python: backport security fix for CVE-2014-1912.
A vulnerability was reported [1] in Python's socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code. This vulnerable function, socket.recvfrom_into(), was introduced in Python 2.5. Earlier versions are not affected by this flaw nor is Python 3.3.4 which is already in Homebrew. [1] http://bugs.python.org/issue20246 Closes Homebrew/homebrew#27194. Signed-off-by: Mike McQuaid <mike@mikemcquaid.com>
This commit is contained in:
Lee Packham
Mike McQuaid
parent
b3f7103fdb
commit
734f1a5cd8
1 changed files with 8 additions and 1 deletions
|
|
@ -35,9 +35,16 @@ class Python < Formula
|
|||
end
|
||||
|
||||
def patches
|
||||
p = {}
|
||||
# Backported security fix for CVE-2014-1912:
|
||||
# http://bugs.python.org/issue20246
|
||||
p[:p0] = "https://gist.githubusercontent.com/leepa/9351856/raw/7f9130077fd760fcf9a25f50b69d9c77b155fbc5/CVE-2014-1912.patch"
|
||||
# Patch to disable the search for Tk.framework, since Homebrew's Tk is
|
||||
# a plain unix build. Remove `-lX11`, too because our Tk is "AquaTk".
|
||||
DATA if build.with? 'brewed-tk'
|
||||
if build.with? "brewed-tk"
|
||||
p[:p1] = DATA
|
||||
end
|
||||
p
|
||||
end
|
||||
|
||||
def lib_cellar
|
||||
|
|
|
|||
Loading…
Reference in a new issue