The NetBSD Project

CVS log for pkgsrc/lang/py38-html-docs/distinfo

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / lang / py38-html-docs

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.21 / (download) - annotate - [select for diffs], Fri Aug 25 08:25:28 2023 UTC (4 weeks, 1 day ago) by adam
Branch: MAIN
CVS Tags: HEAD
Changes since 1.20: +4 -4 lines
Diff to previous 1.20 (colored)

python38 py38-html-docs: updated to 3.8.18

Python 3.8.18

Security

gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith.

Library

gh-107845: tarfile.data_filter() now takes the location of symlinks into account when determining their target, so it will no longer reject some valid tarballs with LinkOutsideDestinationError.

Tools/Demos

gh-107565: Update multissltests and GitHub CI workflows to use OpenSSL 1.1.1v, 3.0.10, and 3.1.2.

Revision 1.20 / (download) - annotate - [select for diffs], Wed Jun 7 13:25:08 2023 UTC (3 months, 2 weeks ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2023Q2-base, pkgsrc-2023Q2
Changes since 1.19: +4 -4 lines
Diff to previous 1.19 (colored)

python38 py38-html-docs: updated to 3.8.17

Python 3.8.17

Security
gh-103142: The version of OpenSSL used in our binary builds has been upgraded to 1.1.1u to address several CVEs.
gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified.
gh-104049: Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler.
gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329. Patch by Illia Volochii.
gh-101727: Updated the OpenSSL version used in Windows and macOS binary release builds to 1.1.1t to address CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the OpenSSL 2023-02-07 security advisory.
gh-101283: subprocess.Popen now uses a safer approach to find cmd.exe when launching with shell=True. Patch by Eryk Sun, based on a patch by Oleg Iarygin.

Library
gh-103935: Use io.open_code() for files to be executed instead of raw open()
gh-102953: The extraction methods in tarfile, and shutil.unpack_archive(), have a new a filter argument that allows limiting tar features than may be surprising or dangerous, such as creating files outside the destination directory. See Extraction filters for details.
gh-101997: Upgrade pip wheel bundled with ensurepip (pip 23.0.1)

Build
gh-102306: [3.8] Avoid GHA CI macOS test_posix failure by using the appropriate macOS SDK.

Windows
gh-100180: Update Windows installer to OpenSSL 1.1.1s

macOS
gh-103142: Update macOS installer to use OpenSSL 1.1.1u.

Revision 1.19 / (download) - annotate - [select for diffs], Wed Dec 7 11:52:00 2022 UTC (9 months, 2 weeks ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2023Q1-base, pkgsrc-2023Q1, pkgsrc-2022Q4-base, pkgsrc-2022Q4
Changes since 1.18: +4 -4 lines
Diff to previous 1.18 (colored)

python38 py38-html-docs: updated to 3.8.16

Python 3.8.16 final

Security
gh-100001: python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server log.

This is done by changing the http.server BaseHTTPRequestHandler .log_message method to replace control characters with a \xHH hex escape before printing.
gh-87604: Avoid publishing list of active per-interpreter audit hooks via the gc module
gh-98433: The IDNA codec decoder used on DNS hostnames by socket or asyncio related name resolution functions no longer involves a quadratic algorithm. This prevents a potential CPU denial of service if an out-of-spec excessive length hostname involving bidirectional characters were decoded. Some protocols such as urllib http 3xx redirects potentially allow for an attacker to supply such a name.
gh-98739: Update bundled libexpat to 2.5.0
gh-98517: Port XKCP fix for the buffer overflows in SHA-3 (CVE-2022-37454).
gh-68966: The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed).

Revision 1.18 / (download) - annotate - [select for diffs], Wed Oct 12 08:37:52 2022 UTC (11 months, 1 week ago) by adam
Branch: MAIN
Changes since 1.17: +4 -4 lines
Diff to previous 1.17 (colored)

python38 py38-html-docs: updated to 3.8.15

Python 3.8.15

Security

gh-97616: Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. Issue reported by Jordan Limor. Patch by Victor Stinner.
gh-97612: Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. Issue reported and initial fix by Caleb Shortt. Patch by Victor Stinner.

Core and Builtins

gh-96848: Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. Patch by Victor Stinner.
gh-95778: When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. Patch by Victor Stinner.

Library

gh-97005: Update bundled libexpat to 2.4.9

Windows

gh-96577: Fixes a potential buffer overrun in msilib.

Revision 1.17 / (download) - annotate - [select for diffs], Wed Sep 7 15:32:34 2022 UTC (12 months, 2 weeks ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q3-base, pkgsrc-2022Q3
Changes since 1.16: +4 -4 lines
Diff to previous 1.16 (colored)

python38 py38-html-docs: updated to 3.8.14

Python 3.8.14

Security
gh-95778: Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. This is a mitigation for CVE-2020-10735.

This new limit can be configured or disabled by environment variable, command line flag, or sys APIs. See the integer string conversion length limitation documentation. The default limit is 4300 digits in string form.

Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and Mark Dickinson.
gh-87389: http.server: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. Vulnerability discovered, and initial fix proposed, by Hamza Avvan.

Core and Builtins
gh-93065: Fix contextvars HAMT implementation to handle iteration over deep trees.

The bug was discovered and fixed by Eli Libman. See MagicStack/immutables#84 for more details.

Library
bpo-46197: Fix ensurepip environment isolation for subprocess running pip.
bpo-36073: Raise ProgrammingError instead of segfaulting on recursive usage of cursors in sqlite3 converters. Patch by Sergey Fedoseev.

Documentation
gh-91888: Add a new gh role to the documentation to link to GitHub issues.
bpo-47138: Pin Jinja to a version compatible with Sphinx version 2.4.4.

Tests
gh-94208: test_ssl is now checking for supported TLS version and protocols in more tests.
bpo-47016: Create a GitHub Actions workflow for verifying bundled pip and setuptools. Patch by Illia Volochii and Adam Turner.
bpo-46114: Fix test case for OpenSSL 3.0.1 version. OpenSSL 3.0 uses 0xMNN00PP0L.

Windows
bpo-47194: Update zlib to v1.2.12 to resolve CVE-2018-25032.

Revision 1.16 / (download) - annotate - [select for diffs], Sat Mar 19 18:56:44 2022 UTC (18 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1
Changes since 1.15: +4 -4 lines
Diff to previous 1.15 (colored)

python38 py38-html-docs: updated to 3.8.13

Python 3.8.13 final

Core and Builtins

bpo-46794: Bump up the libexpat version into 2.4.6
Library
bpo-46985: Upgrade pip wheel bundled with ensurepip (pip 22.0.4)
bpo-46932: Update bundled libexpat to 2.4.7
bpo-46811: Make test suite support Expat >=2.4.5
bpo-46784: Fix libexpat symbols collisions with user dynamically loaded or statically linked libexpat in embedded Python.
bpo-46756: Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which allowed to bypass authorization. For example, access to URI example.org/foobar was allowed if the user was authorized for URI example.org/foo.
bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4
bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid potential REDoS by limiting ambiguity in consecutive whitespace.
bpo-44849: Fix the os.set_inheritable() function on FreeBSD 14 for file descriptor opened with the O_PATH flag: ignore the EBADF error on ioctl(), fallback on the fcntl() implementation. Patch by Victor Stinner.

Documentation

bpo-41028: Language and version switchers, previously maintained in every cpython branches, are now handled by docsbuild-script.

Tests

bpo-45195: Fix test_readline.test_nonascii(): sometimes, the newline character is not written at the end, so don expect it in the output. Patch by Victor Stinner.
bpo-44949: Fix auto history tests of test_readline: sometimes, the newline character is not written at the end, so don expect it in the output.

Build

bpo-47024: Update Windows builds and macOS installer build to use OpenSSL 1.1.1n.
bpo-45405: Prevent internal configure error when running configure with recent versions of clang. Patch by David Bohman.
bpo-45220: Avoid building with the Windows 11 SDK previews automatically. This may be overridden by setting the DefaultWindowsSDKVersion environment variable before building.

Windows

bpo-44549: Update bzip2 to 1.0.8 in Windows builds to mitigate CVE-2016-3189 and CVE-2019-12900
bpo-46948: Prevent CVE-2022-26488 by ensuring the Add to PATH option in the Windows installer uses the correct path when being repaired.

macOS

bpo-44828: Avoid tkinter file dialog failure on macOS 12 Monterey when using the Tk 8.6.11 provided by python.org macOS installers. Patch by Marc Culler of the Tk project.

Revision 1.15 / (download) - annotate - [select for diffs], Tue Oct 26 10:51:51 2021 UTC (22 months, 4 weeks ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2021Q4-base, pkgsrc-2021Q4
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)

lang: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

The following distfiles could not be fetched (possibly fetched
conditionally?):

