Revision bump: backport patch for CVE-2014-1912, bug #500518. Drop old revision. Acked by Python team

Package-Manager: portage-2.2.10/cvs/Linux x86_64
Manifest-Sign-Key: 0x1F357D42

4 files changed, 72 insertions, 11 deletions

diff --git a/dev-lang/python/ChangeLog b/dev-lang/python/ChangeLog
index 662a4034477a..23260d30d3c0 100644
--- a/dev-lang/python/ChangeLog
+++ b/dev-lang/python/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for dev-lang/python
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-lang/python/ChangeLog,v 1.765 2014/07/29 07:19:13 pinkbyte Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-lang/python/ChangeLog,v 1.766 2014/07/29 07:53:03 pinkbyte Exp $
+
+*python-3.2.5-r6 (29 Jul 2014)
+
+  29 Jul 2014; Sergey Popov <pinkbyte@gentoo.org> -python-3.2.5-r5.ebuild,
+  +python-3.2.5-r6.ebuild, +files/python-3.2-CVE-2014-1912.patch:
+  Revision bump: backport patch for CVE-2014-1912, bug #500518. Drop old
+  revision. Acked by Python team
 
 *python-3.3.5-r1 (29 Jul 2014)
 *python-3.2.5-r5 (29 Jul 2014)
diff --git a/dev-lang/python/Manifest b/dev-lang/python/Manifest
index 7a3f120b9ce4..78c1c6e17467 100644
--- a/dev-lang/python/Manifest
+++ b/dev-lang/python/Manifest
@@ -12,6 +12,7 @@ AUX python-2.7.5-nonfatal-compileall.patch 750 SHA256 3f5a137602f1b3f0522f561c16
 AUX python-2.7.5-re_unsigned_ptrdiff.patch 941 SHA256 5b0c0465a23d27e1c8f0961a8d88b3af75fbc9933ab60c2a71091720a3681079 SHA512 d46fbbc8411fae78cdfca2564faca42f32bb95ee348b9aa3fd1ca90b346cc52cd468945cee07e6df4dff46c10cee6856a58004f8e453960f6dca2751c077802b WHIRLPOOL 10bb08242dd9a055f6bdaf3eb1546786b58f180667c6355ea7276114cbac0ffba6c34822add7965fe3b5d41cc92ce8ec45e2d1d56377d8a6aa2755ef4267d101
 AUX python-2.7.6-recvfrom_into_buffer_overflow.patch 563 SHA256 bdf280058fe31b6e9d08a32e4ce16e958e3dddeed515417a03b25e5ec62d41b4 SHA512 21b534e41ce1cd1bf954849f4246ef0ae907ba7335b42ccfc914cc33068db91140dc1fea0f1b8a83818609e7f5a5f5df6623f029c2c86004f2126eb3f2699c06 WHIRLPOOL 2ffe173be651aae7d43ad8ee75600133ea96952431140c7c00e0ca6ad431d3faa230207f93f1191bfd3bcdf7b0c9af61948871b06158e6953106d7f2d0c7e9f5
 AUX python-3.2-CVE-2013-2099.patch 2102 SHA256 76a89951e7efcf14d37e30e0104446429ca121c68cbb1753ec362a177c1b5a54 SHA512 03d2a09fe730bf8c94df1eb10f8bac37a31a28dfb45b7d49abe1c3ffe26ca948f8d00eb58319d34102f8a747a038d447d3507b11c051c778c42ae21ac1066c8e WHIRLPOOL 3cd701c606ef1f4f557d1d250af41a860a6a5c4b6d9ff9a9f469ab6974f13e1205d2c4c791e9bd353fd4ff726f6cbf979f9a3927b83b04af5128c1aea7070496
