diff --git a/pkgs/development/interpreters/python/3.2/CVE-2014-1912.patch b/pkgs/development/interpreters/python/3.2/CVE-2014-1912.patch deleted file mode 100644 index c69efd17f964..000000000000 --- a/pkgs/development/interpreters/python/3.2/CVE-2014-1912.patch +++ /dev/null @@ -1,57 +0,0 @@ -# Edited from Mercurial patch: deleted the NEWS hunk, since it didn't apply cleanly. -# It added the following line to NEWS: -# - Issue #20246: Fix buffer overflow in socket.recvfrom_into. - - -# HG changeset patch -# User Benjamin Peterson -# Date 1389671978 18000 -# Node ID 9c56217e5c793685eeaf0ee224848c402bdf1e4c -# Parent 2b5cd6d4d149dea6c6941b7e07ada248b29fc9f6 -complain when nbytes > buflen to fix possible buffer overflow (closes #20246) - -diff --git a/Lib/test/test_socket.py b/Lib/test/test_socket.py ---- a/Lib/test/test_socket.py -+++ b/Lib/test/test_socket.py -@@ -1968,6 +1968,14 @@ class BufferIOTest(SocketConnectedTest): - - _testRecvFromIntoMemoryview = _testRecvFromIntoArray - -+ def testRecvFromIntoSmallBuffer(self): -+ # See issue #20246. -+ buf = bytearray(8) -+ self.assertRaises(ValueError, self.cli_conn.recvfrom_into, buf, 1024) -+ -+ def _testRecvFromIntoSmallBuffer(self): -+ self.serv_conn.send(MSG*2048) -+ - - TIPC_STYPE = 2000 - TIPC_LOWER = 200 -diff --git a/Misc/ACKS b/Misc/ACKS ---- a/Misc/ACKS -+++ b/Misc/ACKS -@@ -1020,6 +1020,7 @@ Eric V. Smith - Christopher Smith - Gregory P. Smith - Roy Smith -+Ryan Smith-Roberts - Rafal Smotrzyk - Dirk Soede - Paul Sokolovsky -diff --git a/Misc/NEWS b/Misc/NEWS ---- a/Modules/socketmodule.c -+++ b/Modules/socketmodule.c -@@ -2598,6 +2598,11 @@ sock_recvfrom_into(PySocketSockObject *s - if (recvlen == 0) { - /* If nbytes was not specified, use the buffer's length */ - recvlen = buflen; -+ } else if (recvlen > buflen) { -+ PyBuffer_Release(&pbuf); -+ PyErr_SetString(PyExc_ValueError, -+ "nbytes is greater than the length of the buffer"); -+ return NULL; - } - - readlen = sock_recvfrom_guts(s, buf, recvlen, flags, &addr); - diff --git a/pkgs/development/interpreters/python/3.2/default.nix b/pkgs/development/interpreters/python/3.2/default.nix index c684266f8225..9222f9fc4e11 100644 --- a/pkgs/development/interpreters/python/3.2/default.nix +++ b/pkgs/development/interpreters/python/3.2/default.nix @@ -19,7 +19,7 @@ with stdenv.lib; let majorVersion = "3.2"; - version = "${majorVersion}.5"; + version = "${majorVersion}.6"; buildInputs = filter (p: p != null) [ zlib bzip2 gdbm sqlite db readline ncurses openssl tcl tk libX11 xproto @@ -30,16 +30,10 @@ stdenv.mkDerivation { inherit majorVersion version; src = fetchurl { - url = "http://www.python.org/ftp/python/${version}/Python-${version}.tar.bz2"; - sha256 = "0pxs234g08v3lar09lvzxw4vqdpwkbqmvkv894j2w7aklskcjd6v"; + url = "http://www.python.org/ftp/python/${version}/Python-${version}.tar.xz"; + sha256 = "1p3vvvh3qw8avq959hdl6bq5d6r7mbhrnigqzgx6mllzh40va4hx"; }; - patches = - [ - # See http://bugs.python.org/issue20246 - ./CVE-2014-1912.patch - ]; - NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isLinux "-lgcc_s"; preConfigure = ''