./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-aarch64-unknown-linux-gnu.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-aarch64-unknown-linux-musl.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-aarch64-unknown-netbsd.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-armv7-unknown-netbsd-eabihf.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-i686-unknown-linux-gnu.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-powerpc-unknown-netbsd90.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-sparc64-unknown-netbsd.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-x86_64-apple-darwin.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-x86_64-unknown-freebsd.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-x86_64-unknown-linux-gnu.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-x86_64-unknown-linux-musl.tar.gz
./lang/smlnj/distinfo smlnj-110.73/boot.ppc-unix.tgz
./lang/smlnj/distinfo smlnj-110.73/boot.sparc-unix.tgz
./lang/oracle-jre8/distinfo jce_policy-8.zip
./lang/oracle-jre8/distinfo jre-8u202-linux-i586.tar.gz
./lang/oracle-jre8/distinfo jre-8u202-linux-x64.tar.gz
./lang/oracle-jre8/distinfo jre-8u202-macosx-x64.tar.gz
./lang/oracle-jre8/distinfo jre-8u202-solaris-x64.tar.gz
./lang/oracle-jdk8/distinfo jdk-8u202-linux-i586.tar.gz
./lang/oracle-jdk8/distinfo jdk-8u202-linux-x64.tar.gz
./lang/oracle-jdk8/distinfo jdk-8u202-solaris-x64.tar.gz
./lang/ghc80/distinfo ghc-7.10.3-boot-x86_64-unknown-solaris2.tar.xz
./lang/ghc80/distinfo ghc-8.0.2-boot-i386-unknown-freebsd.tar.xz
./lang/ghc80/distinfo ghc-8.0.2-boot-x86_64-unknown-freebsd.tar.xz
./lang/gcc5-aux/distinfo ada-bootstrap.i386.freebsd.100B.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.i386.freebsd.84.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.x86_64.dragonfly.41.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.x86_64.freebsd.100B.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.x86_64.freebsd.84.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.x86_64.solaris.511.tar.bz2
./lang/rust/distinfo rust-1.53.0-aarch64-apple-darwin.tar.gz
./lang/rust/distinfo rust-1.53.0-aarch64-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-1.53.0-aarch64-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-1.53.0-aarch64_be-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-1.53.0-arm-unknown-linux-gnueabihf.tar.gz
./lang/rust/distinfo rust-1.53.0-armv7-unknown-linux-gnueabihf.tar.gz
./lang/rust/distinfo rust-1.53.0-i686-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-1.53.0-powerpc-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-1.53.0-powerpc-unknown-netbsd90.tar.gz
./lang/rust/distinfo rust-1.53.0-sparc64-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-1.53.0-x86_64-apple-darwin.tar.gz
./lang/rust/distinfo rust-1.53.0-x86_64-unknown-freebsd.tar.gz
./lang/rust/distinfo rust-1.53.0-x86_64-unknown-illumos.tar.gz
./lang/rust/distinfo rust-1.53.0-x86_64-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-std-1.53.0-aarch64-apple-darwin.tar.gz
./lang/rust/distinfo rust-std-1.53.0-aarch64-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-std-1.53.0-aarch64-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-aarch64_be-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-arm-unknown-linux-gnueabihf.tar.gz
./lang/rust/distinfo rust-std-1.53.0-armv7-unknown-linux-gnueabihf.tar.gz
./lang/rust/distinfo rust-std-1.53.0-i686-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-std-1.53.0-powerpc-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-powerpc-unknown-netbsd90.tar.gz
./lang/rust/distinfo rust-std-1.53.0-sparc64-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-x86_64-apple-darwin.tar.gz
./lang/rust/distinfo rust-std-1.53.0-x86_64-unknown-freebsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-x86_64-unknown-linux-gnu.tar.gz
./lang/smlnj11072/distinfo smlnj-110.72/boot.ppc-unix.tgz
./lang/smlnj11072/distinfo smlnj-110.72/boot.sparc-unix.tgz
./lang/ghc84/distinfo ghc-8.0.2-boot-x86_64-unknown-solaris2.tar.xz
./lang/ghc84/distinfo ghc-8.4.4-boot-i386-unknown-freebsd.tar.xz
./lang/ghc84/distinfo ghc-8.4.4-boot-x86_64-apple-darwin.tar.xz
./lang/ghc84/distinfo ghc-8.4.4-boot-x86_64-unknown-freebsd.tar.xz
./lang/ghc7/distinfo ghc-7.10.3-boot-i386-unknown-freebsd.tar.xz
./lang/ghc7/distinfo ghc-7.6.3-boot-i386-unknown-solaris2.tar.xz
./lang/ghc7/distinfo ghc-7.6.3-boot-powerpc-apple-darwin.tar.xz
./lang/ghc7/distinfo ghc-7.6.3-boot-x86_64-unknown-solaris2.tar.xz
./lang/ghc90/distinfo ghc-8.10.4-boot-x86_64-unknown-solaris2.tar.xz
./lang/ghc90/distinfo ghc-9.0.1-boot-aarch64-unknown-netbsd.tar.xz
./lang/ghc90/distinfo ghc-9.0.1-boot-i386-unknown-freebsd.tar.xz
./lang/ghc90/distinfo ghc-9.0.1-boot-x86_64-apple-darwin.tar.xz
./lang/ghc90/distinfo ghc-9.0.1-boot-x86_64-unknown-freebsd.tar.xz
./lang/openjdk8/distinfo openjdk7/bootstrap-jdk-1.7.76-freebsd-10-amd64-20150301.tar.xz
./lang/openjdk8/distinfo openjdk7/bootstrap-jdk-1.7.76-netbsd-7-sparc64-20150301.tar.xz
./lang/openjdk8/distinfo openjdk7/bootstrap-jdk-1.8.181-netbsd-8-aarch64-20180917.tar.xz
./lang/openjdk8/distinfo openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.6-amd64-20140719.tar.bz2
./lang/openjdk8/distinfo openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.8-amd64-20140719.tar.bz2
./lang/go-bin/distinfo go1.14.2.darwin-amd64.tar.gz
./lang/go-bin/distinfo go1.14.2.linux-386.tar.gz
./lang/go-bin/distinfo go1.14.2.linux-amd64.tar.gz
./lang/go-bin/distinfo go1.14.2.linux-arm64.tar.gz
./lang/go-bin/distinfo go1.14.2.linux-armv6l.tar.gz
./lang/go-bin/distinfo go1.14.2.netbsd-arm64.tar.gz
./lang/go-bin/distinfo go1.16beta1.darwin-arm64.tar.gz
./lang/gcc6-aux/distinfo ada-bootstrap.i386.freebsd.100B.tar.bz2
./lang/gcc6-aux/distinfo ada-bootstrap.x86_64.dragonfly.41.tar.bz2
./lang/gcc6-aux/distinfo ada-bootstrap.x86_64.freebsd.100B.tar.bz2
./lang/gcc6-aux/distinfo ada-bootstrap.x86_64.freebsd.84.tar.bz2
./lang/gcc6-aux/distinfo ada-bootstrap.x86_64.solaris.511.tar.bz2
./lang/ghc810/distinfo ghc-8.8.4-boot-x86_64-unknown-solaris2.tar.xz
./lang/sun-jre7/distinfo UnlimitedJCEPolicyJDK7.zip
./lang/sun-jre7/distinfo jre-7u80-linux-x64.tar.gz
./lang/sun-jre7/distinfo jre-7u80-solaris-i586.tar.gz
./lang/sun-jre7/distinfo jre-7u80-solaris-x64.tar.gz
./lang/ghc88/distinfo ghc-8.4.4-boot-i386-unknown-freebsd.tar.xz
./lang/ghc88/distinfo ghc-8.4.4-boot-x86_64-apple-darwin.tar.xz
./lang/ghc88/distinfo ghc-8.4.4-boot-x86_64-unknown-freebsd.tar.xz
./lang/ghc88/distinfo ghc-8.4.4-boot-x86_64-unknown-solaris2.tar.xz
./lang/gcc-aux/distinfo ada-bootstrap.i386.dragonfly.36A.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.i386.freebsd.100B.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.i386.freebsd.84.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.x86_64.dragonfly.36A.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.x86_64.freebsd.100B.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.x86_64.freebsd.84.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.x86_64.solaris.511.tar.bz2
./lang/gcc6/distinfo ecj-4.5.jar
./lang/openjdk11/distinfo bootstrap-jdk-1.11.0.7.10-netbsd-9-aarch64-20200509.tar.xz
./lang/sun-jdk7/distinfo jdk-7u80-linux-x64.tar.gz
./lang/sun-jdk7/distinfo jdk-7u80-solaris-i586.tar.gz
./lang/sun-jdk7/distinfo jdk-7u80-solaris-x64.tar.gz

Revision 1.14 / (download) - annotate - [select for diffs], Thu Oct 7 14:21:09 2021 UTC (23 months, 2 weeks ago) by nia
Branch: MAIN
Changes since 1.13: +1 -2 lines
Diff to previous 1.13 (colored)

lang: Remove SHA1 hashes for distfiles

Revision 1.13 / (download) - annotate - [select for diffs], Wed Sep 1 13:52:52 2021 UTC (2 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3
Changes since 1.12: +5 -5 lines
Diff to previous 1.12 (colored)

python38: updated to 3.8.12

Python 3.8.12 final

Security

bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition.
bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 ףillion Laughsvulnerability. This copy is most used on Windows and macOS.
bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection.
bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4 address strings. Leading zeros are ambiguous and interpreted as octal notation by some libraries. For example the legacy function socket.inet_aton() treats leading zeros as octal notation. glibc implementation of modern inet_pton() does not accept any leading zeros. For a while the ipaddress module used to accept ambiguous leading zeros.

