date:20100629

The patch of security fix of CVE-2010-2089 to lang/python26

2010-06-29 Thread wen heping

Hi,

   Here is a patch to fix the audioop security issue, which document
as CVE-2010-2089.
More detail please visit:
   http://bugs.python.org/issue7673

   Would you have  a test of it ?
   Thanks.


wen
diff -urN python26.orig/Makefile python26/Makefile
--- python26.orig/Makefile  2010-06-29 16:51:39.0 +0800
+++ python26/Makefile   2010-06-29 16:50:06.0 +0800
@@ -6,6 +6,7 @@
 
 PORTNAME=  python26
 PORTVERSION=   2.6.5
+PORTREVISION=  1
 CATEGORIES=lang python ipv6
 MASTER_SITES=  ${PYTHON_MASTER_SITES}
 MASTER_SITE_SUBDIR=${PYTHON_MASTER_SITE_SUBDIR}
diff -urN python26.orig/files/patch-Modules-audioop.c 
python26/files/patch-Modules-audioop.c
--- python26.orig/files/patch-Modules-audioop.c 1970-01-01 08:00:00.0 
+0800
+++ python26/files/patch-Modules-audioop.c  2010-06-29 16:40:45.0 
+0800
@@ -0,0 +1,319 @@
+--- Modules/audioop.c.orig 2008-07-08 01:02:59.0 +0800
 Modules/audioop.c  2010-06-29 16:40:23.0 +0800
+@@ -295,6 +295,29 @@
+ 
+ static PyObject *AudioopError;
+ 
++static int
++audioop_check_size(int size)
++{
++if ( size != 1 && size != 2 && size != 4 ) {
++PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
++return 0;
++} else {
++return 1;
++}
++}
++
++static int
++audioop_check_parameters(int len, int size)
++{
++if (!audioop_check_size(size))
++return 0;
++if ( len % size != 0 ) {
++PyErr_SetString(AudioopError, "not a whole number of frames");
++return 0;
++}
++return 1;
++}
++
+ static PyObject *
+ audioop_getsample(PyObject *self, PyObject *args)
+ {
+@@ -304,10 +327,8 @@
+ 
+ if ( !PyArg_ParseTuple(args, "s#ii:getsample", &cp, &len, &size, &i) )
+ return 0;
+-if ( size != 1 && size != 2 && size != 4 ) {
+-PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
+-return 0;
+-}
++if (!audioop_check_parameters(len, size))
++return NULL;
+ if ( i < 0 || i >= len/size ) {
+ PyErr_SetString(AudioopError, "Index out of range");
+ return 0;
+@@ -328,10 +349,8 @@
+ 
+ if ( !PyArg_ParseTuple(args, "s#i:max", &cp, &len, &size) )
+ return 0;
+-if ( size != 1 && size != 2 && size != 4 ) {
+-PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
+-return 0;
+-}
++if (!audioop_check_parameters(len, size))
++return NULL;
+ for ( i=0; i 0,1 */
+ for ( i=0; i= 1");
+ return NULL;
+@@ -1269,11 +1277,8 @@
+ if ( !PyArg_ParseTuple(args, "s#i:lin2ulaw",
+&cp, &len, &size) )
+ return 0 ;
+-
+-if ( size != 1 && size != 2 && size != 4) {
+-PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
+-return 0;
+-}
++if (!audioop_check_parameters(len, size))
++return NULL;
+ 
+ rv = PyString_FromStringAndSize(NULL, len/size);
+ if ( rv == 0 )
+@@ -1303,11 +1308,8 @@
+ if ( !PyArg_ParseTuple(args, "s#i:ulaw2lin",
+&cp, &len, &size) )
+ return 0;
+-
+-if ( size != 1 && size != 2 && size != 4) {
+-PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
+-return 0;
+-}
++if (!audioop_check_size(size))
++return NULL;
+ 
+ new_len = len*size;
+ if (new_len < 0) {
+@@ -1343,11 +1345,8 @@
+ if ( !PyArg_ParseTuple(args, "s#i:lin2alaw",
+&cp, &len, &size) )
+ return 0;
+-
+-if ( size != 1 && size != 2 && size != 4) {
+-PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
+-return 0;
+-}
++if (!audioop_check_parameters(len, size))
++return NULL;
+ 
+ rv = PyString_FromStringAndSize(NULL, len/size);
+ if ( rv == 0 )
+@@ -1377,11 +1376,8 @@
+ if ( !PyArg_ParseTuple(args, "s#i:alaw2lin",
+&cp, &len, &size) )
+ return 0;
+-
+-if ( size != 1 && size != 2 && size != 4) {
+-PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
+-return 0;
+-}
++if (!audioop_check_size(size))
++return NULL;
+ 
+ new_len = len*size;
+ if (new_len < 0) {
+@@ -1418,12 +1414,8 @@
+ if ( !PyArg_ParseTuple(args, "s#iO:lin2adpcm",
+&cp, &len, &size, &state) )
+ return 0;
+-
+-
+-if ( size != 1 && size != 2 && size != 4) {
+-PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");

