adopt the socket.recvfrom_into() security fix from Python-2.7 bump PKGREVdiff -r1.56 -r1.57 pkgsrc/lang/python26/Makefile
(drochner)
@@ -1,17 +1,19 @@ | @@ -1,17 +1,19 @@ | |||
1 | # $NetBSD: Makefile,v 1.56 2013/11/06 07:25:49 adam Exp $ | 1 | # $NetBSD: Makefile,v 1.57 2014/02/09 13:47:10 drochner Exp $ | |
2 | 2 | |||
3 | .include "dist.mk" | 3 | .include "dist.mk" | |
4 | 4 | |||
5 | PKGREVISION= 1 | |||
6 | ||||
5 | PKGNAME= python26-${PY_DISTVERSION} | 7 | PKGNAME= python26-${PY_DISTVERSION} | |
6 | CATEGORIES= lang python | 8 | CATEGORIES= lang python | |
7 | 9 | |||
8 | MAINTAINER= pkgsrc-users@NetBSD.org | 10 | MAINTAINER= pkgsrc-users@NetBSD.org | |
9 | HOMEPAGE= http://www.python.org/ | 11 | HOMEPAGE= http://www.python.org/ | |
10 | COMMENT= Interpreted, interactive, object-oriented programming language | 12 | COMMENT= Interpreted, interactive, object-oriented programming language | |
11 | LICENSE= python-software-foundation | 13 | LICENSE= python-software-foundation | |
12 | 14 | |||
13 | CONFLICTS+= python-[0-9]* | 15 | CONFLICTS+= python-[0-9]* | |
14 | 16 | |||
15 | GNU_CONFIGURE= yes | 17 | GNU_CONFIGURE= yes | |
16 | CONFIGURE_ARGS+= --with-threads | 18 | CONFIGURE_ARGS+= --with-threads | |
17 | CONFIGURE_ARGS+= --enable-shared | 19 | CONFIGURE_ARGS+= --enable-shared |
@@ -1,30 +1,30 @@ | @@ -1,30 +1,30 @@ | |||
1 | $NetBSD: distinfo,v 1.52 2013/11/06 07:25:49 adam Exp $ | 1 | $NetBSD: distinfo,v 1.53 2014/02/09 13:47:10 drochner Exp $ | |
2 | 2 | |||
3 | SHA1 (Python-2.6.9.tar.xz) = 2fc159946dfcceffbe4a8638de32d0cd8059c2f8 | 3 | SHA1 (Python-2.6.9.tar.xz) = 2fc159946dfcceffbe4a8638de32d0cd8059c2f8 | |
4 | RMD160 (Python-2.6.9.tar.xz) = 42edf7c9f2f64b77ab173de30ea453257c2c06b3 | 4 | RMD160 (Python-2.6.9.tar.xz) = 42edf7c9f2f64b77ab173de30ea453257c2c06b3 | |
5 | Size (Python-2.6.9.tar.xz) = 9333664 bytes | 5 | Size (Python-2.6.9.tar.xz) = 9333664 bytes | |
6 | SHA1 (patch-Lib_distutils_unixccompiler.py) = 1ce01fbe2d36cf0c7ce347c878cfe2d290ec8490 | 6 | SHA1 (patch-Lib_distutils_unixccompiler.py) = 1ce01fbe2d36cf0c7ce347c878cfe2d290ec8490 | |
7 | SHA1 (patch-Mac_Modules_fm___Fmmodule.c) = b9314bccb51b4fe672b81559068f7a79d2965f94 | 7 | SHA1 (patch-Mac_Modules_fm___Fmmodule.c) = b9314bccb51b4fe672b81559068f7a79d2965f94 | |
8 | SHA1 (patch-Mac_Modules_qd___Qdmodule.c) = 45c748b15b9436d45ba137460389638aa7108c8d | 8 | SHA1 (patch-Mac_Modules_qd___Qdmodule.c) = 45c748b15b9436d45ba137460389638aa7108c8d | |
9 | SHA1 (patch-Mac_Modules_qdoffs___Qdoffsmodule.c) = 9994f0c1a908f18f1f3df3f05b184f082c018365 | 9 | SHA1 (patch-Mac_Modules_qdoffs___Qdoffsmodule.c) = 9994f0c1a908f18f1f3df3f05b184f082c018365 | |
