pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/lang/python31

Module Name:    pkgsrc
Committed By:   obache
Date:           Sat Apr 14 11:22:07 UTC 2012

Modified Files:
        pkgsrc/lang/python31: Makefile distinfo
Removed Files:
        pkgsrc/lang/python31/patches: patch-CVE-2012-0845

Log Message:
Update python31 to 3.1.5.
(CVE-2012-0845 is already fixed in pkgsrc)

What's New in Python 3.1.5?

*Release date: 2012-04-08*

Core and Builtins

- Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED
  environment variable, to provide an opt-in way to protect against denial of
  service attacks due to hash collisions within the dict and set types.  Patch
  by David Malcolm, based on work by Victor Stinner.


- Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash
  table internal to the pyexpat module's copy of the expat library to avoid a
  denial of service due to hash collisions.  Patch by David Malcolm with some
  modifications by the expat project.

- Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in
  SimpleXMLRPCServer upon malformed POST request.

- Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC
  IV attack countermeasure.

- Issue #11603: Fix a crash when __str__ is rebound as __repr__.  Patch by
  Andreas Stührk.

To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/python31/Makefile
cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/lang/python31/
cvs rdiff -u -r1.10 -r1.11 pkgsrc/lang/python31/distinfo
cvs rdiff -u -r1.1 -r0 pkgsrc/lang/python31/patches/patch-CVE-2012-0845

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Home | Main Index | Thread Index | Old Index