Sat Mar 24 12:04:38 2012 UTC ()
Add a fix for the DoS vulnerability reported in CVE-2012-1150 taken
from the Python Mercurial repository.
(tron)
diff -r1.13 -r1.14 pkgsrc/lang/python27/Makefile
diff -r1.15 -r1.16 pkgsrc/lang/python27/distinfo
diff -r0 -r1.1 pkgsrc/lang/python27/patches/patch-CVE-2012-1150-Doc_library_sys.rst
diff -r0 -r1.1 pkgsrc/lang/python27/patches/patch-CVE-2012-1150-Doc_reference_datamodel.rst
diff -r0 -r1.1 pkgsrc/lang/python27/patches/patch-CVE-2012-1150-Doc_using_cmdline.rst
diff -r0 -r1.1 pkgsrc/lang/python27/patches/patch-CVE-2012-1150-Include_object.h
diff -r0 -r1.1 pkgsrc/lang/python27/patches/patch-CVE-2012-1150-Include_pydebug.h
diff -r0 -r1.1 pkgsrc/lang/python27/patches/patch-CVE-2012-1150-Include_pythonrun.h
diff -r0 -r1.1 pkgsrc/lang/python27/patches/patch-CVE-2012-1150-Lib_os.py
diff -r0 -r1.1 pkgsrc/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_cmd_line.py
diff -r0 -r1.1 pkgsrc/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_compiler.py
diff -r0 -r1.1 pkgsrc/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_hash.py
diff -r0 -r1.1 pkgsrc/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_os.py
diff -r0 -r1.1 pkgsrc/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_set.py
diff -r0 -r1.1 pkgsrc/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_support.py
diff -r0 -r1.1 pkgsrc/lang/python27/patches/patch-CVE-2012-1150-Lib_test_test_sys.py
diff -r0 -r1.1 pkgsrc/lang/python27/patches/patch-CVE-2012-1150-Misc_NEWS
diff -r0 -r1.1 pkgsrc/lang/python27/patches/patch-CVE-2012-1150-Misc_python.man
diff -r0 -r1.1 pkgsrc/lang/python27/patches/patch-CVE-2012-1150-Modules_main.c
diff -r0 -r1.1 pkgsrc/lang/python27/patches/patch-CVE-2012-1150-Modules_posixmodule.c
diff -r0 -r1.1 pkgsrc/lang/python27/patches/patch-CVE-2012-1150-Objects_bufferobject.c
diff -r0 -r1.1 pkgsrc/lang/python27/patches/patch-CVE-2012-1150-Objects_object.c
diff -r0 -r1.1 pkgsrc/lang/python27/patches/patch-CVE-2012-1150-Objects_stringobject.c
diff -r0 -r1.1 pkgsrc/lang/python27/patches/patch-CVE-2012-1150-Objects_unicodeobject.c
diff -r0 -r1.1 pkgsrc/lang/python27/patches/patch-CVE-2012-1150-PCbuild_pythoncore.vcproj
diff -r0 -r1.1 pkgsrc/lang/python27/patches/patch-CVE-2012-1150-Python_pythonrun.c
diff -r0 -r1.1 pkgsrc/lang/python27/patches/patch-CVE-2012-1150-Python_random.c
diff -r0 -r1.1 pkgsrc/lang/python27/patches/patch-CVE-2012-1150-Python_sysmodule.c
diff -r1.3 -r1.4 pkgsrc/lang/python27/patches/patch-au
--- pkgsrc/lang/python27/Makefile 2012/03/16 14:21:36 1.13
+++ pkgsrc/lang/python27/Makefile 2012/03/24 12:04:36 1.14
| @@ -1,19 +1,19 @@ | | | @@ -1,19 +1,19 @@ |
| 1 | # $NetBSD: Makefile,v 1.13 2012/03/16 14:21:36 abs Exp $ | | 1 | # $NetBSD: Makefile,v 1.14 2012/03/24 12:04:36 tron Exp $ |
| 2 | | | 2 | |
| 3 | .include "dist.mk" | | 3 | .include "dist.mk" |
| 4 | | | 4 | |
| 5 | PKGNAME= python27-${PY_DISTVERSION} | | 5 | PKGNAME= python27-${PY_DISTVERSION} |
| 6 | PKGREVISION= 2 | | 6 | PKGREVISION= 3 |
| 7 | CATEGORIES= lang python | | 7 | CATEGORIES= lang python |
| 8 | | | 8 | |
| 9 | MAINTAINER= pkgsrc-users@NetBSD.org | | 9 | MAINTAINER= pkgsrc-users@NetBSD.org |
| 10 | HOMEPAGE= http://www.python.org/ | | 10 | HOMEPAGE= http://www.python.org/ |
| 11 | COMMENT= Interpreted, interactive, object-oriented programming language | | 11 | COMMENT= Interpreted, interactive, object-oriented programming language |
| 12 | LICENSE= python-software-foundation | | 12 | LICENSE= python-software-foundation |
| 13 | | | 13 | |
| 14 | PKG_DESTDIR_SUPPORT= user-destdir | | 14 | PKG_DESTDIR_SUPPORT= user-destdir |
| 15 | | | 15 | |
| 16 | CONFLICTS+= python-[0-9]* | | 16 | CONFLICTS+= python-[0-9]* |
| 17 | | | 17 | |
| 18 | GNU_CONFIGURE= yes | | 18 | GNU_CONFIGURE= yes |
| 19 | CONFIGURE_ARGS+= --with-threads | | 19 | CONFIGURE_ARGS+= --with-threads |
--- pkgsrc/lang/python27/distinfo 2012/02/15 16:08:26 1.15
+++ pkgsrc/lang/python27/distinfo 2012/03/24 12:04:36 1.16
| @@ -1,24 +1,50 @@ | | | @@ -1,24 +1,50 @@ |
| 1 | $NetBSD: distinfo,v 1.15 2012/02/15 16:08:26 drochner Exp $ | | 1 | $NetBSD: distinfo,v 1.16 2012/03/24 12:04:36 tron Exp $ |
| 2 | | | 2 | |
| 3 | SHA1 (Python-2.7.2.tar.bz2) = 417bdeea77abfaf1b9257fc6b4a04aaa209f4547 | | 3 | SHA1 (Python-2.7.2.tar.bz2) = 417bdeea77abfaf1b9257fc6b4a04aaa209f4547 |
| 4 | RMD160 (Python-2.7.2.tar.bz2) = c3bf4f09b7c429a4d9f4cc251c795304cd5232c5 | | 4 | RMD160 (Python-2.7.2.tar.bz2) = c3bf4f09b7c429a4d9f4cc251c795304cd5232c5 |
| 5 | Size (Python-2.7.2.tar.bz2) = 11754834 bytes | | 5 | Size (Python-2.7.2.tar.bz2) = 11754834 bytes |
| 6 | SHA1 (patch-CVE-2012-0845) = 1c0a8d7224b6b5cb65b24d38ac0967f8f8fb2da9 | | 6 | SHA1 (patch-CVE-2012-0845) = 1c0a8d7224b6b5cb65b24d38ac0967f8f8fb2da9 |
| | | 7 | SHA1 (patch-CVE-2012-1150-Doc_library_sys.rst) = 8580d187abaed9dce948988e50749be7527ee0f8 |
| | | 8 | SHA1 (patch-CVE-2012-1150-Doc_reference_datamodel.rst) = f145207d4cc32643e78fcac9d204089406dc96fe |
| | | 9 | SHA1 (patch-CVE-2012-1150-Doc_using_cmdline.rst) = fadd6f4822219adccd2268fd1fd0bf2bc330c994 |
| | | 10 | SHA1 (patch-CVE-2012-1150-Include_object.h) = 18559b16c80e08b8df62bb5c06a34c92105e56d9 |
| | | 11 | SHA1 (patch-CVE-2012-1150-Include_pydebug.h) = f71040bfbf930384c1fd4f3258c89e86259e7a52 |
| | | 12 | SHA1 (patch-CVE-2012-1150-Include_pythonrun.h) = cd8b8dfd673a81b231f1a35074ec73aba3c999ce |
| | | 13 | SHA1 (patch-CVE-2012-1150-Lib_os.py) = b7217bb7c7a3aeb974e65754f4314e76d65e0e12 |
| | | 14 | SHA1 (patch-CVE-2012-1150-Lib_test_test_cmd_line.py) = e55f48b43a4d41d05e2aa2b40f1a4f43d0d99eb9 |
| | | 15 | SHA1 (patch-CVE-2012-1150-Lib_test_test_compiler.py) = 27186659371dacee553a2fc9065db639f3336425 |
| | | 16 | SHA1 (patch-CVE-2012-1150-Lib_test_test_hash.py) = 8107307dc1bd6516280c464e631cf811e0cd59b4 |
| | | 17 | SHA1 (patch-CVE-2012-1150-Lib_test_test_os.py) = c3724a7346e3fc8d3003bd26a0556668b0896f5c |
| | | 18 | SHA1 (patch-CVE-2012-1150-Lib_test_test_set.py) = a19cfff0a38411a19aadc4294b6f24deabaa4aab |
| | | 19 | SHA1 (patch-CVE-2012-1150-Lib_test_test_support.py) = f635d3135f9a3e3387f6a2e6e00b054969f78d3c |
| | | 20 | SHA1 (patch-CVE-2012-1150-Lib_test_test_sys.py) = 887f1f50b5e6102e334a73a451211addb9d4263a |
| | | 21 | SHA1 (patch-CVE-2012-1150-Misc_NEWS) = 807b7bb73542861262890ea0a57dd13e193042ab |
| | | 22 | SHA1 (patch-CVE-2012-1150-Misc_python.man) = d89d9258a4dad8de5a22e8625df03d6da34ea92c |
| | | 23 | SHA1 (patch-CVE-2012-1150-Modules_main.c) = b79a20d671062039ba580921cfa1f06634cca135 |
| | | 24 | SHA1 (patch-CVE-2012-1150-Modules_posixmodule.c) = 1a252303f6adc29150e0a109f78ceb1a54bbc28d |
| | | 25 | SHA1 (patch-CVE-2012-1150-Objects_bufferobject.c) = 383878c6b8767b3cce7a9b83890f8f79d1deac94 |
| | | 26 | SHA1 (patch-CVE-2012-1150-Objects_object.c) = bd134011028c0c73d95007878ad16499a3125a98 |
| | | 27 | SHA1 (patch-CVE-2012-1150-Objects_stringobject.c) = 6efc29891d04fd0112d88ce2898ef2bdd5f47718 |
| | | 28 | SHA1 (patch-CVE-2012-1150-Objects_unicodeobject.c) = 499b80ed541b49dfb3fbf49c2a18b30f89703f2c |
| | | 29 | SHA1 (patch-CVE-2012-1150-PCbuild_pythoncore.vcproj) = 17277d7d82a10cd32c9cb35510a8c76f620536ed |
| | | 30 | SHA1 (patch-CVE-2012-1150-Python_pythonrun.c) = 8ae9796a18145d3d6261aad1390ede9ab4c6d6c9 |
| | | 31 | SHA1 (patch-CVE-2012-1150-Python_random.c) = 71c4bcc6e781240ad91b1679c9790e77b770eeb9 |
| | | 32 | SHA1 (patch-CVE-2012-1150-Python_sysmodule.c) = cb14822430f9dcbaf34c10b211065cb9f244d963 |
| 7 | SHA1 (patch-Mac_Modules_fm___Fmmodule.c) = b9314bccb51b4fe672b81559068f7a79d2965f94 | | 33 | SHA1 (patch-Mac_Modules_fm___Fmmodule.c) = b9314bccb51b4fe672b81559068f7a79d2965f94 |
| 8 | SHA1 (patch-Mac_Modules_qd___Qdmodule.c) = 45c748b15b9436d45ba137460389638aa7108c8d | | 34 | SHA1 (patch-Mac_Modules_qd___Qdmodule.c) = 45c748b15b9436d45ba137460389638aa7108c8d |
