Thu Oct 22 16:10:42 2020 UTC ()
Pullup ticket #6345 - requested by khorben
security/py-libtaxii: security fix

Revisions pulled up:
- security/py-libtaxii/Makefile                                 1.11
- security/py-libtaxii/PLIST                                    1.3
- security/py-libtaxii/distinfo                                 1.5

---
   Module Name:	pkgsrc
   Committed By:	khorben
   Date:		Mon Oct 19 17:21:42 UTC 2020

   Modified Files:
   	pkgsrc/security/py-libtaxii: Makefile PLIST distinfo

   Log Message:
   py-libtaxii: update to version 1.1.118

   This notably fixes a security issue, CVE-2020-27197.

   Version 1.1.118:

     * #247 [CVE-2020-27197] Avoid SSRF on parsing XML (@orsinium)

   Version 1.1.117:

     * #244 SSL Verify Server not working correctly (@motok) (@nschwane)
     * #245 Unicode lxml.etree.SerialisationError on lxml 4.5.0+ (@advptr)

   Version 1.1.116:

     * #240 PY3 Compatibility changes for HTTP Response Body (@nschwane)

   Version 1.1.115:

     * #239 Convert the HTTP response body to a string type (PY3 this will
   be bytes) (@sddj)

   Version 1.1.114:

     * #237 Support converting dicts to content bindings (@danielsamuels)
     * #238 Provide XMLParser copies instead of reusing the cached
   instance. Prevents future messages to lose namespace

   Version 1.1.113:

     * #234 Add ability to load a configuration file when executing a script
     * #232 Fix TLS handshake failure when a server requires SNI
   (@marcelslotema)

   Version 1.1.112:

     * #227 Fixes to poll_client script (Python3 compatibility)
     * #226 Clean-up documentation warnings
     * #228 Fix 'HTTPMessage' has no attribute 'getheader' (Python3
   compatibility)
     * #225 Fix checks that involve xpath (lxml) to prevent FutureWarning
   message
     * #230 Fix parsing status message round-trip (@danielsamuels)

   Thanks leot@ and pkgsrc's security team for the heads up!
   Pull-up to be requested.


(bsiegert)
diff -r1.10 -r1.10.16.1 pkgsrc/security/py-libtaxii/Makefile
diff -r1.2 -r1.2.16.1 pkgsrc/security/py-libtaxii/PLIST
diff -r1.4 -r1.4.16.1 pkgsrc/security/py-libtaxii/distinfo
cvs diff -r1.10 -r1.10.16.1 pkgsrc/security/py-libtaxii/Makefile (expand / switch to unified diff)

--- pkgsrc/security/py-libtaxii/Makefile 2018/10/15 11:17:08 1.10
+++ pkgsrc/security/py-libtaxii/Makefile 2020/10/22 16:10:42 1.10.16.1
@@ -1,16 +1,16 @@ @@ -1,16 +1,16 @@
1# $NetBSD: Makefile,v 1.10 2018/10/15 11:17:08 adam Exp $ 1# $NetBSD: Makefile,v 1.10.16.1 2020/10/22 16:10:42 bsiegert Exp $
2 2
3DISTNAME= libtaxii-1.1.111 3DISTNAME= libtaxii-1.1.118
4PKGNAME= ${PYPKGPREFIX}-${DISTNAME} 4PKGNAME= ${PYPKGPREFIX}-${DISTNAME}
5CATEGORIES= security python 5CATEGORIES= security python
6#MASTER_SITES= ${MASTER_SITE_PYPI:=l/libtaxii/} 6#MASTER_SITES= ${MASTER_SITE_PYPI:=l/libtaxii/}
7MASTER_SITES= ${MASTER_SITE_GITHUB:=TAXIIProject/} 7MASTER_SITES= ${MASTER_SITE_GITHUB:=TAXIIProject/}
8GITHUB_PROJECT= libtaxii 8GITHUB_PROJECT= libtaxii
9 9
10MAINTAINER= khorben@defora.org 10MAINTAINER= khorben@defora.org
11HOMEPAGE= https://taxiiproject.github.io/ 11HOMEPAGE= https://taxiiproject.github.io/
12COMMENT= Python library for handling TAXII Messages and Services 12COMMENT= Python library for handling TAXII Messages and Services
13LICENSE= modified-bsd 13LICENSE= modified-bsd
14 14
15DEPENDS+= ${PYPKGPREFIX}-dateutil>=1.4.1:../../time/py-dateutil 15DEPENDS+= ${PYPKGPREFIX}-dateutil>=1.4.1:../../time/py-dateutil
16DEPENDS+= ${PYPKGPREFIX}-lxml>=2.2.3:../../textproc/py-lxml 16DEPENDS+= ${PYPKGPREFIX}-lxml>=2.2.3:../../textproc/py-lxml
cvs diff -r1.2 -r1.2.16.1 pkgsrc/security/py-libtaxii/PLIST (expand / switch to unified diff)

