Received: by mail.netbsd.org (Postfix, from userid 605)
	id A9EF084D58; Sun, 20 Sep 2020 12:10:28 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 3371784CF7
	for <pkgsrc-changes@NetBSD.org>; Sun, 20 Sep 2020 12:10:28 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1])
	by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025)
	with ESMTP id yfQFjBz_EzcQ for <pkgsrc-changes@netbsd.org>;
	Sun, 20 Sep 2020 12:10:27 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197])
	by mail.netbsd.org (Postfix) with ESMTP id 6961484CDF
	for <pkgsrc-changes@NetBSD.org>; Sun, 20 Sep 2020 12:10:27 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id 625B7FB28; Sun, 20 Sep 2020 12:10:27 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_160060382712590"
MIME-Version: 1.0
Date: Sun, 20 Sep 2020 12:10:27 +0000
From: =?UTF-8?B?TWljaGHFgiBHw7Nybnk=?= <mgorny@netbsd.org>
Subject: CVS commit: pkgsrc/lang/python27/patches
To: pkgsrc-changes@NetBSD.org
Reply-To: mgorny@netbsd.org
X-Mailer: log_accum
Message-Id: <20200920121027.625B7FB28@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_160060382712590
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	mgorny
Date:		Sun Sep 20 12:10:27 UTC 2020

Modified Files:
	pkgsrc/lang/python27/patches: patch-Lib_httplib.py patch-Lib_tarfile.py
	    patch-Lib_test_test__httplib.py patch-Lib_test_test__urllib2.py
	    patch-Lib_urllib2.py

Log Message:
lang/python27: Add comments to patches

Add comments explaining bugs fixed and patch source to patches.
Requested by Leonardo Taccari.


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/lang/python27/patches/patch-Lib_httplib.py \
    pkgsrc/lang/python27/patches/patch-Lib_tarfile.py \
    pkgsrc/lang/python27/patches/patch-Lib_test_test__httplib.py \
    pkgsrc/lang/python27/patches/patch-Lib_test_test__urllib2.py \
    pkgsrc/lang/python27/patches/patch-Lib_urllib2.py

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_160060382712590
Content-Disposition: inline
Content-Length: 4041
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/lang/python27/patches/patch-Lib_httplib.py
diff -u pkgsrc/lang/python27/patches/patch-Lib_httplib.py:1.1 pkgsrc/lang/python27/patches/patch-Lib_httplib.py:1.2
--- pkgsrc/lang/python27/patches/patch-Lib_httplib.py:1.1	Sun Sep 20 11:06:23 2020
+++ pkgsrc/lang/python27/patches/patch-Lib_httplib.py	Sun Sep 20 12:10:27 2020
@@ -1,4 +1,9 @@
-$NetBSD: patch-Lib_httplib.py,v 1.1 2020/09/20 11:06:23 mgorny Exp $
+$NetBSD: patch-Lib_httplib.py,v 1.2 2020/09/20 12:10:27 mgorny Exp $
+
+bpo-39603 (no CVE): header injection via HTTP method
+
+taken from:
+https://gitweb.gentoo.org/fork/cpython.git/commit/?h=gentoo-2.7-vanilla&id=138e2caeb4827ccfd1eaff2cf63afb79dfeeb3c4
 
 --- Lib/httplib.py.orig	2020-04-19 21:13:39.000000000 +0000
 +++ Lib/httplib.py
Index: pkgsrc/lang/python27/patches/patch-Lib_tarfile.py
diff -u pkgsrc/lang/python27/patches/patch-Lib_tarfile.py:1.1 pkgsrc/lang/python27/patches/patch-Lib_tarfile.py:1.2
--- pkgsrc/lang/python27/patches/patch-Lib_tarfile.py:1.1	Sun Sep 20 11:06:23 2020
+++ pkgsrc/lang/python27/patches/patch-Lib_tarfile.py	Sun Sep 20 12:10:27 2020
@@ -1,4 +1,9 @@
-$NetBSD: patch-Lib_tarfile.py,v 1.1 2020/09/20 11:06:23 mgorny Exp $
+$NetBSD: patch-Lib_tarfile.py,v 1.2 2020/09/20 12:10:27 mgorny Exp $
+
+bpo-39017 (CVE-2019-20907): infinite loop in tarfile.py
+
+taken from:
+https://gitweb.gentoo.org/fork/cpython.git/commit/?h=gentoo-2.7-vanilla&id=893e6e3aee483d262df70656a68f63f601720fcd
 
