Comment 1 Arfrever Frehtes Taifersar Arahesis (RETIRED) 2008-12-23 21:58:53 UTC

dev-python/python-docs-2.5.4 was released on 2008-12-23.

Comment 2 Arfrever Frehtes Taifersar Arahesis (RETIRED) 2008-12-27 04:25:57 UTC

dev-lang/python-2.5.4 doesn't need these patches:
01_all_readline.patch
13_all_imageop-int-overflow.patch
16_all_zlib-decompressobj_flush-bad-param.patch
17_all_pystring-size-fix.patch
24_all_unicode-memory.patch
25_all_CVE-2008-3144.patch
26_all_CVE-2008-3142.patch
27_all_CVE-2008-2316.patch
28_all_CVE-2008-2315.patch
30_all_respect-LDFLAGS.patch
31_all_CVE-2008-4108.patch

Comment 3 Arfrever Frehtes Taifersar Arahesis (RETIRED) 2008-12-27 04:27:12 UTC

Created attachment 176473 [details, diff]
python-2.5.4.ebuild.patch

Comment 4 Arfrever Frehtes Taifersar Arahesis (RETIRED) 2008-12-27 04:29:16 UTC

Created attachment 176475 [details, diff]
19_all_threadsafe-fileobjects.patch

Comment 5 Patrick Lauer 2009-03-31 13:58:41 UTC

+  31 Mar 2009; Patrick Lauer <patrick@gentoo.org> +python-docs-2.5.4.ebuild:
+  Adding 2.5.4. Fixes half of #252317

Comment 6 Arfrever Frehtes Taifersar Arahesis (RETIRED) 2009-05-24 04:08:27 UTC

dev-lang/python-2.4.6 fixes some security vulnerabilities. The majority of them were fixed in previous versions by patches from Gentoo-specific patchsets.

The following changes seem to not be fixed in dev-lang/python-2.4.4-r15:

* http://svn.python.org/view?view=rev&revision=67200
  Security Issue #2: imageop did not validate arguments correctly and could
  segfault as a result. CVE-2008-4864.

* http://svn.python.org/view?view=rev&revision=67726
  Issue #4469: Prevent expandtabs() on string and unicode
  objects from causing a segfault when a large width is passed
  on 32-bit platforms. CVE-2008-5031.

Comment 7 Arfrever Frehtes Taifersar Arahesis (RETIRED) 2009-05-24 04:11:36 UTC

Please stabilize dev-lang/python-2.4.6.

Comment 8 Tobias Klausmann (RETIRED) 2009-05-24 12:58:13 UTC

Stable on alpha.

Comment 9 Arfrever Frehtes Taifersar Arahesis (RETIRED) 2009-05-24 17:50:25 UTC

(In reply to comment #8)
> Stable on alpha.

???
http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-lang/python/python-2.4.6.ebuild?r1=1.1&r2=1.2&diff_format=u

Comment 10 Tobias Klausmann (RETIRED) 2009-05-24 18:44:01 UTC

(In reply to comment #9)
> (In reply to comment #8)
> > Stable on alpha.
> 
> ???
> http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-lang/python/python-2.4.6.ebuild?r1=1.1&r2=1.2&diff_format=u

Fixed, thanks for the heads up. (What happened was that I keyworded it ~alpha - since ekeyword changed the sorting, it looked like I was doing the right thing)

Comment 11 Jeroen Roovers (RETIRED) 2009-05-24 22:25:06 UTC

Stable for HPPA.

Comment 12 Brent Baude (RETIRED) 2009-05-25 16:07:12 UTC

ppc and ppc64 done

Comment 13 Christian Faulhammer (RETIRED) 2009-05-25 16:34:35 UTC

Re-running test 'test_largefile' in verbose mode
create large file via seek (may be sparse file) ...
check file size with os.fstat
2500000001L =?= 2500000001L ... yes
check file size with os.stat
2500000001L =?= 2500000001L ... yes
play around with seek() and read() with the built largefile
test test_largefile crashed -- exceptions.IOError: [Errno 75] Value too large for defined data type: '@test'
Traceback (most recent call last):
  File "./Lib/test/regrtest.py", line 492, in runtest
    the_package = __import__(abstest, globals(), locals(), [])
  File "/var/tmp/portage/dev-lang/python-2.4.6/work/Python-2.4.6/Lib/test/test_largefile.py", line 89, in ?
    f = open(name, 'rb')
IOError: [Errno 75] Value too large for defined data type: '@test'
make: *** [test] Error 1

