head 1.3; access; symbols pkgsrc-2013Q2:1.3.0.10 pkgsrc-2013Q2-base:1.3 pkgsrc-2012Q4:1.3.0.8 pkgsrc-2012Q4-base:1.3 pkgsrc-2011Q4:1.3.0.6 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q2:1.3.0.4 pkgsrc-2011Q2-base:1.3 pkgsrc-2009Q4:1.3.0.2 pkgsrc-2009Q4-base:1.3 pkgsrc-2009Q2:1.2.0.6 pkgsrc-2009Q2-base:1.2 pkgsrc-2009Q1:1.2.0.4 pkgsrc-2009Q1-base:1.2 pkgsrc-2008Q4:1.2.0.2 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.1.0.30 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.28 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.26 pkgsrc-2008Q2-base:1.1 cwrapper:1.1.0.24 pkgsrc-2008Q1:1.1.0.22 pkgsrc-2008Q1-base:1.1 pkgsrc-2007Q4:1.1.0.20 pkgsrc-2007Q4-base:1.1 pkgsrc-2007Q3:1.1.0.18 pkgsrc-2007Q3-base:1.1 pkgsrc-2007Q2:1.1.0.16 pkgsrc-2007Q2-base:1.1 pkgsrc-2007Q1:1.1.0.14 pkgsrc-2007Q1-base:1.1 pkgsrc-2006Q4:1.1.0.12 pkgsrc-2006Q4-base:1.1 pkgsrc-2006Q3:1.1.0.10 pkgsrc-2006Q3-base:1.1 pkgsrc-2006Q2:1.1.0.8 pkgsrc-2006Q2-base:1.1 pkgsrc-2006Q1:1.1.0.6 pkgsrc-2006Q1-base:1.1 pkgsrc-2005Q4:1.1.0.4 pkgsrc-2005Q4-base:1.1 pkgsrc-2005Q3:1.1.0.2; locks; strict; comment @# @; 1.3 date 2009.09.07.18.17.29; author joerg; state dead; branches; next 1.2; 1.2 date 2008.11.10.19.41.47; author wiz; state Exp; branches; next 1.1; 1.1 date 2005.10.01.19.36.01; author recht; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2005.10.01.19.36.01; author salo; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2005.10.09.00.17.41; author salo; state Exp; branches; next ; desc @@ 1.3 log @Remove py22-html-docs, py23-html-docs and Python 2.3. @ text @$NetBSD: patch-ec,v 1.2 2008/11/10 19:41:47 wiz Exp $ --- Modules/pypcre.c.orig 2005-08-31 12:55:21.000000000 +0000 +++ Modules/pypcre.c @@@@ -2278,6 +2278,7 @@@@ int c, size; int bracount = 0; int brastack[200]; int top_backref = 0; +BOOL capturing; unsigned int brastackptr = 0; uschar *code; const uschar *ptr; @@@@ -2457,6 +2458,7 @@@@ while ((c = *(++ptr)) != 0) /* Brackets may be genuine groups or special things */ case '(': + capturing = FALSE; /* Handle special forms of bracket, which all start (? */ @@@@ -2554,10 +2556,15 @@@@ while ((c = *(++ptr)) != 0) continue; /* End of this bracket handling */ } + /* Ordinary parentheses, not followed by '?', are capturing unless + PCRE_NO_AUTO_CAPTURE is set. */ + + else capturing = (options & PCRE_NO_AUTO_CAPTURE) == 0; + /* Extracting brackets must be counted so we can process escapes in a Perlish way. */ - else bracount++; + if (capturing) bracount++; /* Non-special forms of bracket. Save length for computing whole length at end if there's a repeat that requires duplication of the group. */ @ 1.2 log @Update to 2.3.7: Python 2.3 is now well and truly in bugfix-only mode; no new features are being added, and only security critical bugs have been fixed. This release addresses a number of cases interpreter might have crashed in certain boundary conditions. What's New in Python 2.3.7? =========================== *Release date: 11-Mar-2008* What's New in Python 2.3.7c1? =========================== *Release date: 02-Mar-2008* Core and builtins ----------------- - Added checks for integer overflows, contributed by Google. Some are only available if asserts are left in the code, in cases where they can't be triggered from Python code. What's New in Python 2.3.6? =========================== *Release date: 01-NOV-2006* What's New in Python 2.3.6c1? ============================= *Release date: 25-OCT-2006* Core and builtins ----------------- - Patch #1541585: fix buffer overrun when performing repr() on a unicode string in a build with wide unicode (UCS-4) support. This is the problem described in security advisory PSF-2006-001. Extension modules ----------------- - Apply fix for potential heap overflow in PCRE code (CAN-2005-2491). Library ------- - The email package has improved RFC 2231 support, specifically for recognizing the difference between encoded (name*0*=) and non-encoded (name*0=) parameter continuations. This may change the types of values returned from email.message.Message.get_param() and friends. Specifically in some cases where non-encoded continuations were used, get_param() used to return a 3-tuple of (None, None, string) whereas now it will just return the string (since non-encoded continuations don't have charset and language