A vulnerability was reported [1] in Python's socket module, due to a
boundary error within the sock_recvfrom_into() function, which could be
exploited to cause a buffer overflow.
This could be used to crash a Python application that uses the
socket.recvfrom_info() function or, possibly, execute arbitrary code
with the permissions of the user running vulnerable Python code.
This vulnerable function, socket.recvfrom_into(), was introduced in
Python 2.5. Earlier versions are not affected by this flaw. This is
fixed in upstream branches for version 2.7, 3.1, 3.2 and 3.3.
[1] http://bugs.python.org/issue20246
MFH: 2014Q1
Security: 8e5e6d42-a0fa-11e3-b09a-080027f2d077
The current FreeBSD/ARM __clear_cache() implementation does nothing #if
__i386__ || __x86_64__ #else abort();
cognet@ advises this is an issue for anything !Apple that is using the
libcompiler_rt provided by Clang on ARM, and requires upstreaming.
This is the root cause of abort() on import for the ctypes module in
Python, as they bundle libffi. [1]
This change patches the bundled libffi library in all Python ports, even
though it is a NOOP for the ports that use devel/libffi. These ports,
currently python31, will get the fix via ports/184517
A huge shout out to cognet@ who helped diagnose the issue and created
the patch to address it. Thank you!
PR: ports/149167 [1]
PR: ports/184517
Submitted by: cognet [3]
Reviewed by: cognet, eadler, milki, ak
- Add the appropriate Python platform (plat-*) files for FreeBSD 11
- Update pkg-plist
Backport a upstream change [1] removing OS major version from the check
to enable the OSS Audio module in setup.py:
Issue #12326: don't test the major version of sys.platform Use
startswith, instead of ==, when testing sys.platform to support
new platforms like Linux 3 or OpenBSD 5. [2]
[1] http://hg.python.org/cpython/rev/50f1922bc1d5
[2] http://bugs.python.org/issue12326
Backport a change fixing use of kevent flags that was merged to Python
default, 3.3 and 2.7 branches, but not 3.2 and 3.1 that were in
security-only mode at the time of commit. [1]
- Add patch: patch-Modules__selectmodule.c
References:
[1] Issue #11973: Fix a problem in kevent. The flags and fflags fields
are now properly handled as unsigned. [#11973]
http://bugs.python.org/issue11973http://hg.python.org/cpython/rev/8345fb616cbd
While I'm here:
- Add LICENSE (PSFL)
- Clean up, reorganise, sort & whitespace align sections
PR: ports/156759
Submitted by: David Naylor <naylor.b.david@gmail.com>
Reviewed by: mva
and lang/python2 and lang/python3. This change brings us closer to the goal
of making Python ports usable with different Python versions at the same
time.
- Add a new lang/python2 port to handle the symlinks for bin/python2,
bin/idle2, bin/pydoc2 and so on.
- Add a new lang/python3 port to handle the symlinks for bin/python3,
bin/idle3, bin/pydoc3 and so on.
- Bump the PORTREVISION on all lang/python* ports.
. lang/python27: 2.7.3 -> 2.7.5
. lang/python32: 3.2.3 -> 3.2.4
. lang/python33: 3.3.0 -> 3.3.1
- update Mk/bsd.python.mk with new versions
- mark lang/python26 and lang/python31 as deprecated (set them to
upstream EoL dates)
- update docs (lang/python-doc-html)
- align databases/py-bsddb patch for python27 - most of it was applied
upstream. Raise BDB version to 4.3 atleast, according to
upstream requirements.
Many thanks to Martin (miwi) for his time on this update.
PR: 178506
Submitted by: rm (myself)
Exp-run by: portmgr (miwi)
- revert erroneous threads patch in lang/python26 and lang/python27,
that was added after ports/131080. It was rejected upstream, because it's
not actually a bug, but misuse.
Gabor Pali (pgj) in collaboration with Kubilay Kocak (koobs) did an
independent investigation regard the issue. See here for details:
http://lists.freebsd.org/pipermail/freebsd-python/2013-April/005376.html
PR: 153167
Submitted by: Duncan Findlay <duncan@duncf.ca>
Reported by: pgj/koobs (at python@ ML)
Exp-run by: portmgr (miwi)
for an exp-run of updated python versions.
- trim Makefile headers
- remove leading indefinite article from COMMENT
- use PYTHON shortcut in MASTER_SITES
- whitespace fixes
- remove checks for unsupported versions of FreeBSD
- use static value ``33'' instead of PYTHON_SUFFIX in lang/python33/pkg-plist,
because this value is not supposed to be changed across the branch and for
consistency with other python3 ports
- remove conflicts in lang/python-mode.el with not more existing python-2.4
${PYTHON_DEFAULT_VERSION}, this generates conflicting packages.
- Create symbolic links as PEP 394 [1] suggests. ${PYTHON_DEFAULT_VERSION}
will create python and python${MAJOR_VERSION} links. In current default,
lang/python27 will create: python -> python2 -> python2.7
- Introduce ${PYTHON3_DEFAULT_VERSION}, which will handle bin/python3 link.
At this point, lang/python33 will create python3 -> python3.3
- Minor cleanups
* Trim Makefile headers
* Remove ${OSVERSION} detection for xz, whihc is done by USE_XZ
[1] http://www.python.org/dev/peps/pep-0394/
(PYTHON_DISTFILE variable)
- switch lang/python ports (and it's slaves) to tar.xz
I compared all the four pairs .tgz/.tar.xz and they have no content differences.
Discussed on: python@
Now supported FreeBSD versions are all use OpenSSL greater
than 0.9.8 . This also fixes the problem of generating and
leaving pkg-plist.tmp in /usr/ports/lang/python32 .
- Add some PLIST_SUB anchors, this does:
* Not being conflict with default python version
(the one installed as /usr/local/bin/python)
* Make life easier for later 3.2.x (and higher) updates
* Add NO_NIS support back
Although POSIX says the type is 'int', all BSD variants (including Mac OS X)
have been using 'unsigned long' type for very long time and its use predates
the standard long enough. For certain commands (e.g., TIOCSWINSZ, FIONBIO),
the Python value may get sign-extended on 64-bit platforms (by implicit type
promotion) and it causes annoying warnings from kernel such as this:
WARNING pid 24509 (python2.6): ioctl sign-extension ioctl ffffffff8004667e
Approved by: python (maintainer timeout)