[ 18:13 miwi  ]

• 404141 lang/python-doc-html/distinfo
• 404141 lang/python32/Makefile
• 404141 lang/python32/distinfo
• 404141 lang/python32/files/patch-CVE-2014-1912
• 404141 lang/python32/pkg-plist
• 404141 lang/python35/Makefile
• 404141 lang/python35/distinfo
• 404141 lang/python35/pkg-plist

- Update lang/python32 to 3.2.6 [1]
- Update lang/python35 to 3.5.1 [2]
- Update lang/python-doc-html for [1]
- Switch to do-test

Changelog:
[1] https://hg.python.org/cpython/file/v3.2.6/Misc/NEWS
[2] https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-1-final

Reviewed by:	koobs (python)
Approved by:	mat (mentor)
Differential Revision:	D4663

[ 10:52 koobs  ]

• 346614 lang/python27/Makefile
• 346614 lang/python27/files/patch-CVE-2014-1912
• 346614 lang/python31/Makefile
• 346614 lang/python31/files/patch-CVE-2014-1912
• 346614 lang/python32/Makefile
• 346614 lang/python32/files/patch-CVE-2014-1912
• 346614 lang/python33/Makefile
• 346614 lang/python33/files/patch-CVE-2014-1912

lang/python*: Backport security fix for CVE-2014-1912

A vulnerability was reported [1] in Python's socket module, due to a
boundary error within the sock_recvfrom_into() function, which could be
exploited to cause a buffer overflow.

This could be used to crash a Python application that uses the
socket.recvfrom_info() function or, possibly, execute arbitrary code
with the permissions of the user running vulnerable Python code.

This vulnerable function, socket.recvfrom_into(), was introduced in
Python 2.5. Earlier versions are not affected by this flaw.  This is
fixed in upstream branches for version 2.7, 3.1, 3.2 and 3.3.

[1] http://bugs.python.org/issue20246

MFH:		2014Q1
Security:	8e5e6d42-a0fa-11e3-b09a-080027f2d077