--- pkgsrc/security/py-libtaxii/PLIST 2018/10/15 11:17:08 1.2
+++ pkgsrc/security/py-libtaxii/PLIST 2020/10/22 16:10:42 1.2.16.1
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1@comment $NetBSD: PLIST,v 1.2 2018/10/15 11:17:08 adam Exp $ 1@comment $NetBSD: PLIST,v 1.2.16.1 2020/10/22 16:10:42 bsiegert Exp $
2bin/collection_information_client 2bin/collection_information_client
3bin/collection_information_client.py 3bin/collection_information_client.py
4bin/discovery_client 4bin/discovery_client
5bin/discovery_client.py 5bin/discovery_client.py
6bin/discovery_client_10 6bin/discovery_client_10
7bin/discovery_client_10.py 7bin/discovery_client_10.py
8bin/feed_information_client_10 8bin/feed_information_client_10
9bin/feed_information_client_10.py 9bin/feed_information_client_10.py
10bin/fulfillment_client 10bin/fulfillment_client
11bin/fulfillment_client.py 11bin/fulfillment_client.py
12bin/inbox_client 12bin/inbox_client
13bin/inbox_client.py 13bin/inbox_client.py
14bin/inbox_client_10 14bin/inbox_client_10
@@ -75,26 +75,29 @@ ${PYSITELIB}/libtaxii/scripts/poll_clien @@ -75,26 +75,29 @@ ${PYSITELIB}/libtaxii/scripts/poll_clien
75${PYSITELIB}/libtaxii/scripts/poll_client.pyo 75${PYSITELIB}/libtaxii/scripts/poll_client.pyo
76${PYSITELIB}/libtaxii/scripts/poll_client_10.py 76${PYSITELIB}/libtaxii/scripts/poll_client_10.py
77${PYSITELIB}/libtaxii/scripts/poll_client_10.pyc 77${PYSITELIB}/libtaxii/scripts/poll_client_10.pyc
78${PYSITELIB}/libtaxii/scripts/poll_client_10.pyo 78${PYSITELIB}/libtaxii/scripts/poll_client_10.pyo
79${PYSITELIB}/libtaxii/scripts/query_client.py 79${PYSITELIB}/libtaxii/scripts/query_client.py
80${PYSITELIB}/libtaxii/scripts/query_client.pyc 80${PYSITELIB}/libtaxii/scripts/query_client.pyc
81${PYSITELIB}/libtaxii/scripts/query_client.pyo 81${PYSITELIB}/libtaxii/scripts/query_client.pyo
82${PYSITELIB}/libtaxii/taxii_default_query.py 82${PYSITELIB}/libtaxii/taxii_default_query.py
83${PYSITELIB}/libtaxii/taxii_default_query.pyc 83${PYSITELIB}/libtaxii/taxii_default_query.pyc
84${PYSITELIB}/libtaxii/taxii_default_query.pyo 84${PYSITELIB}/libtaxii/taxii_default_query.pyo
85${PYSITELIB}/libtaxii/test/__init__.py 85${PYSITELIB}/libtaxii/test/__init__.py
86${PYSITELIB}/libtaxii/test/__init__.pyc 86${PYSITELIB}/libtaxii/test/__init__.pyc
87${PYSITELIB}/libtaxii/test/__init__.pyo 87${PYSITELIB}/libtaxii/test/__init__.pyo
 88${PYSITELIB}/libtaxii/test/argument_parser_test.py
 89${PYSITELIB}/libtaxii/test/argument_parser_test.pyc
 90${PYSITELIB}/libtaxii/test/argument_parser_test.pyo
88${PYSITELIB}/libtaxii/test/clients_test.py 91${PYSITELIB}/libtaxii/test/clients_test.py
89${PYSITELIB}/libtaxii/test/clients_test.pyc 92${PYSITELIB}/libtaxii/test/clients_test.pyc
90${PYSITELIB}/libtaxii/test/clients_test.pyo 93${PYSITELIB}/libtaxii/test/clients_test.pyo
91${PYSITELIB}/libtaxii/test/messages_10_test.py 94${PYSITELIB}/libtaxii/test/messages_10_test.py
92${PYSITELIB}/libtaxii/test/messages_10_test.pyc 95${PYSITELIB}/libtaxii/test/messages_10_test.pyc
93${PYSITELIB}/libtaxii/test/messages_10_test.pyo 96${PYSITELIB}/libtaxii/test/messages_10_test.pyo
94${PYSITELIB}/libtaxii/test/messages_11_test.py 97${PYSITELIB}/libtaxii/test/messages_11_test.py
95${PYSITELIB}/libtaxii/test/messages_11_test.pyc 98${PYSITELIB}/libtaxii/test/messages_11_test.pyc
96${PYSITELIB}/libtaxii/test/messages_11_test.pyo 99${PYSITELIB}/libtaxii/test/messages_11_test.pyo
97${PYSITELIB}/libtaxii/test/test_clients.py 100${PYSITELIB}/libtaxii/test/test_clients.py
98${PYSITELIB}/libtaxii/test/test_clients.pyc 101${PYSITELIB}/libtaxii/test/test_clients.pyc
99${PYSITELIB}/libtaxii/test/test_clients.pyo 102${PYSITELIB}/libtaxii/test/test_clients.pyo
100${PYSITELIB}/libtaxii/test/test_xml_encoding.py 103${PYSITELIB}/libtaxii/test/test_xml_encoding.py
cvs diff -r1.4 -r1.4.16.1 pkgsrc/security/py-libtaxii/distinfo (expand / switch to unified diff)

