pkgsrc/lang/python26/dist.mk, branch pkgsrc-2014Q2

pkgsrc/lang/python26/dist.mk, branch pkgsrc-2014Q2 [no description] https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc-2014Q2 2013-11-06T07:25:49Z Python 2.6.9 is a security-fix source-only release for Python 2.6.8, fixing several reported security issues: issue 16037, issue 16038, issue 16039, issue 16040, issue 16041, and issue 16042 (CVE-2013-1752, long lines consuming too much memory), as well as issue 14984 (security enforcement on $HOME/.netrc files), issue 16248 (code execution vulnerability in tkinter), and issue 18709 (CVE-2013-4238, SSL module handling of NULL bytes inside subjectAltName). 2013-11-06T07:25:49Z adam adam@pkgsrc.org 2013-11-06T07:25:49Z urn:sha1:60043f8b7b679c9f0eb08d2ff49ed1acf8e93020 Update python26 to 2.6.8. 2012-04-14T10:47:17Z obache obache@pkgsrc.org 2012-04-14T10:47:17Z urn:sha1:85b968ee6c2380fef3b4e82a23c31da6fb8aff7b (CVE-2012-0845, CVE-2012-1150 are alredy fixed in pkgsrc, CVE-2012-0876 is not affect to pkgsrc, using external expat) What's New in Python 2.6.8? =========================== *Release date: 2012-04-10* No changes since 2.6.8rc2. What's New in Python 2.6.8 rc 2? ================================ *Release date: 2012-03-17* Library ------- - Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash table internal to the pyexpat module's copy of the expat library to avoid a denial of service due to hash collisions. Patch by David Malcolm with some modifications by the expat project. What's New in Python 2.6.8 rc 1? ================================ *Release date: 2012-02-23* Core and Builtins ----------------- - Issue #13703: oCERT-2011-003 CVE-2012-1150: add -R command-line option and PYTHONHASHSEED environment variable, to provide an opt-in way to protect against denial of service attacks due to hash collisions within the dict and set types. Patch by David Malcolm, based on work by Victor Stinner. Library ------- - Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in SimpleXMLRPCServer upon malformed POST request. - Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. Update python26 to 2.6.7. 2011-06-04T03:58:58Z obache obache@pkgsrc.org 2011-06-04T03:58:58Z urn:sha1:98ff2a47e3a0ea8eb985b77e65fe44838c486b1f (CVE-2011-1521 had been fixed in pkgsrc). What's New in Python 2.6.7? =========================== *Release date: 2011-06-03* *NOTE: Python 2.6 is in security-fix-only mode. No non-security bug fixes are allowed. Python 2.6.7 and beyond will be source only releases.* * No changes since 2.6.7rc2. What's New in Python 2.6.7 rc 2? ================================ *Release date: 2011-05-20* *NOTE: Python 2.6 is in security-fix-only mode. No non-security bug fixes are allowed. Python 2.6.7 and beyond will be source only releases.* Library ------- - Issue #11662: Make urllib and urllib2 ignore redirections if the scheme is not HTTP, HTTPS or FTP (CVE-2011-1521). - Issue #11442: Add a charset parameter to the Content-type in SimpleHTTPServer to avoid XSS attacks. What's New in Python 2.6.7 rc 1? ================================ *Release date: 2011-05-06* Library ------- - Issue #9129: smtpd.py is vulnerable to DoS attacks deriving from missing error handling when accepting a new connection. Share distfile related information for each python variants with 2010-09-17T07:11:41Z obache obache@pkgsrc.org 2010-09-17T07:11:41Z urn:sha1:7080dbfdd18e74126c136dfd2b991a640cbc6454 srcdist.mk to make update simplicity.