lang/python[xx]: backport upstream fix for CVE-2016-5636

Add patch for integer overflow in zipimport module to all our python ports. While I'm here, get rid of -f flag in ${RM} invocation, because ${RM} already expands to rm -f, so in result we are getting something like: /bin/rm -f -f /wrkdirs/usr/ports/lang/python35/work/stage/usr/local/lib/libpython3.so PR: 210325 Submitted by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com> Security: 1d0f6852-33d8-11e6-a671-60a44ce6887b With hat: python
author: rm <rm@FreeBSD.org> 2016-06-18 01:09:04 +0800
committer: rm <rm@FreeBSD.org> 2016-06-18 01:09:04 +0800
commit: c1cbb48ab0cc4a2f330cf2a1d65e92c4e91b88d9 (patch)
tree: 0adb184f75003084e164df487438ff3c51107f45 /lang
parent: 40837b5d2bef8cd865498ea01dab04788be4b13e (diff)
download: freebsd-ports-gnome-c1cbb48ab0cc4a2f330cf2a1d65e92c4e91b88d9.tar.gz
freebsd-ports-gnome-c1cbb48ab0cc4a2f330cf2a1d65e92c4e91b88d9.tar.zst
freebsd-ports-gnome-c1cbb48ab0cc4a2f330cf2a1d65e92c4e91b88d9.zip
8 files changed, 75 insertions, 7 deletions
diff --git a/lang/python27/Makefile b/lang/python27/Makefile
index 6806e1d27391..2167013870f5 100644
--- a/lang/python27/Makefile
+++ b/lang/python27/Makefile
@@ -2,7 +2,7 @@
 
 PORTNAME=	python27
 PORTVERSION=	${PYTHON_PORTVERSION}
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	lang python ipv6
 MASTER_SITES=	PYTHON/ftp/python/${PORTVERSION}
 DISTNAME=	Python-${PORTVERSION}
diff --git a/lang/python27/files/patch-Modules_zipimport.c b/lang/python27/files/patch-Modules_zipimport.c
new file mode 100644
index 000000000000..aaf69496fedd
--- /dev/null
+++ b/lang/python27/files/patch-Modules_zipimport.c
@@ -0,0 +1,17 @@
+
+Bug: http://bugs.python.org/issue26171
+
+--- Modules/zipimport.c.orig	2015-12-05 19:47:16 UTC
++++ Modules/zipimport.c
+@@ -895,6 +895,11 @@ get_data(char *archive, PyObject *toc_en
+         PyMarshal_ReadShortFromFile(fp);        /* local header size */
+     file_offset += l;           /* Start of file data */
+ 
++    if (data_size > LONG_MAX - 1) {
++        fclose(fp);
++        PyErr_NoMemory();
++        return NULL;
++    }
+     raw_data = PyString_FromStringAndSize((char *)NULL, compress == 0 ?
+                                           data_size : data_size + 1);
+     if (raw_data == NULL) {
diff --git a/lang/python33/Makefile b/lang/python33/Makefile
index b19b1c3e9669..ecd174e7a25c 100644
--- a/lang/python33/Makefile
+++ b/lang/python33/Makefile
@@ -2,7 +2,7 @@
 
 PORTNAME=	python33
 PORTVERSION=	${PYTHON_PORTVERSION}
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	lang python ipv6
 MASTER_SITES=	PYTHON/ftp/python/${PORTVERSION}
 DISTNAME=	Python-${PORTVERSION}
@@ -115,7 +115,7 @@ post-patch:
 
 post-install:
 .if ! ${PORT_OPTIONS:MDEBUG}
-	${RM} -f ${STAGEDIR}${PREFIX}/lib/libpython3.so						# Upstream Issue: http://bugs.python.org/issue17975
+	${RM} ${STAGEDIR}${PREFIX}/lib/libpython3.so						# Upstream Issue: http://bugs.python.org/issue17975
 .endif
 	for i in ${STAGEDIR}${PREFIX}/lib/python3.3/lib-dynload/*.so; do \
 		${STRIP_CMD} $$i; done								# Strip shared extensions
diff --git a/lang/python33/files/patch-Modules_zipimport.c b/lang/python33/files/patch-Modules_zipimport.c
new file mode 100644
index 000000000000..66b635ebb4d4
--- /dev/null
+++ b/lang/python33/files/patch-Modules_zipimport.c
@@ -0,0 +1,17 @@
+
+Bug: http://bugs.python.org/issue26171
+
+--- Modules/zipimport.c.orig	2014-10-12 07:03:53 UTC
++++ Modules/zipimport.c
+@@ -1089,6 +1089,11 @@ get_data(PyObject *archive, PyObject *to
+         PyMarshal_ReadShortFromFile(fp);        /* local header size */
+     file_offset += l;           /* Start of file data */
+ 
++    if (data_size > LONG_MAX - 1) {
++        fclose(fp);
++        PyErr_NoMemory();
++        return NULL;
++    }
+     bytes_size = compress == 0 ? data_size : data_size + 1;
+     if (bytes_size == 0)
+         bytes_size++;
diff --git a/lang/python34/Makefile b/lang/python34/Makefile
index acf0d70b9f34..1e02026445e1 100644
--- a/lang/python34/Makefile
+++ b/lang/python34/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	python34
 PORTVERSION=	${PYTHON_PORTVERSION}
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	lang python ipv6
 MASTER_SITES=	PYTHON/ftp/python/${PORTVERSION}
 DISTNAME=	Python-${PORTVERSION}
@@ -119,7 +119,7 @@ PLIST_SUB+=	NO_NIS=""
 