| 9 | SHA1 (patch-Mac_Modules_qdoffs___Qdoffsmodule.c) = 9994f0c1a908f18f1f3df3f05b184f082c018365 | | 35 | SHA1 (patch-Mac_Modules_qdoffs___Qdoffsmodule.c) = 9994f0c1a908f18f1f3df3f05b184f082c018365 |
| 10 | SHA1 (patch-aa) = 990e4025bb6a37715e1f5df1831499f0ab08acfa | | 36 | SHA1 (patch-aa) = 990e4025bb6a37715e1f5df1831499f0ab08acfa |
| 11 | SHA1 (patch-ab) = 8c44f60d9ed0babb107bc4643b0437e2dd55d03a | | 37 | SHA1 (patch-ab) = 8c44f60d9ed0babb107bc4643b0437e2dd55d03a |
| 12 | SHA1 (patch-ad) = de730b9f5a5efb56afa8bed05824b5f6579242ec | | 38 | SHA1 (patch-ad) = de730b9f5a5efb56afa8bed05824b5f6579242ec |
| 13 | SHA1 (patch-ae) = ff6d8c6164fe3c6dc4fb33d88eb8a49d5c5442f6 | | 39 | SHA1 (patch-ae) = ff6d8c6164fe3c6dc4fb33d88eb8a49d5c5442f6 |
| 14 | SHA1 (patch-ah) = 8e9ee44c7a054f1387b6d8ef8dbe9c1b8dc8d891 | | 40 | SHA1 (patch-ah) = 8e9ee44c7a054f1387b6d8ef8dbe9c1b8dc8d891 |
| 15 | SHA1 (patch-al) = b97c2e73b9038e22f55ec226c2cbcc671466ad19 | | 41 | SHA1 (patch-al) = b97c2e73b9038e22f55ec226c2cbcc671466ad19 |
| 16 | SHA1 (patch-am) = f56a53eb9f4694913d317c09e162bdd413f8f38f | | 42 | SHA1 (patch-am) = f56a53eb9f4694913d317c09e162bdd413f8f38f |
| 17 | SHA1 (patch-an) = 6098fbf0fc31422196cc40d3a227934523db11ca | | 43 | SHA1 (patch-an) = 6098fbf0fc31422196cc40d3a227934523db11ca |
| 18 | SHA1 (patch-ao) = 9996a444fc0034c9f01fd18f4ad7bf714a8c8d04 | | 44 | SHA1 (patch-ao) = 9996a444fc0034c9f01fd18f4ad7bf714a8c8d04 |
| 19 | SHA1 (patch-au) = 18fce68df48e43c2927cc83e6b4b404b5e1103b7 | | 45 | SHA1 (patch-au) = 15b30cb5c77d2916538a390d9a08c0675ac01970 |
| 20 | SHA1 (patch-av) = a14eaf4d5db6fc3b79ed896fbfcc34ca98051af2 | | 46 | SHA1 (patch-av) = a14eaf4d5db6fc3b79ed896fbfcc34ca98051af2 |
| 21 | SHA1 (patch-aw) = 15652e241f371a22c7300f46771825ea74514fa0 | | 47 | SHA1 (patch-aw) = 15652e241f371a22c7300f46771825ea74514fa0 |
| 22 | SHA1 (patch-ax) = bdb8e6555f36b1603c553e03a2d6d772e50c623b | | 48 | SHA1 (patch-ax) = bdb8e6555f36b1603c553e03a2d6d772e50c623b |
| 23 | SHA1 (patch-az) = 473419352f6e1ff3c6e6268e81457e6f8a1fccb8 | | 49 | SHA1 (patch-az) = 473419352f6e1ff3c6e6268e81457e6f8a1fccb8 |
| 24 | SHA1 (patch-pyconfig.h.in) = 7ebc0ed9ca9a37c5a6c8e04cc3f7fca4a5c90e8c | | 50 | SHA1 (patch-pyconfig.h.in) = 7ebc0ed9ca9a37c5a6c8e04cc3f7fca4a5c90e8c |
$NetBSD: patch-CVE-2012-1150-Doc_library_sys.rst,v 1.1 2012/03/24 12:04:37 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/a0f43f4481e0
--- Doc/library/sys.rst.orig 2011-06-11 16:46:23.000000000 +0100
+++ Doc/library/sys.rst 2012-03-24 11:02:25.000000000 +0000
@@ -287,6 +287,7 @@
:const:`verbose` :option:`-v`
:const:`unicode` :option:`-U`
:const:`bytes_warning` :option:`-b`
+ :const:`hash_randomization` :option:`-R`
============================= ===================================
.. versionadded:: 2.6
$NetBSD: patch-CVE-2012-1150-Doc_reference_datamodel.rst,v 1.1 2012/03/24 12:04:37 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/a0f43f4481e0
--- Doc/reference/datamodel.rst.orig 2011-06-11 16:46:23.000000000 +0100
+++ Doc/reference/datamodel.rst 2012-03-24 11:02:25.000000000 +0000
@@ -1282,6 +1282,8 @@
modules are still available at the time when the :meth:`__del__` method is
called.
+ See also the :option:`-R` command-line option.
+
.. method:: object.__repr__(self)
$NetBSD: patch-CVE-2012-1150-Doc_using_cmdline.rst,v 1.1 2012/03/24 12:04:37 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/a0f43f4481e0
--- Doc/using/cmdline.rst.orig 2011-06-11 16:46:23.000000000 +0100
+++ Doc/using/cmdline.rst 2012-03-24 11:02:25.000000000 +0000
@@ -24,7 +24,7 @@
When invoking Python, you may specify any of these options::
- python [-BdEiOQsStuUvVWxX3?] [-c command | -m module-name | script | - ] [args]
+ python [-BdEiOQsRStuUvVWxX3?] [-c command | -m module-name | script | - ] [args]
The most common use case is, of course, a simple invocation of a script::
@@ -253,6 +253,29 @@
:pep:`238` -- Changing the division operator
+.. cmdoption:: -R
+
+ Turn on hash randomization, so that the :meth:`__hash__` values of str,
+ bytes and datetime objects are "salted" with an unpredictable random value.
+ Although they remain constant within an individual Python process, they are
+ not predictable between repeated invocations of Python.
+
+ This is intended to provide protection against a denial-of-service caused by
+ carefully-chosen inputs that exploit the worst case performance of a dict
+ insertion, O(n^2) complexity. See
+ http://www.ocert.org/advisories/ocert-2011-003.html for details.
+
+ Changing hash values affects the order in which keys are retrieved from a
+ dict. Although Python has never made guarantees about this ordering (and it
+ typically varies between 32-bit and 64-bit builds), enough real-world code
+ implicitly relies on this non-guaranteed behavior that the randomization is
+ disabled by default.
+
+ See also :envvar:`PYTHONHASHSEED`.
+
+ .. versionadded:: 2.6.8
+
+
.. cmdoption:: -s
Don't add user site directory to sys.path
@@ -521,6 +544,27 @@
.. versionadded:: 2.6
+.. envvar:: PYTHONHASHSEED
+
+ If this variable is set to ``random``, the effect is the same as specifying
+ the :option:`-R` option: a random value is used to seed the hashes of str,
+ bytes and datetime objects.
+
+ If :envvar:`PYTHONHASHSEED` is set to an integer value, it is used as a
+ fixed seed for generating the hash() of the types covered by the hash
+ randomization.
+
+ Its purpose is to allow repeatable hashing, such as for selftests for the
+ interpreter itself, or to allow a cluster of python processes to share hash
+ values.
+
+ The integer must be a decimal number in the range [0,4294967295].
+ Specifying the value 0 will lead to the same hash values as when hash
+ randomization is disabled.
+
+ .. versionadded:: 2.6.8
+
+
.. envvar:: PYTHONIOENCODING
Overrides the encoding used for stdin/stdout/stderr, in the syntax
$NetBSD: patch-CVE-2012-1150-Include_object.h,v 1.1 2012/03/24 12:04:37 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/a0f43f4481e0
--- Include/object.h.orig 2011-06-11 16:46:23.000000000 +0100
+++ Include/object.h 2012-03-24 11:02:25.000000000 +0000
@@ -517,6 +517,12 @@
PyAPI_FUNC(long) _Py_HashDouble(double);
PyAPI_FUNC(long) _Py_HashPointer(void*);
+typedef struct {
+ long prefix;
+ long suffix;
+} _Py_HashSecret_t;
+PyAPI_DATA(_Py_HashSecret_t) _Py_HashSecret;
+
/* Helper for passing objects to printf and the like */
#define PyObject_REPR(obj) PyString_AS_STRING(PyObject_Repr(obj))
$NetBSD: patch-CVE-2012-1150-Include_pydebug.h,v 1.1 2012/03/24 12:04:37 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/a0f43f4481e0
--- Include/pydebug.h.orig 2011-06-11 16:46:23.000000000 +0100
+++ Include/pydebug.h 2012-03-24 11:02:25.000000000 +0000
@@ -26,6 +26,7 @@
PyAPI_DATA(int) _Py_QnewFlag;
/* Warn about 3.x issues */
PyAPI_DATA(int) Py_Py3kWarningFlag;
+PyAPI_DATA(int) Py_HashRandomizationFlag;
/* this is a wrapper around getenv() that pays attention to
Py_IgnoreEnvironmentFlag. It should be used for getting variables like
$NetBSD: patch-CVE-2012-1150-Include_pythonrun.h,v 1.1 2012/03/24 12:04:37 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/a0f43f4481e0
--- Include/pythonrun.h.orig 2011-06-11 16:46:23.000000000 +0100
+++ Include/pythonrun.h 2012-03-24 11:02:25.000000000 +0000
@@ -171,6 +171,8 @@
PyAPI_FUNC(PyOS_sighandler_t) PyOS_getsig(int);
PyAPI_FUNC(PyOS_sighandler_t) PyOS_setsig(int, PyOS_sighandler_t);
+/* Random */
+PyAPI_FUNC(int) _PyOS_URandom (void *buffer, Py_ssize_t size);
#ifdef __cplusplus
}
$NetBSD: patch-CVE-2012-1150-Lib_os.py,v 1.1 2012/03/24 12:04:37 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/a0f43f4481e0
--- Lib/os.py.orig 2011-06-11 16:46:24.000000000 +0100
+++ Lib/os.py 2012-03-24 11:02:25.000000000 +0000
@@ -738,22 +738,3 @@
_make_statvfs_result)
except NameError: # statvfs_result may not exist
pass
-
-if not _exists("urandom"):
- def urandom(n):
- """urandom(n) -> str
-
- Return a string of n random bytes suitable for cryptographic use.
