Pullup ticket #4320 - requested by obache lang/python33: security patch Revisions pulled up: - lang/python33/Makefile 1.14 - lang/python33/distinfo 1.8 - lang/python33/patches/patch-Modules_socketmodule.c 1.1 --- Module Name: pkgsrc Committed By: obache Date: Tue Feb 11 05:52:56 UTC 2014 Modified Files: pkgsrc/lang/python33: Makefile distinfo Added Files: pkgsrc/lang/python33/patches: patch-Modules_socketmodule.c Log Message: Fixes SA56624, taken from upstream. Bump PKGREVISION.diff -r1.13 -r1.13.2.1 pkgsrc/lang/python33/Makefile
(tron)
@@ -1,18 +1,19 @@ | @@ -1,18 +1,19 @@ | |||
1 | # $NetBSD: Makefile,v 1.13 2013/11/21 14:06:43 adam Exp $ | 1 | # $NetBSD: Makefile,v 1.13.2.1 2014/02/11 20:42:37 tron Exp $ | |
2 | 2 | |||
3 | .include "dist.mk" | 3 | .include "dist.mk" | |
4 | 4 | |||
5 | PKGNAME= python33-${PY_DISTVERSION} | 5 | PKGNAME= python33-${PY_DISTVERSION} | |
6 | PKGREVISION= 1 | |||
6 | CATEGORIES= lang python | 7 | CATEGORIES= lang python | |
7 | 8 | |||
8 | MAINTAINER= pkgsrc-users@NetBSD.org | 9 | MAINTAINER= pkgsrc-users@NetBSD.org | |
9 | HOMEPAGE= http://www.python.org/ | 10 | HOMEPAGE= http://www.python.org/ | |
10 | COMMENT= Interpreted, interactive, object-oriented programming language | 11 | COMMENT= Interpreted, interactive, object-oriented programming language | |
11 | LICENSE= python-software-foundation | 12 | LICENSE= python-software-foundation | |
12 | 13 | |||
13 | CONFLICTS+= python-[0-9]* | 14 | CONFLICTS+= python-[0-9]* | |
14 | 15 | |||
15 | GNU_CONFIGURE= yes | 16 | GNU_CONFIGURE= yes | |
16 | CONFIGURE_ARGS+= --with-threads | 17 | CONFIGURE_ARGS+= --with-threads | |
17 | CONFIGURE_ARGS+= --enable-shared | 18 | CONFIGURE_ARGS+= --enable-shared | |
18 | CONFIGURE_ARGS+= OPT=${CFLAGS:M*:Q} | 19 | CONFIGURE_ARGS+= OPT=${CFLAGS:M*:Q} |
@@ -1,18 +1,19 @@ | @@ -1,18 +1,19 @@ | |||
1 | $NetBSD: distinfo,v 1.7 2013/11/21 14:06:43 adam Exp $ | 1 | $NetBSD: distinfo,v 1.7.2.1 2014/02/11 20:42:37 tron Exp $ | |
2 | 2 | |||
3 | SHA1 (Python-3.3.3.tar.xz) = af4e75a34bd538c79b9871227c2e7f56569ac107 | 3 | SHA1 (Python-3.3.3.tar.xz) = af4e75a34bd538c79b9871227c2e7f56569ac107 | |
4 | RMD160 (Python-3.3.3.tar.xz) = 62e262879f871fc2e9c5b3e85debd51c2691ca32 | 4 | RMD160 (Python-3.3.3.tar.xz) = 62e262879f871fc2e9c5b3e85debd51c2691ca32 | |
5 | Size (Python-3.3.3.tar.xz) = 12057744 bytes | 5 | Size (Python-3.3.3.tar.xz) = 12057744 bytes | |
