rpms/python/F-7 python-2.5-tkinter.patch, NONE, 1.1 python-2.5.CVE-2007-4965-int-overflow.patch, NONE, 1.1 python.spec, 1.107, 1.108
James Antill (james)
fedora-extras-commits at redhat.com
Fri Oct 19 13:39:11 UTC 2007
- Previous message (by thread): rpms/libraw1394/devel .cvsignore, 1.8, 1.9 libraw1394-juju.patch, 1.6, 1.7 libraw1394.spec, 1.35, 1.36 sources, 1.9, 1.10 libraw1394-underquoted.patch, 1.1, NONE
- Next message (by thread): rpms/net-snmp/F-7 net-snmp.spec,1.117,1.118
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: james
Update of /cvs/pkgs/rpms/python/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1266
Modified Files:
python.spec
Added Files:
python-2.5-tkinter.patch
python-2.5.CVE-2007-4965-int-overflow.patch
Log Message:
* Fri Oct 19 2007 James Antill <jantill at redhat.com> - 2.5.3-14
- Add tkinter patch
- Resolves: #281751
- Fix ctypes loading of libraries, add requires on binutils
- Resolves: #307221
- Possible fix for CVE-2007-4965 possible exploitable integer overflow
- Resolves: #295971
python-2.5-tkinter.patch:
--- NEW FILE python-2.5-tkinter.patch ---
--- Python-2.5-orig/Modules/_tkinter.c 2006-08-11 22:33:36.000000000 -0400
+++ Python-2.5/Modules/_tkinter.c 2007-10-19 01:04:42.000000000 -0400
@@ -938,7 +938,7 @@
#if defined(Py_UNICODE_WIDE) && TCL_UTF_MAX == 3
Tcl_UniChar *outbuf;
Py_ssize_t i;
- assert(size < size * sizeof(Tcl_UniChar));
+ assert(size == 0 || size < size * sizeof(Tcl_UniChar));
outbuf = (Tcl_UniChar*)ckalloc(size * sizeof(Tcl_UniChar));
if (!outbuf) {
PyErr_NoMemory();
python-2.5.CVE-2007-4965-int-overflow.patch:
--- NEW FILE python-2.5.CVE-2007-4965-int-overflow.patch ---
diff -ru Python-2.5-orig/Modules/imageop.c Python-2.5/Modules/imageop.c
--- Python-2.5-orig/Modules/imageop.c 2006-01-19 01:09:39.000000000 -0500
+++ Python-2.5/Modules/imageop.c 2007-10-19 01:11:33.000000000 -0400
@@ -78,7 +78,7 @@
char *cp, *ncp;
short *nsp;
Py_Int32 *nlp;
- int len, size, x, y, newx1, newx2, newy1, newy2;
+ int len, size, x, y, newx1, newx2, newy1, newy2, nlen;
int ix, iy, xstep, ystep;
PyObject *rv;
@@ -90,13 +90,19 @@
PyErr_SetString(ImageopError, "Size should be 1, 2 or 4");
return 0;
}
- if ( len != size*x*y ) {
+ if (( len != size*x*y ) ||
+ ( size != ((len / x) / y) )) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
}
xstep = (newx1 < newx2)? 1 : -1;
ystep = (newy1 < newy2)? 1 : -1;
+ nlen = (abs(newx2-newx1)+1)*(abs(newy2-newy1)+1)*size;
+ if ( size != ((nlen / (abs(newx2-newx1)+1)) / (abs(newy2-newy1)+1)) ) {
+ PyErr_SetString(ImageopError, "String has incorrect length");
+ return 0;
+ }
rv = PyString_FromStringAndSize(NULL,
(abs(newx2-newx1)+1)*(abs(newy2-newy1)+1)*size);
if ( rv == 0 )
@@ -132,7 +138,7 @@
char *cp, *ncp;
short *nsp;
Py_Int32 *nlp;
- int len, size, x, y, newx, newy;
+ int len, size, x, y, newx, newy, nlen;
int ix, iy;
int oix, oiy;
PyObject *rv;
@@ -145,12 +151,18 @@
PyErr_SetString(ImageopError, "Size should be 1, 2 or 4");
return 0;
}
- if ( len != size*x*y ) {
+ if ( ( len != size*x*y ) ||
+ ( size != ((len / x) / y) ) ) {
+ PyErr_SetString(ImageopError, "String has incorrect length");
+ return 0;
+ }
+ nlen = newx*newy*size;
