rpms/python/devel python-2.5-tkinter.patch, NONE, 1.1 python-2.5.1-binutils-no-dep.patch, NONE, 1.1 python-2.5.1-codec-ascii-tolower.patch, NONE, 1.1 python-2.5.1-pysqlite.patch, NONE, 1.1 python-2.5.CVE-2007-4965-int-overflow.patch, NONE, 1.1 python.spec, 1.120, 1.121
James Antill (james)
fedora-extras-commits at redhat.com
Fri Nov 30 05:32:14 UTC 2007
Author: james
Update of /cvs/pkgs/rpms/python/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3629
Modified Files:
python.spec
Added Files:
python-2.5-tkinter.patch python-2.5.1-binutils-no-dep.patch
python-2.5.1-codec-ascii-tolower.patch
python-2.5.1-pysqlite.patch
python-2.5.CVE-2007-4965-int-overflow.patch
Log Message:
* Fri Nov 30 2007 James Antill <jantill at redhat.com> - 2.5.1-16
- Fix pyconfig.h comment typo.
- Add back test_support.py and the __init__.py file.
- Resolves: rhbz#387401
python-2.5-tkinter.patch:
--- NEW FILE python-2.5-tkinter.patch ---
--- Python-2.5-orig/Modules/_tkinter.c 2006-08-11 22:33:36.000000000 -0400
+++ Python-2.5/Modules/_tkinter.c 2007-10-19 01:04:42.000000000 -0400
@@ -938,7 +938,7 @@
#if defined(Py_UNICODE_WIDE) && TCL_UTF_MAX == 3
Tcl_UniChar *outbuf;
Py_ssize_t i;
- assert(size < size * sizeof(Tcl_UniChar));
+ assert(size == 0 || size < size * sizeof(Tcl_UniChar));
outbuf = (Tcl_UniChar*)ckalloc(size * sizeof(Tcl_UniChar));
if (!outbuf) {
PyErr_NoMemory();
python-2.5.1-binutils-no-dep.patch:
--- NEW FILE python-2.5.1-binutils-no-dep.patch ---
diff -rup Python-2.5.1-orig/Lib/ctypes/util.py Python-2.5.1/Lib/ctypes/util.py
--- Python-2.5.1-orig/Lib/ctypes/util.py 2007-01-17 14:53:24.000000000 -0500
+++ Python-2.5.1/Lib/ctypes/util.py 2007-10-24 11:06:12.000000000 -0400
@@ -71,9 +71,13 @@ elif os.name == "posix":
if not f:
return None
cmd = "objdump -p -j .dynamic 2>/dev/null " + f
- res = re.search(r'\sSONAME\s+([^\s]+)', os.popen(cmd).read())
+ try:
+ res = re.search(r'\sSONAME\s+([^\s]+)', os.popen(cmd).read())
+ except:
+ res = None
if not res:
- return None
+ return os.path.basename(f) # This is good for GLibc, I think, and a
+ # dep on binutils is big (for live CDs).
