pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/lang/python35
Module Name: pkgsrc
Committed By: adam
Date: Mon Aug 14 09:16:28 UTC 2017
Modified Files:
pkgsrc/lang/python35: PLIST dist.mk distinfo
pkgsrc/lang/python35/patches: patch-Makefile.pre.in
Log Message:
Python 3.5.4:
Security
* bpo-30730: Prevent environment variables injection in subprocess on Windows. Prevent passing other environment variables and command arguments.
* bpo-30694: Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple security vulnerabilities including: CVE-2017-9233 (External entity infinite loop DoS), CVE-2016-9063 (Integer overflow,
re-fix), CVE-2016-0718 (Fix regression bugs from 2.2.0’s fix to CVE-2016-0718) and CVE-2012-0876 (Counter hash flooding with SipHash). Note: the CVE-2016-5300 (Use os- specific entropy sources like
getrandom) doesn’t impact Python, since Python already gets entropy from the OS to set the expat secret using XML_SetHashSalt().
* bpo-30500: Fix urllib.parse.splithost() to correctly parse fragments. For example, splithost('//127.0.0.1#@evil.com/') now correctly returns the 127.0.0.1 host, instead of treating @evil.com as the
host in an authentification (login@host).
* bpo-29591: Update expat copy from 2.1.1 to 2.2.0 to get fixes of CVE-2016-0718 and CVE-2016-4472. See https://sourceforge.net/p/expat/bugs/537/ for more information.
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/lang/python35/PLIST
cvs rdiff -u -r1.4 -r1.5 pkgsrc/lang/python35/dist.mk
cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/python35/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/python35/patches/patch-Makefile.pre.in
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/lang/python35/PLIST
diff -u pkgsrc/lang/python35/PLIST:1.5 pkgsrc/lang/python35/PLIST:1.6
--- pkgsrc/lang/python35/PLIST:1.5 Thu Jan 19 13:55:53 2017
+++ pkgsrc/lang/python35/PLIST Mon Aug 14 09:16:28 2017
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.5 2017/01/19 13:55:53 wen Exp $
+@comment $NetBSD: PLIST,v 1.6 2017/08/14 09:16:28 adam Exp $
bin/2to3-${PY_VER_SUFFIX}
bin/pydoc${PY_VER_SUFFIX}
bin/python${PY_VER_SUFFIX}
@@ -2448,7 +2448,6 @@ lib/python${PY_VER_SUFFIX}/telnetlib.pyo
lib/python${PY_VER_SUFFIX}/tempfile.py
lib/python${PY_VER_SUFFIX}/tempfile.pyc
lib/python${PY_VER_SUFFIX}/tempfile.pyo
-lib/python${PY_VER_SUFFIX}/test/185test.db
lib/python${PY_VER_SUFFIX}/test/Sine-1000Hz-300ms.aif
lib/python${PY_VER_SUFFIX}/test/__init__.py
lib/python${PY_VER_SUFFIX}/test/__init__.pyc
@@ -2504,6 +2503,9 @@ lib/python${PY_VER_SUFFIX}/test/badsynta
lib/python${PY_VER_SUFFIX}/test/badsyntax_future8.py
lib/python${PY_VER_SUFFIX}/test/badsyntax_future9.py
lib/python${PY_VER_SUFFIX}/test/badsyntax_pep3120.py
+lib/python${PY_VER_SUFFIX}/test/bisect.py
+lib/python${PY_VER_SUFFIX}/test/bisect.pyc
+lib/python${PY_VER_SUFFIX}/test/bisect.pyo
lib/python${PY_VER_SUFFIX}/test/bytecode_helper.py
lib/python${PY_VER_SUFFIX}/test/bytecode_helper.pyc
lib/python${PY_VER_SUFFIX}/test/bytecode_helper.pyo
@@ -2793,6 +2795,9 @@ lib/python${PY_VER_SUFFIX}/test/mime.typ
lib/python${PY_VER_SUFFIX}/test/mock_socket.py
lib/python${PY_VER_SUFFIX}/test/mock_socket.pyc
lib/python${PY_VER_SUFFIX}/test/mock_socket.pyo
+lib/python${PY_VER_SUFFIX}/test/mod_generics_cache.py
+lib/python${PY_VER_SUFFIX}/test/mod_generics_cache.pyc
+lib/python${PY_VER_SUFFIX}/test/mod_generics_cache.pyo
lib/python${PY_VER_SUFFIX}/test/mp_fork_bomb.py
lib/python${PY_VER_SUFFIX}/test/mp_fork_bomb.pyc
lib/python${PY_VER_SUFFIX}/test/mp_fork_bomb.pyo
@@ -4935,7 +4940,7 @@ lib/python${PY_VER_SUFFIX}/venv/__init__
lib/python${PY_VER_SUFFIX}/venv/__main__.py
lib/python${PY_VER_SUFFIX}/venv/__main__.pyc
lib/python${PY_VER_SUFFIX}/venv/__main__.pyo
-lib/python${PY_VER_SUFFIX}/venv/scripts/posix/activate
+lib/python${PY_VER_SUFFIX}/venv/scripts/common/activate
lib/python${PY_VER_SUFFIX}/venv/scripts/posix/activate.csh
lib/python${PY_VER_SUFFIX}/venv/scripts/posix/activate.fish
lib/python${PY_VER_SUFFIX}/warnings.py
Index: pkgsrc/lang/python35/dist.mk
diff -u pkgsrc/lang/python35/dist.mk:1.4 pkgsrc/lang/python35/dist.mk:1.5
--- pkgsrc/lang/python35/dist.mk:1.4 Thu Jan 19 13:55:53 2017
+++ pkgsrc/lang/python35/dist.mk Mon Aug 14 09:16:28 2017
@@ -1,6 +1,6 @@
-# $NetBSD: dist.mk,v 1.4 2017/01/19 13:55:53 wen Exp $
+# $NetBSD: dist.mk,v 1.5 2017/08/14 09:16:28 adam Exp $
-PY_DISTVERSION= 3.5.3
+PY_DISTVERSION= 3.5.4
DISTNAME= Python-${PY_DISTVERSION}
EXTRACT_SUFX= .tar.xz
DISTINFO_FILE= ${.CURDIR}/../../lang/python35/distinfo
Index: pkgsrc/lang/python35/distinfo
diff -u pkgsrc/lang/python35/distinfo:1.11 pkgsrc/lang/python35/distinfo:1.12
--- pkgsrc/lang/python35/distinfo:1.11 Tue May 30 14:04:53 2017
+++ pkgsrc/lang/python35/distinfo Mon Aug 14 09:16:28 2017
@@ -1,13 +1,13 @@
-$NetBSD: distinfo,v 1.11 2017/05/30 14:04:53 bouyer Exp $
+$NetBSD: distinfo,v 1.12 2017/08/14 09:16:28 adam Exp $
-SHA1 (Python-3.5.3.tar.xz) = 127121fdca11e735b3686e300d66f73aba663e93
-RMD160 (Python-3.5.3.tar.xz) = 663ad06b0c4b36e7760f5202e73bc53697f225d2
-SHA512 (Python-3.5.3.tar.xz) = bbcc20e315c63dbc8901d7e7bfa29d4dbdad9335720757d8d679730319fd1d9fcfdb55cf62d620c9b052134170f162c28d653a8af60923185b8932524d827864
-Size (Python-3.5.3.tar.xz) = 15213396 bytes
+SHA1 (Python-3.5.4.tar.xz) = 4aacbd09ca6988255de84a98ab9e4630f584efba
+RMD160 (Python-3.5.4.tar.xz) = b0df9be4047421672456c9c57b4ddc0aaad7c095
+SHA512 (Python-3.5.4.tar.xz) = dbbe2740ee1cce5404b7b6436a9b3887e15f415a1006efa22014ec7e5b1e48c43eed0ff98f6f5b365c527b8d2525be4ce72bbe404ce71c0835529fcd6f0267ff
+Size (Python-3.5.4.tar.xz) = 15332320 bytes
SHA1 (patch-Include_py__curses.h) = 14359f8d0527eff08073c0aea60dfe8961d9255d
SHA1 (patch-Lib_distutils_command_install.py) = 9b44f339f65f029b7f17dbc654739a7ae3c12780
SHA1 (patch-Lib_distutils_unixccompiler.py) = 7d0b70a64b79ee6084c41d8fbb01c8e8e4553419
-SHA1 (patch-Makefile.pre.in) = 174e01e44c61c756131f795dc96100a381876fcb
+SHA1 (patch-Makefile.pre.in) = 330a1a74fbd967e0777860fa3ceecb88ac2eb7fd
SHA1 (patch-Modules___cursesmodule.c) = 2ab2779e0418a4529987641c254686ba05d28593
SHA1 (patch-Modules_makesetup) = c9b571eb54fdf0b1e93524a6de6780e8c4119221
SHA1 (patch-Modules_nismodule.c) = bd290417c265846e238660180e60e76c0f5f696a
Index: pkgsrc/lang/python35/patches/patch-Makefile.pre.in
diff -u pkgsrc/lang/python35/patches/patch-Makefile.pre.in:1.3 pkgsrc/lang/python35/patches/patch-Makefile.pre.in:1.4