+ if ( size != ((nlen / newx) / newy) ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
}
- rv = PyString_FromStringAndSize(NULL, newx*newy*size);
+ rv = PyString_FromStringAndSize(NULL, nlen);
if ( rv == 0 )
return 0;
ncp = (char *)PyString_AsString(rv);
@@ -190,7 +202,8 @@
PyErr_SetString(ImageopError, "Size should be 1 or 4");
return 0;
}
- if ( maxx*maxy*width != len ) {
+ if ( ( maxx*maxy*width != len ) ||
+ ( maxx != ((len / maxy) / width) ) ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
}
@@ -240,7 +253,8 @@
if ( !PyArg_ParseTuple(args, "s#iii", &cp, &len, &x, &y, &tres) )
return 0;
- if ( x*y != len ) {
+ if ( ( x*y != len ) ||
+ ( x != len / y ) ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
}
@@ -281,7 +295,8 @@
if ( !PyArg_ParseTuple(args, "s#ii", &cp, &len, &x, &y) )
return 0;
- if ( x*y != len ) {
+ if ( ( x*y != len ) ||
+ ( x != len / y ) ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
}
@@ -320,7 +335,8 @@
if ( !PyArg_ParseTuple(args, "s#ii", &cp, &len, &x, &y) )
return 0;
- if ( x*y != len ) {
+ if ( ( x*y != len ) ||
+ ( x != len / y ) ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
}
@@ -358,7 +374,8 @@
if ( !PyArg_ParseTuple(args, "s#ii", &cp, &len, &x, &y) )
return 0;
- if ( x*y != len ) {
+ if ( ( x*y != len ) ||
+ ( x != len / y ) ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
}
@@ -404,7 +421,8 @@
if ( !PyArg_ParseTuple(args, "s#ii", &cp, &len, &x, &y) )
return 0;
- if ( x*y != len ) {
+ if ( ( x*y != len ) ||
+ ( x != len / y ) ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
}
@@ -443,7 +461,11 @@
if ( !PyArg_ParseTuple(args, "s#iiii", &cp, &len, &x, &y, &v0, &v1) )
return 0;
- nlen = x*y;
+ nlen = x*y;
+ if ( x != (nlen / y) ) {
+ PyErr_SetString(ImageopError, "String has incorrect length");
+ return 0;
+ }
if ( (nlen+7)/8 != len ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
@@ -481,6 +503,10 @@
return 0;
nlen = x*y;
+ if ( x != (nlen / y) ) {
+ PyErr_SetString(ImageopError, "String has incorrect length");
+ return 0;
+ }
if ( (nlen+3)/4 != len ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
@@ -517,6 +543,10 @@
return 0;
nlen = x*y;
+ if ( x != (nlen / y) ) {
+ PyErr_SetString(ImageopError, "String has incorrect length");
+ return 0;
+ }
if ( (nlen+1)/2 != len ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
@@ -554,6 +584,10 @@
return 0;
nlen = x*y;
+ if ( x != (nlen / y) ) {
+ PyErr_SetString(ImageopError, "String has incorrect length");
+ return 0;
+ }
if ( nlen*4 != len ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
@@ -598,6 +632,10 @@
return 0;
nlen = x*y;
+ if ( x != (nlen / y) ) {
+ PyErr_SetString(ImageopError, "String has incorrect length");
+ return 0;
+ }
if ( nlen != len ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
@@ -648,6 +686,10 @@
return 0;
nlen = x*y;
+ if ( x != (nlen / y) ) {
+ PyErr_SetString(ImageopError, "String has incorrect length");
+ return 0;
+ }
if ( nlen*4 != len ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
@@ -693,6 +735,10 @@
return 0;
nlen = x*y;
+ if ( x != (nlen / y) ) {
+ PyErr_SetString(ImageopError, "String has incorrect length");
+ return 0;
+ }
if ( nlen != len ) {