-
- """
- try:
- _urandomfd = open("/dev/urandom", O_RDONLY)
- except (OSError, IOError):
- raise NotImplementedError("/dev/urandom (or equivalent) not found")
- try:
- bs = b""
- while n > len(bs):
- bs += read(_urandomfd, n - len(bs))
- finally:
- close(_urandomfd)
- return bs
$NetBSD: patch-CVE-2012-1150-Lib_test_test_cmd_line.py,v 1.1 2012/03/24 12:04:37 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/a0f43f4481e0
--- Lib/test/test_cmd_line.py.orig 2011-06-11 16:46:25.000000000 +0100
+++ Lib/test/test_cmd_line.py 2012-03-24 11:02:25.000000000 +0000
@@ -86,6 +86,20 @@
self.exit_code('-c', 'pass'),
0)
+ def test_hash_randomization(self):
+ # Verify that -R enables hash randomization:
+ self.verify_valid_flag('-R')
+ hashes = []
+ for i in range(2):
+ code = 'print(hash("spam"))'
+ data = self.start_python('-R', '-c', code)
+ hashes.append(data)
+ self.assertNotEqual(hashes[0], hashes[1])
+
+ # Verify that sys.flags contains hash_randomization
+ code = 'import sys; print sys.flags'
+ data = self.start_python('-R', '-c', code)
+ self.assertTrue('hash_randomization=1' in data)
def test_main():
test.test_support.run_unittest(CmdLineTest)
$NetBSD: patch-CVE-2012-1150-Lib_test_test_compiler.py,v 1.1 2012/03/24 12:04:37 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/e3fb353b3fd4
--- Lib/test/test_compiler.py.orig 2011-06-11 16:46:25.000000000 +0100
+++ Lib/test/test_compiler.py 2012-03-24 11:48:09.000000000 +0000
@@ -28,8 +28,8 @@
libdir = os.path.dirname(os.__file__)
testdir = os.path.dirname(test.test_support.__file__)
- for dir in [libdir, testdir]:
- for basename in os.listdir(dir):
+ for dir in [testdir]:
+ for basename in "test_os.py",:
# Print still working message since this test can be really slow
if next_time <= time.time():
next_time = time.time() + _PRINT_WORKING_MSG_INTERVAL
$NetBSD: patch-CVE-2012-1150-Lib_test_test_hash.py,v 1.1 2012/03/24 12:04:37 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/a0f43f4481e0
--- Lib/test/test_hash.py.orig 2011-06-11 16:46:25.000000000 +0100
+++ Lib/test/test_hash.py 2012-03-24 11:02:25.000000000 +0000
@@ -3,10 +3,18 @@
#
# Also test that hash implementations are inherited as expected
+import os
+import sys
+import struct
+import datetime
import unittest
+import subprocess
+
from test import test_support
from collections import Hashable
+IS_64BIT = (struct.calcsize('l') == 8)
+
class HashEqualityTestCase(unittest.TestCase):
@@ -134,10 +142,100 @@
for obj in self.hashes_to_check:
self.assertEqual(hash(obj), _default_hash(obj))
+class HashRandomizationTests(unittest.TestCase):
+
+ # Each subclass should define a field "repr_", containing the repr() of
+ # an object to be tested
+
+ def get_hash_command(self, repr_):
+ return 'print(hash(%s))' % repr_
+
+ def get_hash(self, repr_, seed=None):
+ env = os.environ.copy()
+ if seed is not None:
+ env['PYTHONHASHSEED'] = str(seed)
+ else:
+ env.pop('PYTHONHASHSEED', None)
+ cmd_line = [sys.executable, '-c', self.get_hash_command(repr_)]
+ p = subprocess.Popen(cmd_line, stdin=subprocess.PIPE,
+ stdout=subprocess.PIPE, stderr=subprocess.STDOUT,
+ env=env)
+ out, err = p.communicate()
+ out = test_support.strip_python_stderr(out)
+ return int(out.strip())
+
+ def test_randomized_hash(self):
+ # two runs should return different hashes
+ run1 = self.get_hash(self.repr_, seed='random')
+ run2 = self.get_hash(self.repr_, seed='random')
+ self.assertNotEqual(run1, run2)
+
+class StringlikeHashRandomizationTests(HashRandomizationTests):
+ def test_null_hash(self):
+ # PYTHONHASHSEED=0 disables the randomized hash
+ if IS_64BIT:
+ known_hash_of_obj = 1453079729188098211
+ else:
+ known_hash_of_obj = -1600925533
+
+ # Randomization is disabled by default:
+ self.assertEqual(self.get_hash(self.repr_), known_hash_of_obj)
+
+ # It can also be disabled by setting the seed to 0:
+ self.assertEqual(self.get_hash(self.repr_, seed=0), known_hash_of_obj)
+
+ def test_fixed_hash(self):
+ # test a fixed seed for the randomized hash
+ # Note that all types share the same values:
+ if IS_64BIT:
+ h = -4410911502303878509
+ else:
+ h = -206076799
+ self.assertEqual(self.get_hash(self.repr_, seed=42), h)
+
+class StrHashRandomizationTests(StringlikeHashRandomizationTests):
+ repr_ = repr('abc')
+
+ def test_empty_string(self):
+ self.assertEqual(hash(""), 0)
+
+class UnicodeHashRandomizationTests(StringlikeHashRandomizationTests):
+ repr_ = repr(u'abc')
+
+ def test_empty_string(self):
+ self.assertEqual(hash(u""), 0)
+
+class BufferHashRandomizationTests(StringlikeHashRandomizationTests):
+ repr_ = 'buffer("abc")'
+
+ def test_empty_string(self):
+ self.assertEqual(hash(buffer("")), 0)
+
+class DatetimeTests(HashRandomizationTests):
+ def get_hash_command(self, repr_):
+ return 'import datetime; print(hash(%s))' % repr_
+
+class DatetimeDateTests(DatetimeTests):
+ repr_ = repr(datetime.date(1066, 10, 14))
+
+class DatetimeDatetimeTests(DatetimeTests):
+ repr_ = repr(datetime.datetime(1, 2, 3, 4, 5, 6, 7))
+
+class DatetimeTimeTests(DatetimeTests):
+ repr_ = repr(datetime.time(0))
+
+
def test_main():
test_support.run_unittest(HashEqualityTestCase,
HashInheritanceTestCase,
- HashBuiltinsTestCase)
+ HashBuiltinsTestCase,
+ StrHashRandomizationTests,
+ UnicodeHashRandomizationTests,
+ BufferHashRandomizationTests,
+ DatetimeDateTests,
+ DatetimeDatetimeTests,
+ DatetimeTimeTests)
+
if __name__ == "__main__":
$NetBSD: patch-CVE-2012-1150-Lib_test_test_os.py,v 1.1 2012/03/24 12:04:37 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/a0f43f4481e0
http://hg.python.org/cpython/rev/e3fb353b3fd4
--- Lib/test/test_os.py.orig 2011-06-11 16:46:25.000000000 +0100
+++ Lib/test/test_os.py 2012-03-24 11:48:51.000000000 +0000
@@ -10,6 +10,7 @@
import signal
import subprocess
import time
+
from test import test_support
import mmap
import uuid
@@ -512,18 +513,37 @@
f.close()
class URandomTests (unittest.TestCase):
- def test_urandom(self):
- try:
- self.assertEqual(len(os.urandom(1)), 1)
- self.assertEqual(len(os.urandom(10)), 10)
- self.assertEqual(len(os.urandom(100)), 100)
- self.assertEqual(len(os.urandom(1000)), 1000)
- # see http://bugs.python.org/issue3708
- self.assertRaises(TypeError, os.urandom, 0.9)
- self.assertRaises(TypeError, os.urandom, 1.1)
- self.assertRaises(TypeError, os.urandom, 2.0)
- except NotImplementedError:
- pass
+
+ def test_urandom_length(self):
+ self.assertEqual(len(os.urandom(0)), 0)
+ self.assertEqual(len(os.urandom(1)), 1)
+ self.assertEqual(len(os.urandom(10)), 10)
+ self.assertEqual(len(os.urandom(100)), 100)
+ self.assertEqual(len(os.urandom(1000)), 1000)
+
+ def test_urandom_value(self):
+ data1 = os.urandom(16)
+ data2 = os.urandom(16)
+ self.assertNotEqual(data1, data2)
+
+ def get_urandom_subprocess(self, count):
+ code = '\n'.join((
+ 'import os, sys',
+ 'data = os.urandom(%s)' % count,
+ 'sys.stdout.write(data)',
+ 'sys.stdout.flush()'))
+ cmd_line = [sys.executable, '-c', code]
+ p = subprocess.Popen(cmd_line, stdin=subprocess.PIPE,
+ stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+ out, err = p.communicate()
+ out = test_support.strip_python_stderr(out)
+ self.assertEqual(len(out), count)
+ return out
+
+ def test_urandom_subprocess(self):
+ data1 = self.get_urandom_subprocess(16)
+ data2 = self.get_urandom_subprocess(16)
+ self.assertNotEqual(data1, data2)
def test_execvpe_with_bad_arglist(self):
self.assertRaises(ValueError, os.execvpe, 'notepad', [], None)
$NetBSD: patch-CVE-2012-1150-Lib_test_test_set.py,v 1.1 2012/03/24 12:04:37 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/a0f43f4481e0
--- Lib/test/test_set.py.orig 2011-06-11 16:46:25.000000000 +0100
+++ Lib/test/test_set.py 2012-03-24 11:02:25.000000000 +0000
@@ -687,6 +687,17 @@
if self.repr is not None:
self.assertEqual(repr(self.set), self.repr)
+ def check_repr_against_values(self):
+ text = repr(self.set)
+ self.assertTrue(text.startswith('{'))
+ self.assertTrue(text.endswith('}'))
+
+ result = text[1:-1].split(', ')
+ result.sort()
+ sorted_repr_values = [repr(value) for value in self.values]
+ sorted_repr_values.sort()
+ self.assertEqual(result, sorted_repr_values)
+
def test_print(self):
fo = open(test_support.TESTFN, "wb")
try:
@@ -836,6 +847,46 @@
self.length = 3
self.repr = None
+#------------------------------------------------------------------------------
+
+class TestBasicOpsString(TestBasicOps):
+ def setUp(self):
+ self.case = "string set"
+ self.values = ["a", "b", "c"]
+ self.set = set(self.values)
+ self.dup = set(self.values)
+ self.length = 3
+
+ def test_repr(self):
+ self.check_repr_against_values()
+
+#------------------------------------------------------------------------------
+
+class TestBasicOpsUnicode(TestBasicOps):
+ def setUp(self):
+ self.case = "unicode set"
+ self.values = [u"a", u"b", u"c"]
+ self.set = set(self.values)
+ self.dup = set(self.values)
+ self.length = 3
+
+ def test_repr(self):
+ self.check_repr_against_values()
+
+#------------------------------------------------------------------------------
+
+class TestBasicOpsMixedStringUnicode(TestBasicOps):
+ def setUp(self):
+ self.case = "string and bytes set"
+ self.values = ["a", "b", u"a", u"b"]
+ self.set = set(self.values)
+ self.dup = set(self.values)
+ self.length = 4
+
+ def test_repr(self):
+ with test_support.check_warnings():
+ self.check_repr_against_values()
+
#==============================================================================
def baditer():
$NetBSD: patch-CVE-2012-1150-Lib_test_test_support.py,v 1.1 2012/03/24 12:04:37 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/a0f43f4481e0
--- Lib/test/test_support.py.orig 2011-06-11 16:46:26.000000000 +0100
+++ Lib/test/test_support.py 2012-03-24 11:02:25.000000000 +0000
@@ -36,8 +36,8 @@
"BasicTestRunner", "run_unittest", "run_doctest", "threading_setup",
"threading_cleanup", "reap_children", "cpython_only",
"check_impl_detail", "get_attribute", "py3k_bytes",
- "import_fresh_module"]
-
+ "import_fresh_module", "threading_cleanup", "reap_children",
+ "strip_python_stderr"]
class Error(Exception):
"""Base class for regression test exceptions."""
$NetBSD: patch-CVE-2012-1150-Lib_test_test_sys.py,v 1.1 2012/03/24 12:04:37 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/a0f43f4481e0
--- Lib/test/test_sys.py.orig 2011-06-11 16:46:26.000000000 +0100
+++ Lib/test/test_sys.py 2012-03-24 11:02:25.000000000 +0000
@@ -426,7 +426,7 @@
attrs = ("debug", "py3k_warning", "division_warning", "division_new",
"inspect", "interactive", "optimize", "dont_write_bytecode",
"no_site", "ignore_environment", "tabcheck", "verbose",
- "unicode", "bytes_warning")
+ "unicode", "bytes_warning", "hash_randomization")
for attr in attrs:
self.assertTrue(hasattr(sys.flags, attr), attr)
self.assertEqual(type(getattr(sys.flags, attr)), int, attr)
$NetBSD: patch-CVE-2012-1150-Misc_NEWS,v 1.1 2012/03/24 12:04:37 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/a0f43f4481e0
--- Misc/NEWS.orig 2011-06-11 16:46:26.000000000 +0100
+++ Misc/NEWS 2012-03-24 11:03:47.000000000 +0000
@@ -12,6 +12,11 @@
- Issue #12009: Fixed regression in netrc file comment handling.
+- Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED
+ environment variable, to provide an opt-in way to protect against denial of
+ service attacks due to hash collisions within the dict and set types. Patch
+ by David Malcolm, based on work by Victor Stinner.
