Date: Sun, 19 Jun 2016 06:42:26 +0000 (UTC) From: Ruslan Makhmatkhanov <rm@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r417101 - in branches/2016Q2/lang: python27 python27/files python33 python33/files python34 python34/files python35 python35/files Message-ID: <201606190642.u5J6gQ9p045913@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rm Date: Sun Jun 19 06:42:26 2016 New Revision: 417101 URL: https://svnweb.freebsd.org/changeset/ports/417101 Log: MFH: r417019 lang/python[xx]: backport upstream fix for CVE-2016-5636 Add patch for integer overflow in zipimport module to all our python ports. While I'm here, get rid of -f flag in ${RM} invocation, because ${RM} already expands to rm -f, so in result we are getting something like: /bin/rm -f -f /wrkdirs/usr/ports/lang/python35/work/stage/usr/local/lib/libpython3.so PR: 210325 Submitted by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com> Security: 1d0f6852-33d8-11e6-a671-60a44ce6887b With hat: python Approved by: ports-secteam (junovitch) Added: branches/2016Q2/lang/python27/files/patch-Modules_zipimport.c - copied unchanged from r417019, head/lang/python27/files/patch-Modules_zipimport.c branches/2016Q2/lang/python33/files/patch-Modules_zipimport.c - copied unchanged from r417019, head/lang/python33/files/patch-Modules_zipimport.c branches/2016Q2/lang/python34/files/patch-Modules_zipimport.c - copied unchanged from r417019, head/lang/python34/files/patch-Modules_zipimport.c branches/2016Q2/lang/python35/files/patch-Modules_zipimport.c - copied unchanged from r417019, head/lang/python35/files/patch-Modules_zipimport.c Modified: branches/2016Q2/lang/python27/Makefile branches/2016Q2/lang/python33/Makefile branches/2016Q2/lang/python34/Makefile branches/2016Q2/lang/python35/Makefile Directory Properties: branches/2016Q2/ (props changed) Modified: branches/2016Q2/lang/python27/Makefile ============================================================================== --- branches/2016Q2/lang/python27/Makefile Sun Jun 19 03:26:35 2016 (r417100) +++ branches/2016Q2/lang/python27/Makefile Sun Jun 19 06:42:26 2016 (r417101) @@ -2,7 +2,7 @@ PORTNAME= python27 PORTVERSION= ${PYTHON_PORTVERSION} -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= lang python ipv6 MASTER_SITES= PYTHON/ftp/python/${PORTVERSION} DISTNAME= Python-${PORTVERSION} Copied: branches/2016Q2/lang/python27/files/patch-Modules_zipimport.c (from r417019, head/lang/python27/files/patch-Modules_zipimport.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2016Q2/lang/python27/files/patch-Modules_zipimport.c Sun Jun 19 06:42:26 2016 (r417101, copy of r417019, head/lang/python27/files/patch-Modules_zipimport.c) @@ -0,0 +1,17 @@ + +Bug: http://bugs.python.org/issue26171 + +--- Modules/zipimport.c.orig 2015-12-05 19:47:16 UTC ++++ Modules/zipimport.c +@@ -895,6 +895,11 @@ get_data(char *archive, PyObject *toc_en + PyMarshal_ReadShortFromFile(fp); /* local header size */ + file_offset += l; /* Start of file data */ + ++ if (data_size > LONG_MAX - 1) { ++ fclose(fp); ++ PyErr_NoMemory(); ++ return NULL; ++ } + raw_data = PyString_FromStringAndSize((char *)NULL, compress == 0 ? + data_size : data_size + 1); + if (raw_data == NULL) { Modified: branches/2016Q2/lang/python33/Makefile ============================================================================== --- branches/2016Q2/lang/python33/Makefile Sun Jun 19 03:26:35 2016 (r417100) +++ branches/2016Q2/lang/python33/Makefile Sun Jun 19 06:42:26 2016 (r417101) @@ -2,7 +2,7 @@ PORTNAME= python33 PORTVERSION= ${PYTHON_PORTVERSION} -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= lang python ipv6 MASTER_SITES= PYTHON/ftp/python/${PORTVERSION} DISTNAME= Python-${PORTVERSION} @@ -115,7 +115,7 @@ post-patch: post-install: .if ! ${PORT_OPTIONS:MDEBUG} - ${RM} -f ${STAGEDIR}${PREFIX}/lib/libpython3.so # Upstream Issue: http://bugs.python.org/issue17975 + ${RM} ${STAGEDIR}${PREFIX}/lib/libpython3.so # Upstream Issue: http://bugs.python.org/issue17975 .endif for i in ${STAGEDIR}${PREFIX}/lib/python3.3/lib-dynload/*.so; do \ ${STRIP_CMD} $$i; done # Strip shared extensions Copied: branches/2016Q2/lang/python33/files/patch-Modules_zipimport.c (from r417019, head/lang/python33/files/patch-Modules_zipimport.