pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/lang/python31 Update python31 to 3.1.5.



details:   https://anonhg.NetBSD.org/pkgsrc/rev/2d350bf16713
branches:  trunk
changeset: 602457:2d350bf16713
user:      obache <obache%pkgsrc.org@localhost>
date:      Sat Apr 14 11:22:07 2012 +0000

description:
Update python31 to 3.1.5.
(CVE-2012-0845 is already fixed in pkgsrc)

What's New in Python 3.1.5?
===========================

*Release date: 2012-04-08*

Core and Builtins
-----------------

- Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED
  environment variable, to provide an opt-in way to protect against denial of
  service attacks due to hash collisions within the dict and set types.  Patch
  by David Malcolm, based on work by Victor Stinner.

Library
-------

- Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash
  table internal to the pyexpat module's copy of the expat library to avoid a
  denial of service due to hash collisions.  Patch by David Malcolm with some
  modifications by the expat project.

- Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in
  SimpleXMLRPCServer upon malformed POST request.

- Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC
  IV attack countermeasure.

- Issue #11603: Fix a crash when __str__ is rebound as __repr__.  Patch by
  Andreas Stührk.

diffstat:

 lang/python31/Makefile                    |   3 +--
 lang/python31/dist.mk                     |   4 ++--
 lang/python31/distinfo                    |   8 ++++----
 lang/python31/patches/patch-CVE-2012-0845 |  18 ------------------
 4 files changed, 7 insertions(+), 26 deletions(-)

diffs (64 lines):

diff -r f9c8c5a1ae78 -r 2d350bf16713 lang/python31/Makefile
--- a/lang/python31/Makefile    Sat Apr 14 11:01:44 2012 +0000
+++ b/lang/python31/Makefile    Sat Apr 14 11:22:07 2012 +0000
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.9 2012/03/22 09:20:43 markd Exp $
+# $NetBSD: Makefile,v 1.10 2012/04/14 11:22:07 obache Exp $
 
 .include "dist.mk"
 
 PKGNAME=       python31-${PY_DISTVERSION}
-PKGREVISION=   5
 CATEGORIES=    lang python
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
diff -r f9c8c5a1ae78 -r 2d350bf16713 lang/python31/dist.mk
--- a/lang/python31/dist.mk     Sat Apr 14 11:01:44 2012 +0000
+++ b/lang/python31/dist.mk     Sat Apr 14 11:22:07 2012 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: dist.mk,v 1.1.1.1 2011/06/17 00:10:19 reed Exp $
+# $NetBSD: dist.mk,v 1.2 2012/04/14 11:22:07 obache Exp $
 
-PY_DISTVERSION=        3.1.4
+PY_DISTVERSION=        3.1.5
 DISTNAME=      Python-${PY_DISTVERSION}
 EXTRACT_SUFX=  .tar.bz2
 DISTINFO_FILE= ${.CURDIR}/../../lang/python31/distinfo
diff -r f9c8c5a1ae78 -r 2d350bf16713 lang/python31/distinfo
--- a/lang/python31/distinfo    Sat Apr 14 11:01:44 2012 +0000
+++ b/lang/python31/distinfo    Sat Apr 14 11:22:07 2012 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.10 2012/03/22 09:20:43 markd Exp $
+$NetBSD: distinfo,v 1.11 2012/04/14 11:22:07 obache Exp $
 
-SHA1 (Python-3.1.4.tar.bz2) = 043d0240247f289205deeb0e620d799005202b3c
-RMD160 (Python-3.1.4.tar.bz2) = d537706808b00989a636418b6b6a06357b6bb94b
-Size (Python-3.1.4.tar.bz2) = 9887870 bytes
+SHA1 (Python-3.1.5.tar.bz2) = 48f97250c0482d9672938f5781e66dbd19cd4374
+RMD160 (Python-3.1.5.tar.bz2) = e44b6e014d6750676f08fe3d3e953f4216055336
+Size (Python-3.1.5.tar.bz2) = 9889191 bytes
 SHA1 (patch-CVE-2012-0845) = 747ee5649e0f4062f4c5b6bfb9a7fce24d6e3647
 SHA1 (patch-aa) = ae156c486007cfd14d378dd211108d3af4b841b1
 SHA1 (patch-ab) = 7d4d6aa9239f53f1ce9ecd377890d71557c58ca4
diff -r f9c8c5a1ae78 -r 2d350bf16713 lang/python31/patches/patch-CVE-2012-0845
--- a/lang/python31/patches/patch-CVE-2012-0845 Sat Apr 14 11:01:44 2012 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,18 +0,0 @@
-$NetBSD: patch-CVE-2012-0845,v 1.1 2012/02/15 16:08:26 drochner Exp $
-
-see python bug #14001
-
---- Lib/xmlrpc/server.py.orig  2011-06-11 15:48:51.000000000 +0000
-+++ Lib/xmlrpc/server.py
-@@ -449,7 +449,10 @@ class SimpleXMLRPCRequestHandler(BaseHTT
-             L = []
-             while size_remaining:
-                 chunk_size = min(size_remaining, max_chunk_size)
--                L.append(self.rfile.read(chunk_size))
-+                chunk = self.rfile.read(chunk_size)
-+                if not chunk:
-+                    break
-+                L.append(chunk)
-                 size_remaining -= len(L[-1])
-             data = b''.join(L)
- 



Home | Main Index | Thread Index | Old Index