- Security fixes

Multiple vulnerabilities:

	1) Various integer overflow errors exist in core modules e.g. stringobject,
	   unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule.
	2) An integer overflow in the hashlib module can lead to an unreliable cryptographic digest results.
	3) Integer overflow errors in the processing of unicode strings can be exploited to cause
	   buffer overflows on 32-bit systems.
	4) An integer overflow exists in the PyOS_vsnprintf() function on architectures that do not
	   have a "vsnprintf()" function.
	5) An integer underflow error in the PyOS_vsnprintf() function when passing zero-length strings
	   can lead to memory corruption.

PR:		127172 (based on)
Submitted by:	bf <bf2006a@yahoo.com>
Obtained from:	python svn
Security:	CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3144, CVE-2008-3143. (vuxml come later)

1 files changed, 17 insertions, 0 deletions

diff --git a/lang/python27/files/patch-objects_tupleobject.c b/lang/python27/files/patch-objects_tupleobject.c
new file mode 100644
index 000000000000..eb133b6e002c
--- /dev/null
+++ b/lang/python27/files/patch-objects_tupleobject.c
@@ -0,0 +1,17 @@
+--- Objects/tupleobject.c.orig	2006-08-12 18:03:09.000000000 +0100
++++ Objects/tupleobject.c	2008-08-30 10:16:13.000000000 +0100
+@@ -60,11 +60,12 @@
+ 		Py_ssize_t nbytes = size * sizeof(PyObject *);
+ 		/* Check for overflow */
+ 		if (nbytes / sizeof(PyObject *) != (size_t)size ||
+-		    (nbytes += sizeof(PyTupleObject) - sizeof(PyObject *))
+-		    <= 0)
++		    (nbytes > PY_SSIZE_T_MAX - sizeof(PyTupleObject) - sizeof(PyObject *)))
+ 		{
+ 			return PyErr_NoMemory();
+ 		}
++		nbytes += sizeof(PyTupleObject) - sizeof(PyObject *);
++
+ 		op = PyObject_GC_NewVar(PyTupleObject, &PyTuple_Type, size);
+ 		if (op == NULL)
+ 			return NULL;