Subject: CVS commit: pkgsrc/lang/python26
From: OBATA Akio
Date: 2012-04-14 12:47:19
Message id: 20120414104720.17A53175DD@cvs.netbsd.org
Log Message:
Update python26 to 2.6.8.
(CVE-2012-0845, CVE-2012-1150 are alredy fixed in pkgsrc,
 CVE-2012-0876 is not affect to pkgsrc, using external expat)

What's New in Python 2.6.8?
===========================

*Release date: 2012-04-10*

No changes since 2.6.8rc2.

What's New in Python 2.6.8 rc 2?
================================

*Release date: 2012-03-17*

Library
-------

- Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash
  table internal to the pyexpat module's copy of the expat library to avoid a
  denial of service due to hash collisions.  Patch by David Malcolm with some
  modifications by the expat project.

What's New in Python 2.6.8 rc 1?
================================

*Release date: 2012-02-23*

Core and Builtins
-----------------

- Issue #13703: oCERT-2011-003 CVE-2012-1150: add -R command-line
  option and PYTHONHASHSEED environment variable, to provide an opt-in
  way to protect against denial of service attacks due to hash
  collisions within the dict and set types.  Patch by David Malcolm,
  based on work by Victor Stinner.

Library
-------

- Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in
  SimpleXMLRPCServer upon malformed POST request.

- Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC
  IV attack countermeasure.
Files:
RevisionActionfile
1.47modifypkgsrc/lang/python26/Makefile
1.3modifypkgsrc/lang/python26/dist.mk
1.45modifypkgsrc/lang/python26/distinfo
1.9modifypkgsrc/lang/python26/patches/patch-au
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-0845
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-1150-Doc_library_sys.rst
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-1150-Doc_reference_datamodel.rst
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-1150-Doc_using_cmdline.rst
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-1150-Include_object.h
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-1150-Include_pydebug.h
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-1150-Include_pythonrun.h
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-1150-Lib_os.py
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-1150-Lib_test_test_cmd_line.py
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-1150-Lib_test_test_hash.py
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-1150-Lib_test_test_os.py
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-1150-Lib_test_test_set.py
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-1150-Lib_test_test_support.py
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-1150-Lib_test_test_symtable.py
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-1150-Lib_test_test_sys.py
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-1150-Misc_NEWS
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-1150-Misc_python.man
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-1150-Modules_main.c
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-1150-Modules_posixmodule.c
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-1150-Objects_bufferobject.c
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-1150-Objects_object.c
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-1150-Objects_stringobject.c
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-1150-Objects_unicodeobject.c
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-1150-PCbuild_pythoncore.vcproj
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-1150-Python_pythonrun.c
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-1150-Python_random.c
1.1removepkgsrc/lang/python26/patches/patch-CVE-2012-1150-Python_sysmodule.c