+
Extension Modules
-----------------
$NetBSD: patch-CVE-2012-1150-Misc_python.man,v 1.1 2012/03/24 12:04:37 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/a0f43f4481e0
--- Misc/python.man.orig 2011-06-11 16:46:26.000000000 +0100
+++ Misc/python.man 2012-03-24 11:02:25.000000000 +0000
@@ -34,6 +34,9 @@
.B \-OO
]
[
+.B \-R
+]
+[
.B -Q
.I argument
]
@@ -151,6 +154,18 @@
.B \-OO
Discard docstrings in addition to the \fB-O\fP optimizations.
.TP
+.B \-R
+Turn on "hash randomization", so that the hash() values of str, bytes and
+datetime objects are "salted" with an unpredictable pseudo-random value.
+Although they remain constant within an individual Python process, they are
+not predictable between repeated invocations of Python.
+.IP
+This is intended to provide protection against a denial of service
+caused by carefully-chosen inputs that exploit the worst case performance
+of a dict insertion, O(n^2) complexity. See
+http://www.ocert.org/advisories/ocert-2011-003.html
+for details.
+.TP
.BI "\-Q " argument
Division control; see PEP 238. The argument must be one of "old" (the
default, int/int and long/long return an int or long), "new" (new
@@ -423,6 +438,20 @@
.IP PYTHONWARNINGS
If this is set to a comma-separated string it is equivalent to
specifying the \fB\-W\fP option for each separate value.
+.IP PYTHONHASHSEED
+If this variable is set to "random", the effect is the same as specifying
+the \fB-R\fP option: a random value is used to seed the hashes of str,
+bytes and datetime objects.
+
+If PYTHONHASHSEED is set to an integer value, it is used as a fixed seed for
+generating the hash() of the types covered by the hash randomization. Its
+purpose is to allow repeatable hashing, such as for selftests for the
+interpreter itself, or to allow a cluster of python processes to share hash
+values.
+
+The integer must be a decimal number in the range [0,4294967295]. Specifying
+the value 0 will lead to the same hash values as when hash randomization is
+disabled.
.SH AUTHOR
The Python Software Foundation: http://www.python.org/psf
.SH INTERNET RESOURCES
$NetBSD: patch-CVE-2012-1150-Modules_main.c,v 1.1 2012/03/24 12:04:37 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/a0f43f4481e0
--- Modules/main.c.orig 2011-06-11 16:46:27.000000000 +0100
+++ Modules/main.c 2012-03-24 11:02:25.000000000 +0000
@@ -40,7 +40,7 @@
static int orig_argc;
/* command line options */
-#define BASE_OPTS "3bBc:dEhiJm:OQ:sStuUvVW:xX?"
+#define BASE_OPTS "3bBc:dEhiJm:OQ:RsStuUvVW:xX?"
#ifndef RISCOS
#define PROGRAM_OPTS BASE_OPTS
@@ -71,6 +71,9 @@
-m mod : run library module as a script (terminates option list)\n\
-O : optimize generated bytecode slightly; also PYTHONOPTIMIZE=x\n\
-OO : remove doc-strings in addition to the -O optimizations\n\
+-R : use a pseudo-random salt to make hash() values of various types be\n\
+ unpredictable between separate invocations of the interpreter, as\n\
+ a defense against denial-of-service attacks\n\
-Q arg : division options: -Qold (default), -Qwarn, -Qwarnall, -Qnew\n\
-s : don't add user site directory to sys.path; also PYTHONNOUSERSITE\n\
-S : don't imply 'import site' on initialization\n\
@@ -102,6 +105,12 @@
PYTHONCASEOK : ignore case in 'import' statements (Windows).\n\
PYTHONIOENCODING: Encoding[:errors] used for stdin/stdout/stderr.\n\
";
+static char *usage_6 = "\
+PYTHONHASHSEED: if this variable is set to ``random``, the effect is the same \n\
+ as specifying the :option:`-R` option: a random value is used to seed the\n\
+ hashes of str, bytes and datetime objects. It can also be set to an integer\n\
+ in the range [0,4294967295] to get hash values with a predictable seed.\n\
+";
static int
@@ -118,6 +127,7 @@
fputs(usage_3, f);
fprintf(f, usage_4, DELIM);
fprintf(f, usage_5, DELIM, PYTHONHOMEHELP);
+ fputs(usage_6, f);
}
#if defined(__VMS)
if (exitcode == 0) {
@@ -389,6 +399,10 @@
PySys_AddWarnOption(_PyOS_optarg);
break;
+ case 'R':
+ Py_HashRandomizationFlag++;
+ break;
+
/* This space reserved for other options */
default:
$NetBSD: patch-CVE-2012-1150-Modules_posixmodule.c,v 1.1 2012/03/24 12:04:37 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/a0f43f4481e0
--- Modules/posixmodule.c.orig 2011-06-11 16:46:27.000000000 +0100
+++ Modules/posixmodule.c 2012-03-24 11:02:25.000000000 +0000
@@ -8476,117 +8476,35 @@
}
#endif
-#ifdef MS_WINDOWS
-
-PyDoc_STRVAR(win32_urandom__doc__,
+PyDoc_STRVAR(posix_urandom__doc__,
"urandom(n) -> str\n\n\
-Return a string of n random bytes suitable for cryptographic use.");
-
-typedef BOOL (WINAPI *CRYPTACQUIRECONTEXTA)(HCRYPTPROV *phProv,\
- LPCSTR pszContainer, LPCSTR pszProvider, DWORD dwProvType,\
- DWORD dwFlags );
-typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV hProv, DWORD dwLen,\
- BYTE *pbBuffer );
-
-static CRYPTGENRANDOM pCryptGenRandom = NULL;
-/* This handle is never explicitly released. Instead, the operating
- system will release it when the process terminates. */
-static HCRYPTPROV hCryptProv = 0;
+Return n random bytes suitable for cryptographic use.");
-static PyObject*
-win32_urandom(PyObject *self, PyObject *args)
+static PyObject *
+posix_urandom(PyObject *self, PyObject *args)
{
- int howMany;
- PyObject* result;
+ Py_ssize_t size;
+ PyObject *result;
+ int ret;
- /* Read arguments */
- if (! PyArg_ParseTuple(args, "i:urandom", &howMany))
+ /* Read arguments */
+ if (!PyArg_ParseTuple(args, "n:urandom", &size))
return NULL;
- if (howMany < 0)
+ if (size < 0)
return PyErr_Format(PyExc_ValueError,
"negative argument not allowed");
-
- if (hCryptProv == 0) {
- HINSTANCE hAdvAPI32 = NULL;
- CRYPTACQUIRECONTEXTA pCryptAcquireContext = NULL;
-
- /* Obtain handle to the DLL containing CryptoAPI
- This should not fail */
- hAdvAPI32 = GetModuleHandle("advapi32.dll");
- if(hAdvAPI32 == NULL)
- return win32_error("GetModuleHandle", NULL);
-
- /* Obtain pointers to the CryptoAPI functions
- This will fail on some early versions of Win95 */
- pCryptAcquireContext = (CRYPTACQUIRECONTEXTA)GetProcAddress(
- hAdvAPI32,
- "CryptAcquireContextA");
- if (pCryptAcquireContext == NULL)
- return PyErr_Format(PyExc_NotImplementedError,
- "CryptAcquireContextA not found");
-
- pCryptGenRandom = (CRYPTGENRANDOM)GetProcAddress(
- hAdvAPI32, "CryptGenRandom");
- if (pCryptGenRandom == NULL)
- return PyErr_Format(PyExc_NotImplementedError,
- "CryptGenRandom not found");
-
- /* Acquire context */
- if (! pCryptAcquireContext(&hCryptProv, NULL, NULL,
- PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))
- return win32_error("CryptAcquireContext", NULL);
- }
-
- /* Allocate bytes */
- result = PyString_FromStringAndSize(NULL, howMany);
- if (result != NULL) {
- /* Get random data */
- memset(PyString_AS_STRING(result), 0, howMany); /* zero seed */
- if (! pCryptGenRandom(hCryptProv, howMany, (unsigned char*)
- PyString_AS_STRING(result))) {
- Py_DECREF(result);
- return win32_error("CryptGenRandom", NULL);
- }
- }
- return result;
-}
-#endif
-
-#ifdef __VMS
-/* Use openssl random routine */
-#include <openssl/rand.h>
-PyDoc_STRVAR(vms_urandom__doc__,
-"urandom(n) -> str\n\n\
-Return a string of n random bytes suitable for cryptographic use.");
-
-static PyObject*
-vms_urandom(PyObject *self, PyObject *args)
-{
- int howMany;
- PyObject* result;
-
- /* Read arguments */
- if (! PyArg_ParseTuple(args, "i:urandom", &howMany))
+ result = PyBytes_FromStringAndSize(NULL, size);
+ if (result == NULL)
return NULL;
- if (howMany < 0)
- return PyErr_Format(PyExc_ValueError,
- "negative argument not allowed");
- /* Allocate bytes */
- result = PyString_FromStringAndSize(NULL, howMany);
- if (result != NULL) {
- /* Get random data */
- if (RAND_pseudo_bytes((unsigned char*)
- PyString_AS_STRING(result),
- howMany) < 0) {
- Py_DECREF(result);
- return PyErr_Format(PyExc_ValueError,
- "RAND_pseudo_bytes");
- }
+ ret = _PyOS_URandom(PyBytes_AS_STRING(result),
+ PyBytes_GET_SIZE(result));
+ if (ret == -1) {
+ Py_DECREF(result);
+ return NULL;
}
return result;
}
-#endif
#ifdef HAVE_SETRESUID
PyDoc_STRVAR(posix_setresuid__doc__,
@@ -8972,12 +8890,6 @@
#ifdef HAVE_GETLOADAVG
{"getloadavg", posix_getloadavg, METH_NOARGS, posix_getloadavg__doc__},
#endif
- #ifdef MS_WINDOWS
- {"urandom", win32_urandom, METH_VARARGS, win32_urandom__doc__},
- #endif
- #ifdef __VMS
- {"urandom", vms_urandom, METH_VARARGS, vms_urandom__doc__},
- #endif
#ifdef HAVE_SETRESUID
{"setresuid", posix_setresuid, METH_VARARGS, posix_setresuid__doc__},
#endif
@@ -8990,7 +8902,7 @@
#ifdef HAVE_GETRESGID
{"getresgid", posix_getresgid, METH_NOARGS, posix_getresgid__doc__},
#endif
-
+ {"urandom", posix_urandom, METH_VARARGS, posix_urandom__doc__},
{NULL, NULL} /* Sentinel */
};
$NetBSD: patch-CVE-2012-1150-Objects_bufferobject.c,v 1.1 2012/03/24 12:04:37 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/a0f43f4481e0
--- Objects/bufferobject.c.orig 2011-06-11 16:46:27.000000000 +0100
+++ Objects/bufferobject.c 2012-03-24 11:02:25.000000000 +0000
@@ -334,10 +334,20 @@