Core and Builtins

bpo-44872: Use new trashcan macros (Py_TRASHCAN_BEGIN/END) in frameobject.c instead of the old ones (Py_TRASHCAN_SAFE_BEGIN/END).
bpo-33930: Fix segmentation fault with deep recursion when cleaning method objects. Patch by Augusto Goulart and Pablo Galindo.
bpo-44856: Fix reference leaks in the error paths of update_bases() and __build_class__. Patch by Pablo Galindo.

Library

bpo-45001: Made email date parsing more robust against malformed input, namely a whitespace-only Date: header. Patch by Wouter Bolsterlee.

Documentation

bpo-30511: Clarify that shutil.make_archive() is not thread-safe due to reliance on changing the current working directory.

Windows

bpo-45007: Update to OpenSSL 1.1.1l in Windows build

macOS

bpo-45007: Update macOS installer builds to use OpenSSL 1.1.1l.
bpo-44689: ctypes.util.find_library() now works correctly on macOS 11 Big Sur even if Python is built on an older version of macOS. Previously, when built on older macOS systems, find_library was not able to find macOS system libraries when running on Big Sur due to changes in how system libraries are stored.

Revision 1.12 / (download) - annotate - [select for diffs], Tue Jun 29 12:41:07 2021 UTC (2 years, 2 months ago) by adam
Branch: MAIN
Changes since 1.11: +5 -5 lines
Diff to previous 1.11 (colored)

python38: updated to 3.8.11

Python 3.8.11 final

Security

bpo-44022: mod:http.client now avoids infinitely reading potential HTTP headers after a 100 Continue status response from the server.
bpo-43882: The presence of newline or tab characters in parts of a URL could allow some forms of attacks.

Following the controlling specification for URLs defined by WHATWG urllib.parse() now removes ASCII newlines and tabs from URLs, preventing such attacks.
bpo-42800: Audit hooks are now fired for frame.f_code, traceback.tb_frame, and generator code/frame attribute access.

Core and Builtins

bpo-44070: No longer eagerly makes import filenames absolute, except for extension modules, which was introduced in 3.8.10.

Library

bpo-44061: Fix regression in previous release when calling pkgutil.iter_modules() with a list of pathlib.Path objects

Revision 1.11 / (download) - annotate - [select for diffs], Tue May 4 05:16:07 2021 UTC (2 years, 4 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2021Q2-base, pkgsrc-2021Q2
Changes since 1.10: +5 -5 lines
Diff to previous 1.10 (colored)

python38: updated to 3.8.10

Python 3.8.10 final

Security
bpo-43434: Creating a sqlite3.Connection object now also produces a sqlite3.connect auditing event. Previously this event was only produced by sqlite3.connect() calls. Patch by Erlend E. Aasland.
bpo-43472: Ensures interpreter-level audit hooks receive the cpython.PyInterpreterState_New event when called through the _xxsubinterpreters module.
bpo-43075: Fix Regular Expression Denial of Service (ReDoS) vulnerability in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server.

Core and Builtins
bpo-43105: Importlib now resolves relative paths when creating module spec objects from file locations.
bpo-42924: Fix bytearray repetition incorrectly copying data from the start of the buffer, even if the data is offset within the buffer (e.g. after reassigning a slice at the start of the bytearray to a shorter byte string).

Library
bpo-43993: Update bundled pip to 21.1.1.
bpo-43937: Fixed the turtle module working with non-default root window.
bpo-43930: Update bundled pip to 21.1 and setuptools to 56.0.0
bpo-43920: OpenSSL 3.0.0: load_verify_locations() now returns a consistent error message when cadata contains no valid certificate.
bpo-43607: urllib can now convert Windows paths with \\?\ prefixes into URL paths.
bpo-43284: platform.win32_ver derives the windows version from sys.getwindowsversion().platform_version which in turn derives the version from kernel32.dll (which can be of a different version than Windows itself). Therefore change the platform.win32_ver to determine the version using the platform module _syscmd_ver private function to return an accurate version.
bpo-42248: [Enum] ensure exceptions raised in _missing__ are released
bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 to suppress deprecation warnings. Python requires OpenSSL 1.1.1 APIs.
bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants (OpenSSL 3.0.0)
bpo-43789: OpenSSL 3.0.0: Don call the password callback function a second time when first call has signaled an error condition.
bpo-43788: The header files for ssl error codes are now OpenSSL version-specific. Exceptions will now show correct reason and library codes. The make_ssl_data.py script has been rewritten to use OpenSSL text file with error codes.
bpo-43655: tkinter dialog windows are now recognized as dialogs by window managers on macOS and X Window.
bpo-43534: turtle.textinput() and turtle.numinput() create now a transient window working on behalf of the canvas window.
bpo-43522: Fix problem with hostname_checks_common_name. OpenSSL does not copy hostflags from struct SSL_CTX to struct SSL.
bpo-42967: Allow bytes separator argument in urllib.parse.parse_qs and urllib.parse.parse_qsl when parsing str query strings. Previously, this raised a TypeError.
bpo-43176: Fixed processing of a dataclass that inherits from a frozen dataclass with no fields. It is now correctly detected as an error.
bpo-34463: Fixed discrepancy between traceback and the interpreter in formatting of SyntaxError with lineno not set (traceback was changed to match interpreter).
bpo-41735: Fix thread locks in zlib module may go wrong in rare case. Patch by Ma Lin.
bpo-26053: Fixed bug where the pdb interactive run command echoed the args from the shell command line, even if those have been overridden at the pdb prompt.
bpo-36470: Fix dataclasses with InitVars and replace(). Patch by Claudiu Popa.
bpo-28577: The hosts method on 32-bit prefix length IPv4Networks and 128-bit prefix IPv6Networks now returns a list containing the single Address instead of an empty list.
bpo-32745: Fix a regression in the handling of ctypesctypes.c_wchar_p type: embedded null characters would cause a ValueError to be raised. Patch by Zackery Spytz.