 --- Lib/tarfile.py.orig	2020-04-19 21:13:39.000000000 +0000
 +++ Lib/tarfile.py
Index: pkgsrc/lang/python27/patches/patch-Lib_test_test__httplib.py
diff -u pkgsrc/lang/python27/patches/patch-Lib_test_test__httplib.py:1.1 pkgsrc/lang/python27/patches/patch-Lib_test_test__httplib.py:1.2
--- pkgsrc/lang/python27/patches/patch-Lib_test_test__httplib.py:1.1	Sun Sep 20 11:06:23 2020
+++ pkgsrc/lang/python27/patches/patch-Lib_test_test__httplib.py	Sun Sep 20 12:10:27 2020
@@ -1,4 +1,9 @@
-$NetBSD: patch-Lib_test_test__httplib.py,v 1.1 2020/09/20 11:06:23 mgorny Exp $
+$NetBSD: patch-Lib_test_test__httplib.py,v 1.2 2020/09/20 12:10:27 mgorny Exp $
+
+bpo-39603 (no CVE): header injection via HTTP method
+
+taken from:
+https://gitweb.gentoo.org/fork/cpython.git/commit/?h=gentoo-2.7-vanilla&id=138e2caeb4827ccfd1eaff2cf63afb79dfeeb3c4
 
 --- Lib/test/test_httplib.py.orig	2020-04-19 21:13:39.000000000 +0000
 +++ Lib/test/test_httplib.py
Index: pkgsrc/lang/python27/patches/patch-Lib_test_test__urllib2.py
diff -u pkgsrc/lang/python27/patches/patch-Lib_test_test__urllib2.py:1.1 pkgsrc/lang/python27/patches/patch-Lib_test_test__urllib2.py:1.2
--- pkgsrc/lang/python27/patches/patch-Lib_test_test__urllib2.py:1.1	Sun Sep 20 11:06:23 2020
+++ pkgsrc/lang/python27/patches/patch-Lib_test_test__urllib2.py	Sun Sep 20 12:10:27 2020
@@ -1,4 +1,9 @@
-$NetBSD: patch-Lib_test_test__urllib2.py,v 1.1 2020/09/20 11:06:23 mgorny Exp $
+$NetBSD: patch-Lib_test_test__urllib2.py,v 1.2 2020/09/20 12:10:27 mgorny Exp $
+
+bpo-39503 (CVE-2020-8492): ReDoS on AbstractBasicAuthHandler
+
+taken from:
+https://gitweb.gentoo.org/fork/cpython.git/commit/?h=gentoo-2.7-vanilla&id=2273e65e11dd0234f2f51ebaef61fc6e848d4059
 
 --- Lib/test/test_urllib2.py.orig	2020-04-19 21:13:39.000000000 +0000
 +++ Lib/test/test_urllib2.py
Index: pkgsrc/lang/python27/patches/patch-Lib_urllib2.py
diff -u pkgsrc/lang/python27/patches/patch-Lib_urllib2.py:1.1 pkgsrc/lang/python27/patches/patch-Lib_urllib2.py:1.2
--- pkgsrc/lang/python27/patches/patch-Lib_urllib2.py:1.1	Sun Sep 20 11:06:23 2020
+++ pkgsrc/lang/python27/patches/patch-Lib_urllib2.py	Sun Sep 20 12:10:27 2020
@@ -1,4 +1,9 @@
-$NetBSD: patch-Lib_urllib2.py,v 1.1 2020/09/20 11:06:23 mgorny Exp $
+$NetBSD: patch-Lib_urllib2.py,v 1.2 2020/09/20 12:10:27 mgorny Exp $
+
+bpo-39503 (CVE-2020-8492): ReDoS on AbstractBasicAuthHandler
+
+taken from:
+https://gitweb.gentoo.org/fork/cpython.git/commit/?h=gentoo-2.7-vanilla&id=2273e65e11dd0234f2f51ebaef61fc6e848d4059
 
 --- Lib/urllib2.py.orig	2020-04-19 21:13:39.000000000 +0000
 +++ Lib/urllib2.py


--_----------=_160060382712590--