+AUX python-3.2-CVE-2014-1912.patch 1635 SHA256 044a5857f54f1c6adfc8e3018cbcc5230ca21bc8efaf6b68f95fc47560ed13aa SHA512 afca87c0491087715f54bac777c15be426dbf3cf079859bc8559b4f4bab520e0835976221d16073b14b2fa584c0260a565307bea039f345fa5c7e3e1f9396228 WHIRLPOOL 97c08598f7cbaa28fa83819c9b9423ec218363c18781afc8ab98a3e9847459e59ae35d567b1f775eca7bc1ec53b17c656203ea6e332559607c507ec958eb8291
 AUX python-3.2-CVE-2014-4616.patch 1515 SHA256 8d971bca441c3b17cf7c2a1ee2391059de472d8a10ec4060af23bae65ffddf8c SHA512 fff6cdbde476a5804184fad6615dab3577c2e81bf2dc8f2276ad02d213239e6f47a642e9c8270de352e7123fcd712a1b0073d85146c9bee59d9b6644f5a2cb3f WHIRLPOOL 4894fd9f33a01d4aae477cc558f790ad792f02965ca841b4fb1119711ff4254bd19bac3f67872ae3fc761c677ec078b6c156d71ba036cc91fdbfe32b43044cfc
 AUX python-3.2-issue16248.patch 738 SHA256 b5e94ead2622f355d733232dcfdac4dab53889aab12980fa1e4496c296191e77 SHA512 6fcf3d4cf05e41758a6d51ad9cc25ce9fcd1d33854f096b599811a07ef6b7f0cc4f178c4db6b15c5c9ee86eb53fcc736fede0dfb4eae81ca429d0fad62d84db9 WHIRLPOOL dd620bdce394a74910f4deed50b8bcd2b5d6b61af1e2e225a7c36fe4f293560fe1237a2111a4a4a334dfd1272fa4b7faf6289b2a018864c4f154c8a8a8b85c5c
 AUX python-3.3-CVE-2013-2099.patch 2102 SHA256 d5ccc8de43a176d9d16c3a7be58d32dcf3c952147d8866f84dffcd8fa66f6396 SHA512 a8e2c8fd3d3c3924acb856e89b6dc6965c887688e4c7d078c27abacfaf6b33b12484d86942b75643f28e4a14a465e2ec6a30fe53acf2ab036ae667fb7f76d737 WHIRLPOOL c02bd815d5143b6a916a91f40bb7971f1be188e836ab6095a5befd6410545acba0d44b4b0a75a5f7e7d84105018c0ef27887eefdcd883c73e68f872bb4138e35
@@ -46,7 +47,7 @@ EBUILD python-2.7.6-r1.ebuild 10701 SHA256 458be7e8f298773be26cb89a3a714c6c438da
 EBUILD python-2.7.6.ebuild 10570 SHA256 dd5cc72f2353881aa084a8eeb3a80941a151650231a664aeef504151215082ae SHA512 3f0edca7e10d6e90463d927ba8938f69be41fb29c32381cdf9b650b86aebeb432a7d3cc832faa624b883c826168515ce85926d09fd85380d9aa8e836a1607813 WHIRLPOOL e6390fc48e80457a270f99d7544371096debfecf65de3cd4250da335df66601bd8b346025781e7aea62886ace0e954f50601edff7ca3c416805015fe8ea85acf
 EBUILD python-2.7.7.ebuild 10520 SHA256 5ec778d59cf4f2e2cc4591035bffff0992ca356c7efe2044d116a9802de83f52 SHA512 1dfc273fe0dcdbce41974eaee346bea2f182c9f7865e73ec5c8f8ac272764ed6c4df779462b55d128727d8bb4d299c50796ae975939bfeb096197a3db6e0aee3 WHIRLPOOL 62ef534e495da9a30e4dbbb42a6a479c2f9d162d4ba31b63375acc6b235adddcd13d9310b57616e210515b9e5e7fee3943aec53515304f7f9da0e22209074cad
 EBUILD python-3.2.5-r3.ebuild 11014 SHA256 bcb890edf84aaaf2188f3e48a3f60ba4b3bb9a69d3e3ca82a8fbacba99d80aa8 SHA512 f960e0b3788c2100825b4541a56bd2ba7c1cdd34b2646b2c7bbdf69c58c2ea2f0f6696c29a1d7e145fb60c808ddb7c347ebdb39462d288501d063b78e79d8e92 WHIRLPOOL 3650606e63ad242f1486f5906e265ca517f48dbb50c08439d509c6a5794c4e2e5dfc6128fbfff794449be516b6757d33a894b45022120936f347d5cedb737882