return res.group(1)
if (sys.platform.startswith("freebsd")
Only in Python-2.5.1/Lib/ctypes: util.py~
Only in Python-2.5.1/Lib/ctypes: util.py.binutils-no-dep
python-2.5.1-codec-ascii-tolower.patch:
--- NEW FILE python-2.5.1-codec-ascii-tolower.patch ---
diff -rup Python-2.5.1-orig/Python/codecs.c Python-2.5.1/Python/codecs.c
--- Python-2.5.1-orig/Python/codecs.c 2006-06-23 17:16:18.000000000 -0400
+++ Python-2.5.1/Python/codecs.c 2007-10-30 12:51:10.000000000 -0400
@@ -45,6 +45,11 @@ int PyCodec_Register(PyObject *search_fu
return -1;
}
+/* isupper() forced into the ASCII Locale */
+#define ascii_isupper(x) (((x) >= 0x41) && ((x) <= 0x5A))
+/* tolower() forced into the ASCII Locale */
+#define ascii_tolower(x) (ascii_isupper(x) ? ((x) + 0x20) : (x))
+
/* Convert a string to a normalized Python string: all characters are
converted to lower case, spaces are replaced with underscores. */
@@ -70,7 +75,7 @@ PyObject *normalizestring(const char *st
if (ch == ' ')
ch = '-';
else
- ch = tolower(Py_CHARMASK(ch));
+ ch = ascii_tolower(Py_CHARMASK(ch));
p[i] = ch;
}
return v;
Only in Python-2.5.1/Python: codecs.c~
python-2.5.1-pysqlite.patch:
--- NEW FILE python-2.5.1-pysqlite.patch ---
diff -up Python-2.5.1/Modules/_sqlite/cache.h.pysqlite Python-2.5.1/Modules/_sqlite/cache.h
--- Python-2.5.1/Modules/_sqlite/cache.h.pysqlite 2006-04-23 16:24:26.000000000 +0100
+++ Python-2.5.1/Modules/_sqlite/cache.h 2007-10-25 11:21:31.000000000 +0100
@@ -64,7 +64,7 @@ extern PyTypeObject CacheType;
int node_init(Node* self, PyObject* args, PyObject* kwargs);
void node_dealloc(Node* self);
-int cache_init(Cache* self, PyObject* args, PyObject* kwargs);
+int pysqlite_cache_init(Cache* self, PyObject* args, PyObject* kwargs);
void cache_dealloc(Cache* self);
PyObject* cache_get(Cache* self, PyObject* args);
diff -up Python-2.5.1/Modules/_sqlite/cache.c.pysqlite Python-2.5.1/Modules/_sqlite/cache.c
--- Python-2.5.1/Modules/_sqlite/cache.c.pysqlite 2006-04-23 16:24:26.000000000 +0100
+++ Python-2.5.1/Modules/_sqlite/cache.c 2007-10-25 11:22:10.000000000 +0100
@@ -54,7 +54,7 @@ void node_dealloc(Node* self)
self->ob_type->tp_free((PyObject*)self);
}
-int cache_init(Cache* self, PyObject* args, PyObject* kwargs)
+int pysqlite_cache_init(Cache* self, PyObject* args, PyObject* kwargs)
{
PyObject* factory;
int size = 10;
@@ -352,7 +352,7 @@ PyTypeObject CacheType = {
0, /* tp_descr_get */
0, /* tp_descr_set */
0, /* tp_dictoffset */
- (initproc)cache_init, /* tp_init */
+ (initproc)pysqlite_cache_init, /* tp_init */
0, /* tp_alloc */
0, /* tp_new */
0 /* tp_free */
python-2.5.CVE-2007-4965-int-overflow.patch:
--- NEW FILE python-2.5.CVE-2007-4965-int-overflow.patch ---
diff -ru Python-2.5-orig/Modules/imageop.c Python-2.5/Modules/imageop.c
--- Python-2.5-orig/Modules/imageop.c 2006-01-19 01:09:39.000000000 -0500
