diff options
| author | Ruslan Makhmatkhanov <rm@FreeBSD.org> | 2016-06-19 06:42:26 +0000 |
|---|---|---|
| committer | Ruslan Makhmatkhanov <rm@FreeBSD.org> | 2016-06-19 06:42:26 +0000 |
| commit | b81a3f94d3ef5a74099495ade114a5ea64b3b6c5 (patch) | |
| tree | df338b16a969e30b569d4376b3ddbbafd7ffd8dc | |
| parent | f48a79dcc2bd9ee0c36162144801d363ae013e5e (diff) | |
| download | ports-b81a3f94d3ef5a74099495ade114a5ea64b3b6c5.tar.gz ports-b81a3f94d3ef5a74099495ade114a5ea64b3b6c5.zip | |
MFH: r417019
lang/python[xx]: backport upstream fix for CVE-2016-5636
Add patch for integer overflow in zipimport module to all our python ports.
While I'm here, get rid of -f flag in ${RM} invocation, because ${RM} already
expands to rm -f, so in result we are getting something like:
/bin/rm -f -f /wrkdirs/usr/ports/lang/python35/work/stage/usr/local/lib/libpython3.so
PR: 210325
Submitted by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
Security: 1d0f6852-33d8-11e6-a671-60a44ce6887b
With hat: python
Approved by: ports-secteam (junovitch)
Notes
Notes:
svn path=/branches/2016Q2/; revision=417101
| -rw-r--r-- | lang/python27/Makefile | 2 | ||||
| -rw-r--r-- | lang/python27/files/patch-Modules_zipimport.c | 17 | ||||
| -rw-r--r-- | lang/python33/Makefile | 4 | ||||
| -rw-r--r-- | lang/python33/files/patch-Modules_zipimport.c | 17 | ||||
| -rw-r--r-- | lang/python34/Makefile | 4 | ||||
| -rw-r--r-- | lang/python34/files/patch-Modules_zipimport.c | 17 | ||||
| -rw-r--r-- | lang/python35/Makefile | 4 | ||||
| -rw-r--r-- | lang/python35/files/patch-Modules_zipimport.c | 17 |
8 files changed, 75 insertions, 7 deletions
diff --git a/lang/python27/Makefile b/lang/python27/Makefile index ad11ccbda6c4..42fbfffb0107 100644 --- a/lang/python27/Makefile +++ b/lang/python27/Makefile @@ -2,7 +2,7 @@ PORTNAME= python27 PORTVERSION= ${PYTHON_PORTVERSION} -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= lang python ipv6 MASTER_SITES= PYTHON/ftp/python/${PORTVERSION} DISTNAME= Python-${PORTVERSION} diff --git a/lang/python27/files/patch-Modules_zipimport.c b/lang/python27/files/patch-Modules_zipimport.c new file mode 100644 index 000000000000..aaf69496fedd --- /dev/null +++ b/lang/python27/files/patch-Modules_zipimport.c @@ -0,0 +1,17 @@ + +Bug: http://bugs.python.org/issue26171 + +--- Modules/zipimport.c.orig 2015-12-05 19:47:16 UTC ++++ Modules/zipimport.c +@@ -895,6 +895,11 @@ get_data(char *archive, PyObject *toc_en + PyMarshal_ReadShortFromFile(fp); /* local header size */ + file_offset += l; /* Start of file data */ + ++ if (data_size > LONG_MAX - 1) { ++ fclose(fp); ++ PyErr_NoMemory(); ++ return NULL; ++ } + raw_data = PyString_FromStringAndSize((char *)NULL, compress == 0 ? + data_size : data_size + 1); + if (raw_data == NULL) { diff --git a/lang/python33/Makefile b/lang/python33/Makefile index a99b6bcaee9e..913814159634 100644 --- a/lang/python33/Makefile +++ b/lang/python33/Makefile @@ -2,7 +2,7 @@ PORTNAME= python33 PORTVERSION= ${PYTHON_PORTVERSION} -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= lang python ipv6 MASTER_SITES= PYTHON/ftp/python/${PORTVERSION} DISTNAME= Python-${PORTVERSION} @@ -115,7 +115,7 @@ post-patch: post-install: .if ! ${PORT_OPTIONS:MDEBUG} - ${RM} -f ${STAGEDIR}${PREFIX}/lib/libpython3.so # Upstream Issue: http://bugs.python.org/issue17975 + ${RM} ${STAGEDIR}${PREFIX}/lib/libpython3.so # Upstream Issue: http://bugs.python.org/issue17975 .endif for i in ${STAGEDIR}${PREFIX}/lib/python3.3/lib-dynload/*.so; do \ ${STRIP_CMD} $$i; done # Strip shared extensions diff --git a/lang/python33/files/patch-Modules_zipimport.c