Hi, this is the security fix for an issue in Python 3.x (more details: http://bugs.python.org/issue21082).
Ok? Cheers, Remi.
Index: Makefile =================================================================== RCS file: /cvs/ports/lang/python/3.3/Makefile,v retrieving revision 1.8 diff -u -p -r1.8 Makefile --- Makefile 9 Mar 2014 20:23:44 -0000 1.8 +++ Makefile 8 Apr 2014 05:05:34 -0000 @@ -2,7 +2,7 @@ VERSION = 3.3 PATCHLEVEL = .2 -REVISION = 2 +REVISION = 3 SHARED_LIBS = python3.3m 0.0 VERSION_SPEC = >=3.3,<3.4 Index: patches/patch-Lib_os_py =================================================================== RCS file: patches/patch-Lib_os_py diff -N patches/patch-Lib_os_py --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-Lib_os_py 8 Apr 2014 05:05:34 -0000 @@ -0,0 +1,53 @@ +$OpenBSD$ +--- Lib/os.py.orig Wed May 15 18:32:55 2013 ++++ Lib/os.py Sat Apr 5 08:17:21 2014 +@@ -230,23 +230,16 @@ SEEK_SET = 0 + SEEK_CUR = 1 + SEEK_END = 2 + +- +-def _get_masked_mode(mode): +- mask = umask(0) +- umask(mask) +- return mode & ~mask +- + # Super directory utilities. + # (Inspired by Eric Raymond; the doc strings are mostly his) + + def makedirs(name, mode=0o777, exist_ok=False): + """makedirs(path [, mode=0o777][, exist_ok=False]) + +- Super-mkdir; create a leaf directory and all intermediate ones. +- Works like mkdir, except that any intermediate path segment (not +- just the rightmost) will be created if it does not exist. If the +- target directory with the same mode as we specified already exists, +- raises an OSError if exist_ok is False, otherwise no exception is ++ Super-mkdir; create a leaf directory and all intermediate ones. Works like ++ mkdir, except that any intermediate path segment (not just the rightmost) ++ will be created if it does not exist. If the target directory already ++ exists, raise an OSError if exist_ok is False. Otherwise no exception is + raised. This is recursive. + + """ +@@ -268,20 +261,7 @@ def makedirs(name, mode=0o777, exist_ok=False): + try: + mkdir(name, mode) + except OSError as e: +- dir_exists = path.isdir(name) +- expected_mode = _get_masked_mode(mode) +- if dir_exists: +- # S_ISGID is automatically copied by the OS from parent to child +- # directories on mkdir. Don't consider it being set to be a mode +- # mismatch as mkdir does not unset it when not specified in mode. +- actual_mode = st.S_IMODE(lstat(name).st_mode) & ~st.S_ISGID +- else: +- actual_mode = -1 +- if not (e.errno == errno.EEXIST and exist_ok and dir_exists and +- actual_mode == expected_mode): +- if dir_exists and actual_mode != expected_mode: +- e.strerror += ' (mode %o != expected mode %o)' % ( +- actual_mode, expected_mode) ++ if not exist_ok or e.errno != errno.EEXIST or not path.isdir(name): + raise + + def removedirs(name): Index: patches/patch-Lib_test_test_os_py =================================================================== RCS file: patches/patch-Lib_test_test_os_py diff -N patches/patch-Lib_test_test_os_py --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-Lib_test_test_os_py 8 Apr 2014 05:05:34 -0000 @@ -0,0 +1,24 @@ +$OpenBSD$ +--- Lib/test/test_os.py.orig Wed May 15 18:32:56 2013 ++++ Lib/test/test_os.py Sat Apr 5 08:17:21 2014 +@@ -866,7 +866,7 @@ class MakedirTests(unittest.TestCase): + os.makedirs(path, mode) + self.assertRaises(OSError, os.makedirs, path, mode) + self.assertRaises(OSError, os.makedirs, path, mode, exist_ok=False) +- self.assertRaises(OSError, os.makedirs, path, 0o776, exist_ok=True) ++ os.makedirs(path, 0o776, exist_ok=True) + os.makedirs(path, mode=mode, exist_ok=True) + os.umask(old_mask) + +@@ -892,9 +892,8 @@ class MakedirTests(unittest.TestCase): + os.makedirs(path, mode, exist_ok=True) + # remove the bit. + os.chmod(path, stat.S_IMODE(os.lstat(path).st_mode) & ~S_ISGID) +- with self.assertRaises(OSError): +- # Should fail when the bit is not already set when demanded. +- os.makedirs(path, mode | S_ISGID, exist_ok=True) ++ # May work even when the bit is not already set when demanded. ++ os.makedirs(path, mode | S_ISGID, exist_ok=True) + finally: + os.umask(old_mask) + Index: patches/patch-Lib_test_test_socket_py =================================================================== RCS file: /cvs/ports/lang/python/3.3/patches/patch-Lib_test_test_socket_py,v retrieving revision 1.1 diff -u -p -r1.1 patch-Lib_test_test_socket_py --- patches/patch-Lib_test_test_socket_py 9 Feb 2014 09:49:26 -0000 1.1 +++ patches/patch-Lib_test_test_socket_py 8 Apr 2014 05:05:34 -0000 @@ -1,9 +1,7 @@ -$OpenBSD: patch-Lib_test_test_socket_py,v 1.1 2014/02/09 09:49:26 rpointel Exp $ -security fix: http://bugs.python.org/issue20246 - ---- Lib/test/test_socket.py -+++ Lib/test/test_socket.py -@@ -4538,6 +4538,14 @@ class BufferIOTest(SocketConnectedTest): +$OpenBSD$ +--- Lib/test/test_socket.py.orig Wed May 15 18:32:56 2013 ++++ Lib/test/test_socket.py Sat Apr 5 08:14:56 2014 +@@ -4524,6 +4524,14 @@ class BufferIOTest(SocketConnectedTest): _testRecvFromIntoMemoryview = _testRecvFromIntoArray @@ -15,3 +13,6 @@ security fix: http://bugs.python.org/iss + def _testRecvFromIntoSmallBuffer(self): + self.serv_conn.send(MSG) + + + TIPC_STYPE = 2000 + TIPC_LOWER = 200 Index: patches/patch-Modules_socketmodule_c =================================================================== RCS file: /cvs/ports/lang/python/3.3/patches/patch-Modules_socketmodule_c,v retrieving revision 1.1 diff -u -p -r1.1 patch-Modules_socketmodule_c --- patches/patch-Modules_socketmodule_c 9 Feb 2014 09:49:26 -0000 1.1 +++ patches/patch-Modules_socketmodule_c 8 Apr 2014 05:05:34 -0000 @@ -1,9 +1,9 @@ $OpenBSD: patch-Modules_socketmodule_c,v 1.1 2014/02/09 09:49:26 rpointel Exp $ security fix: http://bugs.python.org/issue20246 ---- Modules/socketmodule.c.orig -+++ Modules/socketmodule.c -@@ -2935,6 +2935,11 @@ sock_recvfrom_into(PySocketSockObject *s +--- Modules/socketmodule.c.orig Wed May 15 18:32:59 2013 ++++ Modules/socketmodule.c Sat Apr 5 08:14:56 2014 +@@ -2934,6 +2934,11 @@ sock_recvfrom_into(PySocketSockObject *s, PyObject *ar if (recvlen == 0) { /* If nbytes was not specified, use the buffer's length */ recvlen = buflen;
