Version bump to fix pcre security vulnerability, bug 104009.

Package-Manager: portage-2.0.51.22-r2

5 files changed, 399 insertions, 2 deletions

diff --git a/dev-lang/python/ChangeLog b/dev-lang/python/ChangeLog
index 3d0727b9877d..8fb182d42912 100644
--- a/dev-lang/python/ChangeLog
+++ b/dev-lang/python/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for dev-lang/python
 # Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-lang/python/ChangeLog,v 1.157 2005/08/16 22:00:31 kloeri Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-lang/python/ChangeLog,v 1.158 2005/09/08 21:31:29 kloeri Exp $
+
+*python-2.3.5-r2 (08 Sep 2005)
+
+  08 Sep 2005; Bryan Østergaard <kloeri@gentoo.org>
+  +files/python-2.3-pcre.patch, +python-2.3.5-r2.ebuild:
+  Version bump to fix pcre security vulnerability, bug 104009.
 
   16 Aug 2005; Bryan Østergaard <kloeri@gentoo.org> python-2.3.4-r1.ebuild,
   python-2.3.5.ebuild:
diff --git a/dev-lang/python/Manifest b/dev-lang/python/Manifest
index 81bf2604f5ee..2bb6ab0a66c5 100644
--- a/dev-lang/python/Manifest
+++ b/dev-lang/python/Manifest
@@ -1,4 +1,7 @@
-MD5 1d5bbbaca5953929b9eb75e7f5fdb99e ChangeLog 26521
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+MD5 d20abcac2aa809e3a4f6409b6458d266 ChangeLog 26727
 MD5 8145ce0144332d6caca98fa5fb648741 metadata.xml 221
 MD5 2632d539cd0ab18b40f9510118ed3099 python-2.1.3-r1.ebuild 2299
 MD5 5857a314767fd0ae2243590999fe78b2 python-2.2.3-r6.ebuild 4491
@@ -8,6 +11,7 @@ MD5 3dc06bf8e04bd9880be6ee4402234e8b python-2.3.5-r1.ebuild 7924
 MD5 1297065ab6caf1a8d31f06f4575a5798 python-2.4.1-r1.ebuild 8849
 MD5 4928085fdd7860dd8104011c9955a7f2 python-2.3.5.ebuild 7799
 MD5 21151b5cbaac120cb271bdac9bc95eb8 python-2.3.4-r1.ebuild 7259
+MD5 9c45cf6743e32ce463626481fe0fe475 python-2.3.5-r2.ebuild 8005
 MD5 1c5cd53cb89c821a549968bac31df0f1 files/depreorder.py 2235
 MD5 f3f370c8d1382c1a7571cfc1cbb196d9 files/digest-python-2.1.3-r1 62
 MD5 f11f5d528c570ef739ea10806cebfa9f files/digest-python-2.2.3-r6 62
@@ -55,3 +59,12 @@ MD5 d74e7f0fd47f00e8b3fe7ca36b7eb629 files/python-config-2.4 179
 MD5 1cf4c21ad3b0aafc571b05b9a9e54594 files/python-updater 8761
 MD5 9bb508a4b15481e4722c1317b9fb02a3 files/python-2.4.1-bindir-libdir.patch 405
 MD5 ec1400ca4877399cae56ccefb72a200f files/python-2.4.1-crosscompile.patch 4126
+MD5 47ee57ffc9b69af4ff828a3a1ae26afd files/python-2.3-pcre.patch 4278
+MD5 849ff6337b70ef28009c90021dfae0da files/digest-python-2.3.5-r2 66
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (GNU/Linux)
+
+iD8DBQFDIK4DKf2g/qXtneoRAkRNAJ4rz60ltgakD6ncBfDehrzjHqiUHQCfWYk5
+9cen1FP0ni64YcChfzbcnjY=
+=Ad9w
+-----END PGP SIGNATURE-----
diff --git a/dev-lang/python/files/digest-python-2.3.5-r2 b/dev-lang/python/files/digest-python-2.3.5-r2
new file mode 100644
index 000000000000..aa7299a5af82
--- /dev/null
+++ b/dev-lang/python/files/digest-python-2.3.5-r2
@@ -0,0 +1 @@
+MD5 c12b57c6e0cf8bc676fd9444d71c9e18 Python-2.3.5.tar.bz2 7230000
diff --git a/dev-lang/python/files/python-2.3-pcre.patch b/dev-lang/python/files/python-2.3-pcre.patch
new file mode 100644
index 000000000000..a4b2aed756a4
--- /dev/null
+++ b/dev-lang/python/files/python-2.3-pcre.patch
@@ -0,0 +1,133 @@
+--- python2.3-2.3.5.orig/debian/patches/pcre-security_CAN-2005-2491.dpatch
++++ python2.3-2.3.5/debian/patches/pcre-security_CAN-2005-2491.dpatch
+@@ -0,0 +1,130 @@
++#! /bin/sh -
++## pcre-security_CAN-2005-2491.dpatch by  <martin.pitt@ubuntu.com>
++##
++## All lines beginning with `## DP:' are a description of the patch.