PyErr_SetString(ImageopError, "String has incorrect length");
return 0;
Only in Python-2.5/Modules: imageop.c~
Only in Python-2.5/Modules: imageop.c.cve2007-4965
diff -ru Python-2.5-orig/Modules/rgbimgmodule.c Python-2.5/Modules/rgbimgmodule.c
--- Python-2.5-orig/Modules/rgbimgmodule.c 2006-08-11 23:18:50.000000000 -0400
+++ Python-2.5/Modules/rgbimgmodule.c 2007-10-19 01:05:44.000000000 -0400
@@ -299,6 +299,11 @@
xsize = image.xsize;
ysize = image.ysize;
zsize = image.zsize;
+ tablen = xsize * ysize * zsize * sizeof(Py_Int32);
+ if (xsize != (((tablen / ysize) / zsize) / sizeof(Py_Int32))) {
+ PyErr_NoMemory();
+ goto finally;
+ }
if (rle) {
tablen = ysize * zsize * sizeof(Py_Int32);
starttab = (Py_Int32 *)malloc(tablen);
Only in Python-2.5/Modules: rgbimgmodule.c.cve2007-4965
Only in Python-2.5/Modules: _tkinter.c.tkinter
Index: python.spec
===================================================================
RCS file: /cvs/pkgs/rpms/python/F-7/python.spec,v
retrieving revision 1.107
retrieving revision 1.108
diff -u -r1.107 -r1.108
--- python.spec 18 Oct 2007 14:42:34 -0000 1.107
+++ python.spec 19 Oct 2007 13:38:38 -0000 1.108
@@ -21,7 +21,7 @@
Name: %{python}
#Version: %{pybasever}.3
Version: 2.5
-Release: 13%{?dist}
+Release: 14%{?dist}
License: Python Software Foundation License v2
Group: Development/Languages
Provides: python-abi = %{pybasever}
@@ -37,6 +37,7 @@
Patch6: python-db45.patch
Patch7: python-ctypes-execstack.patch
Patch8: python-2.5-xmlrpclib-marshal-objects.patch
+Patch9: python-2.5-tkinter.patch
# upstreamed
Patch25: python-syslog-fail-noatexittb.patch
@@ -49,6 +50,8 @@
Patch101: python-2.3.4-lib64-regex.patch
Patch102: python-2.5-lib64.patch
+Patch999: python-2.5.CVE-2007-4965-int-overflow.patch
+
%if %{main_python}
Obsoletes: Distutils
Provides: Distutils
@@ -93,6 +96,8 @@
Summary: The libraries for python runtime
Group: Applications/System
Requires: %{python} = %{version}-%{release}
+# Needed for ctypes, to load libraries
+Requires: binutils
%description libs
The python interpreter can be embedded into applications wanting to
@@ -176,11 +181,15 @@
%patch102 -p1 -b .lib64
%endif
+%patch9 -p1 -b .tkinter
+
%ifarch alpha ia64
# 64bit, but not lib64 arches need this too...
%patch101 -p1 -b .lib64-regex
%endif
+%patch999 -p1 -b .cve2007-4965
+
# This shouldn't be necesarry, but is right now (2.2a3)
find -name "*~" |xargs rm -f
@@ -423,6 +432,14 @@
%{_libdir}/python%{pybasever}/lib-dynload/_tkinter.so
%changelog
+* Fri Oct 19 2007 James Antill <jantill at redhat.com> - 2.5.3-14
+- Add tkinter patch
+- Resolves: #281751
+- Fix ctypes loading of libraries, add requires on binutils
+- Resolves: #307221
+- Possible fix for CVE-2007-4965 possible exploitable integer overflow
+- Resolves: #295971
+
* Tue Oct 18 2007 Mike Bonnet <mikeb at redhat.com> - 2.5.3-13
- fix marshalling of objects in xmlrpclib (python bug #1739842)
- Previous message (by thread): rpms/libraw1394/devel .cvsignore, 1.8, 1.9 libraw1394-juju.patch, 1.6, 1.7 libraw1394.spec, 1.35, 1.36 sources, 1.9, 1.10 libraw1394-underquoted.patch, 1.1, NONE
- Next message (by thread): rpms/net-snmp/F-7 net-snmp.spec,1.117,1.118
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list