Documentation
bpo-43959: The documentation on the PyContextVar C-API was clarified.
bpo-43938: Update dataclasses documentation to express that FrozenInstanceError is derived from AttributeError.
bpo-43739: Fixing the example code in Doc/extending/extending.rst to declare and initialize the pmodule variable to be of the right type.

Tests
bpo-43842: Fix a race condition in the SMTP test of test_logging. Don close a file descriptor (socket) from a different thread while asyncore.loop() is polling the file descriptor. Patch by Victor Stinner.
bpo-43811: Tests multiple OpenSSL versions on GitHub Actions. Use ccache to speed up testing.
bpo-43791: OpenSSL 3.0.0: Disable testing of legacy protocols TLS 1.0 and 1.1. Tests are failing with TLSV1_ALERT_INTERNAL_ERROR.

Windows
bpo-35306: Avoid raising errors from pathlib.Path.exists() when passed an invalid filename.
bpo-38822: Fixed os.stat() failing on inaccessible directories with a trailing slash, rather than falling back to the parent directory metadata. This implicitly affected os.path.exists() and os.path.isdir().
bpo-26227: Fixed decoding of host names in socket.gethostbyaddr() and socket.gethostbyname_ex().
bpo-43745: Actually updates Windows release to OpenSSL 1.1.1k. Earlier releases were mislabelled and actually included 1.1.1i again.
bpo-43492: Upgrade Windows installer to use SQLite 3.35.5.

macOS
bpo-44009: Provide ython3.x-intel64executable to allow reliably forcing macOS universal2 framework builds to run under Rosetta 2 Intel-64 emulation on Apple Silicon Macs. This can be useful for testing or when universal2 wheels are not yet available.
bpo-41100: As of 3.8.10, Python now supports building and running on macOS 11 (Big Sur) and on Apple Silicon Macs (based on the ARM64 architecture). A new universal build variant, universal2, is also available to natively support both ARM64 and Intel 64 in one set of executables. This backport from Python 3.9 does not include support for eaklinking to support a range of macOS versions, continue to target for and build on the oldest version in the range; for 3.8.x, the universal2 variant is only useful on macOS 11 or later.
bpo-43492: Update macOS installer to use SQLite 3.35.4.

IDLE
bpo-43655: IDLE dialog windows are now recognized as dialogs by window managers on macOS and X Window.

C API
bpo-43962: _PyInterpreterState_IDIncref() now calls _PyInterpreterState_IDInitref() and always increments id_refcount. Previously, calling _xxsubinterpreters.get_current() could create an id_refcount inconsistency when a _xxsubinterpreters.InterpreterID object was deallocated. Patch by Victor Stinner.

Revision 1.10 / (download) - annotate - [select for diffs], Sat Apr 3 06:22:06 2021 UTC (2 years, 5 months ago) by adam
Branch: MAIN
Changes since 1.9: +5 -5 lines
Diff to previous 1.9 (colored)

python38: updated to 3.8.9

Python 3.8.9 final

Security

bpo-42988: CVE-2021-3426: Remove the getfile feature of the pydoc module which could be abused to read arbitrary files on the disk (directory traversal vulnerability). Moreover, even source code of Python modules can contain sensitive data like passwords. Vulnerability reported by David Schwörer.
bpo-43285: ftplib no longer trusts the IP address value returned from the server in response to the PASV command by default. This prevents a malicious FTP server from using the response to probe IPv4 address and port combinations on the client network.

Code that requires the former vulnerable behavior may set a trust_server_pasv_ipv4_address attribute on their ftplib.FTP instances to True to re-enable it.
bpo-43439: Add audit hooks for gc.get_objects(), gc.get_referrers() and gc.get_referents(). Patch by Pablo Galindo.

Core and Builtins
bpo-43660: Fix crash that happens when replacing sys.stderr with a callable that can remove the object while an exception is being printed. Patch by Pablo Galindo.
bpo-35883: Python no longer fails at startup with a fatal error if a command line argument contains an invalid Unicode character. The Py_DecodeLocale() function now escapes byte sequences which would be decoded as Unicode characters outside the [U+0000; U+10ffff] range.
bpo-43406: Fix a possible race condition where PyErr_CheckSignals tries to execute a non-Python signal handler.

Library
bpo-35930: Raising an exception raised in a utureinstance will create reference cycles.
bpo-43577: Fix deadlock when using ssl.SSLContext debug callback with ssl.SSLContext.sni_callback().
bpo-43423: subprocess.communicate() no longer raises an IndexError when there is an empty stdout or stderr IO buffer during a timeout on Windows.
bpo-27820: Fixed long-standing bug of smtplib.SMTP where doing AUTH LOGIN with initial_response_ok=False will fail.

The cause is that SMTP.auth_login _always_ returns a password if provided with a challenge string, thus non-compliant with the standard for AUTH LOGIN.

Also fixes bug with the test for smtpd.
bpo-43399: Fix ElementTree.extend not working on iterators when using the Python implementation
bpo-43316: The python -m gzip command line application now properly fails when detecting an unsupported extension. It exits with a non-zero exit code and prints an error message to stderr.
bpo-43260: Fix TextIOWrapper can not flush internal buffer forever after very large text is written.
bpo-42782: Fail fast in shutil.move() to avoid creating destination directories on failure.
bpo-37193: Fixed memory leak in socketserver.ThreadingMixIn introduced in Python 3.7.