return -1;
p = (unsigned char *) ptr;
len = size;
- x = *p << 7;
+ /*
+ We make the hash of the empty buffer be 0, rather than using
+ (prefix ^ suffix), since this slightly obfuscates the hash secret
+ */
+ if (len == 0) {
+ self->b_hash = 0;
+ return 0;
+ }
+ x = _Py_HashSecret.prefix;
+ x ^= *p << 7;
while (--len >= 0)
x = (1000003*x) ^ *p++;
x ^= size;
+ x ^= _Py_HashSecret.suffix;
if (x == -1)
x = -2;
self->b_hash = x;
$NetBSD: patch-CVE-2012-1150-Objects_object.c,v 1.1 2012/03/24 12:04:37 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/a0f43f4481e0
--- Objects/object.c.orig 2011-06-11 16:46:27.000000000 +0100
+++ Objects/object.c 2012-03-24 11:02:25.000000000 +0000
@@ -1094,6 +1094,8 @@
return -1;
}
+_Py_HashSecret_t _Py_HashSecret;
+
long
PyObject_Hash(PyObject *v)
{
$NetBSD: patch-CVE-2012-1150-Objects_stringobject.c,v 1.1 2012/03/24 12:04:37 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/a0f43f4481e0
--- Objects/stringobject.c.orig 2011-06-11 16:46:27.000000000 +0100
+++ Objects/stringobject.c 2012-03-24 11:02:25.000000000 +0000
@@ -1265,11 +1265,21 @@
if (a->ob_shash != -1)
return a->ob_shash;
len = Py_SIZE(a);
+ /*
+ We make the hash of the empty string be 0, rather than using
+ (prefix ^ suffix), since this slightly obfuscates the hash secret
+ */
+ if (len == 0) {
+ a->ob_shash = 0;
+ return 0;
+ }
p = (unsigned char *) a->ob_sval;
- x = *p << 7;
+ x = _Py_HashSecret.prefix;
+ x ^= *p << 7;
while (--len >= 0)
x = (1000003*x) ^ *p++;
x ^= Py_SIZE(a);
+ x ^= _Py_HashSecret.suffix;
if (x == -1)
x = -2;
a->ob_shash = x;
$NetBSD: patch-CVE-2012-1150-Objects_unicodeobject.c,v 1.1 2012/03/24 12:04:37 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/a0f43f4481e0
--- Objects/unicodeobject.c.orig 2011-06-11 16:46:27.000000000 +0100
+++ Objects/unicodeobject.c 2012-03-24 11:02:25.000000000 +0000
@@ -6546,11 +6546,21 @@
if (self->hash != -1)
return self->hash;
len = PyUnicode_GET_SIZE(self);
+ /*
+ We make the hash of the empty string be 0, rather than using
+ (prefix ^ suffix), since this slightly obfuscates the hash secret
+ */
+ if (len == 0) {
+ self->hash = 0;
+ return 0;
+ }
p = PyUnicode_AS_UNICODE(self);
- x = *p << 7;
+ x = _Py_HashSecret.prefix;
+ x ^= *p << 7;
while (--len >= 0)
x = (1000003*x) ^ *p++;
x ^= PyUnicode_GET_SIZE(self);
+ x ^= _Py_HashSecret.suffix;
if (x == -1)
x = -2;
self->hash = x;
$NetBSD: patch-CVE-2012-1150-PCbuild_pythoncore.vcproj,v 1.1 2012/03/24 12:04:37 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/a0f43f4481e0
--- PCbuild/pythoncore.vcproj.orig 2011-06-11 16:46:27.000000000 +0100
+++ PCbuild/pythoncore.vcproj 2012-03-24 11:02:25.000000000 +0000
@@ -1,3 +1,4 @@
+<<<<<<< local
<?xml version="1.0" encoding="Windows-1252"?>
<VisualStudioProject
ProjectType="Visual C++"
@@ -1871,3 +1872,1826 @@
<Globals>
</Globals>
</VisualStudioProject>
+=======
+<?xml version="1.0" encoding="Windows-1252"?>
+<VisualStudioProject
+ ProjectType="Visual C++"
+ Version="9,00"
+ Name="pythoncore"
+ ProjectGUID="{CF7AC3D1-E2DF-41D2-BEA6-1E2556CDEA26}"
+ RootNamespace="pythoncore"
+ TargetFrameworkVersion="131072"
+ >
+ <Platforms>
+ <Platform
+ Name="Win32"
+ />
+ <Platform
+ Name="x64"
+ />
+ </Platforms>
+ <ToolFiles>
+ </ToolFiles>
+ <Configurations>
+ <Configuration
+ Name="Release|Win32"
+ ConfigurationType="2"
+ InheritedPropertySheets=".\pyproject.vsprops;.\release.vsprops"
+ UseOfMFC="0"
+ ATLMinimizesCRunTimeLibraryUsage="false"
+ >
+ <Tool
+ Name="VCPreBuildEventTool"
+ />
+ <Tool
+ Name="VCCustomBuildTool"
+ />
+ <Tool
+ Name="VCXMLDataGeneratorTool"
+ />
+ <Tool
+ Name="VCWebServiceProxyGeneratorTool"
+ />
+ <Tool
+ Name="VCMIDLTool"
+ />
+ <Tool
+ Name="VCCLCompilerTool"
+ AdditionalOptions="/Zm200 "
+ AdditionalIncludeDirectories="..\Python;..\Modules\zlib"
+ PreprocessorDefinitions="_USRDLL;Py_BUILD_CORE;Py_ENABLE_SHARED;WIN32"
+ RuntimeLibrary="2"
+ />
+ <Tool
+ Name="VCManagedResourceCompilerTool"
+ />
+ <Tool
+ Name="VCResourceCompilerTool"
+ PreprocessorDefinitions="NDEBUG"
+ Culture="1033"
+ AdditionalIncludeDirectories="..\Include"
+ />
+ <Tool
+ Name="VCPreLinkEventTool"
+ Description="Generate build information..."
+ CommandLine=""$(SolutionDir)make_buildinfo.exe" Release"
+ />
+ <Tool
+ Name="VCLinkerTool"
+ AdditionalDependencies="getbuildinfo.o"
+ OutputFile="$(OutDir)\$(PyDllName).dll"
+ IgnoreDefaultLibraryNames="libc"
+ ProgramDatabaseFile="$(OutDir)$(PyDllName).pdb"
+ BaseAddress="0x1e000000"
+ ImportLibrary="$(OutDir)$(PyDllName).lib"
+ />
+ <Tool
+ Name="VCALinkTool"
+ />
+ <Tool
+ Name="VCManifestTool"
+ />
+ <Tool
+ Name="VCXDCMakeTool"
+ />
+ <Tool
+ Name="VCBscMakeTool"
+ />
+ <Tool
+ Name="VCFxCopTool"
+ />
+ <Tool
+ Name="VCAppVerifierTool"
+ />
+ <Tool
+ Name="VCPostBuildEventTool"
+ />
+ </Configuration>
+ <Configuration
+ Name="Release|x64"
+ ConfigurationType="2"
+ InheritedPropertySheets=".\pyproject.vsprops;.\x64.vsprops;.\release.vsprops"
+ UseOfMFC="0"
+ ATLMinimizesCRunTimeLibraryUsage="false"
+ >
+ <Tool
+ Name="VCPreBuildEventTool"
+ />
+ <Tool
+ Name="VCCustomBuildTool"
+ />
+ <Tool
+ Name="VCXMLDataGeneratorTool"
+ />
+ <Tool
+ Name="VCWebServiceProxyGeneratorTool"
+ />
+ <Tool
+ Name="VCMIDLTool"
+ TargetEnvironment="3"
+ />
+ <Tool
+ Name="VCCLCompilerTool"
+ AdditionalOptions="/Zm200 "
+ AdditionalIncludeDirectories="..\Python;..\Modules\zlib"
+ PreprocessorDefinitions="_USRDLL;Py_BUILD_CORE;Py_ENABLE_SHARED;WIN32"
+ RuntimeLibrary="2"
+ />
+ <Tool
+ Name="VCManagedResourceCompilerTool"
+ />
+ <Tool
+ Name="VCResourceCompilerTool"
+ PreprocessorDefinitions="NDEBUG"
+ Culture="1033"
+ AdditionalIncludeDirectories="..\Include"
+ />
+ <Tool
+ Name="VCPreLinkEventTool"
+ Description="Generate build information..."
+ CommandLine=""$(SolutionDir)make_buildinfo.exe" Release"
+ />
+ <Tool
+ Name="VCLinkerTool"
+ AdditionalDependencies="getbuildinfo.o"
+ OutputFile="$(OutDir)\$(PyDllName).dll"
+ IgnoreDefaultLibraryNames="libc"
+ ProgramDatabaseFile="$(OutDir)$(PyDllName).pdb"
+ BaseAddress="0x1e000000"
+ ImportLibrary="$(OutDir)$(PyDllName).lib"
+ />
+ <Tool
+ Name="VCALinkTool"
+ />
+ <Tool
+ Name="VCManifestTool"
+ />
+ <Tool
+ Name="VCXDCMakeTool"
+ />
+ <Tool
+ Name="VCBscMakeTool"
+ />
+ <Tool
+ Name="VCFxCopTool"
+ />
+ <Tool
+ Name="VCAppVerifierTool"
+ />
+ <Tool
+ Name="VCPostBuildEventTool"
+ />
+ </Configuration>
+ <Configuration
+ Name="Debug|Win32"
+ ConfigurationType="2"
+ InheritedPropertySheets=".\pyproject.vsprops;.\debug.vsprops"
+ UseOfMFC="0"
+ ATLMinimizesCRunTimeLibraryUsage="false"
+ CharacterSet="0"
+ >
+ <Tool
+ Name="VCPreBuildEventTool"
+ />
+ <Tool
+ Name="VCCustomBuildTool"
+ />
+ <Tool
+ Name="VCXMLDataGeneratorTool"
+ />
+ <Tool
+ Name="VCWebServiceProxyGeneratorTool"
+ />
+ <Tool
+ Name="VCMIDLTool"
+ />
+ <Tool
+ Name="VCCLCompilerTool"
+ AdditionalOptions="/Zm200 "
+ Optimization="0"
+ InlineFunctionExpansion="0"
+ EnableIntrinsicFunctions="false"
+ AdditionalIncludeDirectories="..\Python;..\Modules\zlib"
+ PreprocessorDefinitions="_USRDLL;Py_BUILD_CORE;Py_ENABLE_SHARED;WIN32"
+ RuntimeLibrary="3"
+ />
+ <Tool
+ Name="VCManagedResourceCompilerTool"
+ />
+ <Tool
+ Name="VCResourceCompilerTool"
+ PreprocessorDefinitions="_DEBUG"
+ Culture="1033"
+ AdditionalIncludeDirectories="..\Include"
+ />
+ <Tool
+ Name="VCPreLinkEventTool"
+ Description="Generate build information..."
+ CommandLine=""$(SolutionDir)make_buildinfo.exe" Debug"
+ />
+ <Tool
+ Name="VCLinkerTool"
+ AdditionalDependencies="getbuildinfo.o"
+ OutputFile="$(OutDir)\$(PyDllName)_d.dll"
+ IgnoreDefaultLibraryNames="libc"
+ ProgramDatabaseFile="$(OutDir)$(PyDllName)_d.pdb"
+ BaseAddress="0x1e000000"
+ ImportLibrary="$(OutDir)$(PyDllName)_d.lib"
+ />
+ <Tool
+ Name="VCALinkTool"
+ />
+ <Tool
+ Name="VCManifestTool"
+ />
+ <Tool
+ Name="VCXDCMakeTool"
+ />
+ <Tool
+ Name="VCBscMakeTool"
+ />
+ <Tool
+ Name="VCFxCopTool"
+ />
+ <Tool
+ Name="VCAppVerifierTool"
+ />
+ <Tool
+ Name="VCPostBuildEventTool"
+ />
+ </Configuration>
+ <Configuration
+ Name="Debug|x64"
+ ConfigurationType="2"
+ InheritedPropertySheets=".\pyproject.vsprops;.\x64.vsprops;.\debug.vsprops"
+ UseOfMFC="0"
+ ATLMinimizesCRunTimeLibraryUsage="false"
+ >
+ <Tool
+ Name="VCPreBuildEventTool"
+ />
+ <Tool
+ Name="VCCustomBuildTool"
+ />
+ <Tool
+ Name="VCXMLDataGeneratorTool"
+ />
+ <Tool
+ Name="VCWebServiceProxyGeneratorTool"
+ />
+ <Tool
+ Name="VCMIDLTool"
+ TargetEnvironment="3"
+ />
+ <Tool
+ Name="VCCLCompilerTool"
+ AdditionalOptions="/Zm200 "
+ Optimization="0"
+ InlineFunctionExpansion="0"
+ EnableIntrinsicFunctions="false"
+ AdditionalIncludeDirectories="..\Python;..\Modules\zlib"
+ PreprocessorDefinitions="_USRDLL;Py_BUILD_CORE;Py_ENABLE_SHARED;WIN32"
+ RuntimeLibrary="3"
+ />
+ <Tool
+ Name="VCManagedResourceCompilerTool"
+ />
+ <Tool
+ Name="VCResourceCompilerTool"
+ PreprocessorDefinitions="_DEBUG"
+ Culture="1033"
+ AdditionalIncludeDirectories="..\Include"
+ />
+ <Tool
+ Name="VCPreLinkEventTool"
+ Description="Generate build information..."
