLOCK:
-                pass
+        except TypeError:
+            return None
+        except socket.error as why:
+            if why.args[0] in (EWOULDBLOCK, ECONNABORTED):
+                return None
             else:
                 raise
+        else:
+            return conn, addr
 
     def send(self, data):
         try:

$NetBSD: patch-bc,v 1.1.2.2 2010/11/23 21:50:06 spz Exp $

Fix for CVE-2010-3492 and CVE-2010-3493, taken from the Python SVN repository:

http://svn.python.org/view?view=rev&revision=86084

--- Lib/smtpd2.6.py.orig	2010-11-22 18:18:59.000000000 +0000
+++ Lib/smtpd2.6.py	2010-11-22 18:19:03.000000000 +0000
@@ -35,7 +35,6 @@
 and if remoteport is not given, then 25 is used.
 """
 
-
 # Overview:
 #
 # This file implements the minimal SMTP protocol as defined in RFC 821.  It
@@ -96,7 +95,6 @@
 COMMASPACE = ', '
 
 
-
 def usage(code, msg=''):
     print >> sys.stderr, __doc__ % globals()
     if msg:
@@ -104,7 +102,6 @@
     sys.exit(code)
 
 
-
 class SMTPChannel(asynchat.async_chat):
     COMMAND = 0
     DATA = 1
@@ -276,7 +273,6 @@
         self.push('354 End data with <CR><LF>.<CR><LF>')
 
 
-
 class SMTPServer(asyncore.dispatcher):
     def __init__(self, localaddr, remoteaddr):
         self._localaddr = localaddr
@@ -331,7 +327,6 @@
         raise NotImplementedError
 
 
-
 class DebuggingServer(SMTPServer):
     # Do something with the gathered message
     def process_message(self, peer, mailfrom, rcpttos, data):
@@ -347,7 +342,6 @@
         print '------------ END MESSAGE ------------'
 
 
-
 class PureProxy(SMTPServer):
     def process_message(self, peer, mailfrom, rcpttos, data):
         lines = data.split('\n')
@@ -388,7 +382,6 @@
         return refused
 
 
-
 class MailmanProxy(PureProxy):
     def process_message(self, peer, mailfrom, rcpttos, data):
         from cStringIO import StringIO
@@ -467,13 +460,11 @@
                 msg.Enqueue(mlist, torequest=1)
 
 
-
 class Options:
     setuid = 1
     classname = 'PureProxy'
 
 
-
 def parseargs():
     global DEBUGSTREAM
     try:
@@ -530,7 +521,6 @@
     return options
 
 
-
 if __name__ == '__main__':
     options = parseargs()
     # Become nobody