2021-12-30 12:52:48 by Adam Ciarcinski | Files touched by this commit (34) | |
Log message:
python36: removed
|
2021-10-26 12:51:59 by Nia Alarie | Files touched by this commit (260) |
Log message:
lang: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
The following distfiles could not be fetched (possibly fetched
conditionally?):
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-aarch64-unknown-linux-gnu.tar.gz
./lang/rust-bin/distinfo \
rust-bin-1.54.0/rust-1.54.0-aarch64-unknown-linux-musl.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-aarch64-unknown-netbsd.tar.gz
./lang/rust-bin/distinfo \
rust-bin-1.54.0/rust-1.54.0-armv7-unknown-netbsd-eabihf.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-i686-unknown-linux-gnu.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-powerpc-unknown-netbsd90.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-sparc64-unknown-netbsd.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-x86_64-apple-darwin.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-x86_64-unknown-freebsd.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-x86_64-unknown-linux-gnu.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-x86_64-unknown-linux-musl.tar.gz
./lang/smlnj/distinfo smlnj-110.73/boot.ppc-unix.tgz
./lang/smlnj/distinfo smlnj-110.73/boot.sparc-unix.tgz
./lang/oracle-jre8/distinfo jce_policy-8.zip
./lang/oracle-jre8/distinfo jre-8u202-linux-i586.tar.gz
./lang/oracle-jre8/distinfo jre-8u202-linux-x64.tar.gz
./lang/oracle-jre8/distinfo jre-8u202-macosx-x64.tar.gz
./lang/oracle-jre8/distinfo jre-8u202-solaris-x64.tar.gz
./lang/oracle-jdk8/distinfo jdk-8u202-linux-i586.tar.gz
./lang/oracle-jdk8/distinfo jdk-8u202-linux-x64.tar.gz
./lang/oracle-jdk8/distinfo jdk-8u202-solaris-x64.tar.gz
./lang/ghc80/distinfo ghc-7.10.3-boot-x86_64-unknown-solaris2.tar.xz
./lang/ghc80/distinfo ghc-8.0.2-boot-i386-unknown-freebsd.tar.xz
./lang/ghc80/distinfo ghc-8.0.2-boot-x86_64-unknown-freebsd.tar.xz
./lang/gcc5-aux/distinfo ada-bootstrap.i386.freebsd.100B.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.i386.freebsd.84.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.x86_64.dragonfly.41.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.x86_64.freebsd.100B.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.x86_64.freebsd.84.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.x86_64.solaris.511.tar.bz2
./lang/rust/distinfo rust-1.53.0-aarch64-apple-darwin.tar.gz
./lang/rust/distinfo rust-1.53.0-aarch64-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-1.53.0-aarch64-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-1.53.0-aarch64_be-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-1.53.0-arm-unknown-linux-gnueabihf.tar.gz
./lang/rust/distinfo rust-1.53.0-armv7-unknown-linux-gnueabihf.tar.gz
./lang/rust/distinfo rust-1.53.0-i686-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-1.53.0-powerpc-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-1.53.0-powerpc-unknown-netbsd90.tar.gz
./lang/rust/distinfo rust-1.53.0-sparc64-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-1.53.0-x86_64-apple-darwin.tar.gz
./lang/rust/distinfo rust-1.53.0-x86_64-unknown-freebsd.tar.gz
./lang/rust/distinfo rust-1.53.0-x86_64-unknown-illumos.tar.gz
./lang/rust/distinfo rust-1.53.0-x86_64-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-std-1.53.0-aarch64-apple-darwin.tar.gz
