Python 3.5.4:

Security * bpo-30730: Prevent environment variables injection in subprocess on Windows. Prevent passing other environment variables and command arguments. * bpo-30694: Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple security vulnerabilities including: CVE-2017-9233 (External entity infinite loop DoS), CVE-2016-9063 (Integer overflow, re-fix), CVE-2016-0718 (Fix regression bugs from 2.2.0’s fix to CVE-2016-0718) and CVE-2012-0876 (Counter hash flooding with SipHash). Note: the CVE-2016-5300 (Use os- specific entropy sources like getrandom) doesn’t impact Python, since Python already gets entropy from the OS to set the expat secret using XML_SetHashSalt(). * bpo-30500: Fix urllib.parse.splithost() to correctly parse fragments. For example, splithost('//127.0.0.1#@evil.com/') now correctly returns the 127.0.0.1 host, instead of treating @evil.com as the host in an authentification (login@host). * bpo-29591: Update expat copy from 2.1.1 to 2.2.0 to get fixes of CVE-2016-0718 and CVE-2016-4472. See https://sourceforge.net/p/expat/bugs/537/ for more information.
author: adam <adam@pkgsrc.org> 2017-08-14 09:16:28 +0000
committer: adam <adam@pkgsrc.org> 2017-08-14 09:16:28 +0000
commit: 4c652237e7c8f84610fe98d9dfad449b06cabcf5 (patch)
tree: 573741814f74ed07dadaf448444e012146e45d8a /lang/python35
parent: 311aae34ef46863e270abfb20dc18e10c2dfdd5d (diff)
download: pkgsrc-4c652237e7c8f84610fe98d9dfad449b06cabcf5.tar.gz
4 files changed, 27 insertions, 31 deletions
diff --git a/lang/python35/PLIST b/lang/python35/PLIST
index 0fa6d756cf7..2262358552c 100644
--- a/lang/python35/PLIST
+++ b/lang/python35/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.5 2017/01/19 13:55:53 wen Exp $
+@comment $NetBSD: PLIST,v 1.6 2017/08/14 09:16:28 adam Exp $
 bin/2to3-${PY_VER_SUFFIX}
 bin/pydoc${PY_VER_SUFFIX}
 bin/python${PY_VER_SUFFIX}
@@ -2448,7 +2448,6 @@ lib/python${PY_VER_SUFFIX}/telnetlib.pyo
 lib/python${PY_VER_SUFFIX}/tempfile.py
 lib/python${PY_VER_SUFFIX}/tempfile.pyc
 lib/python${PY_VER_SUFFIX}/tempfile.pyo
-lib/python${PY_VER_SUFFIX}/test/185test.db
 lib/python${PY_VER_SUFFIX}/test/Sine-1000Hz-300ms.aif
 lib/python${PY_VER_SUFFIX}/test/__init__.py
 lib/python${PY_VER_SUFFIX}/test/__init__.pyc
@@ -2504,6 +2503,9 @@ lib/python${PY_VER_SUFFIX}/test/badsyntax_future7.py
 lib/python${PY_VER_SUFFIX}/test/badsyntax_future8.py
 lib/python${PY_VER_SUFFIX}/test/badsyntax_future9.py
 lib/python${PY_VER_SUFFIX}/test/badsyntax_pep3120.py
+lib/python${PY_VER_SUFFIX}/test/bisect.py
+lib/python${PY_VER_SUFFIX}/test/bisect.pyc
+lib/python${PY_VER_SUFFIX}/test/bisect.pyo
 lib/python${PY_VER_SUFFIX}/test/bytecode_helper.py
 lib/python${PY_VER_SUFFIX}/test/bytecode_helper.pyc
 lib/python${PY_VER_SUFFIX}/test/bytecode_helper.pyo
@@ -2793,6 +2795,9 @@ lib/python${PY_VER_SUFFIX}/test/mime.types
 lib/python${PY_VER_SUFFIX}/test/mock_socket.py
 lib/python${PY_VER_SUFFIX}/test/mock_socket.pyc
 lib/python${PY_VER_SUFFIX}/test/mock_socket.pyo
+lib/python${PY_VER_SUFFIX}/test/mod_generics_cache.py
+lib/python${PY_VER_SUFFIX}/test/mod_generics_cache.pyc
+lib/python${PY_VER_SUFFIX}/test/mod_generics_cache.pyo
 lib/python${PY_VER_SUFFIX}/test/mp_fork_bomb.py
 lib/python${PY_VER_SUFFIX}/test/mp_fork_bomb.pyc
 lib/python${PY_VER_SUFFIX}/test/mp_fork_bomb.pyo
@@ -4935,7 +4940,7 @@ lib/python${PY_VER_SUFFIX}/venv/__init__.pyo
 lib/python${PY_VER_SUFFIX}/venv/__main__.py
 lib/python${PY_VER_SUFFIX}/venv/__main__.pyc
 lib/python${PY_VER_SUFFIX}/venv/__main__.pyo
-lib/python${PY_VER_SUFFIX}/venv/scripts/posix/activate
+lib/python${PY_VER_SUFFIX}/venv/scripts/common/activate
 lib/python${PY_VER_SUFFIX}/venv/scripts/posix/activate.csh
 lib/python${PY_VER_SUFFIX}/venv/scripts/posix/activate.fish
 lib/python${PY_VER_SUFFIX}/warnings.py
diff --git a/lang/python35/dist.mk b/lang/python35/dist.mk
index 599219b8543..a9701411a7b 100644
--- a/lang/python35/dist.mk
+++ b/lang/python35/dist.mk
@@ -1,6 +1,6 @@
-# $NetBSD: dist.mk,v 1.4 2017/01/19 13:55:53 wen Exp $
+# $NetBSD: dist.mk,v 1.5 2017/08/14 09:16:28 adam Exp $
 
