head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.8
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.6
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.4
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.2
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2011Q1:1.1.0.26
	pkgsrc-2011Q1-base:1.1
	pkgsrc-2010Q4:1.1.0.24
	pkgsrc-2010Q4-base:1.1
	pkgsrc-2010Q3:1.1.0.22
	pkgsrc-2010Q3-base:1.1
	pkgsrc-2010Q2:1.1.0.20
	pkgsrc-2010Q2-base:1.1
	pkgsrc-2010Q1:1.1.0.18
	pkgsrc-2010Q1-base:1.1
	pkgsrc-2009Q4:1.1.0.16
	pkgsrc-2009Q4-base:1.1
	pkgsrc-2009Q3:1.1.0.14
	pkgsrc-2009Q3-base:1.1
	pkgsrc-2009Q2:1.1.0.12
	pkgsrc-2009Q2-base:1.1
	pkgsrc-2009Q1:1.1.0.10
	pkgsrc-2009Q1-base:1.1
	pkgsrc-2008Q4:1.1.0.8
	pkgsrc-2008Q4-base:1.1
	pkgsrc-2008Q3:1.1.0.6
	pkgsrc-2008Q3-base:1.1
	cube-native-xorg:1.1.0.4
	cube-native-xorg-base:1.1
	pkgsrc-2008Q2:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2011.04.23.08.53.53;	author obache;	state dead;
branches;
next	1.1;

1.1
date	2008.08.05.10.45.45;	author drochner;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2008.08.05.10.45.45;	author tron;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2008.08.10.17.02.26;	author tron;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update python24 to 2.4.6.

What's New in Python 2.4.6?
===========================

*Release date: 19-Dec-2008*



What's New in Python 2.4.6c1?
=============================

*Release date: 13-Dec-2008*

Core and builtins
-----------------

- Issue #4469: Prevent expandtabs() on string and unicode
  objects from causing a segfault when a large width is passed
  on 32-bit platforms. CVE-2008-5031.

- Issue #4317: Fixed a crash in the imageop.rgb2rgb8() function.

- Issue #4230: Fix a crash when a class has a custom __getattr__ and an
  __getattribute__ method that deletes the __getattr__ attribute.

- Apply security patches from Apple. CVE-2008-2315.

- Issue #2620: Overflow checking when allocating or reallocating memory
  was not always being done properly in some python types and extension
  modules.  PyMem_MALLOC, PyMem_REALLOC, PyMem_NEW and PyMem_RESIZE have
  all been updated to perform better checks and places in the code that
  would previously leak memory on the error path when such an allocation
  failed have been fixed.

- Issue #1179: Fix CVE-2007-4965 and CVE-2008-1679, multiple integer
  overflows in the imageop and rgbimgmodule modules.

- Issue #2586: Fix CVE-2008-1721, zlib crash from
  zlib.decompressobj().flush(val) when val is not positive.

- Issues #2588, #2589: Fix potential integer underflow and overflow
  conditions in the PyOS_vsnprintf C API function. CVE-2008-3144.

- Issue #2587: In the C API, PyString_FromStringAndSize() takes a signed size
  parameter but was not verifying that it was greater than zero.  Values
  less than zero will now raise a SystemError and return NULL to indicate a
  bug in the calling C code. CVE-2008-1887.

- Security Issue #2: imageop did not validate arguments correctly and could
  segfault as a result. CVE-2008-4864.

Extension Modules
-----------------

Library
-------

Tests
-----

Build
-----

Tools/Demos
-----------

- Tools/faqwiz/move-faqwiz.sh: Fix unsecure use of temporary files.
@
text
@$NetBSD: patch-bk,v 1.1 2008/08/05 10:45:45 drochner Exp $

--- Modules/selectmodule.c.orig	2006-09-27 21:17:32.000000000 +0200
+++ Modules/selectmodule.c
@@@@ -342,10 +342,12 @@@@ update_ufd_array(pollObject *self)
 {
 	int i, pos;
 	PyObject *key, *value;
+        struct pollfd *old_ufds = self->ufds;
 
 	self->ufd_len = PyDict_Size(self->dict);
-	PyMem_Resize(self->ufds, struct pollfd, self->ufd_len);
+	PyMem_RESIZE(self->ufds, struct pollfd, self->ufd_len);
 	if (self->ufds == NULL) {
+                self->ufds = old_ufds;
 		PyErr_NoMemory();
 		return 0;
 	}
@