-EBUILD python-3.2.5-r5.ebuild 11111 SHA256 1d7db127782b21a5a5faf12f0add3a682a1de65655a29df50124e32364577294 SHA512 cea48c301ace3ebdef36f8a274b1d7022a84e50971749dac655cfba78607670e05286500b116d7a3d5762bd9dad0ac2be78bce3fd5db029a35b9065f6e1c0893 WHIRLPOOL 91b396d26c69becf12d660282e0b2fca14c2854b534a2c889bb72135ee98c0fe1ac21cfd6f3341714a5dda1ada06fc68331905e46b31772191f3844b20eb012f
+EBUILD python-3.2.5-r6.ebuild 11178 SHA256 02e081ab6d1e062dc6c2a61f642c56d256b86f68fb8d9450c00d3d63484b8369 SHA512 6a943241962110d3e1ee482f4a6df8648e2e6442a0209c40e25dfa89e09cf89c4e85f6a55576ba1a0cb27d4ed6036d504504bbe5b2b64b4fbe696b84ebc488c7 WHIRLPOOL 6a149792dd05731c1bc72842c69b5cd82d90438a15b550d4ce3308132622d749bfdadeef51fe5be3581b4f5663f0cffec538e12e5e14809639d01629718150bb
 EBUILD python-3.3.2-r2.ebuild 9633 SHA256 6d1de07e89d299e7a713556703b89aa052fc0f948ce5c0af5029e028d461d932 SHA512 4dd0afedcf225d609bc1d8ec180a7487b51bfdfdeb42d56581bb82861ef70ec52e06057f65cb1efba2a3068cb89ca8704485ae2f5cf1b5c898f890d4a96cc6f0 WHIRLPOOL 30064501c248cdf2f270baf78c8f4380e8feefde3025797d6f897882aa178ace6fff68e94373b23345d9c7e38f6a0619c17b2bfa0d70ade83014e40b4ef88a5f
 EBUILD python-3.3.3.ebuild 9539 SHA256 18a8621efddc117e9e02c022a57c7bc89be6c5f2f93e37e5afc35b0552c19137 SHA512 e3a89954a89895fb7fd861f383f2be6473a75272e7f3aa6577aab231176f268966b800c4794aaa75c02ed02d57a9d216635c2254cbc7aefa7f3e762a54484ee3 WHIRLPOOL 3b78f77bc7c0496c724faa4bd2f8ac0334c10be9147984e341f52438bcef7cf37a2d36bd0439086327dd5db73f5fd34aa6f60be5ad21aae3a43216b666f79561
 EBUILD python-3.3.4.ebuild 9453 SHA256 beaa18d3104df12339b09bd943b837a392bb861dc54bac07b121e9742ba3af77 SHA512 59e54bb6b680cfbfdcb3f5ec68ad7079a14cd699f1ebaa78151133b95c2b3bf98c677ef33ef1216af3bd951cfb6f9610f87cca14877f5f699a8fda087903d362 WHIRLPOOL 6fc5d410c77affdd5b7418d4ef27f96e9dfa0e8ee42f481ebd1369de2375f300e89644b93e3127d7234dad42d81172f8747bd07622a6ff4922914874d8cbea9a
@@ -55,17 +56,17 @@ EBUILD python-3.4.0.ebuild 9308 SHA256 4af07645d7b8ab88742c10332fd1e16649c25abfb
 EBUILD python-3.4.0_rc1.ebuild 9529 SHA256 190a5063dd2eaf047ba9a0c0960fec77976b51afe9c589acd5f39df9008f7ca7 SHA512 489af787cc26fdca3b70842e99a8e6a9131c4c58b2048960d3f9bb55ea4046e218a3a049be3cb056184e46c98bf341c5d804c8f3c1eaaa60cc91612ad385b766 WHIRLPOOL e711c7080eda69ea115e412c405ee59fd24bc465b07e3e3211c950bfed6cf8dbe186b1603c707378d9fc3064835c7379cee4f3f8be686621615079f29907af51
 EBUILD python-3.4.0_rc3.ebuild 9533 SHA256 33bb634167ac3c81319560bbdebf4486b14c5d830073db632a78ac78779f3098 SHA512 f7a7dcb4802144dea1c489de81468b173d444aed4e965db3b2d01a1fed78e3f5aaf7829cb8ad646599e44aa109aa8d2fca341f9019e8523e4d654f268709e48b WHIRLPOOL e598e276df61825fc46f4258b6ec527d6ee46def7a87375b77ca12117071eff2d1ed132ec97b37f55fbbeb566385fa8baf0b079a1dd713a506f4865d2036aec8