./lang/rust/distinfo rust-std-1.53.0-aarch64-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-std-1.53.0-aarch64-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-aarch64_be-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-arm-unknown-linux-gnueabihf.tar.gz
./lang/rust/distinfo rust-std-1.53.0-armv7-unknown-linux-gnueabihf.tar.gz
./lang/rust/distinfo rust-std-1.53.0-i686-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-std-1.53.0-powerpc-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-powerpc-unknown-netbsd90.tar.gz
./lang/rust/distinfo rust-std-1.53.0-sparc64-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-x86_64-apple-darwin.tar.gz
./lang/rust/distinfo rust-std-1.53.0-x86_64-unknown-freebsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-x86_64-unknown-linux-gnu.tar.gz
./lang/smlnj11072/distinfo smlnj-110.72/boot.ppc-unix.tgz
./lang/smlnj11072/distinfo smlnj-110.72/boot.sparc-unix.tgz
./lang/ghc84/distinfo ghc-8.0.2-boot-x86_64-unknown-solaris2.tar.xz
./lang/ghc84/distinfo ghc-8.4.4-boot-i386-unknown-freebsd.tar.xz
./lang/ghc84/distinfo ghc-8.4.4-boot-x86_64-apple-darwin.tar.xz
./lang/ghc84/distinfo ghc-8.4.4-boot-x86_64-unknown-freebsd.tar.xz
./lang/ghc7/distinfo ghc-7.10.3-boot-i386-unknown-freebsd.tar.xz
./lang/ghc7/distinfo ghc-7.6.3-boot-i386-unknown-solaris2.tar.xz
./lang/ghc7/distinfo ghc-7.6.3-boot-powerpc-apple-darwin.tar.xz
./lang/ghc7/distinfo ghc-7.6.3-boot-x86_64-unknown-solaris2.tar.xz
./lang/ghc90/distinfo ghc-8.10.4-boot-x86_64-unknown-solaris2.tar.xz
./lang/ghc90/distinfo ghc-9.0.1-boot-aarch64-unknown-netbsd.tar.xz
./lang/ghc90/distinfo ghc-9.0.1-boot-i386-unknown-freebsd.tar.xz
./lang/ghc90/distinfo ghc-9.0.1-boot-x86_64-apple-darwin.tar.xz
./lang/ghc90/distinfo ghc-9.0.1-boot-x86_64-unknown-freebsd.tar.xz
./lang/openjdk8/distinfo \
openjdk7/bootstrap-jdk-1.7.76-freebsd-10-amd64-20150301.tar.xz
./lang/openjdk8/distinfo \
openjdk7/bootstrap-jdk-1.7.76-netbsd-7-sparc64-20150301.tar.xz
./lang/openjdk8/distinfo \
openjdk7/bootstrap-jdk-1.8.181-netbsd-8-aarch64-20180917.tar.xz
./lang/openjdk8/distinfo \
openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.6-amd64-20140719.tar.bz2
./lang/openjdk8/distinfo \
openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.8-amd64-20140719.tar.bz2
./lang/go-bin/distinfo go1.14.2.darwin-amd64.tar.gz
./lang/go-bin/distinfo go1.14.2.linux-386.tar.gz
./lang/go-bin/distinfo go1.14.2.linux-amd64.tar.gz
./lang/go-bin/distinfo go1.14.2.linux-arm64.tar.gz
./lang/go-bin/distinfo go1.14.2.linux-armv6l.tar.gz
./lang/go-bin/distinfo go1.14.2.netbsd-arm64.tar.gz
./lang/go-bin/distinfo go1.16beta1.darwin-arm64.tar.gz
./lang/gcc6-aux/distinfo ada-bootstrap.i386.freebsd.100B.tar.bz2
./lang/gcc6-aux/distinfo ada-bootstrap.x86_64.dragonfly.41.tar.bz2
./lang/gcc6-aux/distinfo ada-bootstrap.x86_64.freebsd.100B.tar.bz2
./lang/gcc6-aux/distinfo ada-bootstrap.x86_64.freebsd.84.tar.bz2
./lang/gcc6-aux/distinfo ada-bootstrap.x86_64.solaris.511.tar.bz2
./lang/ghc810/distinfo ghc-8.8.4-boot-x86_64-unknown-solaris2.tar.xz
./lang/sun-jre7/distinfo UnlimitedJCEPolicyJDK7.zip
./lang/sun-jre7/distinfo jre-7u80-linux-x64.tar.gz
./lang/sun-jre7/distinfo jre-7u80-solaris-i586.tar.gz
./lang/sun-jre7/distinfo jre-7u80-solaris-x64.tar.gz
./lang/ghc88/distinfo ghc-8.4.4-boot-i386-unknown-freebsd.tar.xz
./lang/ghc88/distinfo ghc-8.4.4-boot-x86_64-apple-darwin.tar.xz
./lang/ghc88/distinfo ghc-8.4.4-boot-x86_64-unknown-freebsd.tar.xz
./lang/ghc88/distinfo ghc-8.4.4-boot-x86_64-unknown-solaris2.tar.xz
