CVS commit: [pkgsrc-2010Q2] pkgsrc/www/py-paste

To: pkgsrc-changes%netbsd.org@localhost
Subject: CVS commit: [pkgsrc-2010Q2] pkgsrc/www/py-paste
From: Matthias Scheler <tron%netbsd.org@localhost>
Date: Tue, 27 Jul 2010 18:07:44 +0000

Module Name:    pkgsrc
Committed By:   tron
Date:           Tue Jul 27 18:07:44 UTC 2010

Modified Files:
        pkgsrc/www/py-paste [pkgsrc-2010Q2]: Makefile PLIST distinfo

Log Message:
Pullup ticket #3190 - requested by obache
www/py-paste: security update

Revisions pulled up:
- www/py-paste/Makefile                 1.7
- www/py-paste/PLIST                    1.5
- www/py-paste/distinfo                 1.3
---
Module Name:    pkgsrc
Committed By:   obache
Date:           Mon Jul 26 12:38:42 UTC 2010

Modified Files:
        pkgsrc/www/py-paste: Makefile PLIST distinfo

Log Message:
Update py-Paste to 1.7.4.
While here, set LICENSE=mit.

1.7.4
-----

* Fix XSS bug (security issue) with not found handlers for
   :class:`paste.urlparser.StaticURLParser` and
   :class:`paste.urlmap.URLMap`.  If you ask for a path with
   ``/--><script>...`` that will be inserted in the error page and can
   execute Javascript.  Reported by Tim Wintle.

* Replaced :func:`paste.util.mimeparse.desired_match`

1.7.3.1
-------

* Removed directory name from 404 errors in
   :class:`paste.urlparser.StaticURLParser`.

* Fixed packaging to include Javascript and images for
   :mod:`paste.evalexception`

1.7.3
-----

* I got a fever and the only prescription is more :mod:`paste.cowbell`!

* Fix :mod:`paste.httpserver` on Python 2.6.

* Fix :mod:`paste.auth.cookie`, which would insert newlines for long
   cookies.

* :mod:`paste.util.mimeparse` parses a single ``*`` in Accept headers
   (sent by IE 6).

* Fix some problems with the ``wdg_validate`` middleware.

* Improvements to :mod:`paste.auth.auth_tkt`: add httponly support,
   don't always aggressively set cookies without the
   ``wildcard_cookie`` option.  Also on logout, make cookies expire.

* In :class:`paste.proxy.Proxy` handle Content-Length of -1.

* In :mod:`paste.httpexceptions` avoid some unicode errors.

* In :mod:`paste.httpserver` handle ``.read()`` from 100 Continue
   properly (because of a typo it was doing a readline).

* Update ``paste.util.mimeparse`` from `upstream
   <http://code.google.com/p/mimeparse/>`_.


To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.6.6.1 pkgsrc/www/py-paste/Makefile
cvs rdiff -u -r1.4 -r1.4.10.1 pkgsrc/www/py-paste/PLIST
cvs rdiff -u -r1.2 -r1.2.6.1 pkgsrc/www/py-paste/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: [pkgsrc-2010Q2] pkgsrc/doc
Next by Date: CVS commit: pkgsrc/mail/evolution
Previous by Thread: CVS commit: [pkgsrc-2010Q2] pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/mail/evolution
Indexes:

Home | Main Index | Thread Index | Old Index