Documentation
bpo-43199: Answer ׸hy is there no goto?in the Design and History FAQ.
bpo-43407: Clarified that a result from time.monotonic(), time.perf_counter(), time.process_time(), or time.thread_time() can be compared with the result from any following call to the same function - not just the next immediate call.
bpo-27646: Clarify that ield from <expr>works with any iterable, not just iterators.
bpo-36346: Update some deprecated unicode APIs which are documented as ill be removed in 4.0to .12 See PEP 623 for detail.

Tests
bpo-37945: Fix test_getsetlocale_issue1813() of test_locale: skip the test if setlocale() fails. Patch by Victor Stinner.
bpo-41561: Add workaround for Ubuntu custom OpenSSL security level policy.

Build
bpo-43631: Update macOS, Windows, and CI to OpenSSL 1.1.1k.
bpo-43617: Improve configure.ac: Check for presence of autoconf-archive package and remove our copies of M4 macros.

macOS
bpo-41837: Update macOS installer build to use OpenSSL 1.1.1j.

IDLE
bpo-42225: Document that IDLE can fail on Unix either from misconfigured IP masquerage rules or failure displaying complex colored (non-ascii) characters.
bpo-43283: Document why printing to IDLE Shell is often slower than printing to a system terminal and that it can be made faster by pre-formatting a single string before printing.

Revision 1.9 / (download) - annotate - [select for diffs], Sat Feb 20 19:29:06 2021 UTC (2 years, 7 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base, pkgsrc-2021Q1
Changes since 1.8: +5 -5 lines
Diff to previous 1.8 (colored)

python38 py38-html-docs: updated to 3.8.8

Python 3.8.8

Security
bpo-42967: Fix web cache poisoning vulnerability by defaulting the query args separator to &, and allowing the user to choose a custom separator.
bpo-42938: Avoid static buffers when computing the repr of ctypes.c_double and ctypes.c_longdouble values.

Core and Builtins
bpo-42819: readline: Explicitly disable bracketed paste in the interactive interpreter, even if it set in the inputrc, is enabled by default (eg GNU Readline 8.1), or a user calls readline.read_init_file(). The Python REPL has not implemented bracketed paste support. Also, bracketed mode writes the "\x1b[?2004h" escape sequence into stdout which causes test failures in applications that don support it. It can still be explicitly enabled by calling readline.parse_and_bind("set enable-bracketed-paste on"). Patch by Dustin Rodrigues.

Library
bpo-43108: Fixed a reference leak in the curses module. Patch by Pablo Galindo
bpo-42780: Fix os.set_inheritable() for O_PATH file descriptors on Linux.
bpo-41748: Fix HTMLParser parsing rules for element attributes containing commas with spaces. Patch by Karl Dubost.
bpo-42759: Fixed equality comparison of tkinter.Variable and tkinter.font.Font. Objects which belong to different Tcl interpreters are now always different, even if they have the same name.
bpo-23328: Allow / character in username, password fields on _PROXY envars.
bpo-42681: Fixed range checks for color and pair numbers in curses.
bpo-42531: importlib.resources.path() now works for packages missing the optional __file__ attribute (more specifically, packages whose __spec__.origin is None).
bpo-42388: Fix subprocess.check_output( input=None) behavior when text=True to be consistent with that of the documentation and universal_newlines=True.
bpo-42384: Make pdb populate sys.path[0] exactly the same as regular python execution.
bpo-42383: Fix pdb: previously pdb would fail to restart the debugging target if it was specified using a relative path and the current directory changed.
bpo-42318: Fixed support of non-BMP characters in tkinter on macOS.
bpo-42005: Fix CLI of cProfile and profile to catch BrokenPipeError.
bpo-41604: Don decrement the reference count of the previous user_ptr when set_panel_userptr fails.
bpo-26407: Unexpected errors in calling the __iter__ method are no longer masked by TypeError in csv.reader(), csv.writer.writerow() and csv.writer.writerows().
bpo-39068: Fix initialization race condition in a85encode() and b85encode() in base64. Patch by Brandon Stansbury.
bpo-36589: The curses.update_lines_cols() function now returns None instead of 1 on success.
bpo-33289: Correct call to tkinter.colorchooser to return RGB triplet of ints instead of floats. Patch by Cheryl Sabella.

Documentation
bpo-40304: Fix doc for type(name, bases, dict). Patch by Boris Verkhovskiy and ric Araujo.
bpo-42811: Updated importlib.utils.resolve_name() doc to use __spec__.parent instead of __package__. (Thanks Yair Frid.)

Tests
bpo-42794: Update test_nntplib to use offical group name of news.aioe.org for testing. Patch by Dong-hee Na.
bpo-40810: In sqlite3, fix CheckTraceCallbackContent for SQLite pre 3.7.15.

Build
bpo-29076: Add fish shell support to macOS installer.

Windows
bpo-41837: Updated Windows installer to include OpenSSL 1.1.1i
bpo-42584: Upgrade Windows installer to use SQLite 3.34.0.

macOS
bpo-41837: Update macOS installer build to use OpenSSL 1.1.1i.
bpo-42584: Update macOS installer to use SQLite 3.34.0.

IDLE
bpo-43008: Make IDLE invoke sys.excepthook() in normal, 2-process mode. Patch by Ken Hilton.
bpo-33065: Fix problem debugging user classes with __repr__ method.
bpo-42508: Keep IDLE running on macOS. Remove obsolete workaround that prevented running files with shortcuts when using new universal2 installers built on macOS 11.
bpo-23544: Disable Debug=>Stack Viewer when user code is running or Debugger is active, to prevent hang or crash. Patch by Zackery Spytz.
bpo-32631: Finish zzdummy example extension module: make menu entries work; add docstrings and tests with 100% coverage.

Tools/Demos
bpo-42726: Fixed Python 3 compatibility issue with gdb/libpython.py handling of attribute dictionaries.

C API
bpo-43030: Fixed a compiler warning in Py_UNICODE_ISSPACE() on platforms with signed wchar_t.
bpo-40052: Fix an alignment build warning/error in function PyVectorcall_Function(). Patch by Andreas Schneider, Antoine Pitrou and Petr Viktorin.

