Attachment 171489 Details for Bug 210325 – Patch pythons against CVE-2016-5636

[patch] Patch pythons against CVE-2016-5636

lang_python.patch (text/plain), 3.31 KB, created by VK on 2016-06-16 16:23:39 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: VK

Created: 2016-06-16 16:23:39 UTC

Size: 3.31 KB

patch

obsolete

>Index: python27/Makefile
>===================================================================
>--- python27/Makefile	(revision 416931)
>+++ python27/Makefile	(working copy)
>@@ -2,7 +2,7 @@
> 
> PORTNAME=	python27
> PORTVERSION=	${PYTHON_PORTVERSION}
>-PORTREVISION=	2
>+PORTREVISION=	3
> CATEGORIES=	lang python ipv6
> MASTER_SITES=	PYTHON/ftp/python/${PORTVERSION}
> DISTNAME=	Python-${PORTVERSION}
>Index: python27/files/patch-Modules_zipimport.c
>===================================================================
>--- python27/files/patch-Modules_zipimport.c	(nonexistent)
>+++ python27/files/patch-Modules_zipimport.c	(working copy)
>@@ -0,0 +1,14 @@
>+--- Modules/zipimport.c.orig	2015-12-05 19:47:16 UTC
>++++ Modules/zipimport.c
>+@@ -895,6 +895,11 @@ get_data(char *archive, PyObject *toc_en
>+         PyMarshal_ReadShortFromFile(fp);        /* local header size */
>+     file_offset += l;           /* Start of file data */
>+ 
>++    if (data_size > LONG_MAX - 1) {
>++        fclose(fp);
>++        PyErr_NoMemory();
>++        return NULL;
>++    }
>+     raw_data = PyString_FromStringAndSize((char *)NULL, compress == 0 ?
>+                                           data_size : data_size + 1);
>+     if (raw_data == NULL) {
>Index: python34/Makefile
>===================================================================
>--- python34/Makefile	(revision 416931)
>+++ python34/Makefile	(working copy)
>@@ -3,7 +3,7 @@
> 
> PORTNAME=	python34
> PORTVERSION=	${PYTHON_PORTVERSION}
>-PORTREVISION=	2
>+PORTREVISION=	3
> CATEGORIES=	lang python ipv6
> MASTER_SITES=	PYTHON/ftp/python/${PORTVERSION}
> DISTNAME=	Python-${PORTVERSION}
>Index: python34/files/patch-Modules_zipimport.c
>===================================================================
>--- python34/files/patch-Modules_zipimport.c	(nonexistent)
>+++ python34/files/patch-Modules_zipimport.c	(working copy)
>@@ -0,0 +1,14 @@
>+--- Modules/zipimport.c.orig	2015-12-21 06:01:04 UTC
>++++ Modules/zipimport.c
>+@@ -1111,6 +1111,11 @@ get_data(PyObject *archive, PyObject *to
>+     }
>+     file_offset += l;           /* Start of file data */
>+ 
>++    if (data_size > LONG_MAX - 1) {
>++        fclose(fp);
>++        PyErr_NoMemory();
>++        return NULL;
>++    }
>+     bytes_size = compress == 0 ? data_size : data_size + 1;
>+     if (bytes_size == 0)
>+         bytes_size++;
>Index: python35/Makefile
>===================================================================
>--- python35/Makefile	(revision 416931)
>+++ python35/Makefile	(working copy)
>@@ -3,7 +3,7 @@
> 
> PORTNAME=	python
> DISTVERSION=	${PYTHON_PORTVERSION}
>-PORTREVISION=	2
>+PORTREVISION=	3
> CATEGORIES=	lang python ipv6
> MASTER_SITES=	PYTHON/ftp/python/${PYTHON_PORTVERSION}
> PKGNAMESUFFIX=	${PYTHON_SUFFIX}
>Index: python35/files/patch-Modules_zipimport.c
>===================================================================
>--- python35/files/patch-Modules_zipimport.c	(nonexistent)
>+++ python35/files/patch-Modules_zipimport.c	(working copy)
>@@ -0,0 +1,14 @@
>+--- Modules/zipimport.c.orig	2015-12-07 01:39:10 UTC
>++++ Modules/zipimport.c
>+@@ -1112,6 +1112,11 @@ get_data(PyObject *archive, PyObject *to
>+     }
>+     file_offset += l;           /* Start of file data */
>+ 
>++    if (data_size > LONG_MAX - 1) {
>++        fclose(fp);
>++        PyErr_NoMemory();
>++        return NULL;
>++    }
>+     bytes_size = compress == 0 ? data_size : data_size + 1;
>+     if (bytes_size == 0)
>+         bytes_size++;

Flags:

vlad-fbsd: maintainer-approval? (python)

Actions: View | Diff

Attachments on bug 210325: 171489 | 171491