++## DP: No description.
++
++dir=
++if [ $# -eq 3 -a "$2" = '-d' ]; then
++    pdir="-d $3"
++    dir="$3/"
++elif [ $# -ne 1 ]; then
++    echo >&2 "usage: `basename $0`: -patch|-unpatch [-d <srcdir>]"
++    exit 1
++fi
++case "$1" in
++    -patch)
++        patch $pdir -f --no-backup-if-mismatch -p0 < $0
++        ;;
++    -unpatch)
++        patch $pdir -f --no-backup-if-mismatch -R -p0 < $0
++        #rm ${dir}gcc/configure
++        ;;
++    *)
++	echo >&2 "usage: `basename $0`: -patch|-unpatch [-d <srcdir>]"
++        exit 1
++esac
++exit 0
++
++@DPATCH@
++diff -urNad --exclude=CVS --exclude=.svn ./Modules/pcre.h /tmp/dpep-work.MjIRvP/python2.3-2.3.5/Modules/pcre.h
++--- ./Modules/pcre.h	2000-06-28 22:56:30.000000000 +0200
+++++ /tmp/dpep-work.MjIRvP/python2.3-2.3.5/Modules/pcre.h	2005-08-30 14:32:46.000000000 +0200
++@@ -40,6 +40,7 @@
++ #ifdef FOR_PYTHON
++ #define PCRE_LOCALE          0x0200
++ #endif
+++#define PCRE_NO_AUTO_CAPTURE    0x1000
++ 
++ /* Exec-time error codes */
++ 
++diff -urNad --exclude=CVS --exclude=.svn ./Modules/pcre-int.h /tmp/dpep-work.MjIRvP/python2.3-2.3.5/Modules/pcre-int.h
++--- ./Modules/pcre-int.h	1998-05-07 17:32:38.000000000 +0200
+++++ /tmp/dpep-work.MjIRvP/python2.3-2.3.5/Modules/pcre-int.h	2005-08-30 14:32:46.000000000 +0200
++@@ -81,11 +81,12 @@
++ #define PUBLIC_OPTIONS \
++   (PCRE_CASELESS|PCRE_EXTENDED|PCRE_ANCHORED|PCRE_MULTILINE| \
++    PCRE_DOTALL|PCRE_DOLLAR_ENDONLY|PCRE_EXTRA|PCRE_UNGREEDY| \
++-   PCRE_LOCALE)
+++   PCRE_NO_AUTO_CAPTURE|PCRE_LOCALE)
++ #else
++ #define PUBLIC_OPTIONS \
++   (PCRE_CASELESS|PCRE_EXTENDED|PCRE_ANCHORED|PCRE_MULTILINE| \
++-   PCRE_DOTALL|PCRE_DOLLAR_ENDONLY|PCRE_EXTRA|PCRE_UNGREEDY)
+++   PCRE_DOTALL|PCRE_DOLLAR_ENDONLY|PCRE_EXTRA|PCRE_UNGREEDY| \
+++   PCRE_NO_AUTO_CAPTURE)
++ #endif
++ #define PUBLIC_EXEC_OPTIONS \
++   (PCRE_CASELESS|PCRE_ANCHORED|PCRE_MULTILINE|PCRE_NOTBOL|PCRE_NOTEOL| \
++diff -urNad --exclude=CVS --exclude=.svn ./Modules/pypcre.c /tmp/dpep-work.MjIRvP/python2.3-2.3.5/Modules/pypcre.c
++--- ./Modules/pypcre.c	2003-10-20 16:34:47.000000000 +0200
+++++ /tmp/dpep-work.MjIRvP/python2.3-2.3.5/Modules/pypcre.c	2005-08-30 14:32:46.000000000 +0200
++@@ -1163,14 +1163,31 @@
++ int min = 0;
++ int max = -1;
++ 
+++/* Read the minimum value and do a paranoid check: a negative value indicates
+++an integer overflow. */
+++
++ while ((pcre_ctypes[*p] & ctype_digit) != 0) min = min * 10 + *p++ - '0';
++ 
+++if (min < 0 || min > 65535)
+++  {
+++  *errorptr = ERR5;
+++  return p;
+++  }
+++
+++/* Read the maximum value if there is one, and again do a paranoid on its size
+++. Also, max must not be less than min. */
+++
++ if (*p == '}') max = min; else
++   {
++   if (*(++p) != '}')
++     {
++     max = 0;
++     while((pcre_ctypes[*p] & ctype_digit) != 0) max = max * 10 + *p++ - '0';