Revision 1.8 / (download) - annotate - [select for diffs], Sat Jan 2 09:51:49 2021 UTC (2 years, 8 months ago) by adam
Branch: MAIN
Changes since 1.7: +5 -5 lines
Diff to previous 1.7 (colored)

python38 py38-html-docs: updated to 3.8.7

Python 3.8.7

Core and Builtins
bpo-32381: Fix encoding name when running a .pyc file on Windows: PyRun_SimpleFileExFlags() now uses the correct encoding to decode the filename.
bpo-42536: Several built-in and standard library types now ensure that their internal result tuples are always tracked by the garbage collector:

collections.OrderedDict.items()
dict.items()
enumerate()
functools.reduce()
itertools.combinations()
itertools.combinations_with_replacement()
itertools.permutations()
itertools.product()
itertools.zip_longest()
zip()
Previously, they could have become untracked by a prior garbage collection. Patch by Brandt Bucher.

Library
bpo-42630: tkinter functions and constructors which need a default root window raise now RuntimeError with descriptive message instead of obscure AttributeError or NameError if it is not created yet or cannot be created automatically.
bpo-42644: logging.disable will now validate the types and value of its parameter. It also now accepts strings representing the levels (as does loging.setLevel) instead of only the numerical values.
bpo-36541: Fixed lib2to3.pgen2 to be able to parse PEP-570 positional only argument syntax.
bpo-42375: subprocess module update for DragonFlyBSD support.
bpo-39825: Windows: Change sysconfig.get_config_var('EXT_SUFFIX') to the expected full platform_tag.extension format. Previously it was hard-coded to .pyd, now it is compatible with distutils.sysconfig and will result in something like .cp38-win_amd64.pyd. This brings windows into conformance with the other platforms.
bpo-39101: Fixed tests using IsolatedAsyncioTestCase from hanging on BaseExceptions.
bpo-41907: fix format() behavior for IntFlag
bpo-41889: Enum: fix regression involving inheriting a multiply-inherited enum
bpo-41891: Ensure asyncio.wait_for waits for task completion
bpo-40219: Lowered tkinter.ttk.LabeledScale dummy widget to prevent hiding part of the content label.
bpo-40084: Fix Enum.__dir__: dir(Enum.member) now includes attributes as well as methods.

Documentation
bpo-17140: Add documentation for the multiprocessing.pool.ThreadPool class.

Build
bpo-42604: Now all platforms use a value for the צXT_SUFFIXbuild variable derived from SOABI (for instance in freeBSD, צXT_SUFFIXis now cpython-310d.soinstead of so. Previosuly only Linux, Mac and VxWorks were using a value for צXT_SUFFIXthat included ״OABI
bpo-42598: Fix implicit function declarations in configure which could have resulted in incorrect configuration checks. Patch contributed by Joshua Root.

Tools/Demos
bpo-42613: Fix freeze.py tool to use the prope config and library directories. Patch by Victor Stinner.


Python 3.8.7 release candidate 1

Security
bpo-42103: Prevented potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
bpo-42051: The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. This should not affect users as entity declarations are not used in regular plist files.
bpo-40791: Add volatile to the accumulator variable in hmac.compare_digest, making constant-time-defeating optimizations less likely.

Core and Builtins
bpo-41686: On Windows, the SIGINT event, _PyOS_SigintEvent(), is now created even if Python is configured to not install signal handlers (if PyConfig.install_signal_handlers equals to 0, or Py_InitializeEx(0)).
bpo-42143: Fix handling of errors during creation of PyFunctionObject, which resulted in operations on uninitialized memory. Patch by Yonatan Goldschmidt.
bpo-41984: The garbage collector now tracks all user-defined classes. Patch by Brandt Bucher.
bpo-41909: Fixed stack overflow in issubclass() and isinstance() when getting the __bases__ attribute leads to infinite recursion.
bpo-41894: When loading a native module and a load failure occurs, prevent a possible UnicodeDecodeError when not running in a UTF-8 locale by decoding the load error message using the current locale encoding.

Library
bpo-17735: inspect.findsource() now raises OSError instead of IndexError when co_lineno of a code object is greater than the file length. This can happen, for example, when a file is edited after it was imported. PR by Irit Katriel.
bpo-42116: Fix handling of trailing comments by inspect.getsource().
bpo-42482: TracebackException no longer holds a reference to the exception traceback object. Consequently, instances of TracebackException for equivalent but non-equal exceptions now compare as equal.
bpo-42406: We fixed an issue in pickle.whichmodule in which importing multiprocessing could change the how pickle identifies which module an object belongs to, potentially breaking the unpickling of those objects.
bpo-42328: Fixed tkinter.ttk.Style.map(). The function accepts now the representation of the default state as empty sequence (as returned by Style.map()). The structure of the result is now the same on all platform and does not depend on the value of wantobjects.
bpo-42014: The onerror callback from shutil.rmtree now receives correct function when os.open fails.
bpo-42237: Fix os.sendfile() on illumos.
bpo-42249: Fixed writing binary Plist files larger than 4 GiB.
bpo-35455: On Solaris, thread_time() is now implemented with gethrvtime() because clock_gettime(CLOCK_THREAD_CPUTIME_ID) is not always available. Patch by Jakub Kulik.
bpo-41754: webbrowser: Ignore NotADirectoryError when calling xdg-settings.
bpo-29566: binhex.binhex() consisently writes macOS 9 line endings.
bpo-42183: Fix a stack overflow error for asyncio Task or Future repr().