+ CommandLine=""$(SolutionDir)make_buildinfo.exe" Debug"
+ />
+ <Tool
+ Name="VCLinkerTool"
+ AdditionalDependencies="getbuildinfo.o"
+ OutputFile="$(OutDir)\$(PyDllName)_d.dll"
+ IgnoreDefaultLibraryNames="libc"
+ ProgramDatabaseFile="$(OutDir)$(PyDllName)_d.pdb"
+ BaseAddress="0x1e000000"
+ ImportLibrary="$(OutDir)$(PyDllName)_d.lib"
+ />
+ <Tool
+ Name="VCALinkTool"
+ />
+ <Tool
+ Name="VCManifestTool"
+ />
+ <Tool
+ Name="VCXDCMakeTool"
+ />
+ <Tool
+ Name="VCBscMakeTool"
+ />
+ <Tool
+ Name="VCFxCopTool"
+ />
+ <Tool
+ Name="VCAppVerifierTool"
+ />
+ <Tool
+ Name="VCPostBuildEventTool"
+ />
+ </Configuration>
+ <Configuration
+ Name="PGInstrument|Win32"
+ ConfigurationType="2"
+ InheritedPropertySheets=".\pyproject.vsprops;.\release.vsprops;.\pginstrument.vsprops"
+ UseOfMFC="0"
+ ATLMinimizesCRunTimeLibraryUsage="false"
+ >
+ <Tool
+ Name="VCPreBuildEventTool"
+ />
+ <Tool
+ Name="VCCustomBuildTool"
+ />
+ <Tool
+ Name="VCXMLDataGeneratorTool"
+ />
+ <Tool
+ Name="VCWebServiceProxyGeneratorTool"
+ />
+ <Tool
+ Name="VCMIDLTool"
+ />
+ <Tool
+ Name="VCCLCompilerTool"
+ AdditionalOptions="/Zm200 "
+ AdditionalIncludeDirectories="..\Python;..\Modules\zlib"
+ PreprocessorDefinitions="_USRDLL;Py_BUILD_CORE;Py_ENABLE_SHARED;WIN32"
+ RuntimeLibrary="2"
+ />
+ <Tool
+ Name="VCManagedResourceCompilerTool"
+ />
+ <Tool
+ Name="VCResourceCompilerTool"
+ PreprocessorDefinitions="NDEBUG"
+ Culture="1033"
+ AdditionalIncludeDirectories="..\Include"
+ />
+ <Tool
+ Name="VCPreLinkEventTool"
+ Description="Generate build information..."
+ CommandLine=""$(SolutionDir)make_buildinfo.exe" Release"
+ />
+ <Tool
+ Name="VCLinkerTool"
+ AdditionalDependencies="getbuildinfo.o"
+ OutputFile="$(OutDir)\$(PyDllName).dll"
+ IgnoreDefaultLibraryNames="libc"
+ ProgramDatabaseFile="$(OutDir)$(PyDllName).pdb"
+ BaseAddress="0x1e000000"
+ ImportLibrary="$(OutDirPGI)$(PyDllName).lib"
+ />
+ <Tool
+ Name="VCALinkTool"
+ />
+ <Tool
+ Name="VCManifestTool"
+ />
+ <Tool
+ Name="VCXDCMakeTool"
+ />
+ <Tool
+ Name="VCBscMakeTool"
+ />
+ <Tool
+ Name="VCFxCopTool"
+ />
+ <Tool
+ Name="VCAppVerifierTool"
+ />
+ <Tool
+ Name="VCPostBuildEventTool"
+ />
+ </Configuration>
+ <Configuration
+ Name="PGInstrument|x64"
+ ConfigurationType="2"
+ InheritedPropertySheets=".\pyproject.vsprops;.\x64.vsprops;.\release.vsprops;.\pginstrument.vsprops"
+ UseOfMFC="0"
+ ATLMinimizesCRunTimeLibraryUsage="false"
+ >
+ <Tool
+ Name="VCPreBuildEventTool"
+ />
+ <Tool
+ Name="VCCustomBuildTool"
+ />
+ <Tool
+ Name="VCXMLDataGeneratorTool"
+ />
+ <Tool
+ Name="VCWebServiceProxyGeneratorTool"
+ />
+ <Tool
+ Name="VCMIDLTool"
+ TargetEnvironment="3"
+ />
+ <Tool
+ Name="VCCLCompilerTool"
+ AdditionalOptions="/Zm200 "
+ AdditionalIncludeDirectories="..\Python;..\Modules\zlib"
+ PreprocessorDefinitions="_USRDLL;Py_BUILD_CORE;Py_ENABLE_SHARED;WIN32"
+ RuntimeLibrary="2"
+ />
+ <Tool
+ Name="VCManagedResourceCompilerTool"
+ />
+ <Tool
+ Name="VCResourceCompilerTool"
+ PreprocessorDefinitions="NDEBUG"
+ Culture="1033"
+ AdditionalIncludeDirectories="..\Include"
+ />
+ <Tool
+ Name="VCPreLinkEventTool"
+ Description="Generate build information..."
+ CommandLine=""$(SolutionDir)make_buildinfo.exe" Release"
+ />
+ <Tool
+ Name="VCLinkerTool"
+ AdditionalDependencies="getbuildinfo.o"
+ OutputFile="$(OutDir)\$(PyDllName).dll"
+ IgnoreDefaultLibraryNames="libc"
+ ProgramDatabaseFile="$(OutDir)$(PyDllName).pdb"
+ BaseAddress="0x1e000000"
+ ImportLibrary="$(OutDirPGI)$(PyDllName).lib"
+ TargetMachine="17"
+ />
+ <Tool
+ Name="VCALinkTool"
+ />
+ <Tool
+ Name="VCManifestTool"
+ />
+ <Tool
+ Name="VCXDCMakeTool"
+ />
+ <Tool
+ Name="VCBscMakeTool"
+ />
+ <Tool
+ Name="VCFxCopTool"
+ />
+ <Tool
+ Name="VCAppVerifierTool"
+ />
+ <Tool
+ Name="VCPostBuildEventTool"
+ />
+ </Configuration>
+ <Configuration
+ Name="PGUpdate|Win32"
+ ConfigurationType="2"
+ InheritedPropertySheets=".\pyproject.vsprops;.\release.vsprops;.\pgupdate.vsprops"
+ UseOfMFC="0"
+ ATLMinimizesCRunTimeLibraryUsage="false"
+ >
+ <Tool
+ Name="VCPreBuildEventTool"
+ />
+ <Tool
+ Name="VCCustomBuildTool"
+ />
+ <Tool
+ Name="VCXMLDataGeneratorTool"
+ />
+ <Tool
+ Name="VCWebServiceProxyGeneratorTool"
+ />
+ <Tool
+ Name="VCMIDLTool"
+ />
+ <Tool
+ Name="VCCLCompilerTool"
+ AdditionalOptions="/Zm200 "
+ AdditionalIncludeDirectories="..\Python;..\Modules\zlib"
+ PreprocessorDefinitions="_USRDLL;Py_BUILD_CORE;Py_ENABLE_SHARED;WIN32"
+ RuntimeLibrary="2"
+ />
+ <Tool
+ Name="VCManagedResourceCompilerTool"
+ />
+ <Tool
+ Name="VCResourceCompilerTool"
+ PreprocessorDefinitions="NDEBUG"
+ Culture="1033"
+ AdditionalIncludeDirectories="..\Include"
+ />
+ <Tool
+ Name="VCPreLinkEventTool"
+ Description="Generate build information..."
+ CommandLine=""$(SolutionDir)make_buildinfo.exe" Release"
+ />
+ <Tool
+ Name="VCLinkerTool"
+ AdditionalDependencies="getbuildinfo.o"
+ OutputFile="$(OutDir)\$(PyDllName).dll"
+ IgnoreDefaultLibraryNames="libc"
+ ProgramDatabaseFile="$(OutDir)$(PyDllName).pdb"
+ BaseAddress="0x1e000000"
+ ImportLibrary="$(OutDirPGI)$(PyDllName).lib"
+ />
+ <Tool
+ Name="VCALinkTool"
+ />
+ <Tool
+ Name="VCManifestTool"
+ />
+ <Tool
+ Name="VCXDCMakeTool"
+ />
+ <Tool
+ Name="VCBscMakeTool"
+ />
+ <Tool
+ Name="VCFxCopTool"
+ />
+ <Tool
+ Name="VCAppVerifierTool"
+ />
+ <Tool
+ Name="VCPostBuildEventTool"
+ />
+ </Configuration>
+ <Configuration
+ Name="PGUpdate|x64"
+ ConfigurationType="2"
+ InheritedPropertySheets=".\pyproject.vsprops;.\x64.vsprops;.\release.vsprops;.\pgupdate.vsprops"
+ UseOfMFC="0"
+ ATLMinimizesCRunTimeLibraryUsage="false"
+ >
+ <Tool
+ Name="VCPreBuildEventTool"
+ />
+ <Tool
+ Name="VCCustomBuildTool"
+ />
+ <Tool
+ Name="VCXMLDataGeneratorTool"
+ />
+ <Tool
+ Name="VCWebServiceProxyGeneratorTool"
+ />
+ <Tool
+ Name="VCMIDLTool"
+ TargetEnvironment="3"
+ />
+ <Tool
+ Name="VCCLCompilerTool"
+ AdditionalOptions="/Zm200 "
+ AdditionalIncludeDirectories="..\Python;..\Modules\zlib"
+ PreprocessorDefinitions="_USRDLL;Py_BUILD_CORE;Py_ENABLE_SHARED;WIN32"
+ RuntimeLibrary="2"
+ />
+ <Tool
+ Name="VCManagedResourceCompilerTool"
+ />
+ <Tool
+ Name="VCResourceCompilerTool"
+ PreprocessorDefinitions="NDEBUG"
+ Culture="1033"
+ AdditionalIncludeDirectories="..\Include"
+ />
+ <Tool
+ Name="VCPreLinkEventTool"
+ Description="Generate build information..."
