- Apply two patch from svn.python.org to fix CVE-2010-3493 and SA43463

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3493
http://secunia.com/advisories/43463

3 files changed, 131 insertions, 0 deletions

diff --git a/lang/python26/Makefile b/lang/python26/Makefile
index 09a54b9f9e8c..f3bd63f4d4a3 100644
--- a/lang/python26/Makefile
+++ b/lang/python26/Makefile
@@ -6,6 +6,7 @@
 
 PORTNAME=	python26
 PORTVERSION=	2.6.6
+PORTREVISION=	1
 CATEGORIES=	lang python ipv6
 MASTER_SITES=	${PYTHON_MASTER_SITES}
 MASTER_SITE_SUBDIR=	${PYTHON_MASTER_SITE_SUBDIR}
diff --git a/lang/python26/files/patch-CVE-2010-3493 b/lang/python26/files/patch-CVE-2010-3493
new file mode 100644
index 000000000000..b8553d99339e
--- /dev/null
+++ b/lang/python26/files/patch-CVE-2010-3493
@@ -0,0 +1,41 @@
+--- Lib/smtpd.py.orig   2011-03-05 13:51:22.000000000 +0000
++++ Lib/smtpd.py        2011-03-05 13:52:42.000000000 +0000
+@@ -121,7 +121,15 @@
+         self.__rcpttos = []
+         self.__data = ''
+         self.__fqdn = socket.getfqdn()
+-        self.__peer = conn.getpeername()
++        try:
++            self.__peer = conn.getpeername()
++        except socket.error as err:
++            # a race condition  may occur if the other end is closing
++            # before we can get the peername
++            self.close()
++            if err.args[0] != errno.ENOTCONN:
++                raise
++            return
+         print >> DEBUGSTREAM, 'Peer:', repr(self.__peer)
+         self.push('220 %s %s' % (self.__fqdn, __version__))
+         self.set_terminator('\r\n')
+@@ -291,7 +299,20 @@
+                 localaddr, remoteaddr)
+
+     def handle_accept(self):
+-        conn, addr = self.accept()
++        try:
++            conn, addr = self.accept()
++        except TypeError:
++            # sometimes accept() might return None
++            return
++        except socket.error as err:
++            # ECONNABORTED might be thrown
++            if err.args[0] != errno.ECONNABORTED:
++                raise
++            return
++        else:
++            # sometimes addr == None instead of (ip, port)
++            if addr == None:
++                return
+         print >> DEBUGSTREAM, 'Incoming connection from %s' % repr(addr)
+         channel = SMTPChannel(self, conn, addr)
+
diff --git a/lang/python26/files/patch-SA43463 b/lang/python26/files/patch-SA43463
new file mode 100644
index 000000000000..fe710c908456
--- /dev/null
+++ b/lang/python26/files/patch-SA43463
@@ -0,0 +1,89 @@
+--- Lib/CGIHTTPServer.py.orig   2009-11-11 17:24:53.000000000 +0000
++++ Lib/CGIHTTPServer.py        2011-03-01 12:05:50.000000000 +0000
+@@ -70,27 +70,20 @@
+             return SimpleHTTPServer.SimpleHTTPRequestHandler.send_head(self)
+
+     def is_cgi(self):
+-        """Test whether self.path corresponds to a CGI script,
+-        and return a boolean.
++        """Test whether self.path corresponds to a CGI script.
+
+-        This function sets self.cgi_info to a tuple (dir, rest)
+-        when it returns True, where dir is the directory part before
+-        the CGI script name.  Note that rest begins with a
+-        slash if it is not empty.
+-
+-        The default implementation tests whether the path
+-        begins with one of the strings in the list
+-        self.cgi_directories (and the next character is a '/'
+-        or the end of the string).
++        Returns True and updates the cgi_info attribute to the tuple
++        (dir, rest) if self.path requires running a CGI script.
++        Returns False otherwise.
++
++        The default implementation tests whether the normalized url
++        path begins with one of the strings in self.cgi_directories
++        (and the next character is a '/' or the end of the string).
+         """
+-
+-        path = self.path
+-
+-        for x in self.cgi_directories:
+-            i = len(x)
+-            if path[:i] == x and (not path[i:] or path[i] == '/'):
+-                self.cgi_info = path[:i], path[i+1:]
+-                return True
++        splitpath = _url_collapse_path_split(self.path)
++        if splitpath[0] in self.cgi_directories:
++            self.cgi_info = splitpath
++            return True
+         return False
+
+     cgi_directories = ['/cgi-bin', '/htbin']
+@@ -299,6 +292,46 @@
+                 self.log_message("CGI script exited OK")
+
+
++# TODO(gregory.p.smith): Move this into an appropriate library.
++def _url_collapse_path_split(path):
++    """
++    Given a URL path, remove extra '/'s and '.' path elements and collapse
++    any '..' references.
++
++    Implements something akin to RFC-2396 5.2 step 6 to parse relative paths.
++
++    Returns: A tuple of (head, tail) where tail is everything after the final /
++    and head is everything before it.  Head will always start with a '/' and,
++    if it contains anything else, never have a trailing '/'.
++
++    Raises: IndexError if too many '..' occur within the path.
++    """
++    # Similar to os.path.split(os.path.normpath(path)) but specific to URL
++    # path semantics rather than local operating system semantics.
++    path_parts = []
++    for part in path.split('/'):
++        if part == '.':
++            path_parts.append('')
++        else:
++            path_parts.append(part)
++    # Filter out blank non trailing parts before consuming the '..'.
++    path_parts = [part for part in path_parts[:-1] if part] + path_parts[-1:]
++    if path_parts:
++        tail_part = path_parts.pop()
++    else:
++        tail_part = ''
++    head_parts = []
++    for part in path_parts:
++        if part == '..':
++            head_parts.pop()
++        else:
++            head_parts.append(part)
++    if tail_part and tail_part == '..':
++        head_parts.pop()
++        tail_part = ''
++    return ('/' + '/'.join(head_parts), tail_part)
++
++
+ nobody = None
+
+ def nobody_uid():