[pkgsrc/trunk]: pkgsrc/lang/python34 Python 3.4.7:

[adam <adam%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/9861d4f8b9b8
branches:  trunk
changeset: 366392:9861d4f8b9b8
user:      adam <adam%pkgsrc.org@localhost>
date:      Mon Aug 14 09:20:00 2017 +0000

description:
Python 3.4.7:

Security
* bpo-29591: Update expat copy from 2.1.1 to 2.2.0 to get fixes of CVE-2016-0718 and CVE-2016-4472. See https://sourceforge.net/p/expat/bugs/537/ for more information.
* bpo-30694: Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple security vulnerabilities including: CVE-2017-9233 (External entity infinite loop DoS), CVE-2016-9063 (Integer overflow, 
re-fix), CVE-2016-0718 (Fix regression bugs from 2.2.0?s fix to CVE-2016-0718) and CVE-2012-0876 (Counter hash flooding with SipHash). Note: the CVE-2016-5300 (Use os- specific entropy sources like 
getrandom) doesn?t impact Python, since Python already gets entropy from the OS to set the expat secret using XML_SetHashSalt().
* bpo-26657: Fix directory traversal vulnerability with http.server on Windows. This fixes a regression that was introduced in 3.3.4rc1 and 3.4.0rc1. Based on patch by Philipp Hagemeister.
* bpo-30500: Fix urllib.parse.splithost() to correctly parse fragments. For example, splithost('//127.0.0.1#@evil.com/') now correctly returns the 127.0.0.1 host, instead of treating @evil.com as the 
host in an authentification (login@host).
* bpo-30730: Prevent environment variables injection in subprocess on Windows. Prevent passing other invalid environment variables and command arguments.

diffstat:

 lang/python34/dist.mk  |   4 ++--
 lang/python34/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (30 lines):

diff -r 8b9108efa51e -r 9861d4f8b9b8 lang/python34/dist.mk
--- a/lang/python34/dist.mk     Mon Aug 14 09:16:28 2017 +0000
+++ b/lang/python34/dist.mk     Mon Aug 14 09:20:00 2017 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: dist.mk,v 1.7 2017/01/19 01:25:09 wen Exp $
+# $NetBSD: dist.mk,v 1.8 2017/08/14 09:20:00 adam Exp $
 
-PY_DISTVERSION=        3.4.6
+PY_DISTVERSION=        3.4.7
 DISTNAME=      Python-${PY_DISTVERSION}
 EXTRACT_SUFX=  .tar.xz
 DISTINFO_FILE= ${.CURDIR}/../../lang/python34/distinfo
diff -r 8b9108efa51e -r 9861d4f8b9b8 lang/python34/distinfo
--- a/lang/python34/distinfo    Mon Aug 14 09:16:28 2017 +0000
+++ b/lang/python34/distinfo    Mon Aug 14 09:20:00 2017 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.26 2017/05/30 14:04:53 bouyer Exp $
+$NetBSD: distinfo,v 1.27 2017/08/14 09:20:00 adam Exp $
 
-SHA1 (Python-3.4.6.tar.xz) = ef7dbec63d45760701534990511d686e3acbbe4f
-RMD160 (Python-3.4.6.tar.xz) = a669de69e6728141a6c960877c486c1f094b560d
-SHA512 (Python-3.4.6.tar.xz) = f6785cf6a99a8a27823baefe59cc20e34cbec01bb444c8600e7f49b5437159d5137f9d80fce26e219846d71bfe98f68bc6f0c87719a34db0050a4eaca95959ac
-Size (Python-3.4.6.tar.xz) = 14473592 bytes
+SHA1 (Python-3.4.7.tar.xz) = 7b05bf099f3f311ba568232d0d03d64e67da9908
+RMD160 (Python-3.4.7.tar.xz) = 8c4cde8603a15cd55b59b665a84efd0e8f9d7553
+SHA512 (Python-3.4.7.tar.xz) = 34d303f510210d7e695f65f69819049bdf71607b100cf4658af4620b14385f2e5acc3363f2e1b573509cca651e91c836ccd4fb00982f061a58e9b5c9504cd060
+Size (Python-3.4.7.tar.xz) = 14511368 bytes
 SHA1 (patch-Lib_distutils_unixccompiler.py) = 7d6df07921ad3357757d4681a964256b560b3f57
 SHA1 (patch-Modules_socketmodule.c) = 3b091755d7c104b5d1fc696a0d4a679ed3565ef4
 SHA1 (patch-Modules_socketmodule.h) = ed334a97c2a6662c5b44b4e50c1b8efcc220fa1f