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2016Q2/lang/python33/files/patch-Modules_zipimport.c Sun Jun 19 06:42:26 2016 (r417101, copy of r417019, head/lang/python33/files/patch-Modules_zipimport.c) @@ -0,0 +1,17 @@ + +Bug: http://bugs.python.org/issue26171 + +--- Modules/zipimport.c.orig 2014-10-12 07:03:53 UTC ++++ Modules/zipimport.c +@@ -1089,6 +1089,11 @@ get_data(PyObject *archive, PyObject *to + PyMarshal_ReadShortFromFile(fp); /* local header size */ + file_offset += l; /* Start of file data */ + ++ if (data_size > LONG_MAX - 1) { ++ fclose(fp); ++ PyErr_NoMemory(); ++ return NULL; ++ } + bytes_size = compress == 0 ? data_size : data_size + 1; + if (bytes_size == 0) + bytes_size++; Modified: branches/2016Q2/lang/python34/Makefile ============================================================================== --- branches/2016Q2/lang/python34/Makefile Sun Jun 19 03:26:35 2016 (r417100) +++ branches/2016Q2/lang/python34/Makefile Sun Jun 19 06:42:26 2016 (r417101) @@ -3,7 +3,7 @@ PORTNAME= python34 PORTVERSION= ${PYTHON_PORTVERSION} -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= lang python ipv6 MASTER_SITES= PYTHON/ftp/python/${PORTVERSION} DISTNAME= Python-${PORTVERSION} @@ -119,7 +119,7 @@ PLIST_SUB+= NO_NIS="" post-install: .if ! ${PORT_OPTIONS:MDEBUG} - ${RM} -f ${STAGEDIR}${PREFIX}/lib/libpython3.so # Upstream Issue: http://bugs.python.org/issue17975 + ${RM} ${STAGEDIR}${PREFIX}/lib/libpython3.so # Upstream Issue: http://bugs.python.org/issue17975 .endif for i in ${STAGEDIR}${PREFIX}/lib/python3.4/lib-dynload/*.so; do \ ${STRIP_CMD} $$i; done # Strip shared extensions Copied: branches/2016Q2/lang/python34/files/patch-Modules_zipimport.c (from r417019, head/lang/python34/files/patch-Modules_zipimport.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2016Q2/lang/python34/files/patch-Modules_zipimport.c Sun Jun 19 06:42:26 2016 (r417101, copy of r417019, head/lang/python34/files/patch-Modules_zipimport.c) @@ -0,0 +1,17 @@ + +Bug: http://bugs.python.org/issue26171 + +--- Modules/zipimport.c.orig 2015-12-21 06:01:04 UTC ++++ Modules/zipimport.c +@@ -1111,6 +1111,11 @@ get_data(PyObject *archive, PyObject *to + } + file_offset += l; /* Start of file data */ + ++ if (data_size > LONG_MAX - 1) { ++ fclose(fp); ++ PyErr_NoMemory(); ++ return NULL; ++ } + bytes_size = compress == 0 ? data_size : data_size + 1; + if (bytes_size == 0) + bytes_size++; Modified: branches/2016Q2/lang/python35/Makefile ============================================================================== --- branches/2016Q2/lang/python35/Makefile Sun Jun 19 03:26:35 2016 (r417100) +++ branches/2016Q2/lang/python35/Makefile Sun Jun 19 06:42:26 2016 (r417101) @@ -3,7 +3,7 @@ PORTNAME= python DISTVERSION= ${PYTHON_PORTVERSION} -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= lang python ipv6 MASTER_SITES= PYTHON/ftp/python/${PYTHON_PORTVERSION} PKGNAMESUFFIX= ${PYTHON_SUFFIX} @@ -126,7 +126,7 @@ PLIST_SUB+= NO_NIS="" post-install: .if ! ${PORT_OPTIONS:MDEBUG} - ${RM} -f ${STAGEDIR}${PREFIX}/lib/libpython3.so # Upstream Issue: http://bugs.python.org/issue17975 + ${RM} ${STAGEDIR}${PREFIX}/lib/libpython3.so # Upstream Issue: http://bugs.python.org/issue17975 .endif for i in ${STAGEDIR}${PREFIX}/lib/python${PYTHON_VER}/lib-dynload/*.so; do \ ${STRIP_CMD} $$i; done # Strip shared extensions Copied: branches/2016Q2/lang/python35/files/patch-Modules_zipimport.c (from r417019, head/lang/python35/files/patch-Modules_zipimport.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2016Q2/lang/python35/files/patch-Modules_zipimport.c Sun Jun 19 06:42:26 2016 (r417101, copy of r417019, head/lang/python35/files/patch-Modules_zipimport.c) @@ -0,0 +1,17 @@ + +Bug: http://bugs.python.org/issue26171 + +--- Modules/zipimport.c.orig 2015-12-07 01:39:10 UTC ++++ Modules/zipimport.c +@@ -1112,6 +1112,11 @@ get_data(PyObject *archive, PyObject *to + } + file_offset += l; /* Start of file data */ + ++ if (data_size > LONG_MAX - 1) { ++ fclose(fp); ++ PyErr_NoMemory(); ++ return NULL; ++ } + bytes_size = compress == 0 ? data_size : data_size + 1; + if (bytes_size == 0) + bytes_size++;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201606190642.u5J6gQ9p045913>