Navigation:
Browse pkgsrc
(this page)
www py-paste
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ] 2010-07-27 20:07:44 by Matthias Scheler | Files touched by this commit (3) |  |
Log message: Pullup ticket #3190 - requested by obache www/py-paste: security update Revisions pulled up: - www/py-paste/Makefile 1.7 - www/py-paste/PLIST 1.5 - www/py-paste/distinfo 1.3 --- Module Name: pkgsrc Committed By: obache Date: Mon Jul 26 12:38:42 UTC 2010 Modified Files: pkgsrc/www/py-paste: Makefile PLIST distinfo Log message: Update py-Paste to 1.7.4. While here, set LICENSE=mit. 1.7.4 ----- * Fix XSS bug (security issue) with not found handlers for :class:`paste.urlparser.StaticURLParser` and :class:`paste.urlmap.URLMap`. If you ask for a path with ``/--><script>...`` that will be inserted in the error page and can execute Javascript. Reported by Tim Wintle. * Replaced :func:`paste.util.mimeparse.desired_match` 1.7.3.1 ------- * Removed directory name from 404 errors in :class:`paste.urlparser.StaticURLParser`. * Fixed packaging to include Javascript and images for :mod:`paste.evalexception` 1.7.3 ----- * I got a fever and the only prescription is more :mod:`paste.cowbell`! * Fix :mod:`paste.httpserver` on Python 2.6. * Fix :mod:`paste.auth.cookie`, which would insert newlines for long cookies. * :mod:`paste.util.mimeparse` parses a single ``*`` in Accept headers (sent by IE 6). * Fix some problems with the ``wdg_validate`` middleware. * Improvements to :mod:`paste.auth.auth_tkt`: add httponly support, don't always aggressively set cookies without the ``wildcard_cookie`` option. Also on logout, make cookies expire. * In :class:`paste.proxy.Proxy` handle Content-Length of -1. * In :mod:`paste.httpexceptions` avoid some unicode errors. * In :mod:`paste.httpserver` handle ``.read()`` from 100 Continue properly (because of a typo it was doing a readline). * Update ``paste.util.mimeparse`` from `upstream <http://code.google.com/p/mimeparse/>`_. |
New packages: