diff options
author | adam <adam@pkgsrc.org> | 2017-08-14 09:20:00 +0000 |
---|---|---|
committer | adam <adam@pkgsrc.org> | 2017-08-14 09:20:00 +0000 |
commit | 211bd4d2432206c741f63a8d0e515c9a751944ed (patch) | |
tree | eb32958d78047aa483925a37e282deee2dfdaf49 /lang/python34 | |
parent | 4c652237e7c8f84610fe98d9dfad449b06cabcf5 (diff) | |
download | pkgsrc-211bd4d2432206c741f63a8d0e515c9a751944ed.tar.gz |
Python 3.4.7:
Security
* bpo-29591: Update expat copy from 2.1.1 to 2.2.0 to get fixes of CVE-2016-0718 and CVE-2016-4472. See https://sourceforge.net/p/expat/bugs/537/ for more information.
* bpo-30694: Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple security vulnerabilities including: CVE-2017-9233 (External entity infinite loop DoS), CVE-2016-9063 (Integer overflow, re-fix), CVE-2016-0718 (Fix regression bugs from 2.2.0’s fix to CVE-2016-0718) and CVE-2012-0876 (Counter hash flooding with SipHash). Note: the CVE-2016-5300 (Use os- specific entropy sources like getrandom) doesn’t impact Python, since Python already gets entropy from the OS to set the expat secret using XML_SetHashSalt().
* bpo-26657: Fix directory traversal vulnerability with http.server on Windows. This fixes a regression that was introduced in 3.3.4rc1 and 3.4.0rc1. Based on patch by Philipp Hagemeister.
* bpo-30500: Fix urllib.parse.splithost() to correctly parse fragments. For example, splithost('//127.0.0.1#@evil.com/') now correctly returns the 127.0.0.1 host, instead of treating @evil.com as the host in an authentification (login@host).
* bpo-30730: Prevent environment variables injection in subprocess on Windows. Prevent passing other invalid environment variables and command arguments.
Diffstat (limited to 'lang/python34')
-rw-r--r-- | lang/python34/dist.mk | 4 | ||||
-rw-r--r-- | lang/python34/distinfo | 10 |
2 files changed, 7 insertions, 7 deletions
diff --git a/lang/python34/dist.mk b/lang/python34/dist.mk index d9b7fdaa38b..e84dfa473de 100644 --- a/lang/python34/dist.mk +++ b/lang/python34/dist.mk @@ -1,6 +1,6 @@ -# $NetBSD: dist.mk,v 1.7 2017/01/19 01:25:09 wen Exp $ +# $NetBSD: dist.mk,v 1.8 2017/08/14 09:20:00 adam Exp $ -PY_DISTVERSION= 3.4.6 +PY_DISTVERSION= 3.4.7 DISTNAME= Python-${PY_DISTVERSION} EXTRACT_SUFX= .tar.xz DISTINFO_FILE= ${.CURDIR}/../../lang/python34/distinfo diff --git a/lang/python34/distinfo b/lang/python34/distinfo index cc1a289b267..4a0e6096f71 100644 --- a/lang/python34/distinfo +++ b/lang/python34/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.26 2017/05/30 14:04:53 bouyer Exp $ +$NetBSD: distinfo,v 1.27 2017/08/14 09:20:00 adam Exp $ -SHA1 (Python-3.4.6.tar.xz) = ef7dbec63d45760701534990511d686e3acbbe4f -RMD160 (Python-3.4.6.tar.xz) = a669de69e6728141a6c960877c486c1f094b560d -SHA512 (Python-3.4.6.tar.xz) = f6785cf6a99a8a27823baefe59cc20e34cbec01bb444c8600e7f49b5437159d5137f9d80fce26e219846d71bfe98f68bc6f0c87719a34db0050a4eaca95959ac -Size (Python-3.4.6.tar.xz) = 14473592 bytes +SHA1 (Python-3.4.7.tar.xz) = 7b05bf099f3f311ba568232d0d03d64e67da9908 +RMD160 (Python-3.4.7.tar.xz) = 8c4cde8603a15cd55b59b665a84efd0e8f9d7553 +SHA512 (Python-3.4.7.tar.xz) = 34d303f510210d7e695f65f69819049bdf71607b100cf4658af4620b14385f2e5acc3363f2e1b573509cca651e91c836ccd4fb00982f061a58e9b5c9504cd060 +Size (Python-3.4.7.tar.xz) = 14511368 bytes SHA1 (patch-Lib_distutils_unixccompiler.py) = 7d6df07921ad3357757d4681a964256b560b3f57 SHA1 (patch-Modules_socketmodule.c) = 3b091755d7c104b5d1fc696a0d4a679ed3565ef4 SHA1 (patch-Modules_socketmodule.h) = ed334a97c2a6662c5b44b4e50c1b8efcc220fa1f |