From owner-svn-ports-head@freebsd.org  Fri Jun 17 17:09:07 2016
Return-Path: <owner-svn-ports-head@freebsd.org>
Delivered-To: svn-ports-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 02084A78698;
 Fri, 17 Jun 2016 17:09:07 +0000 (UTC) (envelope-from rm@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id B827128E2;
 Fri, 17 Jun 2016 17:09:06 +0000 (UTC) (envelope-from rm@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u5HH95e2094764;
 Fri, 17 Jun 2016 17:09:05 GMT (envelope-from rm@FreeBSD.org)
Received: (from rm@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u5HH95iZ094756;
 Fri, 17 Jun 2016 17:09:05 GMT (envelope-from rm@FreeBSD.org)
Message-Id: <201606171709.u5HH95iZ094756@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: rm set sender to rm@FreeBSD.org
 using -f
From: Ruslan Makhmatkhanov <rm@FreeBSD.org>
Date: Fri, 17 Jun 2016 17:09:05 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r417019 - in head/lang: python27 python27/files python33
 python33/files python34 python34/files python35 python35/files
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-head>, 
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jun 2016 17:09:07 -0000

Author: rm
Date: Fri Jun 17 17:09:04 2016
New Revision: 417019
URL: https://svnweb.freebsd.org/changeset/ports/417019

Log:
  lang/python[xx]: backport upstream fix for CVE-2016-5636
  
  Add patch for integer overflow in zipimport module to all our python ports.
  
  While I'm here, get rid of -f flag in ${RM} invocation, because ${RM} already
  expands to rm -f, so in result we are getting something like:
  
  /bin/rm -f -f /wrkdirs/usr/ports/lang/python35/work/stage/usr/local/lib/libpython3.so
  
  PR:		210325
  Submitted by:	 Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
  Security:	1d0f6852-33d8-11e6-a671-60a44ce6887b
  With hat:	python

Added:
  head/lang/python27/files/patch-Modules_zipimport.c   (contents, props changed)
  head/lang/python33/files/patch-Modules_zipimport.c   (contents, props changed)
  head/lang/python34/files/patch-Modules_zipimport.c   (contents, props changed)
  head/lang/python35/files/patch-Modules_zipimport.c   (contents, props changed)
Modified:
  head/lang/python27/Makefile
  head/lang/python33/Makefile
  head/lang/python34/Makefile
  head/lang/python35/Makefile

Modified: head/lang/python27/Makefile
==============================================================================
--- head/lang/python27/Makefile	Fri Jun 17 17:03:57 2016	(r417018)
+++ head/lang/python27/Makefile	Fri Jun 17 17:09:04 2016	(r417019)
@@ -2,7 +2,7 @@
 
 PORTNAME=	python27
 PORTVERSION=	${PYTHON_PORTVERSION}
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	lang python ipv6
 MASTER_SITES=	PYTHON/ftp/python/${PORTVERSION}
 DISTNAME=	Python-${PORTVERSION}

Added: head/lang/python27/files/patch-Modules_zipimport.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/lang/python27/files/patch-Modules_zipimport.c	Fri Jun 17 17:09:04 2016	(r417019)
@@ -0,0 +1,17 @@
+
+Bug: http://bugs.python.org/issue26171
+
+--- Modules/zipimport.c.orig	2015-12-05 19:47:16 UTC
++++ Modules/zipimport.c
+@@ -895,6 +895,11 @@ get_data(char *archive, PyObject *toc_en
+         PyMarshal_ReadShortFromFile(fp);        /* local header size */
+     file_offset += l;           /* Start of file data */
+ 
++    if (data_size > LONG_MAX - 1) {
++        fclose(fp);
++        PyErr_NoMemory();
++        return NULL;
++    }
+     raw_data = PyString_FromStringAndSize((char *)NULL, compress == 0 ?
+                                           data_size : data_size + 1);
+     if (raw_data == NULL) {

Modified: head/lang/python33/Makefile
==============================================================================
--- head/lang/python33/Makefile	Fri Jun 17 17:03:57 2016	(r417018)
+++ head/lang/python33/Makefile	Fri Jun 17 17:09:04 2016	(r417019)
@@ -2,7 +2,7 @@
 
 PORTNAME=	python33
 PORTVERSION=	${PYTHON_PORTVERSION}
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	lang python ipv6
 MASTER_SITES=	PYTHON/ftp/python/${PORTVERSION}
 DISTNAME=	Python-${PORTVERSION}
@@ -115,7 +115,7 @@ post-patch:
 
 post-install:
 .if ! ${PORT_OPTIONS:MDEBUG}
-	${RM} -f ${STAGEDIR}${PREFIX}/lib/libpython3.so						# Upstream Issue: http://bugs.python.org/issue17975
+	${RM} ${STAGEDIR}${PREFIX}/lib/libpython3.so						# Upstream Issue: http://bugs.python.org/issue17975
 .endif
 	for i in ${STAGEDIR}${PREFIX}/lib/python3.3/lib-dynload/*.so; do \
 		${STRIP_CMD} $$i; done								# Strip shared extensions

