non port: lang/python27/files/patch-CVE-2014-1912 |
Number of commits found: 2 |
Monday, 14 Jul 2014
|
07:20 koobs
lang/python27: Update to 2.7.8
The FreeBSD Python team welcomes Python 2.7.8 to the Ports tree!
Announcement: https://www.python.org/download/releases/2.7.8/
Changelog: http://hg.python.org/cpython/raw-file/v2.7.8/Misc/NEWS
- Update to 2.7.8, update pkg-plist
- OPTIONS: Reorder and sort alphabetically
- OPTIONS: Make POSIX SEM(aphores) a DEFAULT (Hi binary package users!)
- OPTIONS: Add better descriptions for UCS2 and UCS4
- OPTIONS: Use options helpers
- Remove patch-CVE-2014-1912: upstream, was backported
- Remove patch-issue20374: upstream, was backported
- Rename patch-Doc__library__fcntl.rst: underscore convention
- Rename patch-Modules__fcntlmodule.c: underscore convention
- Patch: setup.py: Remove ncurses overrides and return to upstream code
- Patch: setup.py: Add partial backport for ossaudio OS checks
- pkg-message: Remove warning for POSIX Semaphores. They are now in
GENERIC for FreeBSD 8.x 9.x, 10.x and tested well upstream
- pkg-message: No longer needs substitutions, remove .in suffix and
SUB_FILES
- Rework and simplify the platformX mechanism, update pkg-plist
accordingly
- Add regression-test target
- Deprecate NOPORTDATA, remove pkg-plist entries with %%PORTDATA%%
- Replace bsd.{pre,post}.mk with bsd.port.options.mk
Based on original patch submitted by wen@ and worked on by lwhsu@,
thank you!
PR: 191405
PR: 178301
PR: 171246
Phabric: D364
Reviewed by: antoine, bapt, mat, mva, wg
|
Saturday, 1 Mar 2014
|
10:52 koobs
lang/python*: Backport security fix for CVE-2014-1912
A vulnerability was reported [1] in Python's socket module, due to a
boundary error within the sock_recvfrom_into() function, which could be
exploited to cause a buffer overflow.
This could be used to crash a Python application that uses the
socket.recvfrom_info() function or, possibly, execute arbitrary code
with the permissions of the user running vulnerable Python code.
This vulnerable function, socket.recvfrom_into(), was introduced in
Python 2.5. Earlier versions are not affected by this flaw. This is
fixed in upstream branches for version 2.7, 3.1, 3.2 and 3.3.
[1] http://bugs.python.org/issue20246
MFH: 2014Q1
Security: 8e5e6d42-a0fa-11e3-b09a-080027f2d077
|
Number of commits found: 2 |