./lang/gcc-aux/distinfo ada-bootstrap.i386.dragonfly.36A.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.i386.freebsd.100B.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.i386.freebsd.84.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.x86_64.dragonfly.36A.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.x86_64.freebsd.100B.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.x86_64.freebsd.84.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.x86_64.solaris.511.tar.bz2
./lang/gcc6/distinfo ecj-4.5.jar
./lang/openjdk11/distinfo bootstrap-jdk-1.11.0.7.10-netbsd-9-aarch64-20200509.tar.xz
./lang/sun-jdk7/distinfo jdk-7u80-linux-x64.tar.gz
./lang/sun-jdk7/distinfo jdk-7u80-solaris-i586.tar.gz
./lang/sun-jdk7/distinfo jdk-7u80-solaris-x64.tar.gz
|
2021-10-07 16:21:17 by Nia Alarie | Files touched by this commit (282) |
Log message:
lang: Remove SHA1 hashes for distfiles
|
2021-06-29 14:37:47 by Adam Ciarcinski | Files touched by this commit (4) | |
Log message:
python36: updated to 3.6.14
Python 3.6.14 final
Security
bpo-44022: mod:http.client now avoids infinitely reading potential HTTP headers \
after a 100 Continue status response from the server.
bpo-43882: The presence of newline or tab characters in parts of a URL could \
allow some forms of attacks.
Following the controlling specification for URLs defined by WHATWG \
urllib.parse() now removes ASCII newlines and tabs from URLs, preventing such \
attacks.
bpo-42988: CVE-2021-3426: Remove the getfile feature of the pydoc module which \
could be abused to read arbitrary files on the disk (directory traversal \
vulnerability). Moreover, even source code of Python modules can contain \
sensitive data like passwords. Vulnerability reported by David Schwörer.
bpo-43285: ftplib no longer trusts the IP address value returned from the server \
in response to the PASV command by default. This prevents a malicious FTP server \
from using the response to probe IPv4 address and port combinations on the \
client network.
Code that requires the former vulnerable behavior may set a \
trust_server_pasv_ipv4_address attribute on their ftplib.FTP instances to True \
to re-enable it.
bpo-43075: Fix Regular Expression Denial of Service (ReDoS) vulnerability in \
urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has \
quadratic worst-case complexity and it allows cause a denial of service when \
identifying crafted invalid RFCs. This ReDoS issue is on the client side and \
needs remote attackers to control the HTTP server.
|
2021-02-16 20:39:53 by Adam Ciarcinski | Files touched by this commit (5) | |
Log message:
python36 py36-html-docs: updated to 3.6.13
Python 3.6.13 final
Security
bpo-42967: Fix web cache poisoning vulnerability by defaulting the query args \
separator to &, and allowing the user to choose a custom separator.
bpo-42938: Avoid static buffers when computing the repr of ctypes.c_double and \
ctypes.c_longdouble values.
bpo-42103: Prevented potential DoS attack via CPU and RAM exhaustion when \
processing malformed Apple Property List files in binary format.
bpo-42051: The plistlib module no longer accepts entity declarations in XML \
plist files to avoid XML vulnerabilities. This should not affect users as entity \
declarations are not used in regular plist files.
bpo-40791: Add volatile to the accumulator variable in hmac.compare_digest, \
making constant-time-defeating optimizations less likely.
Core and Builtins
bpo-35560: Fix an assertion error in format() in debug build for floating point \
formatting with “n” format, zero padding and small width. Release build is \
not impacted. Patch by Karthikeyan Singaravelan.