Added: head/lang/python33/files/patch-Modules_zipimport.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/lang/python33/files/patch-Modules_zipimport.c	Fri Jun 17 17:09:04 2016	(r417019)
@@ -0,0 +1,17 @@
+
+Bug: http://bugs.python.org/issue26171
+
+--- Modules/zipimport.c.orig	2014-10-12 07:03:53 UTC
++++ Modules/zipimport.c
+@@ -1089,6 +1089,11 @@ get_data(PyObject *archive, PyObject *to
+         PyMarshal_ReadShortFromFile(fp);        /* local header size */
+     file_offset += l;           /* Start of file data */
+ 
++    if (data_size > LONG_MAX - 1) {
++        fclose(fp);
++        PyErr_NoMemory();
++        return NULL;
++    }
+     bytes_size = compress == 0 ? data_size : data_size + 1;
+     if (bytes_size == 0)
+         bytes_size++;

Modified: head/lang/python34/Makefile
==============================================================================
--- head/lang/python34/Makefile	Fri Jun 17 17:03:57 2016	(r417018)
+++ head/lang/python34/Makefile	Fri Jun 17 17:09:04 2016	(r417019)
@@ -3,7 +3,7 @@
 
 PORTNAME=	python34
 PORTVERSION=	${PYTHON_PORTVERSION}
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	lang python ipv6
 MASTER_SITES=	PYTHON/ftp/python/${PORTVERSION}
 DISTNAME=	Python-${PORTVERSION}
@@ -119,7 +119,7 @@ PLIST_SUB+=	NO_NIS=""
 
 post-install:
 .if ! ${PORT_OPTIONS:MDEBUG}
-	${RM} -f ${STAGEDIR}${PREFIX}/lib/libpython3.so						# Upstream Issue: http://bugs.python.org/issue17975
+	${RM} ${STAGEDIR}${PREFIX}/lib/libpython3.so						# Upstream Issue: http://bugs.python.org/issue17975
 .endif
 	for i in ${STAGEDIR}${PREFIX}/lib/python3.4/lib-dynload/*.so; do \
 		${STRIP_CMD} $$i; done								# Strip shared extensions

Added: head/lang/python34/files/patch-Modules_zipimport.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/lang/python34/files/patch-Modules_zipimport.c	Fri Jun 17 17:09:04 2016	(r417019)
@@ -0,0 +1,17 @@
+
+Bug: http://bugs.python.org/issue26171
+
+--- Modules/zipimport.c.orig	2015-12-21 06:01:04 UTC
++++ Modules/zipimport.c
+@@ -1111,6 +1111,11 @@ get_data(PyObject *archive, PyObject *to
+     }
+     file_offset += l;           /* Start of file data */
+ 
++    if (data_size > LONG_MAX - 1) {
++        fclose(fp);
++        PyErr_NoMemory();
++        return NULL;
++    }
+     bytes_size = compress == 0 ? data_size : data_size + 1;
+     if (bytes_size == 0)
+         bytes_size++;

Modified: head/lang/python35/Makefile
==============================================================================
--- head/lang/python35/Makefile	Fri Jun 17 17:03:57 2016	(r417018)
+++ head/lang/python35/Makefile	Fri Jun 17 17:09:04 2016	(r417019)
@@ -3,7 +3,7 @@
 
 PORTNAME=	python
 DISTVERSION=	${PYTHON_PORTVERSION}
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	lang python ipv6
 MASTER_SITES=	PYTHON/ftp/python/${PYTHON_PORTVERSION}
 PKGNAMESUFFIX=	${PYTHON_SUFFIX}
@@ -126,7 +126,7 @@ PLIST_SUB+=	NO_NIS=""
 
 post-install:
 .if ! ${PORT_OPTIONS:MDEBUG}
-	${RM} -f ${STAGEDIR}${PREFIX}/lib/libpython3.so						# Upstream Issue: http://bugs.python.org/issue17975
+	${RM} ${STAGEDIR}${PREFIX}/lib/libpython3.so						# Upstream Issue: http://bugs.python.org/issue17975
 .endif
 	for i in ${STAGEDIR}${PREFIX}/lib/python${PYTHON_VER}/lib-dynload/*.so; do \
 		${STRIP_CMD} $$i; done								# Strip shared extensions

Added: head/lang/python35/files/patch-Modules_zipimport.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/lang/python35/files/patch-Modules_zipimport.c	Fri Jun 17 17:09:04 2016	(r417019)
@@ -0,0 +1,17 @@
+
+Bug: http://bugs.python.org/issue26171
+
+--- Modules/zipimport.c.orig	2015-12-07 01:39:10 UTC
++++ Modules/zipimport.c
+@@ -1112,6 +1112,11 @@ get_data(PyObject *archive, PyObject *to
+     }
+     file_offset += l;           /* Start of file data */
+ 
++    if (data_size > LONG_MAX - 1) {
++        fclose(fp);
++        PyErr_NoMemory();
++        return NULL;
++    }
+     bytes_size = compress == 0 ? data_size : data_size + 1;
+     if (bytes_size == 0)
+         bytes_size++;