+ CommandLine=""$(SolutionDir)make_buildinfo.exe" Release"
+ />
+ <Tool
+ Name="VCLinkerTool"
+ AdditionalDependencies="getbuildinfo.o"
+ OutputFile="$(OutDir)\$(PyDllName).dll"
+ IgnoreDefaultLibraryNames="libc"
+ ProgramDatabaseFile="$(OutDir)$(PyDllName).pdb"
+ BaseAddress="0x1e000000"
+ ImportLibrary="$(OutDirPGI)$(PyDllName).lib"
+ TargetMachine="17"
+ />
+ <Tool
+ Name="VCALinkTool"
+ />
+ <Tool
+ Name="VCManifestTool"
+ />
+ <Tool
+ Name="VCXDCMakeTool"
+ />
+ <Tool
+ Name="VCBscMakeTool"
+ />
+ <Tool
+ Name="VCFxCopTool"
+ />
+ <Tool
+ Name="VCAppVerifierTool"
+ />
+ <Tool
+ Name="VCPostBuildEventTool"
+ />
+ </Configuration>
+ </Configurations>
+ <References>
+ </References>
+ <Files>
+ <Filter
+ Name="Include"
+ >
+ <File
+ RelativePath="..\Include\abstract.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\asdl.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\ast.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\bitset.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\boolobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\bufferobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\bytes_methods.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\bytearrayobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\bytesobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\cellobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\ceval.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\classobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\cobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\code.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\codecs.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\compile.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\complexobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\cStringIO.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\datetime.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\descrobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\dictobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\enumobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\errcode.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\eval.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\fileobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\floatobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\frameobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\funcobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\genobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\graminit.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\grammar.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\import.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\intobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\intrcheck.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\iterobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\listobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\longintrepr.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\longobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\marshal.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\memoryobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\metagrammar.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\methodobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\modsupport.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\moduleobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\node.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\object.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\objimpl.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\opcode.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\osdefs.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\parsetok.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\patchlevel.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\pgen.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\pgenheaders.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\py_curses.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\pyarena.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\pydebug.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\pyerrors.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\pyexpat.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\pyfpe.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\pygetopt.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\pymactoolbox.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\pymath.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\pymem.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\pyport.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\pystate.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\pystrcmp.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\pystrtod.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\Python-ast.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\Python.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\pythonrun.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\pythread.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\rangeobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\setobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\sliceobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\stringobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\structmember.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\structseq.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\symtable.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\sysmodule.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\timefuncs.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\token.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\traceback.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\tupleobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\ucnhash.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\unicodeobject.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Include\weakrefobject.h"
+ >
+ </File>
+ </Filter>
+ <Filter
+ Name="Modules"
+ >
+ <File
+ RelativePath="..\Modules\_bisectmodule.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\_codecsmodule.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\_collectionsmodule.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\_csv.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\_fileio.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\_bytesio.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\_functoolsmodule.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\_heapqmodule.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\_hotshot.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\_json.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\_localemodule.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\_lsprof.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\_randommodule.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\_sre.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\_struct.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\_weakref.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\arraymodule.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\audioop.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\binascii.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\cmathmodule.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\cPickle.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\cStringIO.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\datetimemodule.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\errnomodule.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\future_builtins.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\gcmodule.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\imageop.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\itertoolsmodule.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\main.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\mathmodule.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\md5.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\md5.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\md5module.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\mmapmodule.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\operator.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\parsermodule.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\posixmodule.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\rotatingtree.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\rotatingtree.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\sha256module.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\sha512module.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\shamodule.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\signalmodule.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\stropmodule.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\symtablemodule.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\threadmodule.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\timemodule.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\xxsubtype.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\yuv.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\yuvconvert.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\zipimport.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\zlibmodule.c"
+ >
+ </File>
+ <Filter
+ Name="zlib"
+ >
+ <File
+ RelativePath="..\Modules\zlib\adler32.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\zlib\compress.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\zlib\crc32.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\zlib\crc32.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\zlib\deflate.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\zlib\deflate.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\zlib\gzio.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\zlib\infback.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\zlib\inffast.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\zlib\inffast.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\zlib\inffixed.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\zlib\inflate.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\zlib\inflate.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\zlib\inftrees.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\zlib\inftrees.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\zlib\trees.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\zlib\trees.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\zlib\uncompr.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\zlib\zconf.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\zlib\zconf.in.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\zlib\zlib.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\zlib\zutil.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\zlib\zutil.h"
+ >
+ </File>
+ </Filter>
+ <Filter
+ Name="cjkcodecs"
+ >
+ <File
+ RelativePath="..\Modules\cjkcodecs\_codecs_cn.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\cjkcodecs\_codecs_hk.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\cjkcodecs\_codecs_iso2022.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\cjkcodecs\_codecs_jp.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\cjkcodecs\_codecs_kr.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\cjkcodecs\_codecs_tw.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\cjkcodecs\alg_jisx0201.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\cjkcodecs\cjkcodecs.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\cjkcodecs\emu_jisx0213_2000.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\cjkcodecs\mappings_cn.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\cjkcodecs\mappings_hk.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\cjkcodecs\mappings_jisx0213_pair.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\cjkcodecs\mappings_jp.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\cjkcodecs\mappings_kr.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\cjkcodecs\mappings_tw.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\cjkcodecs\multibytecodec.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Modules\cjkcodecs\multibytecodec.h"
+ >
+ </File>
+ </Filter>
+ </Filter>
+ <Filter
+ Name="Objects"
+ >
+ <File
+ RelativePath="..\Objects\abstract.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\boolobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\bufferobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\bytes_methods.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\bytearrayobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\stringobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\cellobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\classobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\cobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\codeobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\complexobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\stringlib\count.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\descrobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\dictobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\enumobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\exceptions.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\stringlib\fastsearch.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\fileobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\stringlib\find.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\floatobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\frameobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\funcobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\genobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\intobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\iterobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\listobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\longobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\methodobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\moduleobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\object.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\obmalloc.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\stringlib\partition.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\rangeobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\setobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\sliceobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\structseq.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\tupleobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\typeobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\unicodectype.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\unicodeobject.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\unicodetype_db.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Objects\weakrefobject.c"
+ >
+ </File>
+ </Filter>
+ <Filter
+ Name="Parser"
+ >
+ <File
+ RelativePath="..\Parser\acceler.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Parser\bitset.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Parser\firstsets.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Parser\grammar.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Parser\grammar1.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Parser\listnode.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Parser\metagrammar.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Parser\myreadline.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Parser\node.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Parser\parser.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Parser\parser.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Parser\parsetok.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Parser\tokenizer.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Parser\tokenizer.h"
+ >
+ </File>
+ </Filter>
+ <Filter
+ Name="PC"
+ >
+ <File
+ RelativePath="..\PC\_subprocess.c"
+ >
+ </File>
+ <File
+ RelativePath="..\PC\_winreg.c"
+ >
+ </File>
+ <File
+ RelativePath="..\PC\config.c"
+ >
+ </File>
+ <File
+ RelativePath="..\PC\dl_nt.c"
+ >
+ </File>
+ <File
+ RelativePath="..\PC\errmap.h"
+ >
+ </File>
+ <File
+ RelativePath="..\PC\getpathp.c"
+ >
+ </File>
+ <File
+ RelativePath="..\PC\import_nt.c"
+ >
+ </File>
+ <File
+ RelativePath="..\PC\msvcrtmodule.c"
+ >
+ </File>
+ <File
+ RelativePath="..\PC\pyconfig.h"
+ >
+ </File>
+ </Filter>
+ <Filter
+ Name="Python"
+ >
+ <File
+ RelativePath="..\Python\_warnings.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\asdl.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\ast.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\bltinmodule.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\ceval.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\codecs.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\compile.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\dynload_win.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\errors.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\formatter_string.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\formatter_unicode.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\frozen.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\future.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\getargs.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\getcompiler.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\getcopyright.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\getmtime.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\getopt.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\getplatform.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\getversion.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\graminit.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\import.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\importdl.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\importdl.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\marshal.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\modsupport.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\mysnprintf.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\mystrtoul.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\peephole.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\pyarena.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\pyfpe.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\pymath.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\pystate.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\pystrcmp.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\pystrtod.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\Python-ast.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\pythonrun.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\random.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\structmember.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\symtable.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\sysmodule.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\thread.c"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\thread_nt.h"
+ >
+ </File>
+ <File
+ RelativePath="..\Python\traceback.c"
+ >
+ </File>
+ </Filter>
+ <Filter
+ Name="Resource Files"
+ >
+ <File
+ RelativePath="..\PC\python_nt.rc"
+ >
+ </File>
+ </Filter>
+ </Files>
+ <Globals>
+ </Globals>
+</VisualStudioProject>
+>>>>>>> other
$NetBSD: patch-CVE-2012-1150-Python_pythonrun.c,v 1.1 2012/03/24 12:04:37 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/a0f43f4481e0
--- Python/pythonrun.c.orig 2011-06-11 16:46:27.000000000 +0100
+++ Python/pythonrun.c 2012-03-24 11:02:25.000000000 +0000
@@ -67,6 +67,7 @@
static void call_ll_exitfuncs(void);
extern void _PyUnicode_Init(void);
extern void _PyUnicode_Fini(void);
+extern void _PyRandom_Init(void);
#ifdef WITH_THREAD
extern void _PyGILState_Init(PyInterpreterState *, PyThreadState *);
@@ -89,6 +90,7 @@
true divisions (which they will be in 2.3). */
int _Py_QnewFlag = 0;
int Py_NoUserSiteDirectory = 0; /* for -s and site.py */
+int Py_HashRandomizationFlag = 0; /* for -R and PYTHONHASHSEED */
/* PyModule_GetWarningsModule is no longer necessary as of 2.6
since _warnings is builtin. This API should not be used. */
@@ -166,6 +168,12 @@
Py_OptimizeFlag = add_flag(Py_OptimizeFlag, p);
if ((p = Py_GETENV("PYTHONDONTWRITEBYTECODE")) && *p != '\0')
Py_DontWriteBytecodeFlag = add_flag(Py_DontWriteBytecodeFlag, p);
+ /* The variable is only tested for existence here; _PyRandom_Init will
+ check its value further. */
+ if ((p = Py_GETENV("PYTHONHASHSEED")) && *p != '\0')
+ Py_HashRandomizationFlag = add_flag(Py_HashRandomizationFlag, p);
+
+ _PyRandom_Init();
interp = PyInterpreterState_New();
if (interp == NULL)
$NetBSD: patch-CVE-2012-1150-Python_random.c,v 1.1 2012/03/24 12:04:37 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/a0f43f4481e0
--- Python/random.c.orig 2012-03-24 11:02:25.000000000 +0000
+++ Python/random.c 2012-03-24 11:02:25.000000000 +0000
@@ -0,0 +1,302 @@
+#include "Python.h"
+#ifdef MS_WINDOWS
+#include <windows.h>
+#else
+#include <fcntl.h>
+#endif
+
+static int random_initialized = 0;
+
+#ifdef MS_WINDOWS
+typedef BOOL (WINAPI *CRYPTACQUIRECONTEXTA)(HCRYPTPROV *phProv,\
+ LPCSTR pszContainer, LPCSTR pszProvider, DWORD dwProvType,\
+ DWORD dwFlags );
+typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV hProv, DWORD dwLen,\
+ BYTE *pbBuffer );
+
+static CRYPTGENRANDOM pCryptGenRandom = NULL;
+/* This handle is never explicitly released. Instead, the operating
+ system will release it when the process terminates. */
+static HCRYPTPROV hCryptProv = 0;
+
+static int
+win32_urandom_init(int raise)
+{
+ HINSTANCE hAdvAPI32 = NULL;
+ CRYPTACQUIRECONTEXTA pCryptAcquireContext = NULL;
+
+ /* Obtain handle to the DLL containing CryptoAPI. This should not fail. */
+ hAdvAPI32 = GetModuleHandle("advapi32.dll");
+ if(hAdvAPI32 == NULL)
+ goto error;
+
+ /* Obtain pointers to the CryptoAPI functions. This will fail on some early
+ versions of Win95. */
+ pCryptAcquireContext = (CRYPTACQUIRECONTEXTA)GetProcAddress(
+ hAdvAPI32, "CryptAcquireContextA");
+ if (pCryptAcquireContext == NULL)
+ goto error;
+
+ pCryptGenRandom = (CRYPTGENRANDOM)GetProcAddress(hAdvAPI32,
+ "CryptGenRandom");
+ if (pCryptGenRandom == NULL)
+ goto error;
+
+ /* Acquire context */
+ if (! pCryptAcquireContext(&hCryptProv, NULL, NULL,
+ PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))
+ goto error;
+
+ return 0;
+
+error:
+ if (raise)
+ PyErr_SetFromWindowsErr(0);
+ else
+ Py_FatalError("Failed to initialize Windows random API (CryptoGen)");
+ return -1;
+}
+
+/* Fill buffer with size pseudo-random bytes generated by the Windows CryptoGen
+ API. Return 0 on success, or -1 on error. */
+static int
+win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise)
+{
+ Py_ssize_t chunk;
+
+ if (hCryptProv == 0)
+ {
+ if (win32_urandom_init(raise) == -1)
+ return -1;
+ }
+
+ while (size > 0)
+ {
+ chunk = size > INT_MAX ? INT_MAX : size;
+ if (!pCryptGenRandom(hCryptProv, chunk, buffer))
+ {
+ /* CryptGenRandom() failed */
+ if (raise)
+ PyErr_SetFromWindowsErr(0);
+ else
+ Py_FatalError("Failed to initialized the randomized hash "
+ "secret using CryptoGen)");
+ return -1;
+ }
+ buffer += chunk;
+ size -= chunk;
+ }
+ return 0;
+}
+#endif /* MS_WINDOWS */
+
+
+#ifdef __VMS
+/* Use openssl random routine */
+#include <openssl/rand.h>
+static int
+vms_urandom(unsigned char *buffer, Py_ssize_t size, int raise)
+{
+ if (RAND_pseudo_bytes(buffer, size) < 0) {
+ if (raise) {
+ PyErr_Format(PyExc_ValueError,
+ "RAND_pseudo_bytes");
+ } else {
+ Py_FatalError("Failed to initialize the randomized hash "
+ "secret using RAND_pseudo_bytes");
+ }
+ return -1;
+ }
+ return 0;
+}
+#endif /* __VMS */
+
+
+#if !defined(MS_WINDOWS) && !defined(__VMS)
+
+/* Read size bytes from /dev/urandom into buffer.
