head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.18 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.16 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.14 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.12 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.10 pkgsrc-2009Q4-base:1.2 pkgsrc-2008Q4:1.2.0.8 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.6 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.4 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.2 pkgsrc-2008Q2-base:1.2 pkgsrc-2008Q1:1.1.0.22 pkgsrc-2008Q1-base:1.1 pkgsrc-2007Q4:1.1.0.20 pkgsrc-2007Q4-base:1.1 pkgsrc-2007Q3:1.1.0.18 pkgsrc-2007Q3-base:1.1 pkgsrc-2007Q2:1.1.0.16 pkgsrc-2007Q2-base:1.1 pkgsrc-2007Q1:1.1.0.14 pkgsrc-2007Q1-base:1.1 pkgsrc-2006Q4:1.1.0.12 pkgsrc-2006Q4-base:1.1 pkgsrc-2006Q3:1.1.0.10 pkgsrc-2006Q3-base:1.1 pkgsrc-2006Q2:1.1.0.8 pkgsrc-2006Q2-base:1.1 pkgsrc-2006Q1:1.1.0.6 pkgsrc-2006Q1-base:1.1 pkgsrc-2005Q4:1.1.0.4 pkgsrc-2005Q4-base:1.1 pkgsrc-2005Q3:1.1.0.2; locks; strict; comment @# @; 1.2 date 2008.04.25.16.11.13; author tnn; state dead; branches; next 1.1; 1.1 date 2005.10.01.19.59.39; author recht; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2005.10.01.19.59.39; author salo; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2005.10.15.12.00.05; author salo; state Exp; branches; next ; desc @@ 1.2 log @De-orbit support for python 2.0 and python 2.2 under the "three major releases is enough" rule of thumb. (python 2.3 was released 5 years ago.) Keep python 1.5 and 2.1 though, because there are a handful of packages that still need them. @ text @$NetBSD: patch-ec,v 1.1 2005/10/01 19:59:39 recht Exp $ --- Modules/pypcre.c.orig 2002-03-16 18:58:21.000000000 +0100 +++ Modules/pypcre.c 2005-10-01 21:38:57.000000000 +0200 @@@@ -1162,14 +1162,31 @@@@ int min = 0; int max = -1; +/* Read the minimum value and do a paranoid check: a negative value indicates +an integer overflow. */ + while ((pcre_ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0'; +if (min < 0 || min > 65535) + { + *errorptr = ERR5; + return p; + } + +/* Read the maximum value if there is one, and again do a paranoid on its size +. Also, max must not be less than min. */ + if (*p == '}') max = min; else { if (*(++p) != '}') { max = 0; while((pcre_ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0'; + if (max < 0 || max > 65535) + { + *errorptr = ERR5; + return p; + } if (max < min) { *errorptr = ERR4; @@@@ -2266,6 +2283,7 @@@@ int bracount = 0; int brastack[200]; int top_backref = 0; +BOOL capturing; unsigned int brastackptr = 0; uschar *code; const uschar *ptr; @@@@ -2445,6 +2463,7 @@@@ /* Brackets may be genuine groups or special things */ case '(': + capturing = FALSE; /* Handle special forms of bracket, which all start (? */ @@@@ -2542,10 +2561,15 @@@@ continue; /* End of this bracket handling */ } + /* Ordinary parentheses, not followed by '?', are capturing unless + PCRE_NO_AUTO_CAPTURE is set. */ + + else capturing = (options & PCRE_NO_AUTO_CAPTURE) == 0; + /* Extracting brackets must be counted so we can process escapes in a Perlish way. */ - else bracount++; + if (capturing) bracount++; /* Non-special forms of bracket. Save length for computing whole length at end if there's a repeat that requires duplication of the group. */ @ 1.1 log @Add a patch for CAN-2005-2491 (buffer overflow vulnerability in the PCRE library) from ubuntu Linux (via gentoo). For details see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491 @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-ec was added on branch pkgsrc-2005Q3 on 2005-10-01 19:59:39 +0000 @ text @d1 69 @ 1.1.2.2 log @Pullup ticket 829 - requested by Havard Eidnes security fix for python22 Revisions pulled up: - pkgsrc/lang/python22/Makefile 1.28 - pkgsrc/lang/python22/distinfo 1.17 - pkgsrc/lang/python22/patches/patch-ea 1.1 - pkgsrc/lang/python22/patches/patch-eb 1.1 - pkgsrc/lang/python22/patches/patch-ec 1.1 - pkgsrc/lang/python22-pth/Makefile 1.17 Module Name: pkgsrc Committed By: recht Date: Sat Oct 1 19:59:39 UTC 2005 Modified Files: pkgsrc/lang/python22: Makefile distinfo pkgsrc/lang/python22-pth: Makefile Added Files: pkgsrc/lang/python22/patches: patch-ea patch-eb patch-ec Log Message: Add a patch for CAN-2005-2491 (buffer overflow vulnerability in the PCRE library) from ubuntu Linux (via gentoo). For details see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491 @ text @a0 69 $NetBSD: patch-ec,v 1.1.2.1 2005/10/15 12:00:05 salo Exp $ --- Modules/pypcre.c.orig 2002-03-16 18:58:21.000000000 +0100 +++ Modules/pypcre.c 2005-10-01 21:38:57.000000000 +0200 @@@@ -1162,14 +1162,31 @@@@ int min = 0; int max = -1; +/* Read the minimum value and do a paranoid check: a negative value indicates +an integer overflow. */ + while ((pcre_ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0'; +if (min < 0 || min > 65535) + { + *errorptr = ERR5; + return p; + } + +/* Read the maximum value if there is one, and again do a paranoid on its size +. Also, max must not be less than min. */ + if (*p == '}') max = min; else { if (*(++p) != '}') { max = 0; while((pcre_ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0'; + if (max < 0 || max > 65535) + { + *errorptr = ERR5; + return p; + } if (max < min) { *errorptr = ERR4; @@@@ -2266,6 +2283,7 @@@@ int bracount = 0; int brastack[200]; int top_backref = 0; +BOOL capturing; unsigned int brastackptr = 0; uschar *code; const uschar *ptr; @@@@ -2445,6 +2463,7 @@@@ /* Brackets may be genuine groups or special things */ case '(': + capturing = FALSE; /* Handle special forms of bracket, which all start (? */ @@@@ -2542,10 +2561,15 @@@@ continue; /* End of this bracket handling */ } + /* Ordinary parentheses, not followed by '?', are capturing unless + PCRE_NO_AUTO_CAPTURE is set. */ + + else capturing = (options & PCRE_NO_AUTO_CAPTURE) == 0; + /* Extracting brackets must be counted so we can process escapes in a Perlish way. */ - else bracount++; + if (capturing) bracount++; /* Non-special forms of bracket. Save length for computing whole length at end if there's a repeat that requires duplication of the group. */ @