--- pkgsrc/lang/python35/patches/patch-Makefile.pre.in:1.3 Thu Jan 19 13:55:53 2017
+++ pkgsrc/lang/python35/patches/patch-Makefile.pre.in Mon Aug 14 09:16:28 2017
@@ -1,6 +1,6 @@
-$NetBSD: patch-Makefile.pre.in,v 1.3 2017/01/19 13:55:53 wen Exp $
+$NetBSD: patch-Makefile.pre.in,v 1.4 2017/08/14 09:16:28 adam Exp $
---- Makefile.pre.in.orig 2017-01-19 11:35:21.000000000 +0000
+--- Makefile.pre.in.orig 2017-08-07 07:59:11.000000000 +0000
+++ Makefile.pre.in
@@ -92,7 +92,7 @@ PY_CFLAGS_NODIST=$(CONFIGURE_CFLAGS_NODI
# be able to build extension modules using the directories specified in the
@@ -11,25 +11,16 @@ $NetBSD: patch-Makefile.pre.in,v 1.3 201
NO_AS_NEEDED= @NO_AS_NEEDED@
LDLAST= @LDLAST@
SGI_ABI= @SGI_ABI@
-@@ -723,7 +723,7 @@ Python/importlib_external.h: @GENERATED_
- ./Programs/_freeze_importlib \
- $(srcdir)/Lib/importlib/_bootstrap_external.py Python/importlib_external.h
+@@ -864,7 +864,7 @@ regen-opcode-targets:
+ $(PYTHON_FOR_REGEN) $(srcdir)/Python/makeopcodetargets.py \
+ $(srcdir)/Python/opcode_targets.h
--Python/importlib.h: @GENERATED_COMMENT@ $(srcdir)/Lib/importlib/_bootstrap.py Programs/_freeze_importlib
-+Python/importlib.h: @GENERATED_COMMENT@ $(srcdir)/Lib/importlib/_bootstrap.py Programs/_freeze_importlib $(LIBRARY_OBJS_OMIT_FROZEN)
- ./Programs/_freeze_importlib \
- $(srcdir)/Lib/importlib/_bootstrap.py Python/importlib.h
+-Python/ceval.o: $(srcdir)/Python/opcode_targets.h $(srcdir)/Python/ceval_gil.h
++#Python/ceval.o: $(srcdir)/Python/opcode_targets.h $(srcdir)/Python/ceval_gil.h
-@@ -868,7 +868,7 @@ Objects/setobject.o: $(srcdir)/Objects/s
- $(OPCODETARGETS_H): $(OPCODETARGETGEN_FILES)
- $(PYTHON_FOR_GEN) $(OPCODETARGETGEN) $(OPCODETARGETS_H)
+ Python/frozen.o: $(srcdir)/Python/importlib.h $(srcdir)/Python/importlib_external.h
--Python/ceval.o: $(OPCODETARGETS_H) $(srcdir)/Python/ceval_gil.h
-+#Python/ceval.o: $(OPCODETARGETS_H) $(srcdir)/Python/ceval_gil.h
-
- Python/frozen.o: Python/importlib.h Python/importlib_external.h
-
-@@ -1108,7 +1108,8 @@ altbininstall: $(BUILDPYTHON) @FRAMEWORK
+@@ -1110,7 +1110,8 @@ altbininstall: $(BUILDPYTHON) @FRAMEWORK
if test -n "$(PY3LIBRARY)"; then \
$(INSTALL_SHARED) $(PY3LIBRARY) $(DESTDIR)$(LIBDIR)/$(PY3LIBRARY); \
fi; \
@@ -39,7 +30,7 @@ $NetBSD: patch-Makefile.pre.in,v 1.3 201
fi
if test "x$(LIPO_32BIT_FLAGS)" != "x" ; then \
rm -f $(DESTDIR)$(BINDIR)python$(VERSION)-32$(EXE); \
-@@ -1299,11 +1300,6 @@ libinstall: build_all $(srcdir)/Lib/$(PL
+@@ -1301,11 +1302,6 @@ libinstall: build_all $(srcdir)/Lib/$(PL
-x 'bad_coding|badsyntax|site-packages|lib2to3/tests/data' \
$(DESTDIR)$(LIBDEST)
-PYTHONPATH=$(DESTDIR)$(LIBDEST) $(RUNSHARED) \
@@ -51,7 +42,7 @@ $NetBSD: patch-Makefile.pre.in,v 1.3 201
$(PYTHON_FOR_BUILD) -Wi $(DESTDIR)$(LIBDEST)/compileall.py \
-d $(LIBDEST)/site-packages -f \
-x badsyntax $(DESTDIR)$(LIBDEST)/site-packages
-@@ -1312,10 +1308,6 @@ libinstall: build_all $(srcdir)/Lib/$(PL
+@@ -1314,10 +1310,6 @@ libinstall: build_all $(srcdir)/Lib/$(PL
-d $(LIBDEST)/site-packages -f \
-x badsyntax $(DESTDIR)$(LIBDEST)/site-packages
-PYTHONPATH=$(DESTDIR)$(LIBDEST) $(RUNSHARED) \
Home |
Main Index |
Thread Index |
Old Index