 EBUILD python-3.4.1.ebuild 9242 SHA256 4788603907f191f349c5f9fc1d7d9e7b8a57a7b2bd8b74c8d294a39ced83e7df SHA512 b850d47f80b33cd868ace771d1da06a961c930affde3ce3eb97198fd90a4c24a985eb4afeab871d70ec1a381cb53c71f843d1025a3650632d52cfd16363322a2 WHIRLPOOL d4ba514701931143d1ba1244536de235f2c1213f90db0301a9bfe65ee84c65327f1b7bd01a7f78e63d9087f33aefeb4b21238d3c00eab9c3013f882a6d10e3e4
-MISC ChangeLog 33645 SHA256 e9630d51790f02ba353039ddc8449fe84c5785175099096874c68a411993d76c SHA512 8b90baccbbefac95713cbe4ec8a73341439b390d831666d652826c35110682c673f8d64ddf20b92265e3347f7658340bef45fee2ee50da8818eea2c8812db833 WHIRLPOOL 0b59138c0968ff6130c83d51ca073d8344b504c48fef736012a1911cb80f0647085bbbbfea98e20fe05970263d17733a5b6c989fe7fe05e6e75edb530a36dede
+MISC ChangeLog 33925 SHA256 eb4b643a25d67cd6c4dfecac7306ece3687edc6c611f1b2d99b95d6cbde2eed1 SHA512 b70ff3dda1bd7313563eace15f807c7def03330f09ca348d732f73f247ae081b17496989cad633cd8c322cd3849b49a14ccbf985e401e9e6bd16448df39ed8bc WHIRLPOOL 1cef65d9b3fd1aabf68641f873ef5eaebdd4cbad42ba91c737e862e15e5688bff568097dd359b8e9cb7515fcb7cc701385c38441bb47bbba26da9455d5a6b5e8
 MISC ChangeLog-2011 100599 SHA256 23129cb47321b2a6b1cb9323f1815d0cd11d6f30c3893908ed51575c270a0cc8 SHA512 4181ba9d965139ba58218da5b960c87b7a611b27606a1ab1ce1b4c3c9255b4e0e2947307cbfffc531f0f8b6b545ee11e083fcb29dc7b2b7ba31c6bb40b8ab128 WHIRLPOOL 4ceebb6a6ed58b906d3a7331795748ac6e4fe2e1401bcccae9024a8e81e2c444aebc5fec610398cfe6002354ad3b10487484598da5091867874727f07e239c56
 MISC metadata.xml 661 SHA256 2c6c3407251f7ccd6501dee49494e539a9544f2fbae99a4373eefdf4e83e8908 SHA512 871989a29417ce20d95da950fa385f1a958139de7b1567beb9cda28a1217901243cd9d25235fe3c7b0e43a82176d72286e31e4e97310b26488d2a3252ef3a8a0 WHIRLPOOL b694b1b4270ba15640d04a3b0b26a08575ea4afc9be256717f7f3b1768d75da9f71ceca6afd2f69971906227d5ba42263d2df2fc9387441aa240222d39fd094e
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
-iQEcBAEBCAAGBQJT10r+AAoJECo/aRed9267c48H/Rj89ZJ6mnUi9/DtPc1ErIX1
-9J5FEWzxWc415rW7jNnCPzhfSFJ1efk0Li6Xe07fKjcKHH1+CITkfIS86NeyT6f7
-7dZPd272dJsh7zfqlJAd0JITkunnSMIlp0fmCiEPTXpclL4sHpmiPj/iVwW2lXeu
-ialqRyAHFkQSsND6qRW3nk27uuSqarnI8tDzD8s0QvKucMvLFwpJ7Vrl81Ifidax
-E41j8sLUuPHFLh4ryTJTlmQ7bDa754DDGKo4ubj0+TQz+ExDT5CrpHPchYpOlc48
-v/i6By8rZwArjYM4ciC+83v2lQ4LDi+EGgD5qplkfn2IOYP5Hj9rs6Hq+ZuzKck=
-=mzzk
+iQEcBAEBCAAGBQJT11LrAAoJECo/aRed9267YOAIAJsZyTfVTLns5ZDskJGYrzKE
+Mss3MX/hkMvawRLEvRbpND2VpHwesmrxAgjyTow8BYQhC96nv2kEy3kUJH2PJv4X
+daFcKaWljO9x6wz85fkRJiMwLs4PTEMpBxct8XLDbickzOZ/JycT94sSa+QzAzZC
+agY5GqSShi3NGreW5rjgyQwkGKO23WEVykAZiZA4V3POpsEOei7AsTUVRwZhmRum
+ReXdTYPwvi9xjR/mxJ/JKfRixwZIspFAVQfoACV2Aqqg3k4g4GGGkMkU74aqlIPU
+M0z7ysOANqCH/r/EYTK04PkZF2GgChj7OfwaUzY87hqhQ4hF5Vp0F3Ixu6RAVGw=
