From owner-cvs-ports@FreeBSD.ORG  Mon Sep  8 00:14:07 2008
Return-Path: <owner-cvs-ports@FreeBSD.ORG>
Delivered-To: cvs-ports@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 220031065674;
	Mon,  8 Sep 2008 00:14:07 +0000 (UTC)
	(envelope-from miwi@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 0D1658FC16;
	Mon,  8 Sep 2008 00:14:07 +0000 (UTC)
	(envelope-from miwi@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id m880E6bd045616;
	Mon, 8 Sep 2008 00:14:06 GMT (envelope-from miwi@repoman.freebsd.org)
Received: (from miwi@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id m880E6qr045615;
	Mon, 8 Sep 2008 00:14:06 GMT (envelope-from miwi)
Message-Id: <200809080014.m880E6qr045615@repoman.freebsd.org>
From: Martin Wilke <miwi@FreeBSD.org>
Date: Mon, 8 Sep 2008 00:14:06 +0000 (UTC)
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: ports/lang/python25 Makefile ports/lang/python25/files
 patch-lib-test_test_bigmem.py patch-lib-test_test_hashlib.py
 patch-lib-test_test_strop.py
 patch-lib-test_test_support.py patch-lib_seq_tests.py
 patch-modules_almodule.c
 patch-modules_arraymodule.c patch-modules_gcmodule.c
 patch-modules_hashopenssl.c ...
X-BeenThere: cvs-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the ports tree <cvs-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-ports>
List-Post: <mailto:cvs-ports@freebsd.org>
List-Help: <mailto:cvs-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Sep 2008 00:14:07 -0000

miwi        2008-09-08 00:14:06 UTC

  FreeBSD ports repository

  Modified files:
    lang/python25        Makefile 
  Added files:
    lang/python25/files  patch-lib-test_test_bigmem.py 
                         patch-lib-test_test_hashlib.py 
                         patch-lib-test_test_strop.py 
                         patch-lib-test_test_support.py 
                         patch-lib_seq_tests.py 
                         patch-modules_almodule.c 
                         patch-modules_arraymodule.c 
                         patch-modules_gcmodule.c 
                         patch-modules_hashopenssl.c 
                         patch-modules_mmapmodule.c 
                         patch-modules_selectmodule.c 
                         patch-modules_stropmodule.c 
                         patch-objects_bufferobject.c 
                         patch-objects_longobject.c 
                         patch-objects_obmalloc.c 
                         patch-objects_stringobject.c 
                         patch-objects_tupleobject.c 
                         patch-objects_unicodeobject.c 
                         patch-python_mysnprintf.c 
  Log:
  - Security fixes
  
  Multiple vulnerabilities:
  
          1) Various integer overflow errors exist in core modules e.g. stringobject,
             unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule.
          2) An integer overflow in the hashlib module can lead to an unreliable cryptographic digest results.
          3) Integer overflow errors in the processing of unicode strings can be exploited to cause
             buffer overflows on 32-bit systems.
          4) An integer overflow exists in the PyOS_vsnprintf() function on architectures that do not
             have a "vsnprintf()" function.
          5) An integer underflow error in the PyOS_vsnprintf() function when passing zero-length strings
             can lead to memory corruption.
  
  PR:             127172 (based on)
  Submitted by:   bf <bf2006a@yahoo.com>
  Obtained from:  python svn
  Security:       CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3144, CVE-2008-3143. (vuxml come later)
  
  Revision  Changes    Path
  1.152     +1 -1      ports/lang/python25/Makefile
  1.1       +163 -0    ports/lang/python25/files/patch-lib-test_test_bigmem.py (new)
  1.1       +41 -0     ports/lang/python25/files/patch-lib-test_test_hashlib.py (new)
  1.1       +28 -0     ports/lang/python25/files/patch-lib-test_test_strop.py (new)
  1.1       +62 -0     ports/lang/python25/files/patch-lib-test_test_support.py (new)
  1.1       +21 -0     ports/lang/python25/files/patch-lib_seq_tests.py (new)
  1.1       +14 -0     ports/lang/python25/files/patch-modules_almodule.c (new)
  1.1       +33 -0     ports/lang/python25/files/patch-modules_arraymodule.c (new)
  1.1       +58 -0     ports/lang/python25/files/patch-modules_gcmodule.c (new)
  1.1       +104 -0    ports/lang/python25/files/patch-modules_hashopenssl.c (new)
  1.1       +11 -0     ports/lang/python25/files/patch-modules_mmapmodule.c (new)
  1.1       +16 -0     ports/lang/python25/files/patch-modules_selectmodule.c (new)
  1.1       +31 -0     ports/lang/python25/files/patch-modules_stropmodule.c (new)
  1.1       +13 -0     ports/lang/python25/files/patch-objects_bufferobject.c (new)
  1.1       +11 -0     ports/lang/python25/files/patch-objects_longobject.c (new)
  1.1       +34 -0     ports/lang/python25/files/patch-objects_obmalloc.c (new)
  1.1       +49 -0     ports/lang/python25/files/patch-objects_stringobject.c (new)
  1.1       +17 -0     ports/lang/python25/files/patch-objects_tupleobject.c (new)
  1.1       +115 -0    ports/lang/python25/files/patch-objects_unicodeobject.c (new)
  1.1       +55 -0     ports/lang/python25/files/patch-python_mysnprintf.c (new)