Pullup ticket #6345 - requested by khorben security/py-libtaxii: security fix Revisions pulled up: - security/py-libtaxii/Makefile 1.11 - security/py-libtaxii/PLIST 1.3 - security/py-libtaxii/distinfo 1.5 --- Module Name: pkgsrc Committed By: khorben Date: Mon Oct 19 17:21:42 UTC 2020 Modified Files: pkgsrc/security/py-libtaxii: Makefile PLIST distinfo Log Message: py-libtaxii: update to version 1.1.118 This notably fixes a security issue, CVE-2020-27197. Version 1.1.118: * #247 [CVE-2020-27197] Avoid SSRF on parsing XML (@orsinium) Version 1.1.117: * #244 SSL Verify Server not working correctly (@motok) (@nschwane) * #245 Unicode lxml.etree.SerialisationError on lxml 4.5.0+ (@advptr) Version 1.1.116: * #240 PY3 Compatibility changes for HTTP Response Body (@nschwane) Version 1.1.115: * #239 Convert the HTTP response body to a string type (PY3 this will be bytes) (@sddj) Version 1.1.114: * #237 Support converting dicts to content bindings (@danielsamuels) * #238 Provide XMLParser copies instead of reusing the cached instance. Prevents future messages to lose namespace Version 1.1.113: * #234 Add ability to load a configuration file when executing a script * #232 Fix TLS handshake failure when a server requires SNI (@marcelslotema) Version 1.1.112: * #227 Fixes to poll_client script (Python3 compatibility) * #226 Clean-up documentation warnings * #228 Fix 'HTTPMessage' has no attribute 'getheader' (Python3 compatibility) * #225 Fix checks that involve xpath (lxml) to prevent FutureWarning message * #230 Fix parsing status message round-trip (@danielsamuels) Thanks leot@ and pkgsrc's security team for the heads up! Pull-up to be requested.diff -r1.10 -r1.10.16.1 pkgsrc/security/py-libtaxii/Makefile
(bsiegert)
@@ -1,16 +1,16 @@ | @@ -1,16 +1,16 @@ | |||
1 | # $NetBSD: Makefile,v 1.10 2018/10/15 11:17:08 adam Exp $ | 1 | # $NetBSD: Makefile,v 1.10.16.1 2020/10/22 16:10:42 bsiegert Exp $ | |
2 | 2 | |||
3 | DISTNAME= libtaxii-1.1.111 | 3 | DISTNAME= libtaxii-1.1.118 | |
4 | PKGNAME= ${PYPKGPREFIX}-${DISTNAME} | 4 | PKGNAME= ${PYPKGPREFIX}-${DISTNAME} | |
5 | CATEGORIES= security python | 5 | CATEGORIES= security python | |
6 | #MASTER_SITES= ${MASTER_SITE_PYPI:=l/libtaxii/} | 6 | #MASTER_SITES= ${MASTER_SITE_PYPI:=l/libtaxii/} | |
7 | MASTER_SITES= ${MASTER_SITE_GITHUB:=TAXIIProject/} | 7 | MASTER_SITES= ${MASTER_SITE_GITHUB:=TAXIIProject/} | |
8 | GITHUB_PROJECT= libtaxii | 8 | GITHUB_PROJECT= libtaxii | |
9 | 9 | |||
10 | MAINTAINER= khorben@defora.org | 10 | MAINTAINER= khorben@defora.org | |
11 | HOMEPAGE= https://taxiiproject.github.io/ | 11 | HOMEPAGE= https://taxiiproject.github.io/ | |
12 | COMMENT= Python library for handling TAXII Messages and Services | 12 | COMMENT= Python library for handling TAXII Messages and Services | |