Library
bpo-42103: InvalidFileException and RecursionError are now the only errors \
caused by loading malformed binary Plist file (previously ValueError and \
TypeError could be raised in some specific cases).
Tests
bpo-42794: Update test_nntplib to use offical group name of news.aioe.org for \
testing. Patch by Dong-hee Na.
bpo-41944: Tests for CJK codecs no longer call eval() on content received via HTTP.
|
2020-08-19 09:07:46 by Adam Ciarcinski | Files touched by this commit (5) | |
Log message:
python36 py36-html-docs: updated to 3.6.12
Python 3.6.12 final
Security
bpo-29778: Ensure python3.dll is loaded from correct locations when Python is \
embedded (CVE-2020-15523).
bpo-41004: CVE-2020-14422: The __hash__() methods of ipaddress.IPv4Interface and \
ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 \
respectively. This resulted in always causing hash collisions. The fix uses \
hash() to generate hash values for the tuple of (address, mask length, network \
address).
bpo-39603: Prevent http header injection by rejecting control characters in \
http.client.putrequest(…).
Library
bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the C implementation raises \
now UnpicklingError instead of crashing.
bpo-39017: Avoid infinite loop when reading specially crafted TAR files using \
the tarfile module (CVE-2019-20907).
|
2020-06-30 07:59:41 by Adam Ciarcinski | Files touched by this commit (6) | |
Log message:
python36: updated to 3.6.11
Python 3.6.11 final
There were no new changes in version 3.6.11.
Python 3.6.11 release candidate 1
Security
bpo-39073: Disallow CR or LF in email.headerregistry.Address arguments to guard \
against header injection attacks.
bpo-38576: Disallow control characters in hostnames in http.client, addressing \
CVE-2019-18348. Such potentially malicious header injection URLs now cause a \
InvalidURL to be raised.
bpo-39503: CVE-2020-8492: The AbstractBasicAuthHandler class of the \
urllib.request module uses an inefficient regular expression which can be \
exploited by an attacker to cause a denial of service. Fix the regex to prevent \
the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt \
Schwager.
bpo-39401: Avoid unsafe load of api-ms-win-core-path-l1-1-0.dll at startup on \
Windows 7.
Core and Builtins
bpo-39510: Fix segfault in readinto() method on closed BufferedReader.
bpo-39421: Fix possible crashes when operating with the functions in the heapq \
module and custom comparison operators.
Library
bpo-39503: AbstractBasicAuthHandler of urllib.request now parses all \
WWW-Authenticate HTTP headers and accepts multiple challenges per header: use \
the realm of the first Basic challenge.
|
2019-12-28 23:38:04 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py36-html-docs: updated to 3.6.10
Match lang/python36
|
2019-07-03 23:09:54 by Leonardo Taccari | Files touched by this commit (3) |
Log message:
py36-html-docs: Update to 3.6.9
Changes:
3.6.9
=====
Documentation
-------------
- bpo-35605: Fix documentation build for sphinx<1.6. Patch by Anthony Sottile.
- bpo-35564: Explicitly set master_doc variable in conf.py for compliance with
Sphinx 2.0
|
2018-12-31 15:24:45 by Leonardo Taccari | Files touched by this commit (3) |
Log message:
py36-html-docs: Update to 3.6.8
Changes:
3.6.8
=====
Documentation
-------------
- bpo-35089: Remove mention of ``typing.io`` and ``typing.re``. Their types
should be imported from ``typing`` directly.
- bpo-35038: Fix the documentation about an unexisting `f_restricted`
attribute in the frame object. Patch by Stéphane Wirtel
- bpo-35035: Rename documentation for :mod:`email.utils` to
``email.utils.rst``.
- bpo-34967: Use app.add_object_type() instead of the deprecated Sphinx
function app.description_unit()
- bpo-33594: Document ``getargspec``, ``from_function`` and ``from_builtin``
as deprecated in their respective docstring, and include version since
deprecation in DeprecationWarning message.
- bpo-32613: Update the faq/windows.html to use the py command from PEP 397
instead of python.
|