Portage 2.1.6.11 (default/linux/x86/2008.0/desktop, gcc-4.3.2, glibc-2.8_p20080602-r1, 2.6.29-gentoo-r4 i686)
=================================================================
System uname: Linux-2.6.29-gentoo-r4-i686-Intel-R-_Core-TM-2_Duo_CPU_T8100_@_2.10GHz-with-glibc2.0
Timestamp of tree: Mon, 25 May 2009 15:00:01 +0000
app-shells/bash:     3.2_p39
dev-java/java-config: 2.1.7
dev-lang/python:     2.4.6, 2.5.4-r2
dev-python/pycrypto: 2.0.1-r8
dev-util/cmake:      2.6.2-r1
sys-apps/baselayout: 1.12.11.1
sys-apps/sandbox:    1.6-r2
sys-devel/autoconf:  2.13, 2.63
sys-devel/automake:  1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2
sys-devel/binutils:  2.18-r3
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   1.5.26
virtual/os-headers:  2.6.27-r2
ACCEPT_KEYWORDS="x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=i686 -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /opt/openfire/resources/security/ /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-O2 -march=i686 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LANG="en_EN.UTF8"
LDFLAGS="-Wl,--as-needed"
LINGUAS="en"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext X acl acpi alsa apache apache2 apm bash-completion berkdb bluetooth bootsplash branding bzip2 cairo cdr cdrom cli cracklib crypt css cups curl dbus directfb dri dvd dvdr dvdread dvi eds emacs emboss encode escreen esd evo fam fat fbcon fbcondecor ffmpeg firefox foomatic fortran gdbm gif gnome gpm gstreamer gtk hal iconv imlib ipv6 isdnlog jadetex jpeg jpeg2k kde kpathsea laptop latex ldap libnotify libotf lm_sensors m17n-lib mad midi mikmod mmx mp3 mpeg mudflap ncurses nls nptl nptl-only nptlonly ntfs ogg opengl openmp openssh pam pcre pdf perl pmu png ppds pppd preview-latex python qt3 qt3support qt4 quicktime readline reflection reports sdl session smp spell spl sqlite sse ssl startup-notification svg svga sysfs t1lib tcpd test-framework tetex theora tiff toolkit-scroll-bars truetype unicode usb userlocales vorbis win32codecs wmf x86 xft xml xorg xpm xulrunner xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="synaptics mouse keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" USERLAND="GNU" VIDEO_CARDS="vesa fbdev intel"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

Comment 14 Arfrever Frehtes Taifersar Arahesis (RETIRED) 2009-05-25 16:42:45 UTC

(In reply to comment #13)
> Re-running test 'test_largefile' in verbose mode
> create large file via seek (may be sparse file) ...
> check file size with os.fstat
> 2500000001L =?= 2500000001L ... yes
> check file size with os.stat
> 2500000001L =?= 2500000001L ... yes
> play around with seek() and read() with the built largefile
> test test_largefile crashed -- exceptions.IOError: [Errno 75] Value too large
> for defined data type: '@test'
> Traceback (most recent call last):
>   File "./Lib/test/regrtest.py", line 492, in runtest
>     the_package = __import__(abstest, globals(), locals(), [])
>   File
> "/var/tmp/portage/dev-lang/python-2.4.6/work/Python-2.4.6/Lib/test/test_largefile.py",
> line 89, in ?
>     f = open(name, 'rb')
> IOError: [Errno 75] Value too large for defined data type: '@test'

It's bug #268051.

Comment 15 Christian Faulhammer (RETIRED) 2009-05-25 17:29:32 UTC

(In reply to comment #14)
> It's bug #268051.

 Yes, disabling sandbox helps...so x86 stable.

Comment 16 Robert Buchholz (RETIRED) 2009-05-25 19:33:35 UTC

(In reply to comment #6)
> * http://svn.python.org/view?view=rev&revision=67200
>   Security Issue #2: imageop did not validate arguments correctly and could
>   segfault as a result. CVE-2008-4864.

Imageop is disabled in all Python installs, see also bug 246006.


> * http://svn.python.org/view?view=rev&revision=67726
>   Issue #4469: Prevent expandtabs() on string and unicode
>   objects from causing a segfault when a large width is passed
>   on 32-bit platforms. CVE-2008-5031.
> 

This is the fix for bug 246991. We will continue to keep this a security bug until all arches are done, however we will track GLSA etc at the other bug.

Comment 17 Markus Meier 2009-05-25 19:54:42 UTC

amd64 stable

Comment 18 Raúl Porcel (RETIRED) 2009-05-27 15:53:20 UTC

arm/ia64/m68k/s390/sh/sparc stable