13 | LICENSE= modified-bsd | 13 | LICENSE= modified-bsd | |
14 | 14 | |||
15 | DEPENDS+= ${PYPKGPREFIX}-dateutil>=1.4.1:../../time/py-dateutil | 15 | DEPENDS+= ${PYPKGPREFIX}-dateutil>=1.4.1:../../time/py-dateutil | |
16 | DEPENDS+= ${PYPKGPREFIX}-lxml>=2.2.3:../../textproc/py-lxml | 16 | DEPENDS+= ${PYPKGPREFIX}-lxml>=2.2.3:../../textproc/py-lxml |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | @comment $NetBSD: PLIST,v 1.2 2018/10/15 11:17:08 adam Exp $ | 1 | @comment $NetBSD: PLIST,v 1.2.16.1 2020/10/22 16:10:42 bsiegert Exp $ | |
2 | bin/collection_information_client | 2 | bin/collection_information_client | |
3 | bin/collection_information_client.py | 3 | bin/collection_information_client.py | |
4 | bin/discovery_client | 4 | bin/discovery_client | |
5 | bin/discovery_client.py | 5 | bin/discovery_client.py | |
6 | bin/discovery_client_10 | 6 | bin/discovery_client_10 | |
7 | bin/discovery_client_10.py | 7 | bin/discovery_client_10.py | |
8 | bin/feed_information_client_10 | 8 | bin/feed_information_client_10 | |
9 | bin/feed_information_client_10.py | 9 | bin/feed_information_client_10.py | |
10 | bin/fulfillment_client | 10 | bin/fulfillment_client | |
11 | bin/fulfillment_client.py | 11 | bin/fulfillment_client.py | |
12 | bin/inbox_client | 12 | bin/inbox_client | |
13 | bin/inbox_client.py | 13 | bin/inbox_client.py | |
14 | bin/inbox_client_10 | 14 | bin/inbox_client_10 | |
@@ -75,26 +75,29 @@ ${PYSITELIB}/libtaxii/scripts/poll_clien | @@ -75,26 +75,29 @@ ${PYSITELIB}/libtaxii/scripts/poll_clien | |||
75 | ${PYSITELIB}/libtaxii/scripts/poll_client.pyo | 75 | ${PYSITELIB}/libtaxii/scripts/poll_client.pyo | |
76 | ${PYSITELIB}/libtaxii/scripts/poll_client_10.py | 76 | ${PYSITELIB}/libtaxii/scripts/poll_client_10.py | |
77 | ${PYSITELIB}/libtaxii/scripts/poll_client_10.pyc | 77 | ${PYSITELIB}/libtaxii/scripts/poll_client_10.pyc | |
78 | ${PYSITELIB}/libtaxii/scripts/poll_client_10.pyo | 78 | ${PYSITELIB}/libtaxii/scripts/poll_client_10.pyo | |
79 | ${PYSITELIB}/libtaxii/scripts/query_client.py | 79 | ${PYSITELIB}/libtaxii/scripts/query_client.py | |
80 | ${PYSITELIB}/libtaxii/scripts/query_client.pyc | 80 | ${PYSITELIB}/libtaxii/scripts/query_client.pyc | |
81 | ${PYSITELIB}/libtaxii/scripts/query_client.pyo | 81 | ${PYSITELIB}/libtaxii/scripts/query_client.pyo | |
82 | ${PYSITELIB}/libtaxii/taxii_default_query.py | 82 | ${PYSITELIB}/libtaxii/taxii_default_query.py | |
83 | ${PYSITELIB}/libtaxii/taxii_default_query.pyc | 83 | ${PYSITELIB}/libtaxii/taxii_default_query.pyc | |
84 | ${PYSITELIB}/libtaxii/taxii_default_query.pyo | 84 | ${PYSITELIB}/libtaxii/taxii_default_query.pyo | |
85 | ${PYSITELIB}/libtaxii/test/__init__.py | 85 | ${PYSITELIB}/libtaxii/test/__init__.py | |
