Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1603128102273300"
MIME-Version: 1.0
Date: Mon, 19 Oct 2020 17:21:42 +0000
From: "Pierre Pronchery" <khorben@netbsd.org>
Subject: CVS commit: pkgsrc/security/py-libtaxii
To: pkgsrc-changes@NetBSD.org
Reply-To: khorben@netbsd.org
Message-Id: <20201019172142.414D4FB28@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_1603128102273300
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	khorben
Date:		Mon Oct 19 17:21:42 UTC 2020

Modified Files:
	pkgsrc/security/py-libtaxii: Makefile PLIST distinfo

Log Message:
py-libtaxii: update to version 1.1.118

This notably fixes a security issue, CVE-2020-27197.

Version 1.1.118:

 * #247 [CVE-2020-27197] Avoid SSRF on parsing XML (@orsinium)

Version 1.1.117:

 * #244 SSL Verify Server not working correctly (@motok) (@nschwane)
 * #245 Unicode lxml.etree.SerialisationError on lxml 4.5.0+ (@advptr)

Version 1.1.116:

 * #240 PY3 Compatibility changes for HTTP Response Body (@nschwane)

Version 1.1.115:

 * #239 Convert the HTTP response body to a string type (PY3 this will be bytes) (@sddj)

Version 1.1.114:

 * #237 Support converting dicts to content bindings (@danielsamuels)
 * #238 Provide XMLParser copies instead of reusing the cached instance. Prevents future messages to lose namespace

Version 1.1.113:

 * #234 Add ability to load a configuration file when executing a script
 * #232 Fix TLS handshake failure when a server requires SNI (@marcelslotema)

Version 1.1.112:

 * #227 Fixes to poll_client script (Python3 compatibility)
 * #226 Clean-up documentation warnings
 * #228 Fix 'HTTPMessage' has no attribute 'getheader' (Python3 compatibility)
 * #225 Fix checks that involve xpath (lxml) to prevent FutureWarning message
 * #230 Fix parsing status message round-trip (@danielsamuels)

Thanks leot@ and pkgsrc's security team for the heads up!
Pull-up to be requested.


To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/security/py-libtaxii/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/security/py-libtaxii/PLIST
cvs rdiff -u -r1.4 -r1.5 pkgsrc/security/py-libtaxii/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1603128102273300
Content-Disposition: inline
Content-Length: 2700
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/security/py-libtaxii/Makefile
diff -u pkgsrc/security/py-libtaxii/Makefile:1.10 pkgsrc/security/py-libtaxii/Makefile:1.11
--- pkgsrc/security/py-libtaxii/Makefile:1.10	Mon Oct 15 11:17:08 2018
+++ pkgsrc/security/py-libtaxii/Makefile	Mon Oct 19 17:21:42 2020
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.10 2018/10/15 11:17:08 adam Exp $
+# $NetBSD: Makefile,v 1.11 2020/10/19 17:21:42 khorben Exp $
 
-DISTNAME=	libtaxii-1.1.111
+DISTNAME=	libtaxii-1.1.118
 PKGNAME=	${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=	security python
 #MASTER_SITES=	${MASTER_SITE_PYPI:=l/libtaxii/}

Index: pkgsrc/security/py-libtaxii/PLIST
diff -u pkgsrc/security/py-libtaxii/PLIST:1.2 pkgsrc/security/py-libtaxii/PLIST:1.3
--- pkgsrc/security/py-libtaxii/PLIST:1.2	Mon Oct 15 11:17:08 2018
+++ pkgsrc/security/py-libtaxii/PLIST	Mon Oct 19 17:21:42 2020
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.2 2018/10/15 11:17:08 adam Exp $
+@comment $NetBSD: PLIST,v 1.3 2020/10/19 17:21:42 khorben Exp $
 bin/collection_information_client
 bin/collection_information_client.py
 bin/discovery_client
@@ -85,6 +85,9 @@ ${PYSITELIB}/libtaxii/taxii_default_quer
 ${PYSITELIB}/libtaxii/test/__init__.py
 ${PYSITELIB}/libtaxii/test/__init__.pyc
 ${PYSITELIB}/libtaxii/test/__init__.pyo
+${PYSITELIB}/libtaxii/test/argument_parser_test.py
+${PYSITELIB}/libtaxii/test/argument_parser_test.pyc
+${PYSITELIB}/libtaxii/test/argument_parser_test.pyo
 ${PYSITELIB}/libtaxii/test/clients_test.py
 ${PYSITELIB}/libtaxii/test/clients_test.pyc
 ${PYSITELIB}/libtaxii/test/clients_test.pyo

Index: pkgsrc/security/py-libtaxii/distinfo
diff -u pkgsrc/security/py-libtaxii/distinfo:1.4 pkgsrc/security/py-libtaxii/distinfo:1.5
--- pkgsrc/security/py-libtaxii/distinfo:1.4	Mon Oct 15 11:17:08 2018
+++ pkgsrc/security/py-libtaxii/distinfo	Mon Oct 19 17:21:42 2020
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.4 2018/10/15 11:17:08 adam Exp $
+$NetBSD: distinfo,v 1.5 2020/10/19 17:21:42 khorben Exp $
 
-SHA1 (libtaxii-1.1.111.tar.gz) = 50d0a37c0fc50e598d1a939d840d1584f4ebe6e7
-RMD160 (libtaxii-1.1.111.tar.gz) = af52c366c58847adbc0f28241063918b75cfd21b
-SHA512 (libtaxii-1.1.111.tar.gz) = f638317200bb0691c3f994a4d624295bb3b64f4aba249e5b04d5b831eb985550702ef1c7653ca41fd8bb3972cab1c9d524ec540f87bf8581a0c0799ee5a7f831
-Size (libtaxii-1.1.111.tar.gz) = 119071 bytes
+SHA1 (libtaxii-1.1.118.tar.gz) = 4ddd4b6b00666015b2420b9eed69baf1ba626659
+RMD160 (libtaxii-1.1.118.tar.gz) = cd0764a53bf1714f9e100392b8e967f03c93b4a2
+SHA512 (libtaxii-1.1.118.tar.gz) = 858571d6572c6362dd1a1c9e5d13aee0f341ea13b43ed9c96f6b0dddb5347fefdd580e4ae0ac2f8a85c8f8956b04aa16a15604014d069ef7d95a821f70f5f0bc
+Size (libtaxii-1.1.118.tar.gz) = 122071 bytes


--_----------=_1603128102273300--