pkgsrc.se | The NetBSD package collection

./security/py-libtaxii, Python library for handling TAXII Messages and Services

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2020Q3, Version: 1.1.118, Package name: py37-libtaxii-1.1.118, Maintainer: khorben

libtaxii is a Python library for handling TAXII Messages as Python objects and
invoking TAXII Services.

A primary goal of libtaxii is to remain faithful to both the TAXII
specifications and to customary Python practices. libtaxii is designed to be
intuitive both to Python developers and XML developers.

Master sites:

https://github.com/TAXIIProject/ (Download)

SHA1: 4ddd4b6b00666015b2420b9eed69baf1ba626659
RMD160: cd0764a53bf1714f9e100392b8e967f03c93b4a2
Filesize: 119.21 KB

Version history: (Expand)

(2020-10-22) Updated to version: py37-libtaxii-1.1.118
(2020-10-10) Package added to pkgsrc.se, version py37-libtaxii-1.1.111 (created)

CVS history: (Expand)

2020-10-22 18:10:42 by Benny Siegert | Files touched by this commit (3) | Package updated

Log message:
Pullup ticket #6345 - requested by khorben
security/py-libtaxii: security fix

Revisions pulled up:
- security/py-libtaxii/Makefile                                 1.11
- security/py-libtaxii/PLIST                                    1.3
- security/py-libtaxii/distinfo                                 1.5

---
   Module Name:	pkgsrc
   Committed By:	khorben
   Date:		Mon Oct 19 17:21:42 UTC 2020

   Modified Files:
   	pkgsrc/security/py-libtaxii: Makefile PLIST distinfo

   Log message:
   py-libtaxii: update to version 1.1.118

   This notably fixes a security issue, CVE-2020-27197.

   Version 1.1.118:

     * #247 [CVE-2020-27197] Avoid SSRF on parsing XML (@orsinium)

   Version 1.1.117:

     * #244 SSL Verify Server not working correctly (@motok) (@nschwane)
     * #245 Unicode lxml.etree.SerialisationError on lxml 4.5.0+ (@advptr)

   Version 1.1.116:

     * #240 PY3 Compatibility changes for HTTP Response Body (@nschwane)

   Version 1.1.115:

     * #239 Convert the HTTP response body to a string type (PY3 this will
   be bytes) (@sddj)

   Version 1.1.114:

     * #237 Support converting dicts to content bindings (@danielsamuels)
     * #238 Provide XMLParser copies instead of reusing the cached
   instance. Prevents future messages to lose namespace

   Version 1.1.113:

     * #234 Add ability to load a configuration file when executing a script
     * #232 Fix TLS handshake failure when a server requires SNI
   (@marcelslotema)

   Version 1.1.112:

     * #227 Fixes to poll_client script (Python3 compatibility)
     * #226 Clean-up documentation warnings
     * #228 Fix 'HTTPMessage' has no attribute 'getheader' (Python3
   compatibility)
     * #225 Fix checks that involve xpath (lxml) to prevent FutureWarning
   message
     * #230 Fix parsing status message round-trip (@danielsamuels)

   Thanks leot@ and pkgsrc's security team for the heads up!
   Pull-up to be requested.