CVS commit: pkgsrc/lang/python27/patches

[Michał Górny <mgorny%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   mgorny
Date:           Sun Sep 20 12:10:27 UTC 2020

Modified Files:
        pkgsrc/lang/python27/patches: patch-Lib_httplib.py patch-Lib_tarfile.py
            patch-Lib_test_test__httplib.py patch-Lib_test_test__urllib2.py
            patch-Lib_urllib2.py

Log Message:
lang/python27: Add comments to patches

Add comments explaining bugs fixed and patch source to patches.
Requested by Leonardo Taccari.


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/lang/python27/patches/patch-Lib_httplib.py \
    pkgsrc/lang/python27/patches/patch-Lib_tarfile.py \
    pkgsrc/lang/python27/patches/patch-Lib_test_test__httplib.py \
    pkgsrc/lang/python27/patches/patch-Lib_test_test__urllib2.py \
    pkgsrc/lang/python27/patches/patch-Lib_urllib2.py

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/python27/patches/patch-Lib_httplib.py
diff -u pkgsrc/lang/python27/patches/patch-Lib_httplib.py:1.1 pkgsrc/lang/python27/patches/patch-Lib_httplib.py:1.2
--- pkgsrc/lang/python27/patches/patch-Lib_httplib.py:1.1       Sun Sep 20 11:06:23 2020
+++ pkgsrc/lang/python27/patches/patch-Lib_httplib.py   Sun Sep 20 12:10:27 2020
@@ -1,4 +1,9 @@
-$NetBSD: patch-Lib_httplib.py,v 1.1 2020/09/20 11:06:23 mgorny Exp $
+$NetBSD: patch-Lib_httplib.py,v 1.2 2020/09/20 12:10:27 mgorny Exp $
+
+bpo-39603 (no CVE): header injection via HTTP method
+
+taken from:
+https://gitweb.gentoo.org/fork/cpython.git/commit/?h=gentoo-2.7-vanilla&id=138e2caeb4827ccfd1eaff2cf63afb79dfeeb3c4
 
 --- Lib/httplib.py.orig        2020-04-19 21:13:39.000000000 +0000
 +++ Lib/httplib.py
Index: pkgsrc/lang/python27/patches/patch-Lib_tarfile.py
diff -u pkgsrc/lang/python27/patches/patch-Lib_tarfile.py:1.1 pkgsrc/lang/python27/patches/patch-Lib_tarfile.py:1.2
--- pkgsrc/lang/python27/patches/patch-Lib_tarfile.py:1.1       Sun Sep 20 11:06:23 2020
+++ pkgsrc/lang/python27/patches/patch-Lib_tarfile.py   Sun Sep 20 12:10:27 2020
@@ -1,4 +1,9 @@
-$NetBSD: patch-Lib_tarfile.py,v 1.1 2020/09/20 11:06:23 mgorny Exp $
+$NetBSD: patch-Lib_tarfile.py,v 1.2 2020/09/20 12:10:27 mgorny Exp $
+
+bpo-39017 (CVE-2019-20907): infinite loop in tarfile.py
+
+taken from:
+https://gitweb.gentoo.org/fork/cpython.git/commit/?h=gentoo-2.7-vanilla&id=893e6e3aee483d262df70656a68f63f601720fcd
 
 --- Lib/tarfile.py.orig        2020-04-19 21:13:39.000000000 +0000
 +++ Lib/tarfile.py
Index: pkgsrc/lang/python27/patches/patch-Lib_test_test__httplib.py
diff -u pkgsrc/lang/python27/patches/patch-Lib_test_test__httplib.py:1.1 pkgsrc/lang/python27/patches/patch-Lib_test_test__httplib.py:1.2
--- pkgsrc/lang/python27/patches/patch-Lib_test_test__httplib.py:1.1    Sun Sep 20 11:06:23 2020
+++ pkgsrc/lang/python27/patches/patch-Lib_test_test__httplib.py        Sun Sep 20 12:10:27 2020
@@ -1,4 +1,9 @@
-$NetBSD: patch-Lib_test_test__httplib.py,v 1.1 2020/09/20 11:06:23 mgorny Exp $
+$NetBSD: patch-Lib_test_test__httplib.py,v 1.2 2020/09/20 12:10:27 mgorny Exp $
+
+bpo-39603 (no CVE): header injection via HTTP method
+
+taken from:
+https://gitweb.gentoo.org/fork/cpython.git/commit/?h=gentoo-2.7-vanilla&id=138e2caeb4827ccfd1eaff2cf63afb79dfeeb3c4
 
 --- Lib/test/test_httplib.py.orig      2020-04-19 21:13:39.000000000 +0000
 +++ Lib/test/test_httplib.py
Index: pkgsrc/lang/python27/patches/patch-Lib_test_test__urllib2.py
diff -u pkgsrc/lang/python27/patches/patch-Lib_test_test__urllib2.py:1.1 pkgsrc/lang/python27/patches/patch-Lib_test_test__urllib2.py:1.2
--- pkgsrc/lang/python27/patches/patch-Lib_test_test__urllib2.py:1.1    Sun Sep 20 11:06:23 2020
+++ pkgsrc/lang/python27/patches/patch-Lib_test_test__urllib2.py        Sun Sep 20 12:10:27 2020
@@ -1,4 +1,9 @@
-$NetBSD: patch-Lib_test_test__urllib2.py,v 1.1 2020/09/20 11:06:23 mgorny Exp $
+$NetBSD: patch-Lib_test_test__urllib2.py,v 1.2 2020/09/20 12:10:27 mgorny Exp $
+
+bpo-39503 (CVE-2020-8492): ReDoS on AbstractBasicAuthHandler
+
+taken from:
+https://gitweb.gentoo.org/fork/cpython.git/commit/?h=gentoo-2.7-vanilla&id=2273e65e11dd0234f2f51ebaef61fc6e848d4059
 
 --- Lib/test/test_urllib2.py.orig      2020-04-19 21:13:39.000000000 +0000
 +++ Lib/test/test_urllib2.py
Index: pkgsrc/lang/python27/patches/patch-Lib_urllib2.py
diff -u pkgsrc/lang/python27/patches/patch-Lib_urllib2.py:1.1 pkgsrc/lang/python27/patches/patch-Lib_urllib2.py:1.2
--- pkgsrc/lang/python27/patches/patch-Lib_urllib2.py:1.1       Sun Sep 20 11:06:23 2020
+++ pkgsrc/lang/python27/patches/patch-Lib_urllib2.py   Sun Sep 20 12:10:27 2020
@@ -1,4 +1,9 @@
-$NetBSD: patch-Lib_urllib2.py,v 1.1 2020/09/20 11:06:23 mgorny Exp $
+$NetBSD: patch-Lib_urllib2.py,v 1.2 2020/09/20 12:10:27 mgorny Exp $
+
+bpo-39503 (CVE-2020-8492): ReDoS on AbstractBasicAuthHandler
+
+taken from:
+https://gitweb.gentoo.org/fork/cpython.git/commit/?h=gentoo-2.7-vanilla&id=2273e65e11dd0234f2f51ebaef61fc6e848d4059
 
 --- Lib/urllib2.py.orig        2020-04-19 21:13:39.000000000 +0000
 +++ Lib/urllib2.py