Sun Dec 4 22:23:04 2011 UTC ()
Pullup ticket #3622 - requested by gls
www/py-clearsilver security fix
Revisions pulled up:
- www/clearsilver/distinfo 1.16
- www/clearsilver/patches/patch-python_neo__cgi.c 1.1
- www/py-clearsilver/Makefile 1.15
---
Module Name: pkgsrc
Committed By: gls
Date: Thu Dec 1 20:53:54 UTC 2011
Modified Files:
pkgsrc/www/py-clearsilver: Makefile
Log Message:
Add a fix for CVE 2011-4357, taken from
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649322
---
Module Name: pkgsrc
Committed By: gls
Date: Thu Dec 1 20:50:49 UTC 2011
Modified Files:
pkgsrc/www/clearsilver: distinfo
Added Files:
pkgsrc/www/clearsilver/patches: patch-python_neo__cgi.c
Log Message:
Add a fix for CVE 2011-4357, taken from
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649322
(sbd)
diff -r1.15 -r1.15.10.1 pkgsrc/www/clearsilver/distinfo
diff -r0 -r1.1.2.2 pkgsrc/www/clearsilver/patches/patch-python_neo__cgi.c
diff -r1.14 -r1.14.22.1 pkgsrc/www/py-clearsilver/Makefile
--- pkgsrc/www/clearsilver/distinfo 2010/09/13 03:05:24 1.15
+++ pkgsrc/www/clearsilver/distinfo 2011/12/04 22:23:04 1.15.10.1
| @@ -1,8 +1,9 @@ | | | @@ -1,8 +1,9 @@ |
| 1 | $NetBSD: distinfo,v 1.15 2010/09/13 03:05:24 taca Exp $ | | 1 | $NetBSD: distinfo,v 1.15.10.1 2011/12/04 22:23:04 sbd Exp $ |
| 2 | | | 2 | |
| 3 | SHA1 (clearsilver-0.10.5.tar.gz) = 138865dc91e27328fe29fcaaac1bc6558f19dd75 | | 3 | SHA1 (clearsilver-0.10.5.tar.gz) = 138865dc91e27328fe29fcaaac1bc6558f19dd75 |
| 4 | RMD160 (clearsilver-0.10.5.tar.gz) = bd5c616f326b544df8a74eec71a98a474b408249 | | 4 | RMD160 (clearsilver-0.10.5.tar.gz) = bd5c616f326b544df8a74eec71a98a474b408249 |
| 5 | Size (clearsilver-0.10.5.tar.gz) = 439190 bytes | | 5 | Size (clearsilver-0.10.5.tar.gz) = 439190 bytes |
| 6 | SHA1 (patch-aa) = cf8708c4bee271d39eca2b1833302fa13aee2b6d | | 6 | SHA1 (patch-aa) = cf8708c4bee271d39eca2b1833302fa13aee2b6d |
| 7 | SHA1 (patch-ae) = 58326210ecef3936579a19f3cbcb9b9374bc3541 | | 7 | SHA1 (patch-ae) = 58326210ecef3936579a19f3cbcb9b9374bc3541 |
| 8 | SHA1 (patch-af) = e88106bb0c57d632c348bc16ff673e0ef7487847 | | 8 | SHA1 (patch-af) = e88106bb0c57d632c348bc16ff673e0ef7487847 |
| | | 9 | SHA1 (patch-python_neo__cgi.c) = 0baf7f06bdf7c5686131b1b1abbd4fb0fef11c85 |
$NetBSD: patch-python_neo__cgi.c,v 1.1.2.2 2011/12/04 22:23:04 sbd Exp $
Fix for 2011-4357
Taken from: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649322
--- python/neo_cgi.c.orig 2007-07-12 03:07:43.000000000 +0000
+++ python/neo_cgi.c
@@ -178,7 +178,7 @@ static PyObject * p_cgi_error (PyObject
if (!PyArg_ParseTuple(args, "s:error(str)", &s))
return NULL;
- cgi_error (cgi, s);
+ cgi_error (cgi, "%s", s);
rv = Py_None;
Py_INCREF(rv);
return rv;
--- pkgsrc/www/py-clearsilver/Makefile 2009/03/05 18:51:33 1.14
+++ pkgsrc/www/py-clearsilver/Makefile 2011/12/04 22:23:04 1.14.22.1
| @@ -1,16 +1,17 @@ | | | @@ -1,16 +1,17 @@ |
| 1 | # $NetBSD: Makefile,v 1.14 2009/03/05 18:51:33 joerg Exp $ | | 1 | # $NetBSD: Makefile,v 1.14.22.1 2011/12/04 22:23:04 sbd Exp $ |
| 2 | | | 2 | |
| 3 | PKGNAME= ${PYPKGPREFIX}-${DISTNAME} | | 3 | PKGNAME= ${PYPKGPREFIX}-${DISTNAME} |
| | | 4 | PKGREVISION= 1 |
| 4 | | | 5 | |
| 5 | PKG_DESTDIR_SUPPORT= user-destdir | | 6 | PKG_DESTDIR_SUPPORT= user-destdir |
| 6 | | | 7 | |
| 7 | .include "../../www/clearsilver/Makefile.common" | | 8 | .include "../../www/clearsilver/Makefile.common" |
| 8 | | | 9 | |
| 9 | CONFIGURE_ARGS+= --enable-python | | 10 | CONFIGURE_ARGS+= --enable-python |
| 10 | CONFIGURE_ARGS+= --with-python=${PYTHONBIN:Q} | | 11 | CONFIGURE_ARGS+= --with-python=${PYTHONBIN:Q} |
| 11 | | | 12 | |
| 12 | MAKE_FLAGS+= PYTHON_SITE=${LOCALBASE}/${PYSITELIB} | | 13 | MAKE_FLAGS+= PYTHON_SITE=${LOCALBASE}/${PYSITELIB} |
| 13 | CFLAGS+= -fPIC | | 14 | CFLAGS+= -fPIC |
| 14 | | | 15 | |
| 15 | INSTALL_DIRS= ${WRKSRC}/python | | 16 | INSTALL_DIRS= ${WRKSRC}/python |
| 16 | | | 17 | |