- Fix zlib crash from zlib.decompressobj().flush(val)

  when val was not positive. It tried to allocate negative
  or zero memory.  That fails.
- Bump PORTREVISION

PR:		123153
Submitted by:	Nick Barkas <snb@threerings.net>
Security:	http://www.vuxml.org/freebsd/ec41c3e2-129c-11dd-bab7-0016179b2dd5.html

6 files changed, 56 insertions, 0 deletions

diff --git a/lang/python23/Makefile b/lang/python23/Makefile
index 5dfd1913ecd1..8a250902289c 100644
--- a/lang/python23/Makefile
+++ b/lang/python23/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	python23
 PORTVERSION=	2.3.6
+PORTREVISION=	1
 CATEGORIES=	lang python ipv6
 MASTER_SITES=	${PYTHON_MASTER_SITES}
 MASTER_SITE_SUBDIR=	${PYTHON_MASTER_SITE_SUBDIR}
diff --git a/lang/python23/files/patch-Lib-test-test_zlib.py b/lang/python23/files/patch-Lib-test-test_zlib.py
new file mode 100644
index 000000000000..425572d2574d
--- /dev/null
+++ b/lang/python23/files/patch-Lib-test-test_zlib.py
@@ -0,0 +1,14 @@
+--- Lib/test/test_zlib.py	2008/04/08 23:47:30	62234
++++ Lib/test/test_zlib.py	2008/04/09 00:25:17	62235
+@@ -83,6 +83,11 @@
+         # verify failure on building decompress object with bad params
+         self.assertRaises(ValueError, zlib.decompressobj, 0)
+ 
++    def test_decompressobj_badflush(self):
++        # verify failure on calling decompressobj.flush with bad params
++        self.assertRaises(ValueError, zlib.decompressobj().flush, 0)
++        self.assertRaises(ValueError, zlib.decompressobj().flush, -1)
++
+ 
+ 
+ class CompressTestCase(unittest.TestCase):
diff --git a/lang/python23/files/patch-Modules-zlibmodule.c b/lang/python23/files/patch-Modules-zlibmodule.c
new file mode 100644
index 000000000000..7875a40ada7c
--- /dev/null
+++ b/lang/python23/files/patch-Modules-zlibmodule.c
@@ -0,0 +1,13 @@
+--- Modules/zlibmodule.c.orig	2008-04-25 01:47:26.000000000 +0200
++++ Modules/zlibmodule.c	2008-04-25 01:48:17.000000000 +0200
+@@ -774,6 +774,10 @@
+ 
+     if (!PyArg_ParseTuple(args, "|i:flush", &length))
+ 	return NULL;
++    if (length <= 0) {
++	PyErr_SetString(PyExc_ValueError, "length must be greater than zero");
++	return NULL;
++	}
+     if (!(retval = PyString_FromStringAndSize(NULL, length)))
+ 	return NULL;
+ 
diff --git a/lang/python24/Makefile b/lang/python24/Makefile
index a659af4cf734..efd6994a7d08 100644
--- a/lang/python24/Makefile
+++ b/lang/python24/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	python24
 PORTVERSION=	2.4.5
+PORTREVSION=	1
 CATEGORIES=	lang python ipv6
 MASTER_SITES=	${PYTHON_MASTER_SITES}
 MASTER_SITE_SUBDIR=	${PYTHON_MASTER_SITE_SUBDIR}
diff --git a/lang/python24/files/patch-Lib-test-test_zlib.py b/lang/python24/files/patch-Lib-test-test_zlib.py
new file mode 100644
index 000000000000..425572d2574d
--- /dev/null
+++ b/lang/python24/files/patch-Lib-test-test_zlib.py
@@ -0,0 +1,14 @@
+--- Lib/test/test_zlib.py	2008/04/08 23:47:30	62234
++++ Lib/test/test_zlib.py	2008/04/09 00:25:17	62235
+@@ -83,6 +83,11 @@
+         # verify failure on building decompress object with bad params
+         self.assertRaises(ValueError, zlib.decompressobj, 0)
+ 
++    def test_decompressobj_badflush(self):
++        # verify failure on calling decompressobj.flush with bad params
++        self.assertRaises(ValueError, zlib.decompressobj().flush, 0)
++        self.assertRaises(ValueError, zlib.decompressobj().flush, -1)
++
+ 
+ 
+ class CompressTestCase(unittest.TestCase):
diff --git a/lang/python24/files/patch-Modules-zlibmodule.c b/lang/python24/files/patch-Modules-zlibmodule.c
new file mode 100644
index 000000000000..7875a40ada7c
--- /dev/null
+++ b/lang/python24/files/patch-Modules-zlibmodule.c
@@ -0,0 +1,13 @@
+--- Modules/zlibmodule.c.orig	2008-04-25 01:47:26.000000000 +0200
++++ Modules/zlibmodule.c	2008-04-25 01:48:17.000000000 +0200
+@@ -774,6 +774,10 @@
+ 
+     if (!PyArg_ParseTuple(args, "|i:flush", &length))
+ 	return NULL;
++    if (length <= 0) {
++	PyErr_SetString(PyExc_ValueError, "length must be greater than zero");
++	return NULL;
++	}
+     if (!(retval = PyString_FromStringAndSize(NULL, length)))
+ 	return NULL;
+