| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
object accesses (CVE-2014-7185)
bump PKGREV
|
|
may be in unusual location.
|
|
Prevent to detect unwanted builtin openssl.
After bump of BUILDLINK_API_DEPENDS.openssl to 1.0.1c,
buitin openssl is not acceptable for various platforms.
|
|
backported from Python 2.7.
|
|
|
|
After bump of BUILDLINK_API_DEPENDS.openssl to 1.0.1c,
buitin openssl is not acceptable for various platforms.
|
|
or rename of module name affect to other parts using this module.
Noticed by Benjamin Lorenz in tech-pkg@.
Additionally, set ALTERNATIVE for bin/smtpd.py.
|
|
|
|
|
|
bump PKGREV
|
|
several reported security issues: issue 16037, issue 16038, issue 16039, issue 16040, issue 16041, and issue 16042 (CVE-2013-1752, long lines consuming too much memory), as well as issue 14984 (security enforcement on $HOME/.netrc files), issue 16248 (code execution vulnerability in tkinter), and issue 18709 (CVE-2013-4238, SSL module handling of NULL bytes inside subjectAltName).
|
|
gcc. Bump revision.
|
|
|
|
are replaced with .include "../../devel/readline/buildlink3.mk", and
USE_GNU_READLINE are removed,
* .include "../../devel/readline/buildlink3.mk" without USE_GNU_READLINE
are replaced with .include "../../mk/readline.buildlink3.mk".
|
|
|
|
|
|
injecting -Wall -Wno-error does not cause the test to produce the wrong
answer. (If it does, the wrong information is installed in /usr/include,
and ultimately provokes PR 47342.)
Same as -r1.8 of python27's patch-al.
|
|
|
|
(additionaly, reset PKGREVISION of qt4-* sub packages from base qt4 update)
|
|
at least on -current
|
|
|
|
It turns out there were a lot of these.
|
|
|
|
(CVE-2012-0845, CVE-2012-1150 are alredy fixed in pkgsrc,
CVE-2012-0876 is not affect to pkgsrc, using external expat)
What's New in Python 2.6.8?
===========================
*Release date: 2012-04-10*
No changes since 2.6.8rc2.
What's New in Python 2.6.8 rc 2?
================================
*Release date: 2012-03-17*
Library
-------
- Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash
table internal to the pyexpat module's copy of the expat library to avoid a
denial of service due to hash collisions. Patch by David Malcolm with some
modifications by the expat project.
What's New in Python 2.6.8 rc 1?
================================
*Release date: 2012-02-23*
Core and Builtins
-----------------
- Issue #13703: oCERT-2011-003 CVE-2012-1150: add -R command-line
option and PYTHONHASHSEED environment variable, to provide an opt-in
way to protect against denial of service attacks due to hash
collisions within the dict and set types. Patch by David Malcolm,
based on work by Victor Stinner.
Library
-------
- Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in
SimpleXMLRPCServer upon malformed POST request.
- Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC
IV attack countermeasure.
|
|
from the Python Mercurial repository.
|
|
by malformed request
bump PKGREV
|
|
|
|
Fixes build on SunOS with gcc>=4.6.
|
|
coping the Mac OS X sdk filename handling.
Thank to Matthias Rampke in PR#45581 for catching this.
|
|
string 'This file is part of GDBM' and ignoring it if it dose.
Thanks to obache@ for the idea.
|
|
"platform" in Python terms is different for Linux kernel 2.* Vs Linux
kernel 3.*. Add in support to pull in a different PLIST for Linux 3.*.
Fixes build under Ubuntu 11.10.
XXX Perhaps it would be cleaner to name the PLIST to match the python platform
name - since we already calculate that anyway, and that is exactly what drives
the contents of these PLISTs.
|
|
belongs to gdbm_compat. I.E. _don't_ use ndbm on Linux.
|
|
awkwardly, leading to Python 2.6 failing to build.
Python 2.7 builds ok, because it has been taught to deal with this.
This patch retro-fits the 2.7 code into 2.6, and allows 2.6 to build on
Ubuntu 11.04.
Ok'd by wiz@
|
|
It is not a leaf package, but the changes affect Mac OS X only.
Test builds on 10.5/i386, 10.6/i386 (thanks tron@), 10.7/i386 and
10.7/x86_64 (thanks ryoon@).
|
|
|
|
|
|
building the select module.
Reviewed by Bernd Ernesti and Jörg Sonnenberger.
|
|
(CVE-2011-1521 had been fixed in pkgsrc).
What's New in Python 2.6.7?
===========================
*Release date: 2011-06-03*
*NOTE: Python 2.6 is in security-fix-only mode. No non-security bug fixes are
allowed. Python 2.6.7 and beyond will be source only releases.*
* No changes since 2.6.7rc2.
What's New in Python 2.6.7 rc 2?
================================
*Release date: 2011-05-20*
*NOTE: Python 2.6 is in security-fix-only mode. No non-security bug fixes are
allowed. Python 2.6.7 and beyond will be source only releases.*
Library
-------
- Issue #11662: Make urllib and urllib2 ignore redirections if the
scheme is not HTTP, HTTPS or FTP (CVE-2011-1521).
- Issue #11442: Add a charset parameter to the Content-type in SimpleHTTPServer
to avoid XSS attacks.
What's New in Python 2.6.7 rc 1?
================================
*Release date: 2011-05-06*
Library
-------
- Issue #9129: smtpd.py is vulnerable to DoS attacks deriving from missing
error handling when accepting a new connection.
|
|
Fixes build on SunOS.
|
|
with revision 1.26 of "pkgsrc/mk/check/check-interpreter.mk".
Bump package revision because the binary package changed.
|
|
|
|
|
|
definitions which do things behind the client pkgs back, in particular
manipulate the library search path
It is well possible that this causes some fallout, but I hope it
will be small and can be dealt with on a per-pkg basis.
(partly) suggested by Mark Davies on tech-pkg
|
|
stricter redirect handling in urllib, to prevent redirects to eg
"file://" URLs (CVE-2011-1521)
bump PKGREV
|
|
taken from the Python SVN repository.
|
|
|
|
|
|
* Use $(CC) for LDSHARED on NetBSD and DragonFly like any other.
Fixes PR#42598 for that libpython will be linked with sufficient flags.
Bump PKGREVISION.
|
|
fixes taken from the Python 2.7 branch in the Python SVN repository.
|
|
http://svn.python.org/view/python/branches/release27-maint/Lib/smtpd.py?r1=86084
&r2=82503&view=patch
|
