[pkgsrc/pkgsrc-2020Q3]: pkgsrc/security/py-libtaxii Pullup ticket #6345 - req...

[bsiegert <bsiegert%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/df450d9f8cb0
branches:  pkgsrc-2020Q3
changeset: 440968:df450d9f8cb0
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Thu Oct 22 16:10:42 2020 +0000

description:
Pullup ticket #6345 - requested by khorben
security/py-libtaxii: security fix

Revisions pulled up:
- security/py-libtaxii/Makefile                                 1.11
- security/py-libtaxii/PLIST                                    1.3
- security/py-libtaxii/distinfo                                 1.5

---
   Module Name: pkgsrc
   Committed By:        khorben
   Date:                Mon Oct 19 17:21:42 UTC 2020

   Modified Files:
        pkgsrc/security/py-libtaxii: Makefile PLIST distinfo

   Log Message:
   py-libtaxii: update to version 1.1.118

   This notably fixes a security issue, CVE-2020-27197.

   Version 1.1.118:

     * #247 [CVE-2020-27197] Avoid SSRF on parsing XML (@orsinium)

   Version 1.1.117:

     * #244 SSL Verify Server not working correctly (@motok) (@nschwane)
     * #245 Unicode lxml.etree.SerialisationError on lxml 4.5.0+ (@advptr)

   Version 1.1.116:

     * #240 PY3 Compatibility changes for HTTP Response Body (@nschwane)

   Version 1.1.115:

     * #239 Convert the HTTP response body to a string type (PY3 this will
   be bytes) (@sddj)

   Version 1.1.114:

     * #237 Support converting dicts to content bindings (@danielsamuels)
     * #238 Provide XMLParser copies instead of reusing the cached
   instance. Prevents future messages to lose namespace

   Version 1.1.113:

     * #234 Add ability to load a configuration file when executing a script
     * #232 Fix TLS handshake failure when a server requires SNI
   (@marcelslotema)

   Version 1.1.112:

     * #227 Fixes to poll_client script (Python3 compatibility)
     * #226 Clean-up documentation warnings
     * #228 Fix 'HTTPMessage' has no attribute 'getheader' (Python3
   compatibility)
     * #225 Fix checks that involve xpath (lxml) to prevent FutureWarning
   message
     * #230 Fix parsing status message round-trip (@danielsamuels)

   Thanks leot@ and pkgsrc's security team for the heads up!
   Pull-up to be requested.

diffstat:

 security/py-libtaxii/Makefile |   4 ++--
 security/py-libtaxii/PLIST    |   5 ++++-
 security/py-libtaxii/distinfo |  10 +++++-----
 3 files changed, 11 insertions(+), 8 deletions(-)

diffs (46 lines):

diff -r b20dd7905623 -r df450d9f8cb0 security/py-libtaxii/Makefile
--- a/security/py-libtaxii/Makefile     Wed Oct 21 21:52:28 2020 +0000
+++ b/security/py-libtaxii/Makefile     Thu Oct 22 16:10:42 2020 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.10 2018/10/15 11:17:08 adam Exp $
+# $NetBSD: Makefile,v 1.10.16.1 2020/10/22 16:10:42 bsiegert Exp $
 
-DISTNAME=      libtaxii-1.1.111
+DISTNAME=      libtaxii-1.1.118
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=    security python
 #MASTER_SITES= ${MASTER_SITE_PYPI:=l/libtaxii/}
diff -r b20dd7905623 -r df450d9f8cb0 security/py-libtaxii/PLIST
--- a/security/py-libtaxii/PLIST        Wed Oct 21 21:52:28 2020 +0000
+++ b/security/py-libtaxii/PLIST        Thu Oct 22 16:10:42 2020 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.2 2018/10/15 11:17:08 adam Exp $
+@comment $NetBSD: PLIST,v 1.2.16.1 2020/10/22 16:10:42 bsiegert Exp $
 bin/collection_information_client
 bin/collection_information_client.py
 bin/discovery_client
@@ -85,6 +85,9 @@
 ${PYSITELIB}/libtaxii/test/__init__.py
 ${PYSITELIB}/libtaxii/test/__init__.pyc
 ${PYSITELIB}/libtaxii/test/__init__.pyo
+${PYSITELIB}/libtaxii/test/argument_parser_test.py
+${PYSITELIB}/libtaxii/test/argument_parser_test.pyc
+${PYSITELIB}/libtaxii/test/argument_parser_test.pyo
 ${PYSITELIB}/libtaxii/test/clients_test.py
 ${PYSITELIB}/libtaxii/test/clients_test.pyc
 ${PYSITELIB}/libtaxii/test/clients_test.pyo
diff -r b20dd7905623 -r df450d9f8cb0 security/py-libtaxii/distinfo
--- a/security/py-libtaxii/distinfo     Wed Oct 21 21:52:28 2020 +0000
+++ b/security/py-libtaxii/distinfo     Thu Oct 22 16:10:42 2020 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.4 2018/10/15 11:17:08 adam Exp $
+$NetBSD: distinfo,v 1.4.16.1 2020/10/22 16:10:42 bsiegert Exp $
 
-SHA1 (libtaxii-1.1.111.tar.gz) = 50d0a37c0fc50e598d1a939d840d1584f4ebe6e7
-RMD160 (libtaxii-1.1.111.tar.gz) = af52c366c58847adbc0f28241063918b75cfd21b
-SHA512 (libtaxii-1.1.111.tar.gz) = f638317200bb0691c3f994a4d624295bb3b64f4aba249e5b04d5b831eb985550702ef1c7653ca41fd8bb3972cab1c9d524ec540f87bf8581a0c0799ee5a7f831
-Size (libtaxii-1.1.111.tar.gz) = 119071 bytes
+SHA1 (libtaxii-1.1.118.tar.gz) = 4ddd4b6b00666015b2420b9eed69baf1ba626659
+RMD160 (libtaxii-1.1.118.tar.gz) = cd0764a53bf1714f9e100392b8e967f03c93b4a2
+SHA512 (libtaxii-1.1.118.tar.gz) = 858571d6572c6362dd1a1c9e5d13aee0f341ea13b43ed9c96f6b0dddb5347fefdd580e4ae0ac2f8a85c8f8956b04aa16a15604014d069ef7d95a821f70f5f0bc
+Size (libtaxii-1.1.118.tar.gz) = 122071 bytes