10 | SHA1 (patch-Modules_pyexpat.c) = 093f5abb50667e776c66564f4ec87addfdc05ff3 | 10 | SHA1 (patch-Modules_pyexpat.c) = 093f5abb50667e776c66564f4ec87addfdc05ff3 | |
11 | SHA1 (patch-SA43463) = a0285ce9eb1d994bb05cd54812f3fc9cb678fe7f | 11 | SHA1 (patch-SA43463) = a0285ce9eb1d994bb05cd54812f3fc9cb678fe7f | |
12 | SHA1 (patch-aa) = 0528fc5da76d5f1d19586ea3dda1acd09a4b0113 | 12 | SHA1 (patch-aa) = 0528fc5da76d5f1d19586ea3dda1acd09a4b0113 | |
13 | SHA1 (patch-ab) = b47aa9d18a7c1a99ac8cc8b29c64867443f303e5 | 13 | SHA1 (patch-ab) = b47aa9d18a7c1a99ac8cc8b29c64867443f303e5 | |
14 | SHA1 (patch-ac) = 57c88d47f82630e67bcd27ab61bf4362035da2f2 | 14 | SHA1 (patch-ac) = 57c88d47f82630e67bcd27ab61bf4362035da2f2 | |
15 | SHA1 (patch-ad) = a997e39d16a8f0023125362b180d19ee97ab519b | 15 | SHA1 (patch-ad) = a997e39d16a8f0023125362b180d19ee97ab519b | |
16 | SHA1 (patch-ae) = a6d578b5f12eb42fbbcc11791576d2686a4807d9 | 16 | SHA1 (patch-ae) = a6d578b5f12eb42fbbcc11791576d2686a4807d9 | |
17 | SHA1 (patch-ah) = 501d220b41e578402f3400fe88e582aa2408a147 | 17 | SHA1 (patch-ah) = 501d220b41e578402f3400fe88e582aa2408a147 | |
18 | SHA1 (patch-al) = 45dd16af8e7a45aa323138f712c034aa79a91019 | 18 | SHA1 (patch-al) = 45dd16af8e7a45aa323138f712c034aa79a91019 | |
19 | SHA1 (patch-am) = 380dfaa8ca90532a52dcca972e34965f6e64fce1 | 19 | SHA1 (patch-am) = 380dfaa8ca90532a52dcca972e34965f6e64fce1 | |
20 | SHA1 (patch-an) = 17b4e17b3b562c29a050e9bb20447084ce82b8ab | 20 | SHA1 (patch-an) = 17b4e17b3b562c29a050e9bb20447084ce82b8ab | |
21 | SHA1 (patch-ao) = 8c6a156b0f0c2a6d319658477fff348e6a0c3603 | 21 | SHA1 (patch-ao) = 8c6a156b0f0c2a6d319658477fff348e6a0c3603 | |
22 | SHA1 (patch-ap) = d23a869a449ab9dc166cfa149913b20c9acad9cb | 22 | SHA1 (patch-ap) = 5ad6f248027be369bd27f69210ff3c7b97a297a2 | |
23 | SHA1 (patch-au) = 230d74342997021e957105786e93600f5d03cf7b | 23 | SHA1 (patch-au) = 230d74342997021e957105786e93600f5d03cf7b | |
24 | SHA1 (patch-av) = d6bf0419015656a8d2f13d3132873e453c8a6b6e | 24 | SHA1 (patch-av) = d6bf0419015656a8d2f13d3132873e453c8a6b6e | |
25 | SHA1 (patch-az) = 473419352f6e1ff3c6e6268e81457e6f8a1fccb8 | 25 | SHA1 (patch-az) = 473419352f6e1ff3c6e6268e81457e6f8a1fccb8 | |
26 | SHA1 (patch-ba) = 97dcf72d7380a2d257220669845c52a698165fcf | 26 | SHA1 (patch-ba) = 97dcf72d7380a2d257220669845c52a698165fcf | |
27 | SHA1 (patch-bb) = 6cdd94dd1e69630159194c7c153b6c4e46c81456 | 27 | SHA1 (patch-bb) = 6cdd94dd1e69630159194c7c153b6c4e46c81456 | |
