lang/python[xx]: backport upstream fix for CVE-2016-5636

Add patch for integer overflow in zipimport module to all our python ports. While I'm here, get rid of -f flag in ${RM} invocation, because ${RM} already expands to rm -f, so in result we are getting something like: /bin/rm -f -f /wrkdirs/usr/ports/lang/python35/work/stage/usr/local/lib/libpython3.so PR: 210325 Submitted by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com> Security: 1d0f6852-33d8-11e6-a671-60a44ce6887b With hat: python
svn path=/head/; revision=417019
2025-01-17 08:01:36 +00:00 · 2016-06-17 17:09:04 +00:00 · 2016-06-17 17:09:04 +00:00 · 5643ed620a · 2021-03-31 03:12:20 +00:00
commit 5643ed620a
parent b7700753f9
8 changed files with 75 additions and 7 deletions
--- a/lang/python27/Makefile
+++ b/lang/python27/Makefile
@ -2,7 +2,7 @@

 PORTNAME=	python27
 PORTVERSION=	${PYTHON_PORTVERSION}
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	lang python ipv6
 MASTER_SITES=	PYTHON/ftp/python/${PORTVERSION}
 DISTNAME=	Python-${PORTVERSION}
--- a/lang/python27/files/patch-Modules_zipimport.c
+++ b/lang/python27/files/patch-Modules_zipimport.c
@ -0,0 +1,17 @@
+
+Bug: http://bugs.python.org/issue26171
+
+--- Modules/zipimport.c.orig	2015-12-05 19:47:16 UTC
+++ Modules/zipimport.c
+@@ -895,6 +895,11 @@ get_data(char *archive, PyObject *toc_en
+         PyMarshal_ReadShortFromFile(fp);        /* local header size */
+     file_offset += l;           /* Start of file data */
+ 
+    if (data_size > LONG_MAX - 1) {
+        fclose(fp);
+        PyErr_NoMemory();
+        return NULL;
+    }
+     raw_data = PyString_FromStringAndSize((char *)NULL, compress == 0 ?
+                                           data_size : data_size + 1);
+     if (raw_data == NULL) {
--- a/lang/python33/Makefile
+++ b/lang/python33/Makefile
@ -2,7 +2,7 @@

 PORTNAME=	python33
 PORTVERSION=	${PYTHON_PORTVERSION}
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	lang python ipv6
 MASTER_SITES=	PYTHON/ftp/python/${PORTVERSION}
 DISTNAME=	Python-${PORTVERSION}
@ -115,7 +115,7 @@ post-patch:

 post-install:
 .if ! ${PORT_OPTIONS:MDEBUG}
-	${RM} -f ${STAGEDIR}${PREFIX}/lib/libpython3.so						# Upstream Issue: http://bugs.python.org/issue17975
+	${RM} ${STAGEDIR}${PREFIX}/lib/libpython3.so						# Upstream Issue: http://bugs.python.org/issue17975
 .endif
 	for i in ${STAGEDIR}${PREFIX}/lib/python3.3/lib-dynload/*.so; do \
 		${STRIP_CMD} $$i; done								# Strip shared extensions
--- a/lang/python33/files/patch-Modules_zipimport.c
+++ b/lang/python33/files/patch-Modules_zipimport.c
@ -0,0 +1,17 @@
+
+Bug: http://bugs.python.org/issue26171
+
+--- Modules/zipimport.c.orig	2014-10-12 07:03:53 UTC
+++ Modules/zipimport.c
+@@ -1089,6 +1089,11 @@ get_data(PyObject *archive, PyObject *to
+         PyMarshal_ReadShortFromFile(fp);        /* local header size */
+     file_offset += l;           /* Start of file data */
+ 
+    if (data_size > LONG_MAX - 1) {
+        fclose(fp);
+        PyErr_NoMemory();
+        return NULL;
+    }
+     bytes_size = compress == 0 ? data_size : data_size + 1;
+     if (bytes_size == 0)
+         bytes_size++;
--- a/lang/python34/Makefile
+++ b/lang/python34/Makefile
@ -3,7 +3,7 @@

 PORTNAME=	python34
 PORTVERSION=	${PYTHON_PORTVERSION}
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	lang python ipv6
 MASTER_SITES=	PYTHON/ftp/python/${PORTVERSION}
 DISTNAME=	Python-${PORTVERSION}
@ -119,7 +119,7 @@ PLIST_SUB+=	NO_NIS=""

 post-install:
 .if ! ${PORT_OPTIONS:MDEBUG}
-	${RM} -f ${STAGEDIR}${PREFIX}/lib/libpython3.so						# Upstream Issue: http://bugs.python.org/issue17975
+	${RM} ${STAGEDIR}${PREFIX}/lib/libpython3.so						# Upstream Issue: http://bugs.python.org/issue17975
 .endif
 	for i in ${STAGEDIR}${PREFIX}/lib/python3.4/lib-dynload/*.so; do \
 		${STRIP_CMD} $$i; done								# Strip shared extensions
--- a/lang/python34/files/patch-Modules_zipimport.c
+++ b/lang/python34/files/patch-Modules_zipimport.c
@ -0,0 +1,17 @@
+
+Bug: http://bugs.python.org/issue26171
+
+--- Modules/zipimport.c.orig	2015-12-21 06:01:04 UTC
+++ Modules/zipimport.c
+@@ -1111,6 +1111,11 @@ get_data(PyObject *archive, PyObject *to
+     }
+     file_offset += l;           /* Start of file data */
+ 
+    if (data_size > LONG_MAX - 1) {
+        fclose(fp);
+        PyErr_NoMemory();
+        return NULL;
+    }
+     bytes_size = compress == 0 ? data_size : data_size + 1;
+     if (bytes_size == 0)
+         bytes_size++;
--- a/lang/python35/Makefile
+++ b/lang/python35/Makefile
@ -3,7 +3,7 @@

 PORTNAME=	python
 DISTVERSION=	${PYTHON_PORTVERSION}
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	lang python ipv6
 MASTER_SITES=	PYTHON/ftp/python/${PYTHON_PORTVERSION}
 PKGNAMESUFFIX=	${PYTHON_SUFFIX}
@ -126,7 +126,7 @@ PLIST_SUB+=	NO_NIS=""

 post-install:
 .if ! ${PORT_OPTIONS:MDEBUG}
-	${RM} -f ${STAGEDIR}${PREFIX}/lib/libpython3.so						# Upstream Issue: http://bugs.python.org/issue17975
+	${RM} ${STAGEDIR}${PREFIX}/lib/libpython3.so						# Upstream Issue: http://bugs.python.org/issue17975
 .endif
 	for i in ${STAGEDIR}${PREFIX}/lib/python${PYTHON_VER}/lib-dynload/*.so; do \
 		${STRIP_CMD} $$i; done								# Strip shared extensions
--- a/lang/python35/files/patch-Modules_zipimport.c
+++ b/lang/python35/files/patch-Modules_zipimport.c
@ -0,0 +1,17 @@
+
+Bug: http://bugs.python.org/issue26171
+
+--- Modules/zipimport.c.orig	2015-12-07 01:39:10 UTC
+++ Modules/zipimport.c
+@@ -1112,6 +1112,11 @@ get_data(PyObject *archive, PyObject *to
+     }
+     file_offset += l;           /* Start of file data */
+ 
+    if (data_size > LONG_MAX - 1) {
+        fclose(fp);
+        PyErr_NoMemory();
+        return NULL;
+    }
+     bytes_size = compress == 0 ? data_size : data_size + 1;
+     if (bytes_size == 0)
+         bytes_size++;