Received: by mail.netbsd.org (Postfix, from userid 605)
	id 3AC1984D3C; Mon, 14 Aug 2017 09:16:30 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id BF1E184D39
	for <pkgsrc-changes@NetBSD.org>; Mon, 14 Aug 2017 09:16:29 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id tOyI1gFRex9p for <pkgsrc-changes@netbsd.org>;
	Mon, 14 Aug 2017 09:16:29 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197])
	by mail.netbsd.org (Postfix) with ESMTP id E52BD84D2C
	for <pkgsrc-changes@NetBSD.org>; Mon, 14 Aug 2017 09:16:28 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id DC1F7FAD0; Mon, 14 Aug 2017 09:16:28 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1502702188100600"
MIME-Version: 1.0
Date: Mon, 14 Aug 2017 09:16:28 +0000
From: "Adam Ciarcinski" <adam@netbsd.org>
Subject: CVS commit: pkgsrc/lang/python35
To: pkgsrc-changes@NetBSD.org
Reply-To: adam@netbsd.org
X-Mailer: log_accum
Message-Id: <20170814091628.DC1F7FAD0@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_1502702188100600
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"

Module Name:	pkgsrc
Committed By:	adam
Date:		Mon Aug 14 09:16:28 UTC 2017

Modified Files:
	pkgsrc/lang/python35: PLIST dist.mk distinfo
	pkgsrc/lang/python35/patches: patch-Makefile.pre.in

Log Message:
Python 3.5.4:

Security
* bpo-30730: Prevent environment variables injection in subprocess on Windows. Prevent passing other environment variables and command arguments.
* bpo-30694: Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple security vulnerabilities including: CVE-2017-9233 (External entity infinite loop DoS), CVE-2016-9063 (Integer overflow, re-fix), CVE-2016-0718 (Fix regression bugs from 2.2.0’s fix to CVE-2016-0718) and CVE-2012-0876 (Counter hash flooding with SipHash). Note: the CVE-2016-5300 (Use os- specific entropy sources like getrandom) doesn’t impact Python, since Python already gets entropy from the OS to set the expat secret using XML_SetHashSalt().
* bpo-30500: Fix urllib.parse.splithost() to correctly parse fragments. For example, splithost('//127.0.0.1#@evil.com/') now correctly returns the 127.0.0.1 host, instead of treating @evil.com as the host in an authentification (login@host).
* bpo-29591: Update expat copy from 2.1.1 to 2.2.0 to get fixes of CVE-2016-0718 and CVE-2016-4472. See https://sourceforge.net/p/expat/bugs/537/ for more information.


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 pkgsrc/lang/python35/PLIST
cvs rdiff -u -r1.4 -r1.5 pkgsrc/lang/python35/dist.mk
cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/python35/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/python35/patches/patch-Makefile.pre.in