--- pkgsrc/security/py-libtaxii/distinfo 2018/10/15 11:17:08 1.4
+++ pkgsrc/security/py-libtaxii/distinfo 2020/10/22 16:10:42 1.4.16.1
@@ -1,6 +1,6 @@ @@ -1,6 +1,6 @@
1$NetBSD: distinfo,v 1.4 2018/10/15 11:17:08 adam Exp $ 1$NetBSD: distinfo,v 1.4.16.1 2020/10/22 16:10:42 bsiegert Exp $
2 2
3SHA1 (libtaxii-1.1.111.tar.gz) = 50d0a37c0fc50e598d1a939d840d1584f4ebe6e7 3SHA1 (libtaxii-1.1.118.tar.gz) = 4ddd4b6b00666015b2420b9eed69baf1ba626659
4RMD160 (libtaxii-1.1.111.tar.gz) = af52c366c58847adbc0f28241063918b75cfd21b 4RMD160 (libtaxii-1.1.118.tar.gz) = cd0764a53bf1714f9e100392b8e967f03c93b4a2
5SHA512 (libtaxii-1.1.111.tar.gz) = f638317200bb0691c3f994a4d624295bb3b64f4aba249e5b04d5b831eb985550702ef1c7653ca41fd8bb3972cab1c9d524ec540f87bf8581a0c0799ee5a7f831 5SHA512 (libtaxii-1.1.118.tar.gz) = 858571d6572c6362dd1a1c9e5d13aee0f341ea13b43ed9c96f6b0dddb5347fefdd580e4ae0ac2f8a85c8f8956b04aa16a15604014d069ef7d95a821f70f5f0bc
6Size (libtaxii-1.1.111.tar.gz) = 119071 bytes 6Size (libtaxii-1.1.118.tar.gz) = 122071 bytes