Commit Graph

8 Commits

Author SHA1 Message Date
brad
0da69615f6 Fix security issue with Python 2.1/2.2
Zack Weinberg found a vulnerability in the way the exevpe() method
from the os.py module uses a temporary file name. A file which
supposedly should not exist is created in a unsafe way and the method
tries to execute it. The objective of such code is to discover what
error the operating system returns in a portable way.

By exploiting this vulnerability a local attacker can execute
arbitrary code with the privileges of the user running python code
which uses the execvpe() method.

http://python.org/sf/590294
http://python.org/sf/601077
2002-10-08 02:52:25 +00:00
matt
5f9671ba58 taken by Chris Humphries <chumphries@drauku.net> 2002-07-09 12:32:34 +00:00
espie
8e0401df9e More MASTER_SITES_SUBDIR out 2002-05-13 23:31:24 +00:00
matt
585f78ec56 - 2.2 -> 2.2.1
- annotate patches submitted to Python patch tracker
- 100% license compliance: install CHANGES.OpenBSD file
2002-05-11 21:35:13 +00:00
matt
240c522768 fix dependencies
- subpackage @pkgdep -> RUN_DEPENDS
- no no_tkinter shouldn't unconditionally add LIB_DEPENDS of tk
2002-03-23 04:34:22 +00:00
matt
1ee8599ea4 Restore shared libpython. The problem was that pthreads' 64k stack
size is not adequate for some of the complex processing that Zope
does, and -fPIC was aggravating that condition.  Now, if we're using
shared libs, up the stack size to 128k.

Also remove some stray files that never should have been committed
in the first place.
2002-02-25 21:25:37 +00:00
matt
518c580e61 test code crept in, oops 2002-02-15 19:55:14 +00:00
matt
cf056f6c83 Python 2.1.2 and Python 2.2.
Major changes:

- no more threads flavor, threads is now the default.

- subpackage modules that depend on other packages instead of having
largely redundant flavors (unless platform has no shared libs, then
flavors count again)

- shared libpython stuff disabled until someone can figure out why
it makes Zope crash
2002-02-15 19:42:18 +00:00