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1502702188100600
Content-Disposition: inline
Content-Length: 7964
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/lang/python35/PLIST
diff -u pkgsrc/lang/python35/PLIST:1.5 pkgsrc/lang/python35/PLIST:1.6
--- pkgsrc/lang/python35/PLIST:1.5	Thu Jan 19 13:55:53 2017
+++ pkgsrc/lang/python35/PLIST	Mon Aug 14 09:16:28 2017
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.5 2017/01/19 13:55:53 wen Exp $
+@comment $NetBSD: PLIST,v 1.6 2017/08/14 09:16:28 adam Exp $
 bin/2to3-${PY_VER_SUFFIX}
 bin/pydoc${PY_VER_SUFFIX}
 bin/python${PY_VER_SUFFIX}
@@ -2448,7 +2448,6 @@ lib/python${PY_VER_SUFFIX}/telnetlib.pyo
 lib/python${PY_VER_SUFFIX}/tempfile.py
 lib/python${PY_VER_SUFFIX}/tempfile.pyc
 lib/python${PY_VER_SUFFIX}/tempfile.pyo
-lib/python${PY_VER_SUFFIX}/test/185test.db
 lib/python${PY_VER_SUFFIX}/test/Sine-1000Hz-300ms.aif
 lib/python${PY_VER_SUFFIX}/test/__init__.py
 lib/python${PY_VER_SUFFIX}/test/__init__.pyc
@@ -2504,6 +2503,9 @@ lib/python${PY_VER_SUFFIX}/test/badsynta
 lib/python${PY_VER_SUFFIX}/test/badsyntax_future8.py
 lib/python${PY_VER_SUFFIX}/test/badsyntax_future9.py
 lib/python${PY_VER_SUFFIX}/test/badsyntax_pep3120.py
+lib/python${PY_VER_SUFFIX}/test/bisect.py
+lib/python${PY_VER_SUFFIX}/test/bisect.pyc
+lib/python${PY_VER_SUFFIX}/test/bisect.pyo
 lib/python${PY_VER_SUFFIX}/test/bytecode_helper.py
 lib/python${PY_VER_SUFFIX}/test/bytecode_helper.pyc
 lib/python${PY_VER_SUFFIX}/test/bytecode_helper.pyo
@@ -2793,6 +2795,9 @@ lib/python${PY_VER_SUFFIX}/test/mime.typ
 lib/python${PY_VER_SUFFIX}/test/mock_socket.py
 lib/python${PY_VER_SUFFIX}/test/mock_socket.pyc
 lib/python${PY_VER_SUFFIX}/test/mock_socket.pyo
+lib/python${PY_VER_SUFFIX}/test/mod_generics_cache.py
+lib/python${PY_VER_SUFFIX}/test/mod_generics_cache.pyc
+lib/python${PY_VER_SUFFIX}/test/mod_generics_cache.pyo
 lib/python${PY_VER_SUFFIX}/test/mp_fork_bomb.py
 lib/python${PY_VER_SUFFIX}/test/mp_fork_bomb.pyc
 lib/python${PY_VER_SUFFIX}/test/mp_fork_bomb.pyo
@@ -4935,7 +4940,7 @@ lib/python${PY_VER_SUFFIX}/venv/__init__
 lib/python${PY_VER_SUFFIX}/venv/__main__.py
 lib/python${PY_VER_SUFFIX}/venv/__main__.pyc
 lib/python${PY_VER_SUFFIX}/venv/__main__.pyo
-lib/python${PY_VER_SUFFIX}/venv/scripts/posix/activate
+lib/python${PY_VER_SUFFIX}/venv/scripts/common/activate
 lib/python${PY_VER_SUFFIX}/venv/scripts/posix/activate.csh
 lib/python${PY_VER_SUFFIX}/venv/scripts/posix/activate.fish
 lib/python${PY_VER_SUFFIX}/warnings.py

Index: pkgsrc/lang/python35/dist.mk
diff -u pkgsrc/lang/python35/dist.mk:1.4 pkgsrc/lang/python35/dist.mk:1.5
--- pkgsrc/lang/python35/dist.mk:1.4	Thu Jan 19 13:55:53 2017
+++ pkgsrc/lang/python35/dist.mk	Mon Aug 14 09:16:28 2017
@@ -1,6 +1,6 @@
-# $NetBSD: dist.mk,v 1.4 2017/01/19 13:55:53 wen Exp $
+# $NetBSD: dist.mk,v 1.5 2017/08/14 09:16:28 adam Exp $
 
-PY_DISTVERSION=	3.5.3
+PY_DISTVERSION=	3.5.4
 DISTNAME=	Python-${PY_DISTVERSION}
 EXTRACT_SUFX=	.tar.xz
 DISTINFO_FILE=	${.CURDIR}/../../lang/python35/distinfo

Index: pkgsrc/lang/python35/distinfo
diff -u pkgsrc/lang/python35/distinfo:1.11 pkgsrc/lang/python35/distinfo:1.12
--- pkgsrc/lang/python35/distinfo:1.11	Tue May 30 14:04:53 2017
+++ pkgsrc/lang/python35/distinfo	Mon Aug 14 09:16:28 2017
@@ -1,13 +1,13 @@
-$NetBSD: distinfo,v 1.11 2017/05/30 14:04:53 bouyer Exp $
+$NetBSD: distinfo,v 1.12 2017/08/14 09:16:28 adam Exp $
 
