Date: Wednesday, February 26, 2014 @ 05:11:10
Author: fyan
Revision: 206424
upgpkg: python2 2.7.6-3
- fix FS#39040: applied upstream patch for CVE-2014-1912
Modified:
python2/trunk/PKGBUILD
----------+
PKGBUILD | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-02-25 22:23:19 UTC (rev 206423)
+++ PKGBUILD 2014-02-26 04:11:10 UTC (rev 206424)
@@ -5,7 +5,7 @@
pkgname=python2
pkgver=2.7.6
-pkgrel=2
+pkgrel=3
_pybasever=2.7
pkgdesc="A high-level scripting language"
arch=('i686' 'x86_64')
@@ -16,12 +16,19 @@
optdepends=('tk: for IDLE')
conflicts=('python<3')
options=('!makeflags')
-source=(http://www.python.org/ftp/python/${pkgver%rc?}/Python-${pkgver}.tar.xz)
-sha1sums=('8321636af2acbeaa68fc635d7dda7369ed446a80')
+source=(http://www.python.org/ftp/python/${pkgver%rc?}/Python-${pkgver}.tar.xz
+ CVE-2014-1912.patch::http://hg.python.org/cpython/raw-rev/87673659d8f7)
+sha1sums=('8321636af2acbeaa68fc635d7dda7369ed446a80'
+ '1d0527f7b8483e1e0e12867675fdff86f22cd297')
prepare() {
cd "${srcdir}/Python-${pkgver}"
+ # FS#39040 / CVE-2014-1912, upstream report:
http://bugs.python.org/issue20246
+ # Remove the NEWS file update from upstream patch which will cause a conflict
+ sed -i "40,51d" "$srcdir/CVE-2014-1912.patch"
+ patch -p1 -i "$srcdir/CVE-2014-1912.patch"
+
# Temporary workaround for FS#22322
# See http://bugs.python.org/issue10835 for upstream report
sed -i "/progname =/s/python/python${_pybasever}/" Python/pythonrun.c
