head 1.1; access; symbols pkgsrc-2026Q1:1.1.0.38 pkgsrc-2026Q1-base:1.1 pkgsrc-2025Q4:1.1.0.36 pkgsrc-2025Q4-base:1.1 pkgsrc-2025Q3:1.1.0.34 pkgsrc-2025Q3-base:1.1 pkgsrc-2025Q2:1.1.0.32 pkgsrc-2025Q2-base:1.1 pkgsrc-2025Q1:1.1.0.30 pkgsrc-2025Q1-base:1.1 pkgsrc-2024Q4:1.1.0.28 pkgsrc-2024Q4-base:1.1 pkgsrc-2024Q3:1.1.0.26 pkgsrc-2024Q3-base:1.1 pkgsrc-2024Q2:1.1.0.24 pkgsrc-2024Q2-base:1.1 pkgsrc-2024Q1:1.1.0.22 pkgsrc-2024Q1-base:1.1 pkgsrc-2023Q4:1.1.0.20 pkgsrc-2023Q4-base:1.1 pkgsrc-2023Q3:1.1.0.18 pkgsrc-2023Q3-base:1.1 pkgsrc-2023Q2:1.1.0.16 pkgsrc-2023Q2-base:1.1 pkgsrc-2023Q1:1.1.0.14 pkgsrc-2023Q1-base:1.1 pkgsrc-2022Q4:1.1.0.12 pkgsrc-2022Q4-base:1.1 pkgsrc-2022Q3:1.1.0.10 pkgsrc-2022Q3-base:1.1 pkgsrc-2022Q2:1.1.0.8 pkgsrc-2022Q2-base:1.1 pkgsrc-2022Q1:1.1.0.6 pkgsrc-2022Q1-base:1.1 pkgsrc-2021Q4:1.1.0.4 pkgsrc-2021Q4-base:1.1 pkgsrc-2021Q3:1.1.0.2; locks; strict; comment @# @; 1.1 date 2021.10.10.03.00.59; author gutteridge; state Exp; branches 1.1.2.1; next ; commitid 9ljVlIyHdtvaadcD; 1.1.2.1 date 2021.10.10.03.00.59; author tm; state dead; branches; next 1.1.2.2; commitid mvFnfUhuwmaU3HcD; 1.1.2.2 date 2021.10.13.21.04.01; author tm; state Exp; branches; next ; commitid mvFnfUhuwmaU3HcD; desc @@ 1.1 log @python27: fix various security issues Addresses CVE-2020-27619, CVE-2021-3177, CVE-2021-3733, CVE-2021-3737 and CVE-2021-23336. Patches mostly sourced via Fedora. @ text @$NetBSD$ Fix CVE-2021-23336: Add `separator` argument to parse_qs; warn with default Via Fedora: https://src.fedoraproject.org/rpms/python2.7/blob/rawhide/f/00359-CVE-2021-23336.patch --- Doc/library/cgi.rst.orig 2020-04-19 21:13:39.000000000 +0000 +++ Doc/library/cgi.rst @@@@ -285,10 +285,10 @@@@ These are useful if you want more contro algorithms implemented in this module in other circumstances. -.. function:: parse(fp[, environ[, keep_blank_values[, strict_parsing]]]) +.. function:: parse(fp[, environ[, keep_blank_values[, strict_parsing[, separator]]]]) Parse a query in the environment or from a file (the file defaults to - ``sys.stdin`` and environment defaults to ``os.environ``). The *keep_blank_values* and *strict_parsing* parameters are + ``sys.stdin`` and environment defaults to ``os.environ``). The *keep_blank_values*, *strict_parsing* and *separator* parameters are passed to :func:`urlparse.parse_qs` unchanged. @@@@ -316,7 +316,6 @@@@ algorithms implemented in this module in Note that this does not parse nested multipart parts --- use :class:`FieldStorage` for that. - .. function:: parse_header(string) Parse a MIME header (such as :mailheader:`Content-Type`) into a main value and a @ 1.1.2.1 log @file patch-Doc_library_cgi.rst was added on branch pkgsrc-2021Q3 on 2021-10-13 21:04:01 +0000 @ text @d1 29 @ 1.1.2.2 log @Pullup ticket #6513 - requested by gutteridge lang/python27: security fix Revisions pulled up: - lang/python27/Makefile 1.94 - lang/python27/distinfo 1.85 - lang/python27/patches/patch-Doc_library_cgi.rst 1.1 - lang/python27/patches/patch-Doc_library_urlparse.rst 1.1 - lang/python27/patches/patch-Lib_cgi.py 1.1 - lang/python27/patches/patch-Lib_ctypes_test_test__parameters.py 1.1 - lang/python27/patches/patch-Lib_httplib.py 1.4 - lang/python27/patches/patch-Lib_test_multibytecodec__support.py 1.1 - lang/python27/patches/patch-Lib_test_test__cgi.py 1.1 - lang/python27/patches/patch-Lib_test_test__httplib.py 1.4 - lang/python27/patches/patch-Lib_test_test__urlparse.py 1.1 - lang/python27/patches/patch-Lib_urllib2.py 1.3 - lang/python27/patches/patch-Lib_urlparse.py 1.1 - lang/python27/patches/patch-Modules___ctypes_callproc.c 1.2 --- Module Name: pkgsrc Committed By: gutteridge Date: Sun Oct 10 03:00:59 UTC 2021 Modified Files: pkgsrc/lang/python27: Makefile distinfo pkgsrc/lang/python27/patches: patch-Lib_httplib.py patch-Lib_test_test__httplib.py patch-Lib_urllib2.py patch-Modules___ctypes_callproc.c Added Files: pkgsrc/lang/python27/patches: patch-Doc_library_cgi.rst patch-Doc_library_urlparse.rst patch-Lib_cgi.py patch-Lib_ctypes_test_test__parameters.py patch-Lib_test_multibytecodec__support.py patch-Lib_test_test__cgi.py patch-Lib_test_test__urlparse.py patch-Lib_urlparse.py Log Message: python27: fix various security issues Addresses CVE-2020-27619, CVE-2021-3177, CVE-2021-3733, CVE-2021-3737 and CVE-2021-23336. Patches mostly sourced via Fedora. @ text @a0 29 $NetBSD: patch-Doc_library_cgi.rst,v 1.1 2021/10/10 03:00:59 gutteridge Exp $ Fix CVE-2021-23336: Add `separator` argument to parse_qs; warn with default Via Fedora: https://src.fedoraproject.org/rpms/python2.7/blob/rawhide/f/00359-CVE-2021-23336.patch --- Doc/library/cgi.rst.orig 2020-04-19 21:13:39.000000000 +0000 +++ Doc/library/cgi.rst @@@@ -285,10 +285,10 @@@@ These are useful if you want more contro algorithms implemented in this module in other circumstances. -.. function:: parse(fp[, environ[, keep_blank_values[, strict_parsing]]]) +.. function:: parse(fp[, environ[, keep_blank_values[, strict_parsing[, separator]]]]) Parse a query in the environment or from a file (the file defaults to - ``sys.stdin`` and environment defaults to ``os.environ``). The *keep_blank_values* and *strict_parsing* parameters are + ``sys.stdin`` and environment defaults to ``os.environ``). The *keep_blank_values*, *strict_parsing* and *separator* parameters are passed to :func:`urlparse.parse_qs` unchanged. @@@@ -316,7 +316,6 @@@@ algorithms implemented in this module in Note that this does not parse nested multipart parts --- use :class:`FieldStorage` for that. - .. function:: parse_header(string) Parse a MIME header (such as :mailheader:`Content-Type`) into a main value and a @