28 | SHA1 (patch-bc) = 09aaa254a54109026bb262a949b4006235df7858 | 28 | SHA1 (patch-bc) = 09aaa254a54109026bb262a949b4006235df7858 | |
29 | SHA1 (patch-pyconfig.h.in) = ad0f7d60886849e58a03fb28bb6c5ba0600c4698 | 29 | SHA1 (patch-pyconfig.h.in) = ad0f7d60886849e58a03fb28bb6c5ba0600c4698 | |
30 | SHA1 (patch-xa) = 25f02b03f1c5534e1d839a5489d5a046071f32c0 | 30 | SHA1 (patch-xa) = 25f02b03f1c5534e1d839a5489d5a046071f32c0 |
@@ -1,16 +1,20 @@ | @@ -1,16 +1,20 @@ | |||
1 | $NetBSD: patch-ap,v 1.3 2010/09/04 05:12:00 obache Exp $ | 1 | $NetBSD: patch-ap,v 1.4 2014/02/09 13:47:10 drochner Exp $ | |
2 | 2 | |||
3 | --- Modules/socketmodule.c.orig 2010-05-23 15:22:08.000000000 +0000 | 3 | Fix vulnerability reported in SA56624. Patch taken from here: | |
4 | ||||
5 | http://hg.python.org/cpython/rev/87673659d8f7 | |||
6 | ||||
7 | --- Modules/socketmodule.c.orig 2014-02-09 12:58:52.000000000 +0000 | |||
4 | +++ Modules/socketmodule.c | 8 | +++ Modules/socketmodule.c | |
5 | @@ -379,7 +379,7 @@ const char *inet_ntop(int af, const void | 9 | @@ -379,7 +379,7 @@ const char *inet_ntop(int af, const void | |
6 | #define SOCKETCLOSE close | 10 | #define SOCKETCLOSE close | |
7 | #endif | 11 | #endif | |
8 | 12 | |||
9 | -#if defined(HAVE_BLUETOOTH_H) || defined(HAVE_BLUETOOTH_BLUETOOTH_H) && !defined(__NetBSD__) | 13 | -#if defined(HAVE_BLUETOOTH_H) || defined(HAVE_BLUETOOTH_BLUETOOTH_H) && !defined(__NetBSD__) | |
10 | +#if defined(HAVE_BLUETOOTH_H) || defined(HAVE_BLUETOOTH_BLUETOOTH_H) && !defined(__NetBSD__) && !defined(__DragonFly__) | 14 | +#if defined(HAVE_BLUETOOTH_H) || defined(HAVE_BLUETOOTH_BLUETOOTH_H) && !defined(__NetBSD__) && !defined(__DragonFly__) | |
11 | #define USE_BLUETOOTH 1 | 15 | #define USE_BLUETOOTH 1 | |
12 | #if defined(__FreeBSD__) | 16 | #if defined(__FreeBSD__) | |
13 | #define BTPROTO_L2CAP BLUETOOTH_PROTO_L2CAP | 17 | #define BTPROTO_L2CAP BLUETOOTH_PROTO_L2CAP | |
14 | @@ -393,11 +393,13 @@ const char *inet_ntop(int af, const void | 18 | @@ -393,11 +393,13 @@ const char *inet_ntop(int af, const void | |
15 | #define _BT_L2_MEMB(sa, memb) ((sa)->l2cap_##memb) | 19 | #define _BT_L2_MEMB(sa, memb) ((sa)->l2cap_##memb) | |
16 | #define _BT_RC_MEMB(sa, memb) ((sa)->rfcomm_##memb) | 20 | #define _BT_RC_MEMB(sa, memb) ((sa)->rfcomm_##memb) | |
@@ -56,27 +60,38 @@ $NetBSD: patch-ap,v 1.3 2010/09/04 05:12 | @@ -56,27 +60,38 @@ $NetBSD: patch-ap,v 1.3 2010/09/04 05:12 | |||
56 | + if (setbdaddr(straddr, &_BT_HCI_MEMB(addr, bdaddr)) < 0) | 60 | + if (setbdaddr(straddr, &_BT_HCI_MEMB(addr, bdaddr)) < 0) | |
