[Frugalware-git] frugalware-current: python-2.5.2-3-i686

Tue, 08 Apr 2008 01:42:27 -0700 

Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=dfb9bf550b03cde57d8d737b25d017a0c8e20b65

commit dfb9bf550b03cde57d8d737b25d017a0c8e20b65
Author: Miklos Vajna <[EMAIL PROTECTED]>
Date:   Tue Apr 8 10:41:48 2008 +0200

python-2.5.2-3-i686
- added CVE-2008-1679.patch
- closes #2954

diff --git a/source/devel/python/CVE-2008-1679.patch 
b/source/devel/python/CVE-2008-1679.patch
new file mode 100644
index 0000000..0b6ec97
--- /dev/null
+++ b/source/devel/python/CVE-2008-1679.patch
@@ -0,0 +1,26 @@
+--- Python-2.5.2-orig+CVE-2007-4965/Modules/imageop.c  2008-04-07 
16:13:42.000000000 -0700
++++ Python-2.5.2/Modules/imageop.c     2008-04-07 16:10:21.000000000 -0700
+@@ -640,6 +640,11 @@
+               PyErr_SetString(ImageopError, "String has incorrect length");
+               return 0;
+       }
++
++      if ( nlen / x != y || nlen > INT_MAX / 4) {
++              PyErr_SetString(ImageopError, "Image is too large");
++              return 0;
++      }
+
+       rv = PyString_FromStringAndSize(NULL, nlen*4);
+       if ( rv == 0 )
+@@ -743,6 +748,11 @@
+               PyErr_SetString(ImageopError, "String has incorrect length");
+               return 0;
+       }
++
++      if ( nlen / x != y || nlen > INT_MAX / 4) {
++              PyErr_SetString(ImageopError, "Image is too large");
++              return 0;
++      }
+
+       rv = PyString_FromStringAndSize(NULL, nlen*4);
+       if ( rv == 0 )
diff --git a/source/devel/python/FrugalBuild b/source/devel/python/FrugalBuild
index f0adfb1..bf36911 100644
--- a/source/devel/python/FrugalBuild
+++ b/source/devel/python/FrugalBuild
@@ -4,7 +4,7 @@
pkgname=python
pkgver=2.5.2
shortpkgver=2.5 # 2.3 if $pkgver=2.3.4
-pkgrel=2
+pkgrel=3
pkgdesc="A high-level scripting language"
url="http://www.python.org";
depends=('glibc>=2.7-3' 'db>=4.6.21-3' 'bzip2>=1.0.4-2' 'gdbm>=1.8.3-4' 
'openssl>=0.9.8-12' 'glib2>=2.14.6-2')
@@ -16,8 +16,9 @@ up2date="lynx -dump $url/download/|grep current|sed 's/.*n 
\(.*\)\. .*/\1/;q'"
source=(http://www.python.org/ftp/python/$pkgver/Python-$pkgver.tar.bz2 \
Python-2.4.1-gdbm-1.patch \
insecure_pathnames.diff \
-       
http://bugs.python.org/file8452/python-2.5.CVE-2007-4965-int-overflow.patch)
-signatures=($source.asc '' '' '')
+       
http://bugs.python.org/file8452/python-2.5.CVE-2007-4965-int-overflow.patch \
+       CVE-2008-1679.patch)
+signatures=($source.asc '' '' '' '')

subpkgs=("$pkgname-tools")
subdescs=("Optional development tools to extending Python")
@@ -43,7 +44,7 @@ build()
# subpkg python-tools
for f in Tools/* ; do
if [ -d $f ] ; then
-                       Fcpr Python-$pkgver/$f 
/usr/lib/python$shortpkgver/site-packages/ || Fdie
+                       Fcp Python-$pkgver/$f 
/usr/lib/python$shortpkgver/site-packages/ || Fdie
Fsplit $pkgname-tools usr/lib/python$shortpkgver/site-packages/`echo $f|sed 
's|Tools/||'`
fi
done
_______________________________________________
Frugalware-git mailing list
[email protected]
http://frugalware.org/mailman/listinfo/frugalware-git

Reply via email to