pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/lang/python35



Module Name:    pkgsrc
Committed By:   adam
Date:           Mon Aug 14 09:16:28 UTC 2017

Modified Files:
        pkgsrc/lang/python35: PLIST dist.mk distinfo
        pkgsrc/lang/python35/patches: patch-Makefile.pre.in

Log Message:
Python 3.5.4:

Security
* bpo-30730: Prevent environment variables injection in subprocess on Windows. Prevent passing other environment variables and command arguments.
* bpo-30694: Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple security vulnerabilities including: CVE-2017-9233 (External entity infinite loop DoS), CVE-2016-9063 (Integer overflow, 
re-fix), CVE-2016-0718 (Fix regression bugs from 2.2.0’s fix to CVE-2016-0718) and CVE-2012-0876 (Counter hash flooding with SipHash). Note: the CVE-2016-5300 (Use os- specific entropy sources like 
getrandom) doesn’t impact Python, since Python already gets entropy from the OS to set the expat secret using XML_SetHashSalt().
* bpo-30500: Fix urllib.parse.splithost() to correctly parse fragments. For example, splithost('//127.0.0.1#@evil.com/') now correctly returns the 127.0.0.1 host, instead of treating @evil.com as the 
host in an authentification (login@host).
* bpo-29591: Update expat copy from 2.1.1 to 2.2.0 to get fixes of CVE-2016-0718 and CVE-2016-4472. See https://sourceforge.net/p/expat/bugs/537/ for more information.


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/lang/python35/PLIST
cvs rdiff -u -r1.4 -r1.5 pkgsrc/lang/python35/dist.mk
cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/python35/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/python35/patches/patch-Makefile.pre.in

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/python35/PLIST
diff -u pkgsrc/lang/python35/PLIST:1.5 pkgsrc/lang/python35/PLIST:1.6
--- pkgsrc/lang/python35/PLIST:1.5      Thu Jan 19 13:55:53 2017
+++ pkgsrc/lang/python35/PLIST  Mon Aug 14 09:16:28 2017
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.5 2017/01/19 13:55:53 wen Exp $
+@comment $NetBSD: PLIST,v 1.6 2017/08/14 09:16:28 adam Exp $
 bin/2to3-${PY_VER_SUFFIX}
 bin/pydoc${PY_VER_SUFFIX}
 bin/python${PY_VER_SUFFIX}
@@ -2448,7 +2448,6 @@ lib/python${PY_VER_SUFFIX}/telnetlib.pyo
 lib/python${PY_VER_SUFFIX}/tempfile.py
 lib/python${PY_VER_SUFFIX}/tempfile.pyc
 lib/python${PY_VER_SUFFIX}/tempfile.pyo
-lib/python${PY_VER_SUFFIX}/test/185test.db
 lib/python${PY_VER_SUFFIX}/test/Sine-1000Hz-300ms.aif
 lib/python${PY_VER_SUFFIX}/test/__init__.py
 lib/python${PY_VER_SUFFIX}/test/__init__.pyc
@@ -2504,6 +2503,9 @@ lib/python${PY_VER_SUFFIX}/test/badsynta
 lib/python${PY_VER_SUFFIX}/test/badsyntax_future8.py
 lib/python${PY_VER_SUFFIX}/test/badsyntax_future9.py
 lib/python${PY_VER_SUFFIX}/test/badsyntax_pep3120.py
+lib/python${PY_VER_SUFFIX}/test/bisect.py
+lib/python${PY_VER_SUFFIX}/test/bisect.pyc
+lib/python${PY_VER_SUFFIX}/test/bisect.pyo
 lib/python${PY_VER_SUFFIX}/test/bytecode_helper.py
 lib/python${PY_VER_SUFFIX}/test/bytecode_helper.pyc
 lib/python${PY_VER_SUFFIX}/test/bytecode_helper.pyo
@@ -2793,6 +2795,9 @@ lib/python${PY_VER_SUFFIX}/test/mime.typ
 lib/python${PY_VER_SUFFIX}/test/mock_socket.py
 lib/python${PY_VER_SUFFIX}/test/mock_socket.pyc
 lib/python${PY_VER_SUFFIX}/test/mock_socket.pyo
+lib/python${PY_VER_SUFFIX}/test/mod_generics_cache.py
+lib/python${PY_VER_SUFFIX}/test/mod_generics_cache.pyc
+lib/python${PY_VER_SUFFIX}/test/mod_generics_cache.pyo
 lib/python${PY_VER_SUFFIX}/test/mp_fork_bomb.py
 lib/python${PY_VER_SUFFIX}/test/mp_fork_bomb.pyc
 lib/python${PY_VER_SUFFIX}/test/mp_fork_bomb.pyo
@@ -4935,7 +4940,7 @@ lib/python${PY_VER_SUFFIX}/venv/__init__
 lib/python${PY_VER_SUFFIX}/venv/__main__.py
 lib/python${PY_VER_SUFFIX}/venv/__main__.pyc
 lib/python${PY_VER_SUFFIX}/venv/__main__.pyo
-lib/python${PY_VER_SUFFIX}/venv/scripts/posix/activate
+lib/python${PY_VER_SUFFIX}/venv/scripts/common/activate
 lib/python${PY_VER_SUFFIX}/venv/scripts/posix/activate.csh
 lib/python${PY_VER_SUFFIX}/venv/scripts/posix/activate.fish
 lib/python${PY_VER_SUFFIX}/warnings.py