-PY_DISTVERSION=	3.5.3
+PY_DISTVERSION=	3.5.4
 DISTNAME=	Python-${PY_DISTVERSION}
 EXTRACT_SUFX=	.tar.xz
 DISTINFO_FILE=	${.CURDIR}/../../lang/python35/distinfo
diff --git a/lang/python35/distinfo b/lang/python35/distinfo
index a18cb8a3d8b..1b29bb9b38b 100644
--- a/lang/python35/distinfo
+++ b/lang/python35/distinfo
@@ -1,13 +1,13 @@
-$NetBSD: distinfo,v 1.11 2017/05/30 14:04:53 bouyer Exp $
+$NetBSD: distinfo,v 1.12 2017/08/14 09:16:28 adam Exp $
 
-SHA1 (Python-3.5.3.tar.xz) = 127121fdca11e735b3686e300d66f73aba663e93
-RMD160 (Python-3.5.3.tar.xz) = 663ad06b0c4b36e7760f5202e73bc53697f225d2
-SHA512 (Python-3.5.3.tar.xz) = bbcc20e315c63dbc8901d7e7bfa29d4dbdad9335720757d8d679730319fd1d9fcfdb55cf62d620c9b052134170f162c28d653a8af60923185b8932524d827864
-Size (Python-3.5.3.tar.xz) = 15213396 bytes
+SHA1 (Python-3.5.4.tar.xz) = 4aacbd09ca6988255de84a98ab9e4630f584efba
+RMD160 (Python-3.5.4.tar.xz) = b0df9be4047421672456c9c57b4ddc0aaad7c095
+SHA512 (Python-3.5.4.tar.xz) = dbbe2740ee1cce5404b7b6436a9b3887e15f415a1006efa22014ec7e5b1e48c43eed0ff98f6f5b365c527b8d2525be4ce72bbe404ce71c0835529fcd6f0267ff
+Size (Python-3.5.4.tar.xz) = 15332320 bytes
 SHA1 (patch-Include_py__curses.h) = 14359f8d0527eff08073c0aea60dfe8961d9255d
 SHA1 (patch-Lib_distutils_command_install.py) = 9b44f339f65f029b7f17dbc654739a7ae3c12780
 SHA1 (patch-Lib_distutils_unixccompiler.py) = 7d0b70a64b79ee6084c41d8fbb01c8e8e4553419
-SHA1 (patch-Makefile.pre.in) = 174e01e44c61c756131f795dc96100a381876fcb
+SHA1 (patch-Makefile.pre.in) = 330a1a74fbd967e0777860fa3ceecb88ac2eb7fd
 SHA1 (patch-Modules___cursesmodule.c) = 2ab2779e0418a4529987641c254686ba05d28593
 SHA1 (patch-Modules_makesetup) = c9b571eb54fdf0b1e93524a6de6780e8c4119221
 SHA1 (patch-Modules_nismodule.c) = bd290417c265846e238660180e60e76c0f5f696a
diff --git a/lang/python35/patches/patch-Makefile.pre.in b/lang/python35/patches/patch-Makefile.pre.in
index 76f5b5250cf..8f9b96db1ef 100644
--- a/lang/python35/patches/patch-Makefile.pre.in
+++ b/lang/python35/patches/patch-Makefile.pre.in
@@ -1,6 +1,6 @@
-$NetBSD: patch-Makefile.pre.in,v 1.3 2017/01/19 13:55:53 wen Exp $
+$NetBSD: patch-Makefile.pre.in,v 1.4 2017/08/14 09:16:28 adam Exp $
 