+=kc15
 -----END PGP SIGNATURE-----
diff --git a/dev-lang/python/files/python-3.2-CVE-2014-1912.patch b/dev-lang/python/files/python-3.2-CVE-2014-1912.patch
new file mode 100644
index 000000000000..0e095074a259
--- /dev/null
+++ b/dev-lang/python/files/python-3.2-CVE-2014-1912.patch
@@ -0,0 +1,51 @@
+# HG changeset patch
+# User Benjamin Peterson <benjamin@python.org>
+# Date 1389671978 18000
+# Node ID 9c56217e5c793685eeaf0ee224848c402bdf1e4c
+# Parent  2b5cd6d4d149dea6c6941b7e07ada248b29fc9f6
+complain when nbytes > buflen to fix possible buffer overflow (closes #20246)
+
+diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py
+--- a/Lib/test/test_socket.py
++++ b/Lib/test/test_socket.py
+@@ -1968,6 +1968,14 @@ class BufferIOTest(SocketConnectedTest):
+ 
+     _testRecvFromIntoMemoryview = _testRecvFromIntoArray
+ 
++    def testRecvFromIntoSmallBuffer(self):
++        # See issue #20246.
++        buf = bytearray(8)
++        self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024)
++
++    def _testRecvFromIntoSmallBuffer(self):
++        self.serv_conn.send(MSG*2048)
++
+ 
+ TIPC_STYPE = 2000
+ TIPC_LOWER = 200
+diff --git a/Misc/ACKS b/Misc/ACKS
+--- a/Misc/ACKS
++++ b/Misc/ACKS
+@@ -1020,6 +1020,7 @@ Eric V. Smith
+ Christopher Smith
+ Gregory P. Smith
+ Roy Smith
++Ryan Smith-Roberts
+ Rafal Smotrzyk
+ Dirk Soede
+ Paul Sokolovsky
+diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
+--- a/Modules/socketmodule.c
++++ b/Modules/socketmodule.c
+@@ -2598,6 +2598,11 @@ sock_recvfrom_into(PySocketSockObject *s
+     if (recvlen == 0) {
+         /* If nbytes was not specified, use the buffer's length */
+         recvlen = buflen;
++    } else if (recvlen > buflen) {
++        PyBuffer_Release(&pbuf);
++        PyErr_SetString(PyExc_ValueError,
++                        "nbytes is greater than the length of the buffer");
++        return NULL;
+     }
+ 
+     readlen = sock_recvfrom_guts(s, buf, recvlen, flags, &addr);
diff --git a/dev-lang/python/python-3.2.5-r5.ebuild b/dev-lang/python/python-3.2.5-r6.ebuild
index 68cee4a007da..4c91995f8a61 100644
--- a/dev-lang/python/python-3.2.5-r5.ebuild
+++ b/dev-lang/python/python-3.2.5-r6.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-lang/python/python-3.2.5-r5.ebuild,v 1.1 2014/07/29 07:19:13 pinkbyte Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-lang/python/python-3.2.5-r6.ebuild,v 1.1 2014/07/29 07:53:03 pinkbyte Exp $
 
 EAPI="4"
 WANT_AUTOMAKE="none"
@@ -98,6 +98,8 @@ src_prepare() {
 
 	# bug #514686
 	epatch "${FILESDIR}/${PN}-3.2-CVE-2014-4616.patch"
+	# bug #500518
+	epatch "${FILESDIR}/${PN}-3.2-CVE-2014-1912.patch"
 
 	epatch_user