Re: FreeBSD 8.1-PRERELEASE: WARNING ioctl sign-extension ioctl ffffffff8004667e

2010-06-29 Thread Mario Sergio Fujikawa Ferreira

Quoting Jung-uk Kim :

> On Monday 28 June 2010 02:01 pm, Jung-uk Kim wrote:
>> Please drop the attached patch in ports/devel/boost-libs/files,
>> rebuild all dependencies, and try your deluge ports again[1].
>
> Please ignore the previous patch and try this one.  Sorry, there was a
> typo. :-(

  I updated boost-libs with your patch which fixed the  issue. I no longer have 
the ioctl warning. :) 

  1) I rebuilt the libtorrent-rasterbar-14 then libtorrent-rasterbar-14-python. 

  2) Tried deluge, there were warnings still. 

  3) Then, rebuilt deluge. 

  4) Tried deluge, warnings were gone. 

  I still have the lang/python26 patches you sent earlier. So I have both the 
python and boost-libs patches on my system. 

  Do you want to me to do any further testing? 

  Regards, 

-- 
Mario S F Ferreira - DF - Brazil - "I guess this is a signature."
feature, n: a documented bug | bug, n: an undocumented feature
___
freebsd-python@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-python
To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"

Re: FreeBSD 8.1-PRERELEASE: WARNING ioctl sign-extension ioctl ffffffff8004667e

2010-06-29 Thread Jung-uk Kim

On Tuesday 29 June 2010 12:46 pm, Mario Sergio Fujikawa Ferreira 
wrote:
> Quoting Jung-uk Kim :
> > On Monday 28 June 2010 02:01 pm, Jung-uk Kim wrote:
> >> Please drop the attached patch in ports/devel/boost-libs/files,
> >> rebuild all dependencies, and try your deluge ports again[1].
> >
> > Please ignore the previous patch and try this one.  Sorry, there
> > was a typo. :-(
>
>   I updated boost-libs with your patch which fixed the  issue. I no
> longer have the ioctl warning. :)
>
>   1) I rebuilt the libtorrent-rasterbar-14 then
> libtorrent-rasterbar-14-python.
>
>   2) Tried deluge, there were warnings still.
>
>   3) Then, rebuilt deluge.
>
>   4) Tried deluge, warnings were gone.
>
>   I still have the lang/python26 patches you sent earlier. So I
> have both the python and boost-libs patches on my system.
>
>   Do you want to me to do any further testing?

No, that should be good enough.

Thanks for testing my patches!

Jung-uk Kim
___
freebsd-python@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-python
To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"

The patch of security fix of CVE-2010-2089 to lang/python26

Re: FreeBSD 8.1-PRERELEASE: WARNING ioctl sign-extension ioctl ffffffff8004667e

Re: FreeBSD 8.1-PRERELEASE: WARNING ioctl sign-extension ioctl ffffffff8004667e

3 matches

Site Navigation

Mail list logo

Footer information