head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.8 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.6 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.4 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.2 pkgsrc-2011Q2-base:1.2 pkgsrc-2011Q1:1.1.0.30 pkgsrc-2011Q1-base:1.1 pkgsrc-2010Q4:1.1.0.28 pkgsrc-2010Q4-base:1.1 pkgsrc-2010Q3:1.1.0.26 pkgsrc-2010Q3-base:1.1 pkgsrc-2010Q2:1.1.0.24 pkgsrc-2010Q2-base:1.1 pkgsrc-2010Q1:1.1.0.22 pkgsrc-2010Q1-base:1.1 pkgsrc-2009Q4:1.1.0.20 pkgsrc-2009Q4-base:1.1 pkgsrc-2009Q3:1.1.0.18 pkgsrc-2009Q3-base:1.1 pkgsrc-2009Q2:1.1.0.16 pkgsrc-2009Q2-base:1.1 pkgsrc-2009Q1:1.1.0.14 pkgsrc-2009Q1-base:1.1 pkgsrc-2008Q4:1.1.0.12 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.10 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.8 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.6 pkgsrc-2008Q2-base:1.1 cwrapper:1.1.0.4 pkgsrc-2008Q1:1.1.0.2; locks; strict; comment @# @; 1.2 date 2011.04.23.08.53.53; author obache; state dead; branches; next 1.1; 1.1 date 2008.04.11.10.32.33; author drochner; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2008.04.11.10.32.33; author spz; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2008.04.20.15.56.44; author spz; state Exp; branches; next ; desc @@ 1.2 log @Update python24 to 2.4.6. What's New in Python 2.4.6? =========================== *Release date: 19-Dec-2008* What's New in Python 2.4.6c1? ============================= *Release date: 13-Dec-2008* Core and builtins ----------------- - Issue #4469: Prevent expandtabs() on string and unicode objects from causing a segfault when a large width is passed on 32-bit platforms. CVE-2008-5031. - Issue #4317: Fixed a crash in the imageop.rgb2rgb8() function. - Issue #4230: Fix a crash when a class has a custom __getattr__ and an __getattribute__ method that deletes the __getattr__ attribute. - Apply security patches from Apple. CVE-2008-2315. - Issue #2620: Overflow checking when allocating or reallocating memory was not always being done properly in some python types and extension modules. PyMem_MALLOC, PyMem_REALLOC, PyMem_NEW and PyMem_RESIZE have all been updated to perform better checks and places in the code that would previously leak memory on the error path when such an allocation failed have been fixed. - Issue #1179: Fix CVE-2007-4965 and CVE-2008-1679, multiple integer overflows in the imageop and rgbimgmodule modules. - Issue #2586: Fix CVE-2008-1721, zlib crash from zlib.decompressobj().flush(val) when val is not positive. - Issues #2588, #2589: Fix potential integer underflow and overflow conditions in the PyOS_vsnprintf C API function. CVE-2008-3144. - Issue #2587: In the C API, PyString_FromStringAndSize() takes a signed size parameter but was not verifying that it was greater than zero. Values less than zero will now raise a SystemError and return NULL to indicate a bug in the calling C code. CVE-2008-1887. - Security Issue #2: imageop did not validate arguments correctly and could segfault as a result. CVE-2008-4864. Extension Modules ----------------- Library ------- Tests ----- Build ----- Tools/Demos ----------- - Tools/faqwiz/move-faqwiz.sh: Fix unsecure use of temporary files. @ text @$NetBSD: patch-au,v 1.1 2008/04/11 10:32:33 drochner Exp $ --- Modules/zlibmodule.c.orig 2008-04-11 12:21:45.000000000 +0200 +++ Modules/zlibmodule.c @@@@ -669,6 +669,10 @@@@ PyZlib_unflush(compobject *self, PyObjec if (!PyArg_ParseTuple(args, "|i:flush", &length)) return NULL; + if (length <= 0) { + PyErr_SetString(PyExc_ValueError, "length must be greater than zero"); + return NULL; + } if (!(retval = PyString_FromStringAndSize(NULL, length))) return NULL; @ 1.1 log @fix possible buffer overflow by negative atguments to zlib.flush(), from upstream CVS, bump PKGREVISION @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-au was added on branch pkgsrc-2008Q1 on 2008-04-20 15:56:44 +0000 @ text @d1 15 @ 1.1.2.2 log @Pullup ticket 2334 - requested by drochner security updates for python24 Revisions pulled up: - pkgsrc/lang/python24/Makefile 1.41,1.42 - pkgsrc/lang/python24/distinfo 1.27,1.28 - pkgsrc/lang/python24/PLIST.common 1.9 - pkgsrc/lang/python24/patches/patch-au 1.1 - pkgsrc/lang/python/srcdist.mk 1.20 Module Name: pkgsrc Committed By: drochner Date: Fri Apr 11 10:32:33 UTC 2008 Modified Files: pkgsrc/lang/python24: Makefile distinfo Added Files: pkgsrc/lang/python24/patches: patch-au Log Message: fix possible buffer overflow by negative atguments to zlib.flush(), from upstream CVS, bump PKGREVISION To generate a diff of this commit: cvs rdiff -r1.40 -r1.41 pkgsrc/lang/python24/Makefile cvs rdiff -r1.26 -r1.27 pkgsrc/lang/python24/distinfo cvs rdiff -r0 -r1.1 pkgsrc/lang/python24/patches/patch-au --- Module Name: pkgsrc Committed By: drochner Date: Fri Apr 11 10:44:09 UTC 2008 Modified Files: pkgsrc/lang/python24: Makefile PLIST.common distinfo Log Message: update to 2.4.5 This release includes just a small number of fixes, primarily preventing crashes of the interpreter in certain boundary cases. To generate a diff of this commit: cvs rdiff -r1.41 -r1.42 pkgsrc/lang/python24/Makefile cvs rdiff -r1.8 -r1.9 pkgsrc/lang/python24/PLIST.common cvs rdiff -r1.27 -r1.28 pkgsrc/lang/python24/distinfo --- Module Name: pkgsrc Committed By: drochner Date: Fri Apr 11 10:44:48 UTC 2008 Modified Files: pkgsrc/lang/python: srcdist.mk Log Message: update for 2.4.5 To generate a diff of this commit: cvs rdiff -r1.19 -r1.20 pkgsrc/lang/python/srcdist.mk @ text @a0 15 $NetBSD: patch-au,v 1.1 2008/04/11 10:32:33 drochner Exp $ --- Modules/zlibmodule.c.orig 2008-04-11 12:21:45.000000000 +0200 +++ Modules/zlibmodule.c @@@@ -669,6 +669,10 @@@@ PyZlib_unflush(compobject *self, PyObjec if (!PyArg_ParseTuple(args, "|i:flush", &length)) return NULL; + if (length <= 0) { + PyErr_SetString(PyExc_ValueError, "length must be greater than zero"); + return NULL; + } if (!(retval = PyString_FromStringAndSize(NULL, length))) return NULL; @