-SHA1 (Python-3.5.3.tar.xz) = 127121fdca11e735b3686e300d66f73aba663e93
-RMD160 (Python-3.5.3.tar.xz) = 663ad06b0c4b36e7760f5202e73bc53697f225d2
-SHA512 (Python-3.5.3.tar.xz) = bbcc20e315c63dbc8901d7e7bfa29d4dbdad9335720757d8d679730319fd1d9fcfdb55cf62d620c9b052134170f162c28d653a8af60923185b8932524d827864
-Size (Python-3.5.3.tar.xz) = 15213396 bytes
+SHA1 (Python-3.5.4.tar.xz) = 4aacbd09ca6988255de84a98ab9e4630f584efba
+RMD160 (Python-3.5.4.tar.xz) = b0df9be4047421672456c9c57b4ddc0aaad7c095
+SHA512 (Python-3.5.4.tar.xz) = dbbe2740ee1cce5404b7b6436a9b3887e15f415a1006efa22014ec7e5b1e48c43eed0ff98f6f5b365c527b8d2525be4ce72bbe404ce71c0835529fcd6f0267ff
+Size (Python-3.5.4.tar.xz) = 15332320 bytes
 SHA1 (patch-Include_py__curses.h) = 14359f8d0527eff08073c0aea60dfe8961d9255d
 SHA1 (patch-Lib_distutils_command_install.py) = 9b44f339f65f029b7f17dbc654739a7ae3c12780
 SHA1 (patch-Lib_distutils_unixccompiler.py) = 7d0b70a64b79ee6084c41d8fbb01c8e8e4553419
-SHA1 (patch-Makefile.pre.in) = 174e01e44c61c756131f795dc96100a381876fcb
+SHA1 (patch-Makefile.pre.in) = 330a1a74fbd967e0777860fa3ceecb88ac2eb7fd
 SHA1 (patch-Modules___cursesmodule.c) = 2ab2779e0418a4529987641c254686ba05d28593
 SHA1 (patch-Modules_makesetup) = c9b571eb54fdf0b1e93524a6de6780e8c4119221
 SHA1 (patch-Modules_nismodule.c) = bd290417c265846e238660180e60e76c0f5f696a

Index: pkgsrc/lang/python35/patches/patch-Makefile.pre.in
diff -u pkgsrc/lang/python35/patches/patch-Makefile.pre.in:1.3 pkgsrc/lang/python35/patches/patch-Makefile.pre.in:1.4
--- pkgsrc/lang/python35/patches/patch-Makefile.pre.in:1.3	Thu Jan 19 13:55:53 2017
+++ pkgsrc/lang/python35/patches/patch-Makefile.pre.in	Mon Aug 14 09:16:28 2017
@@ -1,6 +1,6 @@
-$NetBSD: patch-Makefile.pre.in,v 1.3 2017/01/19 13:55:53 wen Exp $
+$NetBSD: patch-Makefile.pre.in,v 1.4 2017/08/14 09:16:28 adam Exp $
 
---- Makefile.pre.in.orig	2017-01-19 11:35:21.000000000 +0000
+--- Makefile.pre.in.orig	2017-08-07 07:59:11.000000000 +0000
 +++ Makefile.pre.in
 @@ -92,7 +92,7 @@ PY_CFLAGS_NODIST=$(CONFIGURE_CFLAGS_NODI
  # be able to build extension modules using the directories specified in the
@@ -11,25 +11,16 @@ $NetBSD: patch-Makefile.pre.in,v 1.3 201
  NO_AS_NEEDED=	@NO_AS_NEEDED@
  LDLAST=		@LDLAST@
  SGI_ABI=	@SGI_ABI@
-@@ -723,7 +723,7 @@ Python/importlib_external.h: @GENERATED_
- 	./Programs/_freeze_importlib \
- 	    $(srcdir)/Lib/importlib/_bootstrap_external.py Python/importlib_external.h
+@@ -864,7 +864,7 @@ regen-opcode-targets:
+ 	$(PYTHON_FOR_REGEN) $(srcdir)/Python/makeopcodetargets.py \
+ 		$(srcdir)/Python/opcode_targets.h
  
