python: Fix vulnerability reported in SA56624 (via pkgsrc).

2014-02-09 10:58:56 +01:00 · 2014-02-09 10:58:56 +01:00 · 563f31523d
commit 563f31523d
parent 6217ab55af
2 changed files with 32 additions and 16 deletions
--- a/srcpkgs/python/patches/patch-Modules_socketmodule.c
+++ b/srcpkgs/python/patches/patch-Modules_socketmodule.c
@ -0,0 +1,19 @@
+$NetBSD$
+
+Fix vulnerability reported in SA56624. Patch taken from here:
+
+http://hg.python.org/cpython/rev/87673659d8f7
+
+--- Modules/socketmodule.c.orig	2013-11-10 07:36:41.000000000 +0000
+++ Modules/socketmodule.c	2014-02-09 08:41:25.000000000 +0000
+@@ -2742,6 +2742,10 @@
+     if (recvlen == 0) {
+         /* If nbytes was not specified, use the buffer's length */
+         recvlen = buflen;
+    } else if (recvlen > buflen) {
+        PyErr_SetString(PyExc_ValueError,
+                        "nbytes is greater than the length of the buffer");
+        goto error;
+     }
+ 
+     readlen = sock_recvfrom_guts(s, buf.buf, recvlen, flags, &addr);
--- a/srcpkgs/python/template
+++ b/srcpkgs/python/template
@ -1,8 +1,11 @@
 # Template build file for 'python'.
 pkgname=python
 version=2.7.6
-revision=4
+revision=5
 wrksrc="Python-${version}"
+hostmakedepends="pkg-config"
+makedepends="libffi-devel readline-devel gdbm-devel openssl-devel expat-devel sqlite-devel bzip2-devel zlib-devel"
+pycompile_dirs="usr/lib/python2.7"
 short_desc="Interpreted, interactive, object-oriented programming language"
 maintainer="Juan RP <xtraeme@gmail.com>"
 homepage="http://www.python.org"
@ -10,17 +13,6 @@ license="PSF"
 distfiles="http://www.python.org/ftp/python/$version/Python-$version.tar.xz"
 checksum=1fd68e81f8bf7386ff239b7faee9ba387129d2cf34eab13350bd8503a0bff6a1

-hostmakedepends="pkg-config"
-makedepends="libffi-devel readline-devel gdbm-devel openssl-devel
- expat-devel sqlite-devel bzip2-devel zlib-devel"
-pycompile_dirs="usr/lib/python2.7"
-
-configure_args="
- --with-threads --enable-ipv6 --with-signal-module --enable-shared
- --with-system-ffi --enable-unicode=ucs4 --with-system-expat
- --with-wctype-functions ac_cv_file__dev_ptc=no ac_cv_file__dev_ptmx=yes
- ac_cv_have_long_long_format=yes"
-
 pre_configure() {
 	# Ensure that internal copies of expat, libffi and zlib are not used.
 	rm -r Modules/expat
@ -29,16 +21,21 @@ pre_configure() {
 }

 do_configure() {
-	unset CC LD AR AS RANLIB
+	unset CC CXX LD AR AS RANLIB
 	if [ "$CROSS_BUILD" ]; then
-		CFLAGS=-Os LDFLAGS= ./configure
-		make python
+		CFLAGS=-Os CXXFLAGS= LDFLAGS= ./configure
+		make ${makejobs} python
 		mkdir hostpython
 		mv python hostpython
 		make distclean
 		patch -Np0 -i ${FILESDIR}/Python-${version}-xcompile.patch
 	fi
-	./configure --build=${XBPS_MACHINE}-unknown-linux-gnu ${configure_args}
+	./configure ${configure_args} --build=${XBPS_MACHINE}-unknown-linux-gnu \
+		--with-threads --enable-ipv6 --with-signal-module \
+		--with-system-ffi --enable-unicode=ucs4 --with-system-expat \
+		--with-wctype-functions --enable-shared \
+		ac_cv_file__dev_ptc=no ac_cv_file__dev_ptmx=yes \
+		ac_cv_have_long_long_format=yes
 }

 do_build() {