+++ Python-2.5/Modules/imageop.c 2007-10-19 01:11:33.000000000 -0400
@@ -78,7 +78,7 @@
char *cp, *ncp;
short *nsp;
Py_Int32 *nlp;
- int len, size, x, y, newx1, newx2, newy1, newy2;
+ int len, size, x, y, newx1, newx2, newy1, newy2, nlen;
int ix, iy, xstep, ystep;
PyObject *rv;
@@ -90,13 +90,19 @@
PyErr_SetString(ImageopError, "Size should be 1, 2 or 4");
return 0;
}
- if ( len != size*x*y ) {
+ if (( len != size*x*y ) ||
+ ( size != ((len / x) / y) )) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
}
xstep = (newx1 < newx2)? 1 : -1;
ystep = (newy1 < newy2)? 1 : -1;
+ nlen = (abs(newx2-newx1)+1)*(abs(newy2-newy1)+1)*size;
+ if ( size != ((nlen / (abs(newx2-newx1)+1)) / (abs(newy2-newy1)+1)) ) {
+ PyErr_SetString(ImageopError, "String has incorrect length");
+ return 0;
+ }
rv = PyString_FromStringAndSize(NULL,
(abs(newx2-newx1)+1)*(abs(newy2-newy1)+1)*size);
if ( rv == 0 )
@@ -132,7 +138,7 @@
char *cp, *ncp;
short *nsp;
Py_Int32 *nlp;
- int len, size, x, y, newx, newy;
+ int len, size, x, y, newx, newy, nlen;
int ix, iy;
int oix, oiy;
PyObject *rv;
@@ -145,12 +151,18 @@
PyErr_SetString(ImageopError, "Size should be 1, 2 or 4");
return 0;
}
- if ( len != size*x*y ) {
+ if ( ( len != size*x*y ) ||
+ ( size != ((len / x) / y) ) ) {
+ PyErr_SetString(ImageopError, "String has incorrect length");
+ return 0;
+ }
+ nlen = newx*newy*size;
+ if ( size != ((nlen / newx) / newy) ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
}
- rv = PyString_FromStringAndSize(NULL, newx*newy*size);
+ rv = PyString_FromStringAndSize(NULL, nlen);
if ( rv == 0 )
return 0;
ncp = (char *)PyString_AsString(rv);
@@ -190,7 +202,8 @@
PyErr_SetString(ImageopError, "Size should be 1 or 4");
return 0;
}
- if ( maxx*maxy*width != len ) {
+ if ( ( maxx*maxy*width != len ) ||
+ ( maxx != ((len / maxy) / width) ) ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
}
@@ -240,7 +253,8 @@
if ( !PyArg_ParseTuple(args, "s#iii", &cp, &len, &x, &y, &tres) )
return 0;
- if ( x*y != len ) {
+ if ( ( x*y != len ) ||
+ ( x != len / y ) ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
}
@@ -281,7 +295,8 @@
if ( !PyArg_ParseTuple(args, "s#ii", &cp, &len, &x, &y) )
return 0;
- if ( x*y != len ) {
+ if ( ( x*y != len ) ||
+ ( x != len / y ) ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
}
@@ -320,7 +335,8 @@
if ( !PyArg_ParseTuple(args, "s#ii", &cp, &len, &x, &y) )
return 0;
- if ( x*y != len ) {
+ if ( ( x*y != len ) ||
+ ( x != len / y ) ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
}
@@ -358,7 +374,8 @@
if ( !PyArg_ParseTuple(args, "s#ii", &cp, &len, &x, &y) )
return 0;
- if ( x*y != len ) {
+ if ( ( x*y != len ) ||
+ ( x != len / y ) ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
}
@@ -404,7 +421,8 @@
if ( !PyArg_ParseTuple(args, "s#ii", &cp, &len, &x, &y) )
return 0;
- if ( x*y != len ) {
+ if ( ( x*y != len ) ||
+ ( x != len / y ) ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