Index: pkgsrc/lang/python35/dist.mk
diff -u pkgsrc/lang/python35/dist.mk:1.4 pkgsrc/lang/python35/dist.mk:1.5
--- pkgsrc/lang/python35/dist.mk:1.4    Thu Jan 19 13:55:53 2017
+++ pkgsrc/lang/python35/dist.mk        Mon Aug 14 09:16:28 2017
@@ -1,6 +1,6 @@
-# $NetBSD: dist.mk,v 1.4 2017/01/19 13:55:53 wen Exp $
+# $NetBSD: dist.mk,v 1.5 2017/08/14 09:16:28 adam Exp $
 
-PY_DISTVERSION=        3.5.3
+PY_DISTVERSION=        3.5.4
 DISTNAME=      Python-${PY_DISTVERSION}
 EXTRACT_SUFX=  .tar.xz
 DISTINFO_FILE= ${.CURDIR}/../../lang/python35/distinfo

Index: pkgsrc/lang/python35/distinfo
diff -u pkgsrc/lang/python35/distinfo:1.11 pkgsrc/lang/python35/distinfo:1.12
--- pkgsrc/lang/python35/distinfo:1.11  Tue May 30 14:04:53 2017
+++ pkgsrc/lang/python35/distinfo       Mon Aug 14 09:16:28 2017
@@ -1,13 +1,13 @@
-$NetBSD: distinfo,v 1.11 2017/05/30 14:04:53 bouyer Exp $
+$NetBSD: distinfo,v 1.12 2017/08/14 09:16:28 adam Exp $
 
-SHA1 (Python-3.5.3.tar.xz) = 127121fdca11e735b3686e300d66f73aba663e93
-RMD160 (Python-3.5.3.tar.xz) = 663ad06b0c4b36e7760f5202e73bc53697f225d2
-SHA512 (Python-3.5.3.tar.xz) = bbcc20e315c63dbc8901d7e7bfa29d4dbdad9335720757d8d679730319fd1d9fcfdb55cf62d620c9b052134170f162c28d653a8af60923185b8932524d827864
-Size (Python-3.5.3.tar.xz) = 15213396 bytes
+SHA1 (Python-3.5.4.tar.xz) = 4aacbd09ca6988255de84a98ab9e4630f584efba
+RMD160 (Python-3.5.4.tar.xz) = b0df9be4047421672456c9c57b4ddc0aaad7c095
+SHA512 (Python-3.5.4.tar.xz) = dbbe2740ee1cce5404b7b6436a9b3887e15f415a1006efa22014ec7e5b1e48c43eed0ff98f6f5b365c527b8d2525be4ce72bbe404ce71c0835529fcd6f0267ff
+Size (Python-3.5.4.tar.xz) = 15332320 bytes
 SHA1 (patch-Include_py__curses.h) = 14359f8d0527eff08073c0aea60dfe8961d9255d
 SHA1 (patch-Lib_distutils_command_install.py) = 9b44f339f65f029b7f17dbc654739a7ae3c12780
 SHA1 (patch-Lib_distutils_unixccompiler.py) = 7d0b70a64b79ee6084c41d8fbb01c8e8e4553419
-SHA1 (patch-Makefile.pre.in) = 174e01e44c61c756131f795dc96100a381876fcb
+SHA1 (patch-Makefile.pre.in) = 330a1a74fbd967e0777860fa3ceecb88ac2eb7fd
 SHA1 (patch-Modules___cursesmodule.c) = 2ab2779e0418a4529987641c254686ba05d28593
 SHA1 (patch-Modules_makesetup) = c9b571eb54fdf0b1e93524a6de6780e8c4119221
 SHA1 (patch-Modules_nismodule.c) = bd290417c265846e238660180e60e76c0f5f696a

Index: pkgsrc/lang/python35/patches/patch-Makefile.pre.in
diff -u pkgsrc/lang/python35/patches/patch-Makefile.pre.in:1.3 pkgsrc/lang/python35/patches/patch-Makefile.pre.in:1.4
--- pkgsrc/lang/python35/patches/patch-Makefile.pre.in:1.3      Thu Jan 19 13:55:53 2017
+++ pkgsrc/lang/python35/patches/patch-Makefile.pre.in  Mon Aug 14 09:16:28 2017
@@ -1,6 +1,6 @@
-$NetBSD: patch-Makefile.pre.in,v 1.3 2017/01/19 13:55:53 wen Exp $
+$NetBSD: patch-Makefile.pre.in,v 1.4 2017/08/14 09:16:28 adam Exp $
 