86 | ${PYSITELIB}/libtaxii/test/__init__.pyc | 86 | ${PYSITELIB}/libtaxii/test/__init__.pyc | |
87 | ${PYSITELIB}/libtaxii/test/__init__.pyo | 87 | ${PYSITELIB}/libtaxii/test/__init__.pyo | |
88 | ${PYSITELIB}/libtaxii/test/argument_parser_test.py | |||
89 | ${PYSITELIB}/libtaxii/test/argument_parser_test.pyc | |||
90 | ${PYSITELIB}/libtaxii/test/argument_parser_test.pyo | |||
88 | ${PYSITELIB}/libtaxii/test/clients_test.py | 91 | ${PYSITELIB}/libtaxii/test/clients_test.py | |
89 | ${PYSITELIB}/libtaxii/test/clients_test.pyc | 92 | ${PYSITELIB}/libtaxii/test/clients_test.pyc | |
90 | ${PYSITELIB}/libtaxii/test/clients_test.pyo | 93 | ${PYSITELIB}/libtaxii/test/clients_test.pyo | |
91 | ${PYSITELIB}/libtaxii/test/messages_10_test.py | 94 | ${PYSITELIB}/libtaxii/test/messages_10_test.py | |
92 | ${PYSITELIB}/libtaxii/test/messages_10_test.pyc | 95 | ${PYSITELIB}/libtaxii/test/messages_10_test.pyc | |
93 | ${PYSITELIB}/libtaxii/test/messages_10_test.pyo | 96 | ${PYSITELIB}/libtaxii/test/messages_10_test.pyo | |
94 | ${PYSITELIB}/libtaxii/test/messages_11_test.py | 97 | ${PYSITELIB}/libtaxii/test/messages_11_test.py | |
95 | ${PYSITELIB}/libtaxii/test/messages_11_test.pyc | 98 | ${PYSITELIB}/libtaxii/test/messages_11_test.pyc | |
96 | ${PYSITELIB}/libtaxii/test/messages_11_test.pyo | 99 | ${PYSITELIB}/libtaxii/test/messages_11_test.pyo | |
97 | ${PYSITELIB}/libtaxii/test/test_clients.py | 100 | ${PYSITELIB}/libtaxii/test/test_clients.py | |
98 | ${PYSITELIB}/libtaxii/test/test_clients.pyc | 101 | ${PYSITELIB}/libtaxii/test/test_clients.pyc | |
99 | ${PYSITELIB}/libtaxii/test/test_clients.pyo | 102 | ${PYSITELIB}/libtaxii/test/test_clients.pyo | |
100 | ${PYSITELIB}/libtaxii/test/test_xml_encoding.py | 103 | ${PYSITELIB}/libtaxii/test/test_xml_encoding.py |
@@ -1,6 +1,6 @@ | @@ -1,6 +1,6 @@ | |||
1 | $NetBSD: distinfo,v 1.4 2018/10/15 11:17:08 adam Exp $ | 1 | $NetBSD: distinfo,v 1.4.16.1 2020/10/22 16:10:42 bsiegert Exp $ | |
2 | 2 | |||
3 | SHA1 (libtaxii-1.1.111.tar.gz) = 50d0a37c0fc50e598d1a939d840d1584f4ebe6e7 | 3 | SHA1 (libtaxii-1.1.118.tar.gz) = 4ddd4b6b00666015b2420b9eed69baf1ba626659 | |
4 | RMD160 (libtaxii-1.1.111.tar.gz) = af52c366c58847adbc0f28241063918b75cfd21b | 4 | RMD160 (libtaxii-1.1.118.tar.gz) = cd0764a53bf1714f9e100392b8e967f03c93b4a2 | |
5 | SHA512 (libtaxii-1.1.111.tar.gz) = f638317200bb0691c3f994a4d624295bb3b64f4aba249e5b04d5b831eb985550702ef1c7653ca41fd8bb3972cab1c9d524ec540f87bf8581a0c0799ee5a7f831 | 5 | SHA512 (libtaxii-1.1.118.tar.gz) = 858571d6572c6362dd1a1c9e5d13aee0f341ea13b43ed9c96f6b0dddb5347fefdd580e4ae0ac2f8a85c8f8956b04aa16a15604014d069ef7d95a821f70f5f0bc | |
6 | Size (libtaxii-1.1.111.tar.gz) = 119071 bytes | 6 | Size (libtaxii-1.1.118.tar.gz) = 122071 bytes |