1.1
log
@also apply upstream svn rev.65262, fixes overflow checks in memory
allocation (CVE-2008-3142), ride on PKGREVISION bump some minutes ago
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-bk was added on branch pkgsrc-2008Q2 on 2008-08-10 17:02:26 +0000
@
text
@d1 18
@


1.1.2.2
log
@Pullup ticket 2480 - requested by drochner
Security patches for python24

Revisions pulled up:
- lang/python24/Makefile		1.44-1.45
- lang/python24/distinfo		1.29-1.31
- lang/python24/patches/patch-ba	1.1
- lang/python24/patches/patch-bb	1.1
- lang/python24/patches/patch-bc	1.1
- lang/python24/patches/patch-bd	1.1
- lang/python24/patches/patch-be	1.1
- lang/python24/patches/patch-bf	1.1
- lang/python24/patches/patch-bg	1.1
- lang/python24/patches/patch-bh	1.1
- lang/python24/patches/patch-bi	1.1
- lang/python24/patches/patch-bj	1.1
- lang/python24/patches/patch-bk	1.1
- lang/python24/patches/patch-bl	1.1
- lang/python24/patches/patch-bm	1.1
---
    Module Name:    pkgsrc
    Committed By:   joerg
    Date:           Mon Jul 14 14:42:51 UTC 2008

    Modified Files:
        pkgsrc/lang/python24: Makefile

    Log Message:
    Always build depend on readline, so that devel/py-readline can pick up
    the right config. Bump revision.
---
    Module Name:    pkgsrc
    Committed By:   drochner
    Date:           Tue Aug  5 10:13:34 UTC 2008

    Modified Files:
            pkgsrc/lang/python24: Makefile distinfo
    Added Files:
            pkgsrc/lang/python24/patches: patch-ba patch-bb patch-bc patch-bd
                patch-be patch-bf patch-bg

    Log Message:
    add patches from upstream svn rev.65333, fix integer overflows in
    memory allocation (CVE-2008-2315)
---
    Module Name:    pkgsrc
    Committed By:   drochner
    Date:           Tue Aug  5 10:45:46 UTC 2008

    Modified Files:
            pkgsrc/lang/python24: distinfo
    Added Files:
            pkgsrc/lang/python24/patches: patch-bh patch-bi patch-bj patch-bk
                patch-bl

    Log Message:
    also apply upstream svn rev.65262, fixes overflow checks in memory
    allocation (CVE-2008-3142), ride on PKGREVISION bump some minutes ago
---
    Module Name:    pkgsrc
    Committed By:   drochner
    Date:           Thu Aug  7 11:20:18 UTC 2008

    Modified Files:
            pkgsrc/lang/python24: distinfo
    Added Files:
            pkgsrc/lang/python24/patches: patch-bm

    Log Message:
    Add a patch from the upstream 2.5 branch (svn rev.63883) to fix an
    integer overflow in the vsnprintf replacement function.
    This is likely not a real problem, and the patch wasn't pulled to
    the upstream 2.4 branch, but so we can formally declare our 2.4
    as not vulnerable now.
@
text
@a0 18
$NetBSD: patch-bk,v 1.1 2008/08/05 10:45:45 drochner Exp $

--- Modules/selectmodule.c.orig	2006-09-27 21:17:32.000000000 +0200
+++ Modules/selectmodule.c
@@@@ -342,10 +342,12 @@@@ update_ufd_array(pollObject *self)
 {
 	int i, pos;
 	PyObject *key, *value;
+        struct pollfd *old_ufds = self->ufds;
 
 	self->ufd_len = PyDict_Size(self->dict);
-	PyMem_Resize(self->ufds, struct pollfd, self->ufd_len);
+	PyMem_RESIZE(self->ufds, struct pollfd, self->ufd_len);
 	if (self->ufds == NULL) {
+                self->ufds = old_ufds;
 		PyErr_NoMemory();
 		return 0;
 	}
@