python: Fix vulnerability reported in SA56624 (via pkgsrc).
This commit is contained in:
parent
6217ab55af
commit
563f31523d
2 changed files with 32 additions and 16 deletions
19
srcpkgs/python/patches/patch-Modules_socketmodule.c
Normal file
19
srcpkgs/python/patches/patch-Modules_socketmodule.c
Normal file
|
@ -0,0 +1,19 @@
|
|||
$NetBSD$
|
||||
|
||||
Fix vulnerability reported in SA56624. Patch taken from here:
|
||||
|
||||
http://hg.python.org/cpython/rev/87673659d8f7
|
||||
|
||||
--- Modules/socketmodule.c.orig 2013-11-10 07:36:41.000000000 +0000
|
||||
+++ Modules/socketmodule.c 2014-02-09 08:41:25.000000000 +0000
|
||||
@@ -2742,6 +2742,10 @@
|
||||
if (recvlen == 0) {
|
||||
/* If nbytes was not specified, use the buffer's length */
|
||||
recvlen = buflen;
|
||||
+ } else if (recvlen > buflen) {
|
||||
+ PyErr_SetString(PyExc_ValueError,
|
||||
+ "nbytes is greater than the length of the buffer");
|
||||
+ goto error;
|
||||
}
|
||||
|
||||
readlen = sock_recvfrom_guts(s, buf.buf, recvlen, flags, &addr);
|
|
@ -1,8 +1,11 @@
|
|||
# Template build file for 'python'.
|
||||
pkgname=python
|
||||
version=2.7.6
|
||||
revision=4
|
||||
revision=5
|
||||
wrksrc="Python-${version}"
|
||||
hostmakedepends="pkg-config"
|
||||
makedepends="libffi-devel readline-devel gdbm-devel openssl-devel expat-devel sqlite-devel bzip2-devel zlib-devel"
|
||||
pycompile_dirs="usr/lib/python2.7"
|
||||
short_desc="Interpreted, interactive, object-oriented programming language"
|
||||
maintainer="Juan RP <xtraeme@gmail.com>"
|
||||
homepage="http://www.python.org"
|
||||
|
@ -10,17 +13,6 @@ license="PSF"
|
|||
distfiles="http://www.python.org/ftp/python/$version/Python-$version.tar.xz"
|
||||
checksum=1fd68e81f8bf7386ff239b7faee9ba387129d2cf34eab13350bd8503a0bff6a1
|
||||
|
||||
hostmakedepends="pkg-config"
|
||||
makedepends="libffi-devel readline-devel gdbm-devel openssl-devel
|
||||
expat-devel sqlite-devel bzip2-devel zlib-devel"
|
||||
pycompile_dirs="usr/lib/python2.7"
|
||||
|
||||
configure_args="
|
||||
--with-threads --enable-ipv6 --with-signal-module --enable-shared
|
||||
--with-system-ffi --enable-unicode=ucs4 --with-system-expat
|
||||
--with-wctype-functions ac_cv_file__dev_ptc=no ac_cv_file__dev_ptmx=yes
|
||||
ac_cv_have_long_long_format=yes"
|
||||
|
||||
pre_configure() {
|
||||
# Ensure that internal copies of expat, libffi and zlib are not used.
|
||||
rm -r Modules/expat
|
||||
|
@ -29,16 +21,21 @@ pre_configure() {
|
|||
}
|
||||
|
||||
do_configure() {
|
||||
unset CC LD AR AS RANLIB
|
||||
unset CC CXX LD AR AS RANLIB
|
||||
if [ "$CROSS_BUILD" ]; then
|
||||
CFLAGS=-Os LDFLAGS= ./configure
|
||||
make python
|
||||
CFLAGS=-Os CXXFLAGS= LDFLAGS= ./configure
|
||||
make ${makejobs} python
|
||||
mkdir hostpython
|
||||
mv python hostpython
|
||||
make distclean
|
||||
patch -Np0 -i ${FILESDIR}/Python-${version}-xcompile.patch
|
||||
fi
|
||||
./configure --build=${XBPS_MACHINE}-unknown-linux-gnu ${configure_args}
|
||||
./configure ${configure_args} --build=${XBPS_MACHINE}-unknown-linux-gnu \
|
||||
--with-threads --enable-ipv6 --with-signal-module \
|
||||
--with-system-ffi --enable-unicode=ucs4 --with-system-expat \
|
||||
--with-wctype-functions --enable-shared \
|
||||
ac_cv_file__dev_ptc=no ac_cv_file__dev_ptmx=yes \
|
||||
ac_cv_have_long_long_format=yes
|
||||
}
|
||||
|
||||
do_build() {
|
||||
|
|
Loading…
Reference in a new issue