+ Call Py_FatalError() on error. */
+static void
+dev_urandom_noraise(char *buffer, Py_ssize_t size)
+{
+ int fd;
+ Py_ssize_t n;
+
+ assert (0 < size);
+
+ fd = open("/dev/urandom", O_RDONLY);
+ if (fd < 0)
+ Py_FatalError("Failed to open /dev/urandom");
+
+ while (0 < size)
+ {
+ do {
+ n = read(fd, buffer, (size_t)size);
+ } while (n < 0 && errno == EINTR);
+ if (n <= 0)
+ {
+ /* stop on error or if read(size) returned 0 */
+ Py_FatalError("Failed to read bytes from /dev/urandom");
+ break;
+ }
+ buffer += n;
+ size -= (Py_ssize_t)n;
+ }
+ close(fd);
+}
+
+/* Read size bytes from /dev/urandom into buffer.
+ Return 0 on success, raise an exception and return -1 on error. */
+static int
+dev_urandom_python(char *buffer, Py_ssize_t size)
+{
+ int fd;
+ Py_ssize_t n;
+
+ if (size <= 0)
+ return 0;
+
+ Py_BEGIN_ALLOW_THREADS
+ fd = open("/dev/urandom", O_RDONLY);
+ Py_END_ALLOW_THREADS
+ if (fd < 0)
+ {
+ PyErr_SetFromErrnoWithFilename(PyExc_OSError, "/dev/urandom");
+ return -1;
+ }
+
+ Py_BEGIN_ALLOW_THREADS
+ do {
+ do {
+ n = read(fd, buffer, (size_t)size);
+ } while (n < 0 && errno == EINTR);
+ if (n <= 0)
+ break;
+ buffer += n;
+ size -= (Py_ssize_t)n;
+ } while (0 < size);
+ Py_END_ALLOW_THREADS
+
+ if (n <= 0)
+ {
+ /* stop on error or if read(size) returned 0 */
+ if (n < 0)
+ PyErr_SetFromErrno(PyExc_OSError);
+ else
+ PyErr_Format(PyExc_RuntimeError,
+ "Failed to read %zi bytes from /dev/urandom",
+ size);
+ close(fd);
+ return -1;
+ }
+ close(fd);
+ return 0;
+}
+#endif /* !defined(MS_WINDOWS) && !defined(__VMS) */
+
+/* Fill buffer with pseudo-random bytes generated by a linear congruent
+ generator (LCG):
+
+ x(n+1) = (x(n) * 214013 + 2531011) % 2^32
+
+ Use bits 23..16 of x(n) to generate a byte. */
+static void
+lcg_urandom(unsigned int x0, unsigned char *buffer, size_t size)
+{
+ size_t index;
+ unsigned int x;
+
+ x = x0;
+ for (index=0; index < size; index++) {
+ x *= 214013;
+ x += 2531011;
+ /* modulo 2 ^ (8 * sizeof(int)) */
+ buffer[index] = (x >> 16) & 0xff;
+ }
+}
+
+/* Fill buffer with size pseudo-random bytes, not suitable for cryptographic
+ use, from the operating random number generator (RNG).
+
+ Return 0 on success, raise an exception and return -1 on error. */
+int
+_PyOS_URandom(void *buffer, Py_ssize_t size)
+{
+ if (size < 0) {
+ PyErr_Format(PyExc_ValueError,
+ "negative argument not allowed");
+ return -1;
+ }
+ if (size == 0)
+ return 0;
+
+#ifdef MS_WINDOWS
+ return win32_urandom((unsigned char *)buffer, size, 1);
+#else
+# ifdef __VMS
+ return vms_urandom((unsigned char *)buffer, size, 1);
+# else
+ return dev_urandom_python((char*)buffer, size);
+# endif
+#endif
+}
+
+void
+_PyRandom_Init(void)
+{
+ char *env;
+ void *secret = &_Py_HashSecret;
+ Py_ssize_t secret_size = sizeof(_Py_HashSecret);
+
+ if (random_initialized)
+ return;
+ random_initialized = 1;
+
+ /*
+ By default, hash randomization is disabled, and only
+ enabled if PYTHONHASHSEED is set to non-empty or if
+ "-R" is provided at the command line:
+ */
+ if (!Py_HashRandomizationFlag) {
+ /* Disable the randomized hash: */
+ memset(secret, 0, secret_size);
+ return;
+ }
+
+ /*
+ Hash randomization is enabled. Generate a per-process secret,
+ using PYTHONHASHSEED if provided.
+ */
+
+ env = Py_GETENV("PYTHONHASHSEED");
+ if (env && *env != '\0' && strcmp(env, "random") != 0) {
+ char *endptr = env;
+ unsigned long seed;
+ seed = strtoul(env, &endptr, 10);
+ if (*endptr != '\0'
+ || seed > 4294967295UL
+ || (errno == ERANGE && seed == ULONG_MAX))
+ {
+ Py_FatalError("PYTHONHASHSEED must be \"random\" or an integer "
+ "in range [0; 4294967295]");
+ }
+ if (seed == 0) {
+ /* disable the randomized hash */
+ memset(secret, 0, secret_size);
+ }
+ else {
+ lcg_urandom(seed, (unsigned char*)secret, secret_size);
+ }
+ }
+ else {
+#ifdef MS_WINDOWS
+ (void)win32_urandom((unsigned char *)secret, secret_size, 0);
+#else /* #ifdef MS_WINDOWS */
+# ifdef __VMS
+ vms_urandom((unsigned char *)secret, secret_size, 0);
+# else
+ dev_urandom_noraise((char*)secret, secret_size);
+# endif
+#endif
+ }
+}
$NetBSD: patch-CVE-2012-1150-Python_sysmodule.c,v 1.1 2012/03/24 12:04:37 tron Exp $
Fix for CVE-2012-1150 taken from here:
http://hg.python.org/cpython/rev/a0f43f4481e0
--- Python/sysmodule.c.orig 2011-06-11 16:46:27.000000000 +0100
+++ Python/sysmodule.c 2012-03-24 11:02:25.000000000 +0000
@@ -1208,6 +1208,7 @@
{"unicode", "-U"},
/* {"skip_first", "-x"}, */
{"bytes_warning", "-b"},
+ {"hash_randomization", "-R"},
{0}
};
@@ -1216,9 +1217,9 @@
flags__doc__, /* doc */
flags_fields, /* fields */
#ifdef RISCOS
- 16
+ 17
#else
- 15
+ 16
#endif
};
@@ -1255,6 +1256,7 @@
SetFlag(Py_UnicodeFlag);
/* SetFlag(skipfirstline); */
SetFlag(Py_BytesWarningFlag);
+ SetFlag(Py_HashRandomizationFlag);
#undef SetFlag
if (PyErr_Occurred()) {
--- pkgsrc/lang/python27/patches/Attic/patch-au 2011/06/13 11:31:13 1.3
+++ pkgsrc/lang/python27/patches/Attic/patch-au 2012/03/24 12:04:37 1.4
| @@ -1,23 +1,45 @@ | | | @@ -1,23 +1,45 @@ |
| 1 | $NetBSD: patch-au,v 1.3 2011/06/13 11:31:13 obache Exp $ | | 1 | $NetBSD: patch-au,v 1.4 2012/03/24 12:04:37 tron Exp $ |
| 2 | | | 2 | |
| 3 | --- Makefile.pre.in.orig 2011-06-11 15:46:26.000000000 +0000 | | 3 | 1.) Fix for unpriviliged build. |
| 4 | +++ Makefile.pre.in | | 4 | 2.) Fix for CVE-2012-1150 taken from here: |
| 5 | @@ -447,7 +447,7 @@ gdbhooks: $(BUILDPYTHON)-gdb.py | | 5 | |
| | | 6 | http://hg.python.org/cpython/rev/a0f43f4481e0 |
| | | 7 | |
| | | 8 | --- Makefile.pre.in.orig 2011-06-11 16:46:26.000000000 +0100 |
| | | 9 | +++ Makefile.pre.in 2012-03-24 11:02:25.000000000 +0000 |
| | | 10 | @@ -290,6 +290,7 @@ |
| | | 11 | Python/pymath.o \ |
| | | 12 | Python/pystate.o \ |
| | | 13 | Python/pythonrun.o \ |
| | | 14 | + Python/random.o \ |
| | | 15 | Python/structmember.o \ |
| | | 16 | Python/symtable.o \ |
| | | 17 | Python/sysmodule.o \ |
| | | 18 | @@ -447,7 +448,7 @@ |
| 6 | | | 19 | |
| 7 | SRC_GDB_HOOKS=$(srcdir)/Tools/gdb/libpython.py | | 20 | SRC_GDB_HOOKS=$(srcdir)/Tools/gdb/libpython.py |
| 8 | $(BUILDPYTHON)-gdb.py: $(SRC_GDB_HOOKS) | | 21 | $(BUILDPYTHON)-gdb.py: $(SRC_GDB_HOOKS) |
| 9 | - $(INSTALL_DATA) $(SRC_GDB_HOOKS) $(BUILDPYTHON)-gdb.py | | 22 | - $(INSTALL_DATA) $(SRC_GDB_HOOKS) $(BUILDPYTHON)-gdb.py |
| 10 | + cp $(SRC_GDB_HOOKS) $(BUILDPYTHON)-gdb.py | | 23 | + cp $(SRC_GDB_HOOKS) $(BUILDPYTHON)-gdb.py |
| 11 | | | 24 | |
| 12 | # This rule is here for OPENSTEP/Rhapsody/MacOSX. It builds a temporary | | 25 | # This rule is here for OPENSTEP/Rhapsody/MacOSX. It builds a temporary |
| 13 | # minimal framework (not including the Lib directory and such) in the current | | 26 | # minimal framework (not including the Lib directory and such) in the current |
| 14 | @@ -820,7 +820,8 @@ altbininstall: $(BUILDPYTHON) | | 27 | @@ -739,7 +740,7 @@ |
| | | 28 | -@if which pybuildbot.identify >/dev/null 2>&1; then \ |
| | | 29 | pybuildbot.identify "CC='$(CC)'" "CXX='$(CXX)'"; \ |
| | | 30 | fi |
| | | 31 | - $(TESTPYTHON) $(TESTPROG) -uall -rwW $(TESTOPTS) |
| | | 32 | + $(TESTPYTHON) -R $(TESTPROG) -uall -rwW $(TESTOPTS) |
| | | 33 | |
| | | 34 | QUICKTESTOPTS= $(TESTOPTS) -x test_subprocess test_io test_lib2to3 \ |
| | | 35 | test_multibytecodec test_urllib2_localnet test_itertools \ |
| | | 36 | @@ -820,7 +821,8 @@ |
| 15 | (cd $(DESTDIR)$(LIBDIR); $(LN) -sf $(INSTSONAME) $(LDLIBRARY)) \ | | 37 | (cd $(DESTDIR)$(LIBDIR); $(LN) -sf $(INSTSONAME) $(LDLIBRARY)) \ |
| 16 | fi \ | | 38 | fi \ |
| 17 | fi; \ | | 39 | fi; \ |
| 18 | - else true; \ | | 40 | - else true; \ |
| 19 | + elif test -f $(INSTSONAME); then \ | | 41 | + elif test -f $(INSTSONAME); then \ |
| 20 | + $(INSTALL_SHARED) $(INSTSONAME) $(DESTDIR)$(LIBDIR); \ | | 42 | + $(INSTALL_SHARED) $(INSTSONAME) $(DESTDIR)$(LIBDIR); \ |
| 21 | fi | | 43 | fi |
| 22 | | | 44 | |
| 23 | # Install the manual page | | 45 | # Install the manual page |