head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.4 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.2 pkgsrc-2012Q4-base:1.2 pkgsrc-2012Q1:1.1.0.4 pkgsrc-2012Q1-base:1.1 pkgsrc-2011Q4:1.1.0.2; locks; strict; comment @# @; 1.2 date 2012.04.13.18.47.28; author adam; state dead; branches; next 1.1; 1.1 date 2012.02.15.16.08.26; author drochner; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2012.02.15.16.08.26; author tron; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2012.02.18.23.35.28; author tron; state Exp; branches; next ; desc @@ 1.2 log @Changes 2.7.3: * An ordered dictionary type * New unittest features including test skipping, new assert methods, and test discovery * A much faster io module * Automatic numbering of fields in the str.format() method * Float repr improvements backported from 3.x * Tile support for Tkinter * A backport of the memoryview object from 3.x * Set literals * Set and dictionary comprehensions * Dictionary views * New syntax for nested with statements * The sysconfig module @ text @$NetBSD: patch-CVE-2012-0845,v 1.1 2012/02/15 16:08:26 drochner Exp $ see python bug #14001 --- Lib/SimpleXMLRPCServer.py.orig 2009-04-05 21:34:15.000000000 +0000 +++ Lib/SimpleXMLRPCServer.py @@@@ -459,7 +459,10 @@@@ class SimpleXMLRPCRequestHandler(BaseHTT L = [] while size_remaining: chunk_size = min(size_remaining, max_chunk_size) - L.append(self.rfile.read(chunk_size)) + chunk = self.rfile.read(chunk_size) + if not chunk: + break + L.append(chunk) size_remaining -= len(L[-1]) data = ''.join(L) @ 1.1 log @apply fix for CVE-2012-0845 to other Python versions too (2.4 is not affected) @ text @d1 1 a1 1 $NetBSD: patch-CVE-2012-0845,v 1.1 2012/02/15 12:21:40 drochner Exp $ @ 1.1.2.1 log @file patch-CVE-2012-0845 was added on branch pkgsrc-2011Q4 on 2012-02-18 23:35:28 +0000 @ text @d1 18 @ 1.1.2.2 log @Pullup ticket #3685 - requested by drochner lang/python25: security patch lang/python26: security patch lang/python27: security patch lang/python31: security patch Revisions pulled up: - lang/python25/Makefile 1.37 via patch - lang/python25/distinfo 1.22 - lang/python25/patches/patch-CVE-2012-0845 1.1 - lang/python26/Makefile 1.45 via patch - lang/python26/distinfo 1.43 - lang/python26/patches/patch-CVE-2012-0845 1.1 - lang/python27/Makefile 1.11 via patch - lang/python27/distinfo 1.15 - lang/python27/patches/patch-CVE-2012-0845 1.1 - lang/python31/Makefile 1.6 via patch - lang/python31/distinfo 1.8 - lang/python31/patches/patch-CVE-2012-0845 1.1 --- Module Name: pkgsrc Committed By: drochner Date: Wed Feb 15 12:21:41 UTC 2012 Modified Files: pkgsrc/lang/python26: Makefile distinfo Added Files: pkgsrc/lang/python26/patches: patch-CVE-2012-0845 Log Message: add patch from Python issue#14001 to fix xmlrpc server endless loop by malformed request bump PKGREV --- Module Name: pkgsrc Committed By: drochner Date: Wed Feb 15 16:08:26 UTC 2012 Modified Files: pkgsrc/lang/python25: Makefile distinfo pkgsrc/lang/python27: Makefile distinfo pkgsrc/lang/python31: Makefile distinfo Added Files: pkgsrc/lang/python25/patches: patch-CVE-2012-0845 pkgsrc/lang/python27/patches: patch-CVE-2012-0845 pkgsrc/lang/python31/patches: patch-CVE-2012-0845 Log Message: apply fix for CVE-2012-0845 to other Python versions too (2.4 is not affected) @ text @a0 18 $NetBSD$ see python bug #14001 --- Lib/SimpleXMLRPCServer.py.orig 2009-04-05 21:34:15.000000000 +0000 +++ Lib/SimpleXMLRPCServer.py @@@@ -459,7 +459,10 @@@@ class SimpleXMLRPCRequestHandler(BaseHTT L = [] while size_remaining: chunk_size = min(size_remaining, max_chunk_size) - L.append(self.rfile.read(chunk_size)) + chunk = self.rfile.read(chunk_size) + if not chunk: + break + L.append(chunk) size_remaining -= len(L[-1]) data = ''.join(L) @