From owner-freebsd-ports-bugs@FreeBSD.ORG Mon Apr 28 00:10:00 2008 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F20F91065672 for ; Mon, 28 Apr 2008 00:10:00 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id C58B98FC1A for ; Mon, 28 Apr 2008 00:10:00 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3S0A0d2090885 for ; Mon, 28 Apr 2008 00:10:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3S0A0cf090884; Mon, 28 Apr 2008 00:10:00 GMT (envelope-from gnats) Resent-Date: Mon, 28 Apr 2008 00:10:00 GMT Resent-Message-Id: <200804280010.m3S0A0cf090884@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Nick Barkas Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8B5BD106566C for ; Mon, 28 Apr 2008 00:00:56 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 72EF78FC0C for ; Mon, 28 Apr 2008 00:00:56 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m3S00Med085047 for ; Mon, 28 Apr 2008 00:00:22 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.2/8.14.1/Submit) id m3S00MTb085046; Mon, 28 Apr 2008 00:00:22 GMT (envelope-from nobody) Message-Id: <200804280000.m3S00MTb085046@www.freebsd.org> Date: Mon, 28 Apr 2008 00:00:22 GMT From: Nick Barkas To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: ports/123153: Integer signedness bug in zlib module of lang/python23 and lang/python24 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Apr 2008 00:10:01 -0000 >Number: 123153 >Category: ports >Synopsis: Integer signedness bug in zlib module of lang/python23 and lang/python24 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Mon Apr 28 00:10:00 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Nick Barkas >Release: 7.0-RELEASE >Organization: Three Rings Design >Environment: FreeBSD maguro.moduli.net 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008 root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: Python 2.3 and 2.4 suffer from the same integer signedness bug in the zlib module as was fixed recently in the port python25-2.5.2_2. See http://www.vuxml.org/freebsd/ec41c3e2-129c-11dd-bab7-0016179b2dd5.html >How-To-Repeat: Run either of the scipts python-2.5.2-zlib-unflush-misallocation.py or python-2.5.2-zlib-unflush-signedness.py attached to the bug reported at http://bugs.python.org/issue2586. Unpatched python 2.3 or 2.4 will crash, just as unpatched python 2.5 will. >Fix: Add the patch currently in lang/python25/files/patch-Modules-zlibmodule.c to lang/python24/files and lang/python23/files. It would also be good to update security/vuxml/vuln.xml to note that the vulnerability also affects python23 and python24 packages with version and port revision numbers before this patch is added. >Release-Note: >Audit-Trail: >Unformatted: