head	1.2;
access;
symbols
	pkgsrc-2015Q1:1.1.0.4
	pkgsrc-2015Q1-base:1.1
	pkgsrc-2014Q4:1.1.0.2
	pkgsrc-2014Q4-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2015.04.13.23.12.44;	author rodent;	state dead;
branches;
next	1.1;
commitid	NgZhNHAKgraV6uhy;

1.1
date	2014.10.27.20.11.34;	author drochner;	state Exp;
branches;
next	;
commitid	uXtxVl9uRpQovSVx;


desc
@@


1.2
log
@Removing python26. EOL'd quite some ago and discussed a couple times on
tech-pkg@@ and pkgsrc-users@@.
@
text
@$NetBSD: patch-CVE-2014-7185,v 1.1 2014/10/27 20:11:34 drochner Exp $

http://bugs.python.org/issue21831

--- Objects/bufferobject.c.orig	2014-10-27 19:46:40.000000000 +0000
+++ Objects/bufferobject.c
@@@@ -88,7 +88,7 @@@@ get_buf(PyBufferObject *self, void **ptr
             *size = count;
         else
             *size = self->b_size;
-        if (offset + *size > count)
+        if (*size > count - offset)
             *size = count - offset;
     }
     return 1;
@


1.1
log
@apply patch from upstream to fix possible overflow in "buffer"
object accesses (CVE-2014-7185)
bump PKGREV
@
text
@d1 1
a1 1
$NetBSD$
@