(CVE-2012-0845 is already fixed in pkgsrc)
What's New in Python 3.1.5?
===========================
*Release date: 2012-04-08*
Core and Builtins
-----------------
- Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED
environment variable, to provide an opt-in way to protect against denial of
service attacks due to hash collisions within the dict and set types. Patch
by David Malcolm, based on work by Victor Stinner.
Library
-------
- Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash
table internal to the pyexpat module's copy of the expat library to avoid a
denial of service due to hash collisions. Patch by David Malcolm with some
modifications by the expat project.
- Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in
SimpleXMLRPCServer upon malformed POST request.
- Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC
IV attack countermeasure.
- Issue #11603: Fix a crash when __str__ is rebound as __repr__. Patch by
Andreas Stührk.
* also rename idle3 with version suffix to avoid conflict with future python3.
* stop to rename smtpd.py, it will not be installed as script in python3.
Bump PKGREVISION.
for some systems that have older openssl. (The Makefile
part was already there but was unused.)
Also replace interpreter for all scripts.
This caused the build attempt to rebuild opcode_targets.h. But
that uses "python" which does not exist yet.