}
@@ -443,7 +461,11 @@
if ( !PyArg_ParseTuple(args, "s#iiii", &cp, &len, &x, &y, &v0, &v1) )
return 0;
- nlen = x*y;
+ nlen = x*y;
+ if ( x != (nlen / y) ) {
+ PyErr_SetString(ImageopError, "String has incorrect length");
+ return 0;
+ }
if ( (nlen+7)/8 != len ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
@@ -481,6 +503,10 @@
return 0;
nlen = x*y;
+ if ( x != (nlen / y) ) {
+ PyErr_SetString(ImageopError, "String has incorrect length");
+ return 0;
+ }
if ( (nlen+3)/4 != len ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
@@ -517,6 +543,10 @@
return 0;
nlen = x*y;
+ if ( x != (nlen / y) ) {
+ PyErr_SetString(ImageopError, "String has incorrect length");
+ return 0;
+ }
if ( (nlen+1)/2 != len ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
@@ -554,6 +584,10 @@
return 0;
nlen = x*y;
+ if ( x != (nlen / y) ) {
+ PyErr_SetString(ImageopError, "String has incorrect length");
+ return 0;
+ }
if ( nlen*4 != len ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
@@ -598,6 +632,10 @@
return 0;
nlen = x*y;
+ if ( x != (nlen / y) ) {
+ PyErr_SetString(ImageopError, "String has incorrect length");
+ return 0;
+ }
if ( nlen != len ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
@@ -648,6 +686,10 @@
return 0;
nlen = x*y;
+ if ( x != (nlen / y) ) {
+ PyErr_SetString(ImageopError, "String has incorrect length");
+ return 0;
+ }
if ( nlen*4 != len ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
@@ -693,6 +735,10 @@
return 0;
nlen = x*y;
+ if ( x != (nlen / y) ) {
+ PyErr_SetString(ImageopError, "String has incorrect length");
+ return 0;
+ }
if ( nlen != len ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
Only in Python-2.5/Modules: imageop.c~
Only in Python-2.5/Modules: imageop.c.cve2007-4965
diff -ru Python-2.5-orig/Modules/rgbimgmodule.c Python-2.5/Modules/rgbimgmodule.c
--- Python-2.5-orig/Modules/rgbimgmodule.c 2006-08-11 23:18:50.000000000 -0400
+++ Python-2.5/Modules/rgbimgmodule.c 2007-10-19 01:05:44.000000000 -0400
@@ -299,6 +299,11 @@
xsize = image.xsize;
ysize = image.ysize;
zsize = image.zsize;
+ tablen = xsize * ysize * zsize * sizeof(Py_Int32);
+ if (xsize != (((tablen / ysize) / zsize) / sizeof(Py_Int32))) {
+ PyErr_NoMemory();
+ goto finally;
+ }
if (rle) {
tablen = ysize * zsize * sizeof(Py_Int32);
starttab = (Py_Int32 *)malloc(tablen);
Only in Python-2.5/Modules: rgbimgmodule.c.cve2007-4965
Only in Python-2.5/Modules: _tkinter.c.tkinter
Index: python.spec
===================================================================
RCS file: /cvs/pkgs/rpms/python/devel/python.spec,v
retrieving revision 1.120
retrieving revision 1.121
diff -u -r1.120 -r1.121
--- python.spec 16 Oct 2007 17:01:47 -0000 1.120
+++ python.spec 30 Nov 2007 05:31:41 -0000 1.121
@@ -20,7 +20,7 @@
Summary: An interpreted, interactive, object-oriented programming language.