parts). Also, whereas % values were decoded in all parameter continuations, they are now only decoded in encoded parameter parts. @ text @d1 1 a1 1 $NetBSD: patch-ec,v 1.1 2005/10/01 19:36:01 recht Exp $ @ 1.1 log @Add a patch for CAN-2005-2491 (uffer overflow vulnerability in the PCRE library) from ubuntu Linux (via gentoo). For details see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491 Bump PKGREVISION's. @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 35 --- Modules/pypcre.c.orig 2003-10-20 16:34:47.000000000 +0200 +++ Modules/pypcre.c 2005-10-01 21:13:56.000000000 +0200 @@@@ -1163,14 +1163,31 @@@@ int min = 0; int max = -1; +/* Read the minimum value and do a paranoid check: a negative value indicates +an integer overflow. */ + while ((pcre_ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0'; +if (min < 0 || min > 65535) + { + *errorptr = ERR5; + return p; + } + +/* Read the maximum value if there is one, and again do a paranoid on its size +. Also, max must not be less than min. */ + if (*p == '}') max = min; else { if (*(++p) != '}') { max = 0; while((pcre_ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0'; + if (max < 0 || max > 65535) + { + *errorptr = ERR5; + return p; + } if (max < min) { *errorptr = ERR4; @@@@ -2267,6 +2284,7 @@@@ d13 1 a13 1 @@@@ -2446,6 +2464,7 @@@@ d21 1 a21 1 @@@@ -2543,10 +2562,15 @@@@ @ 1.1.2.1 log @file patch-ec was added on branch pkgsrc-2005Q3 on 2005-10-01 19:36:01 +0000 @ text @d1 69 @ 1.1.2.2 log @Pullup ticket 815 - requested by Havard Eidnes security fix for python23 Revisions pulled up: - pkgsrc/lang/python23/Makefile 1.30 - pkgsrc/lang/python23/distinfo 1.34 - pkgsrc/lang/python23/patches/patch-ea 1.1 - pkgsrc/lang/python23/patches/patch-eb 1.1 - pkgsrc/lang/python23/patches/patch-ec 1.1 - pkgsrc/lang/python23-nth/Makefile 1.6 - pkgsrc/lang/python23-nth/distinfo 1.6 - pkgsrc/lang/python23-nth/patches/patch-ea 1.1 - pkgsrc/lang/python23-nth/patches/patch-eb 1.1 - pkgsrc/lang/python23-nth/patches/patch-ec 1.1 - pkgsrc/lang/python23-pth/Makefile 1.30 Module Name: pkgsrc Committed By: recht Date: Sat Oct 1 19:36:01 UTC 2005 Modified Files: pkgsrc/lang/python23: Makefile distinfo pkgsrc/lang/python23-nth: Makefile distinfo pkgsrc/lang/python23-pth: Makefile Added Files: pkgsrc/lang/python23-nth/patches: patch-ea patch-eb patch-ec pkgsrc/lang/python23/patches: patch-ea patch-eb patch-ec Log Message: Add a patch for CAN-2005-2491 (uffer overflow vulnerability in the PCRE library) from ubuntu Linux (via gentoo). For details see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491 Bump PKGREVISION's. @ text @a0 69 $NetBSD: patch-ec,v 1.1.2.1 2005/10/09 00:17:41 salo Exp $ --- Modules/pypcre.c.orig 2003-10-20 16:34:47.000000000 +0200 +++ Modules/pypcre.c 2005-10-01 21:13:56.000000000 +0200 @@@@ -1163,14 +1163,31 @@@@ int min = 0; int max = -1; +/* Read the minimum value and do a paranoid check: a negative value indicates +an integer overflow. */ + while ((pcre_ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0'; +if (min < 0 || min > 65535) + { + *errorptr = ERR5; + return p; + } + +/* Read the maximum value if there is one, and again do a paranoid on its size +. Also, max must not be less than min. */ + if (*p == '}') max = min; else { if (*(++p) != '}') { max = 0; while((pcre_ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0'; + if (max < 0 || max > 65535) + { + *errorptr = ERR5; + return p; + } if (max < min) { *errorptr = ERR4; @@@@ -2267,6 +2284,7 @@@@ int bracount = 0; int brastack[200]; int top_backref = 0; +BOOL capturing; unsigned int brastackptr = 0; uschar *code; const uschar *ptr; @@@@ -2446,6 +2464,7 @@@@ /* Brackets may be genuine groups or special things */ case '(': + capturing = FALSE; /* Handle special forms of bracket, which all start (? */ @@@@ -2543,10 +2562,15 @@@@ continue; /* End of this bracket handling */ } + /* Ordinary parentheses, not followed by '?', are capturing unless + PCRE_NO_AUTO_CAPTURE is set. */ + + else capturing = (options & PCRE_NO_AUTO_CAPTURE) == 0; + /* Extracting brackets must be counted so we can process escapes in a Perlish way. */ - else bracount++; + if (capturing) bracount++; /* Non-special forms of bracket. Save length for computing whole length at end if there's a repeat that requires duplication of the group. */ @