57 | + return 0; | 61 | + return 0; | |
58 | +#else | 62 | +#else | |
59 | _BT_HCI_MEMB(addr, family) = AF_BLUETOOTH; | 63 | _BT_HCI_MEMB(addr, family) = AF_BLUETOOTH; | |
60 | if (!PyArg_ParseTuple(args, "i", &_BT_HCI_MEMB(addr, dev))) { | 64 | if (!PyArg_ParseTuple(args, "i", &_BT_HCI_MEMB(addr, dev))) { | |
61 | PyErr_SetString(socket_error, "getsockaddrarg: " | 65 | PyErr_SetString(socket_error, "getsockaddrarg: " | |
62 | "wrong format"); | 66 | "wrong format"); | |
63 | return 0; | 67 | return 0; | |
64 | } | 68 | } | |
65 | +#endif | 69 | +#endif | |
66 | *len_ret = sizeof *addr; | 70 | *len_ret = sizeof *addr; | |
67 | return 1; | 71 | return 1; | |
68 | } | 72 | } | |
69 | @@ -4588,9 +4607,13 @@ init_socket(void) | 73 | @@ -2625,6 +2644,10 @@ sock_recvfrom_into(PySocketSockObject *s | |
74 | if (recvlen == 0) { | |||
75 | /* If nbytes was not specified, use the buffer's length */ | |||
76 | recvlen = buflen; | |||
77 | + } else if (recvlen > buflen) { | |||
78 | + PyErr_SetString(PyExc_ValueError, | |||
79 | + "nbytes is greater than the length of the buffer"); | |||
80 | + return NULL; | |||
81 | } | |||
82 | ||||
83 | readlen = sock_recvfrom_guts(s, buf, recvlen, flags, &addr); | |||
84 | @@ -4588,9 +4611,13 @@ init_socket(void) | |||
70 | PyModule_AddIntConstant(m, "BTPROTO_L2CAP", BTPROTO_L2CAP); | 85 | PyModule_AddIntConstant(m, "BTPROTO_L2CAP", BTPROTO_L2CAP); | |
71 | PyModule_AddIntConstant(m, "BTPROTO_HCI", BTPROTO_HCI); | 86 | PyModule_AddIntConstant(m, "BTPROTO_HCI", BTPROTO_HCI); | |
72 | PyModule_AddIntConstant(m, "SOL_HCI", SOL_HCI); | 87 | PyModule_AddIntConstant(m, "SOL_HCI", SOL_HCI); | |
73 | +#if !defined(__NetBSD__) && !defined(__DragonFly__) | 88 | +#if !defined(__NetBSD__) && !defined(__DragonFly__) | |
74 | PyModule_AddIntConstant(m, "HCI_FILTER", HCI_FILTER); | 89 | PyModule_AddIntConstant(m, "HCI_FILTER", HCI_FILTER); | |
75 | +#endif | 90 | +#endif | |
76 | #if !defined(__FreeBSD__) | 91 | #if !defined(__FreeBSD__) | |
77 | +#if !defined(__NetBSD__) && !defined(__DragonFly__) | 92 | +#if !defined(__NetBSD__) && !defined(__DragonFly__) | |
78 | PyModule_AddIntConstant(m, "HCI_TIME_STAMP", HCI_TIME_STAMP); | 93 | PyModule_AddIntConstant(m, "HCI_TIME_STAMP", HCI_TIME_STAMP); | |
79 | +#endif | 94 | +#endif | |
80 | PyModule_AddIntConstant(m, "HCI_DATA_DIR", HCI_DATA_DIR); | 95 | PyModule_AddIntConstant(m, "HCI_DATA_DIR", HCI_DATA_DIR); | |
81 | PyModule_AddIntConstant(m, "BTPROTO_SCO", BTPROTO_SCO); | 96 | PyModule_AddIntConstant(m, "BTPROTO_SCO", BTPROTO_SCO); | |
82 | #endif | 97 | #endif |