+++    if (max < 0 || max > 65535)
+++      {
+++      *errorptr = ERR5;
+++      return p;
+++      }
++     if (max < min)
++       {
++       *errorptr = ERR4;
++@@ -2267,6 +2284,7 @@
++ int bracount = 0;
++ int brastack[200];
++ int top_backref = 0;
+++BOOL capturing;
++ unsigned int brastackptr = 0;
++ uschar *code;
++ const uschar *ptr;
++@@ -2446,7 +2464,8 @@
++     /* Brackets may be genuine groups or special things */
++ 
++     case '(':
++-
+++    capturing = FALSE;
+++    
++     /* Handle special forms of bracket, which all start (? */
++ 
++     if (ptr[1] == '?') switch (c = ptr[2])
++@@ -2542,11 +2561,16 @@
++         }
++       continue;                      /* End of this bracket handling */
++       }
+++    
+++    /* Ordinary parentheses, not followed by '?', are capturing unless
+++    PCRE_NO_AUTO_CAPTURE is set. */
++ 
+++    else capturing = (options & PCRE_NO_AUTO_CAPTURE) == 0;
+++    
++     /* Extracting brackets must be counted so we can process escapes in a
++     Perlish way. */
++-
++-    else bracount++;
+++    
+++    if (capturing) bracount++;
++ 
++     /* Non-special forms of bracket. Save length for computing whole length
++     at end if there's a repeat that requires duplication of the group. */
diff --git a/dev-lang/python/python-2.3.5-r2.ebuild b/dev-lang/python/python-2.3.5-r2.ebuild
new file mode 100644
index 000000000000..cf8a7b3e5339
--- /dev/null
+++ b/dev-lang/python/python-2.3.5-r2.ebuild
@@ -0,0 +1,244 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-lang/python/python-2.3.5-r2.ebuild,v 1.1 2005/09/08 21:31:29 kloeri Exp $
+
+# NOTE about python-portage interactions :
+# - Do not add a pkg_setup() check for a certain version of portage
+#   in dev-lang/python. It _WILL_ stop people installing from
+#   Gentoo 1.4 images.
+
+inherit eutils flag-o-matic python versionator
+
+PYVER_MAJOR=$(get_major_version)
+PYVER_MINOR=$(get_version_component_range 2)
+PYVER="${PYVER_MAJOR}.${PYVER_MINOR}"
+
+S="${WORKDIR}/Python-${PV}"
+DESCRIPTION="A really great language"
+HOMEPAGE="http://www.python.org/"
+SRC_URI="http://www.python.org/ftp/python/${PV%_*}/Python-${PV}.tar.bz2"
+
+LICENSE="PSF-2.2"
+SLOT="2.3"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+IUSE="ncurses gdbm ssl readline tcltk berkdb bootstrap ipv6 build ucs2 doc X nocxx"
+
+DEPEND=">=sys-libs/zlib-1.1.3
+	!build? (
+		X? ( tcltk? ( >=dev-lang/tk-8.0 ) )
+		ncurses? ( >=sys-libs/ncurses-5.2 readline? ( >=sys-libs/readline-4.1 ) )
+		berkdb? ( >=sys-libs/db-3.1 )
+		gdbm? ( sys-libs/gdbm )
+		ssl? ( dev-libs/openssl )
+		doc? ( =dev-python/python-docs-${PV}* )
+		dev-libs/expat
+	)"
+
+# NOTE: The dev-python/python-fchksum RDEPEND is needed so that this python 
+#       provides the functionality expected from previous pythons.
