summaryrefslogtreecommitdiff
path: root/lang/python34
diff options
context:
space:
mode:
authoradam <adam@pkgsrc.org>2017-08-14 09:20:00 +0000
committeradam <adam@pkgsrc.org>2017-08-14 09:20:00 +0000
commit211bd4d2432206c741f63a8d0e515c9a751944ed (patch)
treeeb32958d78047aa483925a37e282deee2dfdaf49 /lang/python34
parent4c652237e7c8f84610fe98d9dfad449b06cabcf5 (diff)
downloadpkgsrc-211bd4d2432206c741f63a8d0e515c9a751944ed.tar.gz
Python 3.4.7:
Security * bpo-29591: Update expat copy from 2.1.1 to 2.2.0 to get fixes of CVE-2016-0718 and CVE-2016-4472. See https://sourceforge.net/p/expat/bugs/537/ for more information. * bpo-30694: Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple security vulnerabilities including: CVE-2017-9233 (External entity infinite loop DoS), CVE-2016-9063 (Integer overflow, re-fix), CVE-2016-0718 (Fix regression bugs from 2.2.0’s fix to CVE-2016-0718) and CVE-2012-0876 (Counter hash flooding with SipHash). Note: the CVE-2016-5300 (Use os- specific entropy sources like getrandom) doesn’t impact Python, since Python already gets entropy from the OS to set the expat secret using XML_SetHashSalt(). * bpo-26657: Fix directory traversal vulnerability with http.server on Windows. This fixes a regression that was introduced in 3.3.4rc1 and 3.4.0rc1. Based on patch by Philipp Hagemeister. * bpo-30500: Fix urllib.parse.splithost() to correctly parse fragments. For example, splithost('//127.0.0.1#@evil.com/') now correctly returns the 127.0.0.1 host, instead of treating @evil.com as the host in an authentification (login@host). * bpo-30730: Prevent environment variables injection in subprocess on Windows. Prevent passing other invalid environment variables and command arguments.
Diffstat (limited to 'lang/python34')
-rw-r--r--lang/python34/dist.mk4
-rw-r--r--lang/python34/distinfo10
2 files changed, 7 insertions, 7 deletions
diff --git a/lang/python34/dist.mk b/lang/python34/dist.mk
index d9b7fdaa38b..e84dfa473de 100644
--- a/lang/python34/dist.mk
+++ b/lang/python34/dist.mk
@@ -1,6 +1,6 @@
-# $NetBSD: dist.mk,v 1.7 2017/01/19 01:25:09 wen Exp $
+# $NetBSD: dist.mk,v 1.8 2017/08/14 09:20:00 adam Exp $
-PY_DISTVERSION= 3.4.6
+PY_DISTVERSION= 3.4.7
DISTNAME= Python-${PY_DISTVERSION}
EXTRACT_SUFX= .tar.xz
DISTINFO_FILE= ${.CURDIR}/../../lang/python34/distinfo
diff --git a/lang/python34/distinfo b/lang/python34/distinfo
index cc1a289b267..4a0e6096f71 100644
--- a/lang/python34/distinfo
+++ b/lang/python34/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.26 2017/05/30 14:04:53 bouyer Exp $
+$NetBSD: distinfo,v 1.27 2017/08/14 09:20:00 adam Exp $
-SHA1 (Python-3.4.6.tar.xz) = ef7dbec63d45760701534990511d686e3acbbe4f
-RMD160 (Python-3.4.6.tar.xz) = a669de69e6728141a6c960877c486c1f094b560d
-SHA512 (Python-3.4.6.tar.xz) = f6785cf6a99a8a27823baefe59cc20e34cbec01bb444c8600e7f49b5437159d5137f9d80fce26e219846d71bfe98f68bc6f0c87719a34db0050a4eaca95959ac
-Size (Python-3.4.6.tar.xz) = 14473592 bytes
+SHA1 (Python-3.4.7.tar.xz) = 7b05bf099f3f311ba568232d0d03d64e67da9908
+RMD160 (Python-3.4.7.tar.xz) = 8c4cde8603a15cd55b59b665a84efd0e8f9d7553
+SHA512 (Python-3.4.7.tar.xz) = 34d303f510210d7e695f65f69819049bdf71607b100cf4658af4620b14385f2e5acc3363f2e1b573509cca651e91c836ccd4fb00982f061a58e9b5c9504cd060
+Size (Python-3.4.7.tar.xz) = 14511368 bytes
SHA1 (patch-Lib_distutils_unixccompiler.py) = 7d6df07921ad3357757d4681a964256b560b3f57
SHA1 (patch-Modules_socketmodule.c) = 3b091755d7c104b5d1fc696a0d4a679ed3565ef4
SHA1 (patch-Modules_socketmodule.h) = ed334a97c2a6662c5b44b4e50c1b8efcc220fa1f