---- Makefile.pre.in.orig	2017-01-19 11:35:21.000000000 +0000
+--- Makefile.pre.in.orig	2017-08-07 07:59:11.000000000 +0000
 +++ Makefile.pre.in
 @@ -92,7 +92,7 @@ PY_CFLAGS_NODIST=$(CONFIGURE_CFLAGS_NODI
  # be able to build extension modules using the directories specified in the
@@ -11,25 +11,16 @@ $NetBSD: patch-Makefile.pre.in,v 1.3 2017/01/19 13:55:53 wen Exp $
  NO_AS_NEEDED=	@NO_AS_NEEDED@
  LDLAST=		@LDLAST@
  SGI_ABI=	@SGI_ABI@
-@@ -723,7 +723,7 @@ Python/importlib_external.h: @GENERATED_
- 	./Programs/_freeze_importlib \
- 	    $(srcdir)/Lib/importlib/_bootstrap_external.py Python/importlib_external.h
+@@ -864,7 +864,7 @@ regen-opcode-targets:
+ 	$(PYTHON_FOR_REGEN) $(srcdir)/Python/makeopcodetargets.py \
+ 		$(srcdir)/Python/opcode_targets.h
  
--Python/importlib.h: @GENERATED_COMMENT@ $(srcdir)/Lib/importlib/_bootstrap.py Programs/_freeze_importlib
-+Python/importlib.h: @GENERATED_COMMENT@ $(srcdir)/Lib/importlib/_bootstrap.py Programs/_freeze_importlib $(LIBRARY_OBJS_OMIT_FROZEN)
- 	./Programs/_freeze_importlib \
- 	    $(srcdir)/Lib/importlib/_bootstrap.py Python/importlib.h
+-Python/ceval.o: $(srcdir)/Python/opcode_targets.h $(srcdir)/Python/ceval_gil.h
++#Python/ceval.o: $(srcdir)/Python/opcode_targets.h $(srcdir)/Python/ceval_gil.h
  
-@@ -868,7 +868,7 @@ Objects/setobject.o: $(srcdir)/Objects/s
- $(OPCODETARGETS_H): $(OPCODETARGETGEN_FILES)
- 	$(PYTHON_FOR_GEN) $(OPCODETARGETGEN) $(OPCODETARGETS_H)
+ Python/frozen.o: $(srcdir)/Python/importlib.h $(srcdir)/Python/importlib_external.h
  
--Python/ceval.o: $(OPCODETARGETS_H) $(srcdir)/Python/ceval_gil.h
-+#Python/ceval.o: $(OPCODETARGETS_H) $(srcdir)/Python/ceval_gil.h
- 
- Python/frozen.o: Python/importlib.h Python/importlib_external.h
- 
-@@ -1108,7 +1108,8 @@ altbininstall: $(BUILDPYTHON) @FRAMEWORK
+@@ -1110,7 +1110,8 @@ altbininstall: $(BUILDPYTHON) @FRAMEWORK
  		if test -n "$(PY3LIBRARY)"; then \
  			$(INSTALL_SHARED) $(PY3LIBRARY) $(DESTDIR)$(LIBDIR)/$(PY3LIBRARY); \
  		fi; \
@@ -39,7 +30,7 @@ $NetBSD: patch-Makefile.pre.in,v 1.3 2017/01/19 13:55:53 wen Exp $
  	fi
  	if test "x$(LIPO_32BIT_FLAGS)" != "x" ; then \
  		rm -f $(DESTDIR)$(BINDIR)python$(VERSION)-32$(EXE); \
-@@ -1299,11 +1300,6 @@ libinstall:	build_all $(srcdir)/Lib/$(PL
+@@ -1301,11 +1302,6 @@ libinstall:	build_all $(srcdir)/Lib/$(PL
  		-x 'bad_coding|badsyntax|site-packages|lib2to3/tests/data' \
  		$(DESTDIR)$(LIBDEST)
  	-PYTHONPATH=$(DESTDIR)$(LIBDEST) $(RUNSHARED) \
@@ -51,7 +42,7 @@ $NetBSD: patch-Makefile.pre.in,v 1.3 2017/01/19 13:55:53 wen Exp $
  		$(PYTHON_FOR_BUILD) -Wi $(DESTDIR)$(LIBDEST)/compileall.py \
  		-d $(LIBDEST)/site-packages -f \
  		-x badsyntax $(DESTDIR)$(LIBDEST)/site-packages
-@@ -1312,10 +1308,6 @@ libinstall:	build_all $(srcdir)/Lib/$(PL
+@@ -1314,10 +1310,6 @@ libinstall:	build_all $(srcdir)/Lib/$(PL
  		-d $(LIBDEST)/site-packages -f \
  		-x badsyntax $(DESTDIR)$(LIBDEST)/site-packages
  	-PYTHONPATH=$(DESTDIR)$(LIBDEST) $(RUNSHARED) \
author	adam <adam@pkgsrc.org>	2017-08-14 09:16:28 +0000
committer	adam <adam@pkgsrc.org>	2017-08-14 09:16:28 +0000
commit	4c652237e7c8f84610fe98d9dfad449b06cabcf5 (patch)
tree	573741814f74ed07dadaf448444e012146e45d8a /lang/python35
parent	311aae34ef46863e270abfb20dc18e10c2dfdd5d (diff)
download	pkgsrc-4c652237e7c8f84610fe98d9dfad449b06cabcf5.tar.gz