+
+# NOTE: python-fchksum is only a RDEPEND and not a DEPEND since we don't need
+#       it to compile python. We just need to ensure that when we install
+#       python, we definitely have fchksum support. - liquidx
+
+# NOTE: changed RDEPEND to PDEPEND to resolve bug 88777. - kloeri
+
+PDEPEND="${DEPEND} dev-python/python-fchksum"
+
+
+PROVIDE="virtual/python"
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+
+	# fix readline detection problems due to missing termcap (#79013)
+	epatch ${FILESDIR}/${PN}-2.3-readline.patch
+
+	sed -ie 's/OpenBSD\/3.\[01234/OpenBSD\/3.\[012345/' configure || die "OpenBSD sed failed"
+	# adds /usr/lib/portage/pym to sys.path - liquidx (08 Oct 03)
+	# prepends /usr/lib/portage/pym to sys.path - liquidx (12 Apr 04)
+	epatch ${FILESDIR}/${PN}-2.3-add_portage_search_path_take_2.patch
+	# adds support for PYTHON_DONTCOMPILE shell environment to
+	# supress automatic generation of .pyc and .pyo files - liquidx (08 Oct 03)
+	epatch ${FILESDIR}/${PN}-2.3-gentoo_py_dontcompile.patch
+	epatch ${FILESDIR}/${PN}-2.3.2-disable_modules_and_ssl.patch
+	epatch ${FILESDIR}/${PN}-2.3-mimetypes_apache.patch
+	epatch ${FILESDIR}/${PN}-2.3-db4.2.patch
+
+	# installs to lib64
+	[ "$(get_libdir)" == "lib64" ] && epatch ${FILESDIR}/python-2.3.4-lib64.patch
+	# fix os.utime() on hppa. utimes it not supported but unfortunately reported as working - gmsoft (22 May 04)
+	[ "${ARCH}" = "hppa" ] && sed -e 's/utimes //' -i ${S}/configure
+
+	# add support for struct stat st_flags attribute (bug 94637)
+	epatch ${FILESDIR}/python-2.3.5-st_flags.patch
+
+	# Fix pcre security bug (bug 104009)
+	epatch ${FILESDIR}/python-2.3-pcre.patch
+}
+
+src_configure() {
+	# disable extraneous modules with extra dependencies
+	if use build; then
+		export PYTHON_DISABLE_MODULES="readline pyexpat dbm gdbm bsddb _curses _curses_panel _tkinter"
+		export PYTHON_DISABLE_SSL=1
+	else
+		use gdbm \
+			|| PYTHON_DISABLE_MODULES="${PYTHON_DISABLE_MODULES} gdbm"
+		use berkdb \
+			|| PYTHON_DISABLE_MODULES="${PYTHON_DISABLE_MODULES} dbm bsddb"
+		use readline \
+			|| PYTHON_DISABLE_MODULES="${PYTHON_DISABLE_MODULES} readline"
+		( use !X || use !tcltk ) \
+			&& PYTHON_DISABLE_MODULES="${PYTHON_DISABLE_MODULES} _tkinter"
+		use ncurses \
+			|| PYTHON_DISABLE_MODULES="${PYTHON_DISABLE_MODULES} _curses _curses_panel"
+		use ssl \
+			|| export PYTHON_DISABLE_SSL=1
+		export PYTHON_DISABLE_MODULES
+		echo $PYTHON_DISABLE_MODULES
+	fi
+}
+
+src_compile() {
+	filter-flags -malign-double
+
+	[ "${ARCH}" = "alpha" ] && append-flags -fPIC
+	[ "${ARCH}" = "amd64" ] && append-flags -fPIC
+
+	# http://bugs.gentoo.org/show_bug.cgi?id=50309
+	if is-flag -O3; then
+		is-flag -fstack-protector-all && replace-flags -O3 -O2
+		use hardened && replace-flags -O3 -O2
+	fi
+
+	export OPT="${CFLAGS}"
+
+	local myconf
+	#if we are creating a new build image, we remove the dependency on g++
+	if use build && ! use bootstrap || use nocxx ; then
+		myconf="--with-cxx=no"
+	fi
+
+	# super-secret switch. don't use this unless you know what you're
+	# doing. enabling UCS2 support will break your existing python
+	# modules
+	use ucs2 \
+		&& myconf="${myconf} --enable-unicode=ucs2" \
+		|| myconf="${myconf} --enable-unicode=ucs4"
+
+	src_configure
+
+	econf --with-fpectl \
+		--enable-shared \
+		`use_enable ipv6` \
+		--infodir='${prefix}'/share/info \
+		--mandir='${prefix}'/share/man \
+		--with-threads \
+		--with-libc='' \
+		${myconf} || die
+	emake || die "Parallel make failed"
+}
+
+src_install() {
+	dodir /usr
+	src_configure
+	make DESTDIR="${D}" altinstall  || die
+
+	# install our own custom python-config
+	exeinto /usr/bin
+	newexe ${FILESDIR}/python-config-${PYVER} python-config
+
+	# The stuff below this line extends from 2.1, and should be deprecated
+	# in 2.3, or possibly can wait till 2.4
+
+	# seems like the build do not install Makefile.pre.in anymore
+	# it probably shouldn't - use DistUtils, people!
