diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2014-02-24 15:27:57 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-02-24 15:32:12 +0000 |
| commit | ab1c8dcbd6898c70ba5c4b4443931a668eaee196 (patch) | |
| tree | f9f43c114637a8b8d3ec62db113e895886c2f551 | |
| parent | 2bcf8f73f9eb1586e89c3d5ab9359779276bfca8 (diff) | |
| download | aports-ab1c8dcbd6898c70ba5c4b4443931a668eaee196.tar.bz2 aports-ab1c8dcbd6898c70ba5c4b4443931a668eaee196.tar.xz | |
main/python: security fix for CVE-2014-1912
fixes #2713
| -rw-r--r-- | main/python/APKBUILD | 12 | ||||
| -rw-r--r-- | main/python/recvfrom_into_buffer_overflow_2.7.patch | 17 |
2 files changed, 25 insertions, 4 deletions
diff --git a/main/python/APKBUILD b/main/python/APKBUILD index f87d4f0d96..3ad3e7dd0f 100644 --- a/main/python/APKBUILD +++ b/main/python/APKBUILD @@ -2,7 +2,7 @@ pkgname=python pkgver=2.7.5 _verbase=${pkgver%.*} -pkgrel=3 +pkgrel=4 pkgdesc="A high-level scripting language" url="http://www.python.org" arch="all" @@ -16,6 +16,7 @@ makedepends="expat-dev openssl-dev zlib-dev ncurses-dev bzip2-dev gdbm-dev sqlite-dev libffi-dev readline-dev paxctl" source="http://www.$pkgname.org/ftp/$pkgname/$pkgver/Python-$pkgver.tar.bz2 find_library.patch + recvfrom_into_buffer_overflow_2.7.patch " prepare() { @@ -88,8 +89,11 @@ gdbm() { } md5sums="6334b666b7ff2038c761d7b27ba699c1 Python-2.7.5.tar.bz2 -22e32fddd3a973172f2fd570f8c5c416 find_library.patch" +22e32fddd3a973172f2fd570f8c5c416 find_library.patch +9bfbe06cf0752d5906992bb1e09198ca recvfrom_into_buffer_overflow_2.7.patch" sha256sums="3b477554864e616a041ee4d7cef9849751770bc7c39adaf78a94ea145c488059 Python-2.7.5.tar.bz2 -452f9dc842316bcacfd7d6547ac5c1faaa286568cc782db1c0099464bc913946 find_library.patch" +452f9dc842316bcacfd7d6547ac5c1faaa286568cc782db1c0099464bc913946 find_library.patch +bdf280058fe31b6e9d08a32e4ce16e958e3dddeed515417a03b25e5ec62d41b4 recvfrom_into_buffer_overflow_2.7.patch" sha512sums="e0080a380cc280575efb8ec065f99a1ab6f0ac0528c9bb5688414b1d6bb3f42645d8257557764049cefe40f40a0cd7afca1094099ecbf15b7a97757e3dd45492 Python-2.7.5.tar.bz2 -a1ea61266bb56358158de4036f5be0ad579b44ae616fe0f8d5cef59610886daed73979308c26e56f944435167a6bb8cc6278e6f97f9a72b5f5786d3c31668fc2 find_library.patch" +a1ea61266bb56358158de4036f5be0ad579b44ae616fe0f8d5cef59610886daed73979308c26e56f944435167a6bb8cc6278e6f97f9a72b5f5786d3c31668fc2 find_library.patch +21b534e41ce1cd1bf954849f4246ef0ae907ba7335b42ccfc914cc33068db91140dc1fea0f1b8a83818609e7f5a5f5df6623f029c2c86004f2126eb3f2699c06 recvfrom_into_buffer_overflow_2.7.patch" diff --git a/main/python/recvfrom_into_buffer_overflow_2.7.patch b/main/python/recvfrom_into_buffer_overflow_2.7.patch new file mode 100644 index 0000000000..37e786bd3a --- /dev/null +++ b/main/python/recvfrom_into_buffer_overflow_2.7.patch @@ -0,0 +1,17 @@ +diff -r 40fb60df4755 Modules/socketmodule.c +--- a/Modules/socketmodule.c Sun Jan 12 12:11:47 2014 +0200 ++++ b/Modules/socketmodule.c Mon Jan 13 16:36:35 2014 -0800 +@@ -2744,6 +2744,13 @@ + recvlen = buflen; + } + ++ /* Check if the buffer is large enough */ ++ if (buflen < recvlen) { ++ PyErr_SetString(PyExc_ValueError, ++ "buffer too small for requested bytes"); ++ goto error; ++ } ++ + readlen = sock_recvfrom_guts(s, buf.buf, recvlen, flags, &addr); + if (readlen < 0) { + /* Return an error */ |