diff options
| author | Lee Packham | 2014-03-04 17:59:59 +0000 |
|---|---|---|
| committer | Mike McQuaid | 2014-03-05 10:17:48 +0000 |
| commit | 2cf8a5cee9e4e5357383c9f50bd9368501bf5ec6 (patch) | |
| tree | cc19aa69b5c0cac567d949d64b27dd2ce3fe1a44 /Library/Formula/python.rb | |
| parent | 4f88fd7d0050c059ae71293e6502ef4046c3da1c (diff) | |
| download | homebrew-2cf8a5cee9e4e5357383c9f50bd9368501bf5ec6.tar.bz2 | |
python: backport security fix for CVE-2014-1912.
A vulnerability was reported [1] in Python's socket module, due to a
boundary error within the sock_recvfrom_into() function, which could be
exploited to cause a buffer overflow.
This could be used to crash a Python application that uses the
socket.recvfrom_info() function or, possibly, execute arbitrary code
with the permissions of the user running vulnerable Python code.
This vulnerable function, socket.recvfrom_into(), was introduced in
Python 2.5. Earlier versions are not affected by this flaw nor is Python
3.3.4 which is already in Homebrew.
[1] http://bugs.python.org/issue20246
Closes #27194.
Signed-off-by: Mike McQuaid <mike@mikemcquaid.com>
Diffstat (limited to 'Library/Formula/python.rb')
| -rw-r--r-- | Library/Formula/python.rb | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/Library/Formula/python.rb b/Library/Formula/python.rb index 9c59043fe..02c5ba2d0 100644 --- a/Library/Formula/python.rb +++ b/Library/Formula/python.rb @@ -35,9 +35,16 @@ class Python < Formula end def patches + p = {} + # Backported security fix for CVE-2014-1912: + # http://bugs.python.org/issue20246 + p[:p0] = "https://gist.githubusercontent.com/leepa/9351856/raw/7f9130077fd760fcf9a25f50b69d9c77b155fbc5/CVE-2014-1912.patch" # Patch to disable the search for Tk.framework, since Homebrew's Tk is # a plain unix build. Remove `-lX11`, too because our Tk is "AquaTk". - DATA if build.with? 'brewed-tk' + if build.with? "brewed-tk" + p[:p1] = DATA + end + p end def lib_cellar |