CVS commit: pkgsrc/lang/python34

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/lang/python34
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Mon, 14 Aug 2017 09:20:00 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Mon Aug 14 09:20:00 UTC 2017

Modified Files:
        pkgsrc/lang/python34: dist.mk distinfo

Log Message:
Python 3.4.7:

Security
* bpo-29591: Update expat copy from 2.1.1 to 2.2.0 to get fixes of CVE-2016-0718 and CVE-2016-4472. See https://sourceforge.net/p/expat/bugs/537/ for more information.
* bpo-30694: Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple security vulnerabilities including: CVE-2017-9233 (External entity infinite loop DoS), CVE-2016-9063 (Integer overflow, 
re-fix), CVE-2016-0718 (Fix regression bugs from 2.2.0’s fix to CVE-2016-0718) and CVE-2012-0876 (Counter hash flooding with SipHash). Note: the CVE-2016-5300 (Use os- specific entropy sources like 
getrandom) doesn’t impact Python, since Python already gets entropy from the OS to set the expat secret using XML_SetHashSalt().
* bpo-26657: Fix directory traversal vulnerability with http.server on Windows. This fixes a regression that was introduced in 3.3.4rc1 and 3.4.0rc1. Based on patch by Philipp Hagemeister.
* bpo-30500: Fix urllib.parse.splithost() to correctly parse fragments. For example, splithost('//127.0.0.1#@evil.com/') now correctly returns the 127.0.0.1 host, instead of treating @evil.com as the 
host in an authentification (login@host).
* bpo-30730: Prevent environment variables injection in subprocess on Windows. Prevent passing other invalid environment variables and command arguments.


To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 pkgsrc/lang/python34/dist.mk
cvs rdiff -u -r1.26 -r1.27 pkgsrc/lang/python34/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/python34/dist.mk
diff -u pkgsrc/lang/python34/dist.mk:1.7 pkgsrc/lang/python34/dist.mk:1.8
--- pkgsrc/lang/python34/dist.mk:1.7    Thu Jan 19 01:25:09 2017
+++ pkgsrc/lang/python34/dist.mk        Mon Aug 14 09:20:00 2017
@@ -1,6 +1,6 @@
-# $NetBSD: dist.mk,v 1.7 2017/01/19 01:25:09 wen Exp $
+# $NetBSD: dist.mk,v 1.8 2017/08/14 09:20:00 adam Exp $
 
-PY_DISTVERSION=        3.4.6
+PY_DISTVERSION=        3.4.7
 DISTNAME=      Python-${PY_DISTVERSION}
 EXTRACT_SUFX=  .tar.xz
 DISTINFO_FILE= ${.CURDIR}/../../lang/python34/distinfo

Index: pkgsrc/lang/python34/distinfo
diff -u pkgsrc/lang/python34/distinfo:1.26 pkgsrc/lang/python34/distinfo:1.27
--- pkgsrc/lang/python34/distinfo:1.26  Tue May 30 14:04:53 2017
+++ pkgsrc/lang/python34/distinfo       Mon Aug 14 09:20:00 2017
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.26 2017/05/30 14:04:53 bouyer Exp $
+$NetBSD: distinfo,v 1.27 2017/08/14 09:20:00 adam Exp $
 
-SHA1 (Python-3.4.6.tar.xz) = ef7dbec63d45760701534990511d686e3acbbe4f
-RMD160 (Python-3.4.6.tar.xz) = a669de69e6728141a6c960877c486c1f094b560d
-SHA512 (Python-3.4.6.tar.xz) = f6785cf6a99a8a27823baefe59cc20e34cbec01bb444c8600e7f49b5437159d5137f9d80fce26e219846d71bfe98f68bc6f0c87719a34db0050a4eaca95959ac
-Size (Python-3.4.6.tar.xz) = 14473592 bytes
+SHA1 (Python-3.4.7.tar.xz) = 7b05bf099f3f311ba568232d0d03d64e67da9908
+RMD160 (Python-3.4.7.tar.xz) = 8c4cde8603a15cd55b59b665a84efd0e8f9d7553
+SHA512 (Python-3.4.7.tar.xz) = 34d303f510210d7e695f65f69819049bdf71607b100cf4658af4620b14385f2e5acc3363f2e1b573509cca651e91c836ccd4fb00982f061a58e9b5c9504cd060
+Size (Python-3.4.7.tar.xz) = 14511368 bytes
 SHA1 (patch-Lib_distutils_unixccompiler.py) = 7d6df07921ad3357757d4681a964256b560b3f57
 SHA1 (patch-Modules_socketmodule.c) = 3b091755d7c104b5d1fc696a0d4a679ed3565ef4
 SHA1 (patch-Modules_socketmodule.h) = ed334a97c2a6662c5b44b4e50c1b8efcc220fa1f

Prev by Date: CVS commit: pkgsrc/lang/python35
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/lang/python35
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index