--Python/importlib.h: @GENERATED_COMMENT@ $(srcdir)/Lib/importlib/_bootstrap.py Programs/_freeze_importlib
-+Python/importlib.h: @GENERATED_COMMENT@ $(srcdir)/Lib/importlib/_bootstrap.py Programs/_freeze_importlib $(LIBRARY_OBJS_OMIT_FROZEN)
- 	./Programs/_freeze_importlib \
- 	    $(srcdir)/Lib/importlib/_bootstrap.py Python/importlib.h
+-Python/ceval.o: $(srcdir)/Python/opcode_targets.h $(srcdir)/Python/ceval_gil.h
++#Python/ceval.o: $(srcdir)/Python/opcode_targets.h $(srcdir)/Python/ceval_gil.h
  
-@@ -868,7 +868,7 @@ Objects/setobject.o: $(srcdir)/Objects/s
- $(OPCODETARGETS_H): $(OPCODETARGETGEN_FILES)
- 	$(PYTHON_FOR_GEN) $(OPCODETARGETGEN) $(OPCODETARGETS_H)
+ Python/frozen.o: $(srcdir)/Python/importlib.h $(srcdir)/Python/importlib_external.h
  
--Python/ceval.o: $(OPCODETARGETS_H) $(srcdir)/Python/ceval_gil.h
-+#Python/ceval.o: $(OPCODETARGETS_H) $(srcdir)/Python/ceval_gil.h
- 
- Python/frozen.o: Python/importlib.h Python/importlib_external.h
- 
-@@ -1108,7 +1108,8 @@ altbininstall: $(BUILDPYTHON) @FRAMEWORK
+@@ -1110,7 +1110,8 @@ altbininstall: $(BUILDPYTHON) @FRAMEWORK
  		if test -n "$(PY3LIBRARY)"; then \
  			$(INSTALL_SHARED) $(PY3LIBRARY) $(DESTDIR)$(LIBDIR)/$(PY3LIBRARY); \
  		fi; \
@@ -39,7 +30,7 @@ $NetBSD: patch-Makefile.pre.in,v 1.3 201
  	fi
  	if test "x$(LIPO_32BIT_FLAGS)" != "x" ; then \
  		rm -f $(DESTDIR)$(BINDIR)python$(VERSION)-32$(EXE); \
-@@ -1299,11 +1300,6 @@ libinstall:	build_all $(srcdir)/Lib/$(PL
+@@ -1301,11 +1302,6 @@ libinstall:	build_all $(srcdir)/Lib/$(PL
  		-x 'bad_coding|badsyntax|site-packages|lib2to3/tests/data' \
  		$(DESTDIR)$(LIBDEST)
  	-PYTHONPATH=$(DESTDIR)$(LIBDEST) $(RUNSHARED) \
@@ -51,7 +42,7 @@ $NetBSD: patch-Makefile.pre.in,v 1.3 201
  		$(PYTHON_FOR_BUILD) -Wi $(DESTDIR)$(LIBDEST)/compileall.py \
  		-d $(LIBDEST)/site-packages -f \
  		-x badsyntax $(DESTDIR)$(LIBDEST)/site-packages
-@@ -1312,10 +1308,6 @@ libinstall:	build_all $(srcdir)/Lib/$(PL
+@@ -1314,10 +1310,6 @@ libinstall:	build_all $(srcdir)/Lib/$(PL
  		-d $(LIBDEST)/site-packages -f \
  		-x badsyntax $(DESTDIR)$(LIBDEST)/site-packages
  	-PYTHONPATH=$(DESTDIR)$(LIBDEST) $(RUNSHARED) \


--_----------=_1502702188100600--