- ensure that the compiler is invoked with "-fwrapv" (rhbz#594819)

- reformat whitespace in audioop.c (patch 106) - CVE-2010-1634: fix various integer overflow checks in the audioop module (patch 107) - CVE-2010-2089: further checks within the audioop module (patch 108) - CVE-2008-5983: the new PySys_SetArgvEx entry point from r81399 (patch 109)
2010-06-04 19:56:30 +00:00 · 2010-06-04 19:56:30 +00:00 · 5c9590b543
commit 5c9590b543
parent 66cf571b61
5 changed files with 3400 additions and 4 deletions
--- a/python-3.1.2-CVE-2008-5983.patch
+++ b/python-3.1.2-CVE-2008-5983.patch
@ -0,0 +1,120 @@
+diff -up Python-3.1.2/Doc/c-api/init.rst.CVE-2008-5983 Python-3.1.2/Doc/c-api/init.rst
+--- Python-3.1.2/Doc/c-api/init.rst.CVE-2008-5983	2010-01-09 13:48:46.000000000 -0500
+++ Python-3.1.2/Doc/c-api/init.rst	2010-06-04 15:19:26.724089244 -0400
+@@ -22,6 +22,7 @@ Initialization, Finalization, and Thread
+       module: sys
+       triple: module; search; path
+       single: PySys_SetArgv()
+      single: PySys_SetArgvEx()
+       single: Py_Finalize()
+ 
+    Initialize the Python interpreter.  In an application embedding  Python, this
+@@ -31,7 +32,7 @@ Initialization, Finalization, and Thread
+    the table of loaded modules (``sys.modules``), and creates the fundamental
+    modules :mod:`builtins`, :mod:`__main__` and :mod:`sys`.  It also initializes
+    the module search path (``sys.path``). It does not set ``sys.argv``; use
+-   :cfunc:`PySys_SetArgv` for that.  This is a no-op when called for a second time
+   :cfunc:`PySys_SetArgvEx` for that.  This is a no-op when called for a second time
+    (without calling :cfunc:`Py_Finalize` first).  There is no return value; it is a
+    fatal error if the initialization fails.
+ 
+@@ -344,7 +345,7 @@ Initialization, Finalization, and Thread
+    ``sys.version``.
+ 
+ 
+-.. cfunction:: void PySys_SetArgv(int argc, wchar_t **argv)
+.. cfunction:: void PySys_SetArgvEx(int argc, wchar_t **argv, int updatepath)
+ 
+    .. index::
+       single: main()
+@@ -359,14 +360,41 @@ Initialization, Finalization, and Thread
+    string.  If this function fails to initialize :data:`sys.argv`, a fatal
+    condition is signalled using :cfunc:`Py_FatalError`.
+ 
+-   This function also prepends the executed script's path to :data:`sys.path`.
+-   If no script is executed (in the case of calling ``python -c`` or just the
+-   interactive interpreter), the empty string is used instead.
+   If *updatepath* is zero, this is all the function does.  If *updatepath*
+   is non-zero, the function also modifies :data:`sys.path` according to the
+   following algorithm:
+
+   - If the name of an existing script is passed in ``argv[0]``, the absolute
+     path of the directory where the script is located is prepended to
+     :data:`sys.path`.
+   - Otherwise (that is, if *argc* is 0 or ``argv[0]`` doesn't point
+     to an existing file name), an empty string is prepended to
+     :data:`sys.path`, which is the same as prepending the current working
+     directory (``"."``).
+
+   .. note::
+      It is recommended that applications embedding the Python interpreter
+      for purposes other than executing a single script pass 0 as *updatepath*,
+      and update :data:`sys.path` themselves if desired.
+      See `CVE-2008-5983 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5983>`_.
+
+      On versions before 3.1.3, you can achieve the same effect by manually
+      popping the first :data:`sys.path` element after having called
+      :cfunc:`PySys_SetArgv`, for example using::
+
+         PyRun_SimpleString("import sys; sys.path.pop(0)\n");
+
+   .. versionadded:: 3.1.3
+ 
+    .. XXX impl. doesn't seem consistent in allowing 0/NULL for the params;
+       check w/ Guido.
+ 
+ 
+.. cfunction:: void PySys_SetArgv(int argc, wchar_t **argv)
+
+   This function works like :cfunc:`PySys_SetArgv` with *updatepath* set to 1.
+
+
+ .. cfunction:: void Py_SetPythonHome(wchar_t *home)
+ 
+    Set the default "home" directory, that is, the location of the standard
+diff -up Python-3.1.2/Include/sysmodule.h.CVE-2008-5983 Python-3.1.2/Include/sysmodule.h
+--- Python-3.1.2/Include/sysmodule.h.CVE-2008-5983	2008-04-13 09:53:33.000000000 -0400
+++ Python-3.1.2/Include/sysmodule.h	2010-06-04 15:19:26.721088968 -0400
+@@ -10,6 +10,7 @@ extern "C" {
+ PyAPI_FUNC(PyObject *) PySys_GetObject(const char *);
+ PyAPI_FUNC(int) PySys_SetObject(const char *, PyObject *);
+ PyAPI_FUNC(void) PySys_SetArgv(int, wchar_t **);
+PyAPI_FUNC(void) PySys_SetArgvEx(int, wchar_t **, int);
+ PyAPI_FUNC(void) PySys_SetPath(const wchar_t *);
+ 
+ PyAPI_FUNC(void) PySys_WriteStdout(const char *format, ...)
+diff -up Python-3.1.2/Misc/NEWS.CVE-2008-5983 Python-3.1.2/Misc/NEWS
+diff -up Python-3.1.2/Python/sysmodule.c.CVE-2008-5983 Python-3.1.2/Python/sysmodule.c
+--- Python-3.1.2/Python/sysmodule.c.CVE-2008-5983	2010-06-04 15:19:26.000000000 -0400
+++ Python-3.1.2/Python/sysmodule.c	2010-06-04 15:20:59.932964188 -0400
+@@ -1561,7 +1561,7 @@ _wrealpath(const wchar_t *path, wchar_t 
+ #endif
+ 
+ void
+-PySys_SetArgv(int argc, wchar_t **argv)
+PySys_SetArgvEx(int argc, wchar_t **argv, int updatepath)
+ {
+ #if defined(HAVE_REALPATH)
+ 	wchar_t fullpath[MAXPATHLEN];
+@@ -1574,7 +1574,7 @@ PySys_SetArgv(int argc, wchar_t **argv)
+ 		Py_FatalError("no mem for sys.argv");
+ 	if (PySys_SetObject("argv", av) != 0)
+ 		Py_FatalError("can't assign sys.argv");
+-	if (path != NULL) {
+	if (updatepath && path != NULL) {
+ 		wchar_t *argv0 = argv[0];
+ 		wchar_t *p = NULL;
+ 		Py_ssize_t n = 0;
+@@ -1661,6 +1661,12 @@ PySys_SetArgv(int argc, wchar_t **argv)
+ 	Py_DECREF(av);
+ }
+ 
+void
+PySys_SetArgv(int argc, wchar_t **argv)
+{
+	PySys_SetArgvEx(argc, argv, 1);
+}
+
+ 
+ /* APIs to write to sys.stdout or sys.stderr using a printf-like interface.
+    Adapted from code submitted by Just van Rossum.