A vulnerability was reported [1] in Python's socket module, due to a
boundary error within the sock_recvfrom_into() function, which could be
exploited to cause a buffer overflow.
This could be used to crash a Python application that uses the
socket.recvfrom_info() function or, possibly, execute arbitrary code
with the permissions of the user running vulnerable Python code.
This vulnerable function, socket.recvfrom_into(), was introduced in
Python 2.5. Earlier versions are not affected by this flaw. This is
fixed in upstream branches for version 2.7, 3.1, 3.2 and 3.3.
[1] http://bugs.python.org/issue20246
MFH: 2014Q1
Security: 8e5e6d42-a0fa-11e3-b09a-080027f2d077
- Backport Python issue #8168 [1]:
python3 py_compile does not ignore UTF-8 BOM characters
This causes installation (during bytecode compilation) errors for Python
ports with sources that contain BOM characters [2]
The issue was fixed [3] in the default branch at the time (3.2) but was
not backported to 3.1.
Since Python 3.1 is now in security-fix-only mode (no new features or bug
fixes), backporting is required.
[1] http://bugs.python.org/issue8168
[2] http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/186034
[3] http://hg.python.org/cpython/rev/e15a8a476494/
PR: ports/186034
Reported by: Mark Andrews <marka at isc dot org>
The current FreeBSD/ARM __clear_cache() implementation does nothing #if
__i386__ || __x86_64__ #else abort();
cognet@ advises this is an issue for anything !Apple that is using the
libcompiler_rt provided by Clang on ARM, and requires upstreaming.
This is the root cause of abort() on import for the ctypes module in
Python, as they bundle libffi. [1]
This change patches the bundled libffi library in all Python ports, even
though it is a NOOP for the ports that use devel/libffi. These ports,
currently python31, will get the fix via ports/184517
A huge shout out to cognet@ who helped diagnose the issue and created
the patch to address it. Thank you!
PR: ports/149167 [1]
PR: ports/184517
Submitted by: cognet [3]
Reviewed by: cognet, eadler, milki, ak
- Add the appropriate Python platform (plat-*) files for FreeBSD 11
- Update pkg-plist
Backport a upstream change [1] removing OS major version from the check
to enable the OSS Audio module in setup.py:
Issue #12326: don't test the major version of sys.platform Use
startswith, instead of ==, when testing sys.platform to support
new platforms like Linux 3 or OpenBSD 5. [2]
[1] http://hg.python.org/cpython/rev/50f1922bc1d5
[2] http://bugs.python.org/issue12326
Backport a change fixing use of kevent flags that was merged to Python
default, 3.3 and 2.7 branches, but not 3.2 and 3.1 that were in
security-only mode at the time of commit. [1]
- Add patch: patch-Modules__selectmodule.c
Based on patch by: David Naylor <naylor.b.david@gmail.com>
Unconditionally use libffi from ports because the Python 3.1 branch was
closed for maintenance when the import of libffi 3.0.13 took place. This
fixes _ctypes module build failure on i386. [2]
- Add global CONFIGURE_ARGS and LIB_DEPENDS
References:
[1] Issue #11973: Fix a problem in kevent. The flags and fflags fields
are now properly handled as unsigned. [#11973]
http://bugs.python.org/issue11973http://hg.python.org/cpython/rev/8345fb616cbd
[2] Fixes Issue #17192: Update the ctypes module's libffi to v3.0.13.
This specifically addresses a stack misalignment issue on x86 and
issues on some more recent platforms. [#17192]
http://bugs.python.org/issue17192http://hg.python.org/cpython/rev/a94b3b4599f1http://hg.python.org/cpython/rev/688bc0b44d96
While I'm here:
- Add LICENSE (PSFL)
- Clean up & whitespace alignment
PR: ports/156759 [1]
Reviewed by: mva
- Temporarily override OPT:Olimit using CONFIGURE_ENV (ports/182952) [1]
- QA: Clean up and group related USE_*, WRKSRC and CONFIGURE entries
- QA: Whitespace alignment
- QA: Clarify DEPRECATED message
[1] Python removed OPT:Olimit in 3.2+, requested backport or
alternative upstream patch: http://bugs.python.org/issue877121
PR: ports/182952
Submitted by: pawel
Reviewed by: antoine
and lang/python2 and lang/python3. This change brings us closer to the goal
of making Python ports usable with different Python versions at the same
time.
- Add a new lang/python2 port to handle the symlinks for bin/python2,
bin/idle2, bin/pydoc2 and so on.
- Add a new lang/python3 port to handle the symlinks for bin/python3,
bin/idle3, bin/pydoc3 and so on.
- Bump the PORTREVISION on all lang/python* ports.
. lang/python27: 2.7.3 -> 2.7.5
. lang/python32: 3.2.3 -> 3.2.4
. lang/python33: 3.3.0 -> 3.3.1
- update Mk/bsd.python.mk with new versions
- mark lang/python26 and lang/python31 as deprecated (set them to
upstream EoL dates)
- update docs (lang/python-doc-html)
- align databases/py-bsddb patch for python27 - most of it was applied
upstream. Raise BDB version to 4.3 atleast, according to
upstream requirements.
Many thanks to Martin (miwi) for his time on this update.
PR: 178506
Submitted by: rm (myself)
Exp-run by: portmgr (miwi)
- revert erroneous threads patch in lang/python26 and lang/python27,
that was added after ports/131080. It was rejected upstream, because it's
not actually a bug, but misuse.
Gabor Pali (pgj) in collaboration with Kubilay Kocak (koobs) did an
independent investigation regard the issue. See here for details:
http://lists.freebsd.org/pipermail/freebsd-python/2013-April/005376.html
PR: 153167
Submitted by: Duncan Findlay <duncan@duncf.ca>
Reported by: pgj/koobs (at python@ ML)
Exp-run by: portmgr (miwi)
for an exp-run of updated python versions.
- trim Makefile headers
- remove leading indefinite article from COMMENT
- use PYTHON shortcut in MASTER_SITES
- whitespace fixes
- remove checks for unsupported versions of FreeBSD
- use static value ``33'' instead of PYTHON_SUFFIX in lang/python33/pkg-plist,
because this value is not supposed to be changed across the branch and for
consistency with other python3 ports
- remove conflicts in lang/python-mode.el with not more existing python-2.4
${PYTHON_DEFAULT_VERSION}, this generates conflicting packages.
- Create symbolic links as PEP 394 [1] suggests. ${PYTHON_DEFAULT_VERSION}
will create python and python${MAJOR_VERSION} links. In current default,
lang/python27 will create: python -> python2 -> python2.7
- Introduce ${PYTHON3_DEFAULT_VERSION}, which will handle bin/python3 link.
At this point, lang/python33 will create python3 -> python3.3
- Minor cleanups
* Trim Makefile headers
* Remove ${OSVERSION} detection for xz, whihc is done by USE_XZ
[1] http://www.python.org/dev/peps/pep-0394/
(PYTHON_DISTFILE variable)
- switch lang/python ports (and it's slaves) to tar.xz
I compared all the four pairs .tgz/.tar.xz and they have no content differences.
Discussed on: python@
Although POSIX says the type is 'int', all BSD variants (including Mac OS X)
have been using 'unsigned long' type for very long time and its use predates
the standard long enough. For certain commands (e.g., TIOCSWINSZ, FIONBIO),
the Python value may get sign-extended on 64-bit platforms (by implicit type
promotion) and it causes annoying warnings from kernel such as this:
WARNING pid 24509 (python2.6): ioctl sign-extension ioctl ffffffff8004667e
Approved by: python (maintainer timeout)
