kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/lang/python35
History
adam 613af30e0a Python 3.5.4: 
Security
* bpo-30730: Prevent environment variables injection in subprocess on Windows. Prevent passing other environment variables and command arguments.
* bpo-30694: Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple security vulnerabilities including: CVE-2017-9233 (External entity infinite loop DoS), CVE-2016-9063 (Integer overflow, re-fix), CVE-2016-0718 (Fix regression bugs from 2.2.0’s fix to CVE-2016-0718) and CVE-2012-0876 (Counter hash flooding with SipHash). Note: the CVE-2016-5300 (Use os- specific entropy sources like getrandom) doesn’t impact Python, since Python already gets entropy from the OS to set the expat secret using XML_SetHashSalt().
* bpo-30500: Fix urllib.parse.splithost() to correctly parse fragments. For example, splithost('//127.0.0.1#@evil.com/') now correctly returns the 127.0.0.1 host, instead of treating @evil.com as the host in an authentification (login@host).
* bpo-29591: Update expat copy from 2.1.1 to 2.2.0 to get fixes of CVE-2016-0718 and CVE-2016-4472. See https://sourceforge.net/p/expat/bugs/537/ for more information.
2017-08-14 09:16:28 +00:00
..
patches Python 3.5.4: 2017-08-14 09:16:28 +00:00
ALTERNATIVES
buildlink3.mk
DESCR
dist.mk Python 3.5.4: 2017-08-14 09:16:28 +00:00
distinfo Python 3.5.4: 2017-08-14 09:16:28 +00:00
Makefile Put back bdb bl3, required for the dbm module. 2017-02-01 11:47:45 +00:00
options.mk Correct PKG_OPTIONS_VAR 2017-01-01 15:06:24 +00:00
PLIST Python 3.5.4: 2017-08-14 09:16:28 +00:00
PLIST.Darwin
PLIST.FreeBSD
PLIST.IRIX
PLIST.Linux
PLIST.SunOS