+	insinto /usr/$(get_libdir)/python${PYVER}/config
+	doins ${S}/Makefile.pre.in
+
+	# While we're working on the config stuff... Let's fix the OPT var
+	# so that it doesn't have any opts listed in it. Prevents the problem
+	# with compiling things with conflicting opts later.
+	dosed -e 's:^OPT=.*:OPT=-DNDEBUG:' /usr/$(get_libdir)/python${PYVER}/config/Makefile
+
+	# install python-updater in /usr/sbin
+	dosbin ${FILESDIR}/python-updater
+
+	if use build ; then
+		rm -rf ${D}/usr/$(get_libdir)/python2.3/{test,encodings,email,lib-tk,bsddb/test}
+	else
+		use elibc_uclibc && rm -rf ${D}/usr/$(get_libdir)/python2.3/{test,bsddb/test}
+		use berkdb || rm -rf ${D}/usr/$(get_libdir)/python2.3/bsddb
+		( use !X || use !tcltk ) && rm -rf ${D}/usr/$(get_libdir)/python2.3/lib-tk
+	fi
+}
+
+pkg_postrm() {
+	python_makesym
+	python_mod_cleanup /usr/$(get_libdir)/python2.3
+}
+
+pkg_postinst() {
+	local myroot
+	myroot=$(echo $ROOT | sed 's:/$::')
+
+	python_makesym
+	python_mod_optimize
+	python_mod_optimize -x site-packages -x test ${myroot}/usr/$(get_libdir)/python${PYVER}
+
+	# workaround possible python-upgrade-breaks-portage situation
+	if [ ! -f ${myroot}/usr/lib/portage/pym/portage.py ]; then
+		if [ -f ${myroot}/usr/lib/python2.2/site-packages/portage.py ]; then
+			einfo "Working around possible python-portage upgrade breakage"
+			mkdir -p ${myroot}/usr/lib/portage/pym
+			cp ${myroot}/usr/lib/python2.2/site-packages/{portage,xpak,output,cvstree,getbinpkg,emergehelp,dispatch_conf}.py ${myroot}/usr/lib/portage/pym
+			python_mod_optimize ${myroot}/usr/lib/portage/pym
+		fi
+	fi
+
+	echo
+	ewarn
+	ewarn "If you have just upgraded from python-2.2.x you will need to run:"
+	ewarn
+	ewarn "/usr/sbin/python-updater"
+	ewarn
+	ewarn "This will automatically rebuild all the python dependent modules"
+	ewarn "to run with python-2.3."
+	ewarn
+	ewarn "Python 2.2 is still installed and can be accessed via /usr/bin/python2.2."
+	ewarn "Portage-2.0.49-r8 and below will continue to use python-2.2.x, so"
+	ewarn "think twice about uninstalling it, otherwise your system will break."
+	ewarn
+	ebeep 5
+}
+
+src_test() {
+	# PYTHON_DONTCOMPILE=1 breaks test_import
+	unset PYTHON_DONTCOMPILE
+
+	#skip all tests that fail during emerge but pass without emerge:
+	#(See bug# 67970)
+	local skip_tests="subprocess tcl urllib urllib2"
+
+	for test in ${skip_tests} ; do
+		mv ${S}/Lib/test/test_${test}.py ${T}
+	done
+
+	make test || die "make test failed"
+
+	for test in ${skip_tests} ; do
+		mv ${T}/test_${test}.py ${S}/Lib/test/test_${test}.py
+	done
+
+	einfo "Portage skipped the following tests which aren't able to run from emerge:"
+	for test in ${skip_tests} ; do
+		einfo "test_${test}.py"
+	done
+
+	einfo "If you'd like to run them, you may:"
+	einfo "cd /usr/lib/python${PYVER}/test"
+	einfo "and run the tests separately."
+}
+