diff options
Diffstat (limited to 'lang/python32')
-rw-r--r-- | lang/python32/Makefile | 2 | ||||
-rw-r--r-- | lang/python32/files/patch-CVE-2012-0845 | 46 |
2 files changed, 47 insertions, 1 deletions
diff --git a/lang/python32/Makefile b/lang/python32/Makefile index 7b4b52a1f6bf..32ed1a2e65f6 100644 --- a/lang/python32/Makefile +++ b/lang/python32/Makefile @@ -7,7 +7,7 @@ PORTNAME= python32 PORTVERSION= 3.2.2 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= lang python ipv6 MASTER_SITES= ${PYTHON_MASTER_SITES} MASTER_SITE_SUBDIR= ${PYTHON_MASTER_SITE_SUBDIR} diff --git a/lang/python32/files/patch-CVE-2012-0845 b/lang/python32/files/patch-CVE-2012-0845 new file mode 100644 index 000000000000..e30dbe1e4532 --- /dev/null +++ b/lang/python32/files/patch-CVE-2012-0845 @@ -0,0 +1,46 @@ +diff --git a/Lib/test/test_xmlrpc.py b/Lib/test/test_xmlrpc.py +--- Lib/test/test_xmlrpc.py ++++ Lib/test/test_xmlrpc.py +@@ -519,12 +519,7 @@ + + def tearDown(self): + # wait on the server thread to terminate +- self.evt.wait(4.0) +- # XXX this code does not work, and in fact stop_serving doesn't exist. +- if not self.evt.is_set(): +- self.evt.set() +- stop_serving() +- raise RuntimeError("timeout reached, test has failed") ++ self.evt.wait() + + # disable traceback reporting + xmlrpc.server.SimpleXMLRPCServer._send_traceback_header = False +@@ -671,6 +666,13 @@ + server = xmlrpclib.ServerProxy("http://%s:%d/RPC2" % (ADDR, PORT)) + self.assertEqual(server.add("a", "\xe9"), "a\xe9") + ++ def test_partial_post(self): ++ # Check that a partial POST doesn't make the server loop: issue #14001. ++ conn = http.client.HTTPConnection(ADDR, PORT) ++ conn.request('POST', '/RPC2 HTTP/1.0\r\nContent-Length: 100\r\n\r\nbye') ++ conn.close() ++ ++ + class MultiPathServerTestCase(BaseServerTestCase): + threadFunc = staticmethod(http_multi_server) + request_count = 2 +diff --git a/Lib/xmlrpc/server.py b/Lib/xmlrpc/server.py +--- Lib/xmlrpc/server.py ++++ Lib/xmlrpc/server.py +@@ -476,7 +476,10 @@ + L = [] + while size_remaining: + chunk_size = min(size_remaining, max_chunk_size) +- L.append(self.rfile.read(chunk_size)) ++ chunk = self.rfile.read(chunk_size) ++ if not chunk: ++ break ++ L.append(chunk) + size_remaining -= len(L[-1]) + data = b''.join(L) + |