---- Makefile.pre.in.orig       2017-01-19 11:35:21.000000000 +0000
+--- Makefile.pre.in.orig       2017-08-07 07:59:11.000000000 +0000
 +++ Makefile.pre.in
 @@ -92,7 +92,7 @@ PY_CFLAGS_NODIST=$(CONFIGURE_CFLAGS_NODI
  # be able to build extension modules using the directories specified in the
@@ -11,25 +11,16 @@ $NetBSD: patch-Makefile.pre.in,v 1.3 201
  NO_AS_NEEDED= @NO_AS_NEEDED@
  LDLAST=               @LDLAST@
  SGI_ABI=      @SGI_ABI@
-@@ -723,7 +723,7 @@ Python/importlib_external.h: @GENERATED_
-       ./Programs/_freeze_importlib \
-           $(srcdir)/Lib/importlib/_bootstrap_external.py Python/importlib_external.h
+@@ -864,7 +864,7 @@ regen-opcode-targets:
+       $(PYTHON_FOR_REGEN) $(srcdir)/Python/makeopcodetargets.py \
+               $(srcdir)/Python/opcode_targets.h
  
--Python/importlib.h: @GENERATED_COMMENT@ $(srcdir)/Lib/importlib/_bootstrap.py Programs/_freeze_importlib
-+Python/importlib.h: @GENERATED_COMMENT@ $(srcdir)/Lib/importlib/_bootstrap.py Programs/_freeze_importlib $(LIBRARY_OBJS_OMIT_FROZEN)
-       ./Programs/_freeze_importlib \
-           $(srcdir)/Lib/importlib/_bootstrap.py Python/importlib.h
+-Python/ceval.o: $(srcdir)/Python/opcode_targets.h $(srcdir)/Python/ceval_gil.h
++#Python/ceval.o: $(srcdir)/Python/opcode_targets.h $(srcdir)/Python/ceval_gil.h
  
-@@ -868,7 +868,7 @@ Objects/setobject.o: $(srcdir)/Objects/s
- $(OPCODETARGETS_H): $(OPCODETARGETGEN_FILES)
-       $(PYTHON_FOR_GEN) $(OPCODETARGETGEN) $(OPCODETARGETS_H)
+ Python/frozen.o: $(srcdir)/Python/importlib.h $(srcdir)/Python/importlib_external.h
  
--Python/ceval.o: $(OPCODETARGETS_H) $(srcdir)/Python/ceval_gil.h
-+#Python/ceval.o: $(OPCODETARGETS_H) $(srcdir)/Python/ceval_gil.h
- 
- Python/frozen.o: Python/importlib.h Python/importlib_external.h
- 
-@@ -1108,7 +1108,8 @@ altbininstall: $(BUILDPYTHON) @FRAMEWORK
+@@ -1110,7 +1110,8 @@ altbininstall: $(BUILDPYTHON) @FRAMEWORK
                if test -n "$(PY3LIBRARY)"; then \
                        $(INSTALL_SHARED) $(PY3LIBRARY) $(DESTDIR)$(LIBDIR)/$(PY3LIBRARY); \
                fi; \
@@ -39,7 +30,7 @@ $NetBSD: patch-Makefile.pre.in,v 1.3 201
        fi
        if test "x$(LIPO_32BIT_FLAGS)" != "x" ; then \
                rm -f $(DESTDIR)$(BINDIR)python$(VERSION)-32$(EXE); \
-@@ -1299,11 +1300,6 @@ libinstall:     build_all $(srcdir)/Lib/$(PL
+@@ -1301,11 +1302,6 @@ libinstall:     build_all $(srcdir)/Lib/$(PL
                -x 'bad_coding|badsyntax|site-packages|lib2to3/tests/data' \
                $(DESTDIR)$(LIBDEST)
        -PYTHONPATH=$(DESTDIR)$(LIBDEST) $(RUNSHARED) \
@@ -51,7 +42,7 @@ $NetBSD: patch-Makefile.pre.in,v 1.3 201
                $(PYTHON_FOR_BUILD) -Wi $(DESTDIR)$(LIBDEST)/compileall.py \
                -d $(LIBDEST)/site-packages -f \
                -x badsyntax $(DESTDIR)$(LIBDEST)/site-packages
-@@ -1312,10 +1308,6 @@ libinstall:     build_all $(srcdir)/Lib/$(PL
+@@ -1314,10 +1310,6 @@ libinstall:     build_all $(srcdir)/Lib/$(PL
                -d $(LIBDEST)/site-packages -f \
                -x badsyntax $(DESTDIR)$(LIBDEST)/site-packages
        -PYTHONPATH=$(DESTDIR)$(LIBDEST) $(RUNSHARED) \



Home | Main Index | Thread Index | Old Index