b/lang/python33/files/patch-Modules_zipimport.c new file mode 100644 index 000000000000..66b635ebb4d4 --- /dev/null +++ b/lang/python33/files/patch-Modules_zipimport.c @@ -0,0 +1,17 @@ + +Bug: http://bugs.python.org/issue26171 + +--- Modules/zipimport.c.orig 2014-10-12 07:03:53 UTC ++++ Modules/zipimport.c +@@ -1089,6 +1089,11 @@ get_data(PyObject *archive, PyObject *to + PyMarshal_ReadShortFromFile(fp); /* local header size */ + file_offset += l; /* Start of file data */ + ++ if (data_size > LONG_MAX - 1) { ++ fclose(fp); ++ PyErr_NoMemory(); ++ return NULL; ++ } + bytes_size = compress == 0 ? data_size : data_size + 1; + if (bytes_size == 0) + bytes_size++; diff --git a/lang/python34/Makefile b/lang/python34/Makefile index cb41b5c429ec..766a138b038a 100644 --- a/lang/python34/Makefile +++ b/lang/python34/Makefile @@ -3,7 +3,7 @@ PORTNAME= python34 PORTVERSION= ${PYTHON_PORTVERSION} -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= lang python ipv6 MASTER_SITES= PYTHON/ftp/python/${PORTVERSION} DISTNAME= Python-${PORTVERSION} @@ -119,7 +119,7 @@ PLIST_SUB+= NO_NIS="" post-install: .if ! ${PORT_OPTIONS:MDEBUG} - ${RM} -f ${STAGEDIR}${PREFIX}/lib/libpython3.so # Upstream Issue: http://bugs.python.org/issue17975 + ${RM} ${STAGEDIR}${PREFIX}/lib/libpython3.so # Upstream Issue: http://bugs.python.org/issue17975 .endif for i in ${STAGEDIR}${PREFIX}/lib/python3.4/lib-dynload/*.so; do \ ${STRIP_CMD} $$i; done # Strip shared extensions diff --git a/lang/python34/files/patch-Modules_zipimport.c b/lang/python34/files/patch-Modules_zipimport.c new file mode 100644 index 000000000000..f1fe5b968da6 --- /dev/null +++ b/lang/python34/files/patch-Modules_zipimport.c @@ -0,0 +1,17 @@ + +Bug: http://bugs.python.org/issue26171 + +--- Modules/zipimport.c.orig 2015-12-21 06:01:04 UTC ++++ Modules/zipimport.c +@@ -1111,6 +1111,11 @@ get_data(PyObject *archive, PyObject *to + } + file_offset += l; /* Start of file data */ + ++ if (data_size > LONG_MAX - 1) { ++ fclose(fp); ++ PyErr_NoMemory(); ++ return NULL; ++ } + bytes_size = compress == 0 ? data_size : data_size + 1; + if (bytes_size == 0) + bytes_size++; diff --git a/lang/python35/Makefile b/lang/python35/Makefile index 6f4698a77a84..f9a9cf91ed42 100644 --- a/lang/python35/Makefile +++ b/lang/python35/Makefile @@ -3,7 +3,7 @@ PORTNAME= python DISTVERSION= ${PYTHON_PORTVERSION} -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= lang python ipv6 MASTER_SITES= PYTHON/ftp/python/${PYTHON_PORTVERSION} PKGNAMESUFFIX= ${PYTHON_SUFFIX} @@ -126,7 +126,7 @@ PLIST_SUB+= NO_NIS="" post-install: .if ! ${PORT_OPTIONS:MDEBUG} - ${RM} -f ${STAGEDIR}${PREFIX}/lib/libpython3.so # Upstream Issue: http://bugs.python.org/issue17975 + ${RM} ${STAGEDIR}${PREFIX}/lib/libpython3.so # Upstream Issue: http://bugs.python.org/issue17975 .endif for i in ${STAGEDIR}${PREFIX}/lib/python${PYTHON_VER}/lib-dynload/*.so; do \ ${STRIP_CMD} $$i; done # Strip shared extensions diff --git a/lang/python35/files/patch-Modules_zipimport.c b/lang/python35/files/patch-Modules_zipimport.c new file mode 100644 index 000000000000..14fab69a406c --- /dev/null +++ b/lang/python35/files/patch-Modules_zipimport.c @@ -0,0 +1,17 @@ + +Bug: http://bugs.python.org/issue26171 + +--- Modules/zipimport.c.orig 2015-12-07 01:39:10 UTC ++++ Modules/zipimport.c +@@ -1112,6 +1112,11 @@ get_data(PyObject *archive, PyObject *to + } + file_offset += l; /* Start of file data */ + ++ if (data_size > LONG_MAX - 1) { ++ fclose(fp); ++ PyErr_NoMemory(); ++ return NULL; ++ } + bytes_size = compress == 0 ? data_size : data_size + 1; + if (bytes_size == 0) + bytes_size++; |