 post-install:
 .if ! ${PORT_OPTIONS:MDEBUG}
-	${RM} -f ${STAGEDIR}${PREFIX}/lib/libpython3.so						# Upstream Issue: http://bugs.python.org/issue17975
+	${RM} ${STAGEDIR}${PREFIX}/lib/libpython3.so						# Upstream Issue: http://bugs.python.org/issue17975
 .endif
 	for i in ${STAGEDIR}${PREFIX}/lib/python3.4/lib-dynload/*.so; do \
 		${STRIP_CMD} $$i; done								# Strip shared extensions
diff --git a/lang/python34/files/patch-Modules_zipimport.c b/lang/python34/files/patch-Modules_zipimport.c
new file mode 100644
index 000000000000..f1fe5b968da6
--- /dev/null
+++ b/lang/python34/files/patch-Modules_zipimport.c
@@ -0,0 +1,17 @@
+
+Bug: http://bugs.python.org/issue26171
+
+--- Modules/zipimport.c.orig	2015-12-21 06:01:04 UTC
++++ Modules/zipimport.c
+@@ -1111,6 +1111,11 @@ get_data(PyObject *archive, PyObject *to
+     }
+     file_offset += l;           /* Start of file data */
+ 
++    if (data_size > LONG_MAX - 1) {
++        fclose(fp);
++        PyErr_NoMemory();
++        return NULL;
++    }
+     bytes_size = compress == 0 ? data_size : data_size + 1;
+     if (bytes_size == 0)
+         bytes_size++;
diff --git a/lang/python35/Makefile b/lang/python35/Makefile
index 521887ebd4ff..63f16bb34dcb 100644
--- a/lang/python35/Makefile
+++ b/lang/python35/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	python
 DISTVERSION=	${PYTHON_PORTVERSION}
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	lang python ipv6
 MASTER_SITES=	PYTHON/ftp/python/${PYTHON_PORTVERSION}
 PKGNAMESUFFIX=	${PYTHON_SUFFIX}
@@ -126,7 +126,7 @@ PLIST_SUB+=	NO_NIS=""
 
 post-install:
 .if ! ${PORT_OPTIONS:MDEBUG}
-	${RM} -f ${STAGEDIR}${PREFIX}/lib/libpython3.so						# Upstream Issue: http://bugs.python.org/issue17975
+	${RM} ${STAGEDIR}${PREFIX}/lib/libpython3.so						# Upstream Issue: http://bugs.python.org/issue17975
 .endif
 	for i in ${STAGEDIR}${PREFIX}/lib/python${PYTHON_VER}/lib-dynload/*.so; do \
 		${STRIP_CMD} $$i; done								# Strip shared extensions
diff --git a/lang/python35/files/patch-Modules_zipimport.c b/lang/python35/files/patch-Modules_zipimport.c
new file mode 100644
index 000000000000..14fab69a406c
--- /dev/null
+++ b/lang/python35/files/patch-Modules_zipimport.c
@@ -0,0 +1,17 @@
+
+Bug: http://bugs.python.org/issue26171
+
+--- Modules/zipimport.c.orig	2015-12-07 01:39:10 UTC
++++ Modules/zipimport.c
+@@ -1112,6 +1112,11 @@ get_data(PyObject *archive, PyObject *to
+     }
+     file_offset += l;           /* Start of file data */
+ 
++    if (data_size > LONG_MAX - 1) {
++        fclose(fp);
++        PyErr_NoMemory();
++        return NULL;
++    }
+     bytes_size = compress == 0 ? data_size : data_size + 1;
+     if (bytes_size == 0)
+         bytes_size++;
author	rm <rm@FreeBSD.org>	2016-06-18 01:09:04 +0800
committer	rm <rm@FreeBSD.org>	2016-06-18 01:09:04 +0800
commit	c1cbb48ab0cc4a2f330cf2a1d65e92c4e91b88d9 (patch)
tree	0adb184f75003084e164df487438ff3c51107f45 /lang
parent	40837b5d2bef8cd865498ea01dab04788be4b13e (diff)
download	freebsd-ports-gnome-c1cbb48ab0cc4a2f330cf2a1d65e92c4e91b88d9.tar.gz freebsd-ports-gnome-c1cbb48ab0cc4a2f330cf2a1d65e92c4e91b88d9.tar.zst freebsd-ports-gnome-c1cbb48ab0cc4a2f330cf2a1d65e92c4e91b88d9.zip