6 | SHA1 (patch-Lib_distutils_unixccompiler.py) = 39cb8d1e1e3e76e2b6b5dbc1a6b5e0815300b2ce | 6 | SHA1 (patch-Lib_distutils_unixccompiler.py) = 39cb8d1e1e3e76e2b6b5dbc1a6b5e0815300b2ce | |
7 | SHA1 (patch-Modules_socketmodule.c) = 789b05d27f5821ee9968dacd4dedc9133cc73775 | |||
7 | SHA1 (patch-aa) = 99ebcbbfc53b855a32b424dec27012e1e969c3d0 | 8 | SHA1 (patch-aa) = 99ebcbbfc53b855a32b424dec27012e1e969c3d0 | |
8 | SHA1 (patch-ab) = 1c0a25bf7ec6ee76e84c799619ec7cd8910f16e1 | 9 | SHA1 (patch-ab) = 1c0a25bf7ec6ee76e84c799619ec7cd8910f16e1 | |
9 | SHA1 (patch-ah) = bb43aaab260935a5a0d5e7ce1ccc30f4832cab1d | 10 | SHA1 (patch-ah) = bb43aaab260935a5a0d5e7ce1ccc30f4832cab1d | |
10 | SHA1 (patch-al) = e5438d1bbc20cc85521b3570710846cf4a070ae1 | 11 | SHA1 (patch-al) = e5438d1bbc20cc85521b3570710846cf4a070ae1 | |
11 | SHA1 (patch-am) = 9712e33cf8e3c04a9bc0e89be4fb571790e26e4e | 12 | SHA1 (patch-am) = 9712e33cf8e3c04a9bc0e89be4fb571790e26e4e | |
12 | SHA1 (patch-an) = 933acde107b735931d26ace4eef251000b9f07ba | 13 | SHA1 (patch-an) = 933acde107b735931d26ace4eef251000b9f07ba | |
13 | SHA1 (patch-ao) = dc524b08634c23c25227bd03e221dab0ff2a03f3 | 14 | SHA1 (patch-ao) = dc524b08634c23c25227bd03e221dab0ff2a03f3 | |
14 | SHA1 (patch-au) = c892f1004eb32e9608f93c08ec6f94e16bdca182 | 15 | SHA1 (patch-au) = c892f1004eb32e9608f93c08ec6f94e16bdca182 | |
15 | SHA1 (patch-av) = 9b44f339f65f029b7f17dbc654739a7ae3c12780 | 16 | SHA1 (patch-av) = 9b44f339f65f029b7f17dbc654739a7ae3c12780 | |
16 | SHA1 (patch-aw) = 598e4710c426110012048946786a6d72f050e0fc | 17 | SHA1 (patch-aw) = 598e4710c426110012048946786a6d72f050e0fc | |
17 | SHA1 (patch-pyconfig.h.in) = 7ebc0ed9ca9a37c5a6c8e04cc3f7fca4a5c90e8c | 18 | SHA1 (patch-pyconfig.h.in) = 7ebc0ed9ca9a37c5a6c8e04cc3f7fca4a5c90e8c | |
18 | SHA1 (patch-xa) = fb81eaa604b4ed7c1b64c3f4731d58a8aee257be | 19 | SHA1 (patch-xa) = fb81eaa604b4ed7c1b64c3f4731d58a8aee257be |
$NetBSD: patch-Modules_socketmodule.c,v 1.2.2.2 2014/02/11 20:42:37 tron Exp $
* Fix vulnerability reported in SA56624, taken from upstream:
http://hg.python.org/cpython/rev/7f176a45211f/
--- Modules/socketmodule.c.orig 2013-11-17 07:23:02.000000000 +0000
+++ Modules/socketmodule.c
@@ -2935,6 +2935,11 @@ sock_recvfrom_into(PySocketSockObject *s
if (recvlen == 0) {
/* If nbytes was not specified, use the buffer's length */
recvlen = buflen;
+ } else if (recvlen > buflen) {
+ PyBuffer_Release(&pbuf);
+ PyErr_SetString(PyExc_ValueError,
+ "nbytes is greater than the length of the buffer");
+ return NULL;
}
readlen = sock_recvfrom_guts(s, buf, recvlen, flags, &addr);