head	1.2;
access;
symbols
	pkgsrc-2014Q3:1.1.0.4
	pkgsrc-2014Q3-base:1.1
	pkgsrc-2014Q2:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2014.10.09.09.32.40;	author wiz;	state dead;
branches;
next	1.1;
commitid	pFWJ5fL60qdxyvTx;

1.1
date	2014.07.04.11.37.13;	author he;	state Exp;
branches
	1.1.2.1;
next	;
commitid	J7bulinpwcmym3Hx;

1.1.2.1
date	2014.07.04.11.37.13;	author tron;	state dead;
branches;
next	1.1.2.2;
commitid	0GgbwNUv1QwsibHx;

1.1.2.2
date	2014.07.05.11.30.58;	author tron;	state Exp;
branches;
next	;
commitid	0GgbwNUv1QwsibHx;


desc
@@


1.2
log
@Remove another unneeded patch after update.
@
text
@$NetBSD: patch-Misc_NEWS,v 1.1 2014/07/04 11:37:13 he Exp $

Note we have fix for directory traversal vulnerability, ref.
http://bugs.python.org/issue21766

--- Misc/NEWS.orig	2014-05-19 05:19:39.000000000 +0000
+++ Misc/NEWS
@@@@ -93,6 +93,9 @@@@ Core and Builtins
 Library
 -------
 
+- Issue #21766: Prevent a security hole in CGIHTTPServer by URL unquoting paths
+  before checking for a CGI script at that path.
+
 - Issue #21088: Bugfix for curses.window.addch() regression in 3.4.0.
   In porting to Argument Clinic, the first two arguments were reversed.
 
@


1.1
log
@Apply fix for directory traversal vulnerability, ref.
http://bugs.python.org/issue21766
Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-Misc_NEWS was added on branch pkgsrc-2014Q2 on 2014-07-05 11:30:58 +0000
@
text
@d1 17
@


1.1.2.2
log
@Pullup ticket #4441 - requested by he
lang/python34: security patch

Revisions pulled up:
- lang/python34/Makefile                                        1.6
- lang/python34/distinfo                                        1.13
- lang/python34/patches/patch-Lib_http_server.py                1.1
- lang/python34/patches/patch-Lib_test_test__httpservers.py     1.1
- lang/python34/patches/patch-Misc_NEWS                         1.1

---
   Module Name:	pkgsrc
   Committed By:	he
   Date:		Fri Jul  4 11:37:13 UTC 2014

   Modified Files:
   	pkgsrc/lang/python34: Makefile distinfo
   Added Files:
   	pkgsrc/lang/python34/patches: patch-Lib_http_server.py
   	    patch-Lib_test_test__httpservers.py patch-Misc_NEWS

   Log Message:
   Apply fix for directory traversal vulnerability, ref.
   http://bugs.python.org/issue21766
   Bump PKGREVISION.
@
text
@a0 17
$NetBSD$

Note we have fix for directory traversal vulnerability, ref.
http://bugs.python.org/issue21766

--- Misc/NEWS.orig	2014-05-19 05:19:39.000000000 +0000
+++ Misc/NEWS
@@@@ -93,6 +93,9 @@@@ Core and Builtins
 Library
 -------
 
+- Issue #21766: Prevent a security hole in CGIHTTPServer by URL unquoting paths
+  before checking for a CGI script at that path.
+
 - Issue #21088: Bugfix for curses.window.addch() regression in 3.4.0.
   In porting to Argument Clinic, the first two arguments were reversed.
 
@