Name: %{python}
Version: 2.5.1
-Release: 12%{?dist}
+Release: 16%{?dist}
License: Python Software Foundation License v2
Group: Development/Languages
Provides: python-abi = %{pybasever}
@@ -36,6 +36,10 @@
Patch6: python-2.5.1-plural-fix.patch
Patch7: python-2.5.1-sqlite-encoding.patch
Patch8: python-2.5-xmlrpclib-marshal-objects.patch
+Patch9: python-2.5-tkinter.patch
+Patch10: python-2.5.1-binutils-no-dep.patch
+Patch11: python-2.5.1-codec-ascii-tolower.patch
+Patch12: python-2.5.1-pysqlite.patch
# upstreamed
@@ -49,6 +53,8 @@
Patch101: python-2.3.4-lib64-regex.patch
Patch102: python-2.5-lib64.patch
+Patch999: python-2.5.CVE-2007-4965-int-overflow.patch
+
%if %{main_python}
Obsoletes: Distutils
@@ -65,7 +71,7 @@
BuildRoot: %{_tmppath}/%{name}-%{version}-root
BuildPrereq: readline-devel, openssl-devel, gmp-devel
BuildPrereq: ncurses-devel, gdbm-devel, zlib-devel, expat-devel
-BuildPrereq: libGL-devel tk gcc-c++ libX11-devel glibc-devel
+BuildPrereq: libGL-devel tk tix gcc-c++ libX11-devel glibc-devel
BuildPrereq: bzip2 tar /usr/bin/find pkgconfig tcl-devel tk-devel
BuildPrereq: tix-devel bzip2-devel sqlite-devel
BuildPrereq: autoconf
@@ -94,6 +100,8 @@
Summary: The libraries for python runtime
Group: Applications/System
Requires: %{python} = %{version}-%{release}
+# Needed for ctypes, to load libraries, worked around for Live CDs size
+# Requires: binutils
%description libs
The python interpreter can be embedded into applications wanting to
@@ -176,11 +184,18 @@
%patch102 -p1 -b .lib64
%endif
+%patch9 -p1 -b .tkinter
+%patch10 -p1 -b .binutils-no-dep
+%patch11 -p1 -b .ascii-tolower
+%patch12 -p1 -b .pysqlite-2.3.3-minimal
+
%ifarch alpha ia64
# 64bit, but not lib64 arches need this too...
%patch101 -p1 -b .lib64-regex
%endif
+%patch999 -p1 -b .cve2007-4965
+
# This shouldn't be necesarry, but is right now (2.2a3)
find -name "*~" |xargs rm -f
@@ -228,7 +243,14 @@
done
# don't include tests that are run at build time in the package
+# This is documented, and used: rhbz#387401
+mkdir save_bits_of_test
+for i in test_support.py __init__.py; do
+ cp -a $RPM_BUILD_ROOT/%{_libdir}/python%{pybasever}/test/$i save_bits_of_test
+done
rm -rf $RPM_BUILD_ROOT/%{_libdir}/python%{pybasever}/test
+mkdir $RPM_BUILD_ROOT/%{_libdir}/python%{pybasever}/test
+cp -a save_bits_of_test/* $RPM_BUILD_ROOT/%{_libdir}/python%{pybasever}/test
%if %{main_python}
ln -s python $RPM_BUILD_ROOT%{_bindir}/python2
@@ -334,7 +356,7 @@
#elif __WORDSIZE == 64
#include "%{_pyconfig64_h}"
#else
-#error "Unkown word size"
+#error "Unknown word size"
#endif
EOF
ln -s ../../libpython%{pybasever}.so $RPM_BUILD_ROOT%{_libdir}/python%{pybasever}/config/libpython%{pybasever}.so
@@ -427,6 +449,29 @@
%{_libdir}/python%{pybasever}/lib-dynload/_tkinter.so
%changelog
+* Fri Nov 30 2007 James Antill <jantill at redhat.com> - 2.5.1-16
+- Fix pyconfig.h comment typo.
+- Add back test_support.py and the __init__.py file.
+- Resolves: rhbz#387401
+
+* Tue Oct 30 2007 James Antill <jantill at redhat.com> - 2.5.1-15
+- Do codec lowercase in C Locale.
+- Resolves: 207134 191096
+- Fix stupid namespacing in pysqlite, minimal upgrade to 2.3.3 pysqlite
+- Resolves: 263221
+
+* Wed Oct 24 2007 James Antill <jantill at redhat.com> - 2.5.1-14
+- Remove bintuils dep. for live CD ... add work around for ctypes
+
+* Mon Oct 22 2007 James Antill <jantill at redhat.com> - 2.5.1-13
+- Add tix buildprereq
+- Add tkinter patch
+- Resolves: #281751
+- Fix ctypes loading of libraries, add requires on binutils
+- Resolves: #307221
+- Possible fix for CVE-2007-4965 possible exploitable integer overflow
+- Resolves: #295971
+
* Tue Oct 16 2007 Mike Bonnet <mikeb at redhat.com> - 2.5.1-12
- fix marshalling of objects in xmlrpclib (python bug #1739842)
More information about the fedora-extras-commits
mailing list