The overflow occurs under some circumstances when a Task or Future recursively returns itself.
bpo-42103: InvalidFileException and RecursionError are now the only errors caused by loading malformed binary Plist file (previously ValueError and TypeError could be raised in some specific cases).
bpo-41491: plistlib: fix parsing XML plists with hexadecimal integer values
bpo-32498: Clearer exception message when passing an argument of type bytes to urllib.parse.unquote(). This is only for 3.8; in 3.9 and later this function accepts bytes inputs as well. PR by Irit Katriel.
bpo-42065: Fix an incorrectly formatted error from _codecs.charmap_decode() when called with a mapped value outside the range of valid Unicode code points. PR by Max Bernstein.
bpo-41966: Fix pickling pure Python datetime.time subclasses. Patch by Dean Inwood.
bpo-41976: Fixed a bug that was causing ctypes.util.find_library() to return None when triying to locate a library in an environment when gcc>=9 is available and ldconfig is not. Patch by Pablo Galindo
bpo-41900: C14N 2.0 serialisation in xml.etree.ElementTree failed for unprefixed attributes when a default namespace was defined.
bpo-41855: In importlib.metadata, fix issue where multiple children can be returned from FastPath.zip_children(). Backport of python-devs/importlib_metadata#117.
bpo-41840: Fix a bug in the symtable module that was causing module-scope global variables to not be reported as both local and global. Patch by Pablo Galindo.
bpo-41831: str() for the type attribute of the tkinter.Event object always returns now the numeric code returned by Tk instead of the name of the event type.
bpo-41662: No longer override exceptions raised in __len__() of a sequence of parameters in sqlite3 with ProgrammingError.
bpo-41662: Fixed crash when mutate list of parameters during iteration in sqlite3.
bpo-34215: Clarify the error message for asyncio.IncompleteReadError when expected is None.
bpo-41316: Fix the tarfile module to write only basename of TAR file to GZIP compression header.
bpo-12800: Extracting a symlink from a tarball should succeed and overwrite the symlink if it already exists. The fix is to remove the existing file or symlink before extraction. Based on patch by Chris AtLee, Jeffrey Kintscher, and Senthil Kumaran.
bpo-16936: Allow ctypes.wintypes to be imported on non-Windows systems.
bpo-40592: shutil.which() now ignores empty entries in PATHEXT instead of treating them as a match.
bpo-40492: Fix --outfile for cProfile / profile not writing the output file in the original directory when the program being profiled changes the working directory. PR by Anthony Sottile.
bpo-40105: ZipFile truncates files to avoid corruption when a shorter comment is provided in append ( mode. Patch by Jan Mazur.
bpo-27321: Fixed KeyError exception when flattening an email to a string attempts to replace a non-existent Content-Transfer-Encoding header.
bpo-32793: Fix a duplicated debug message when smtplib.SMTP.connect() is called.

Documentation
bpo-42153: Fix the URL for the IMAP protocol documents.
bpo-41910: Document the default implementation of object.__eq__.
bpo-41774: In Programming FAQ ״equences (Tuples/Lists)section, add שow do you remove multiple items from a list
bpo-39416: Document some restrictions on the default string representations of numeric classes.

Tests
bpo-41473: Reenable test_gdb on gdb 9.2 and newer: https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is fixed in gdb 10.1.
bpo-42553: Fix test_asyncio.test_call_later() race condition: don measure asyncio performance in the call_later() unit test. The test failed randomly on the CI.
bpo-40754: Include _testinternalcapi module in Windows installer for test suite
bpo-41739: Fix test_logging.test_race_between_set_target_and_flush(): the test now waits until all threads complete to avoid leaking running threads.
bpo-41944: Tests for CJK codecs no longer call eval() on content received via HTTP.
bpo-41939: Fix test_site.test_license_exists_at_url(): call urllib.request.urlcleanup() to reset the global urllib.request._opener. Patch by Victor Stinner.
bpo-41561: test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is not available
bpo-41602: Add tests for SIGINT handling in the runpy module.
bpo-41306: Fixed a failure in test_tk.test_widgets.ScaleTest happening when executing the test with Tk 8.6.10.

Build
bpo-42398: Fix a race condition in ake regen-allwhen make -jN option is used to run jobs in parallel. The clinic.py script now only use atomic write to write files. Moveover, generated files are now left unchanged if the content does not change, to not change the file modification time.

Windows
bpo-42120: Remove macro definition of copysign (to _copysign) in headers.
bpo-38439: Updates the icons for IDLE in the Windows Store package.
bpo-41557: Update Windows installer to use SQLite 3.33.0.
bpo-38324: Avoid Unicode errors when accessing certain locale data on Windows.

macOS
bpo-38443: The --enable-universalsdk and --with-universal-archs options for the configure script now check that the specified architectures can be used.
bpo-41471: Ignore invalid prefix lengths in system proxy excludes.
bpo-41557: Update macOS installer to use SQLite 3.33.0.

IDLE
bpo-42426: Fix reporting offset of the RE error in searchengine.
bpo-42415: Get docstrings for IDLE calltips more often by using inspect.getdoc.
bpo-33987: Mostly finish using ttk widgets, mainly for editor, settings, and searches. Some patches by Mark Roseman.
bpo-41775: Use ϪDLE Shellas shell title
bpo-40511: Typing opening and closing parentheses inside the parentheses of a function call will no longer cause unnecessary lashingoff and on of an existing open call-tip, e.g. when typed in a string literal.
bpo-38439: Add a 256256 pixel IDLE icon to the Windows .ico file. Created by Andrew Clover. Remove the low-color gif variations from the .ico file.

C API
bpo-41986: Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are available again in limited API.

Revision 1.7 / (download) - annotate - [select for diffs], Mon Sep 28 19:31:55 2020 UTC (2 years, 11 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q4-base, pkgsrc-2020Q4
Changes since 1.6: +5 -5 lines
Diff to previous 1.6 (colored)

python38: updated to 3.8.6

Python 3.8.6 final

Core and Builtins
bpo-41525: The output of python --help contains now only ASCII characters.

Library
bpo-41817: fix tkinter.EventType Enum so all members are strings, and none are tuples
bpo-41815: Fix SQLite3 segfault when backing up closed database. Patch contributed by Peter David McCormick.
bpo-41517: fix bug allowing Enums to be extended via multiple inheritance
bpo-39587: use the correct mix-in data type when constructing Enums
bpo-41789: Honor object overrides in Enum class creation (specifically, __str__, __repr__, __format__, and __reduce_ex__).
bpo-39651: Fix a race condition in the call_soon_threadsafe() method of asyncio.ProactorEventLoop: do nothing if the self-pipe socket has been closed.
bpo-41720: Fixed turtle.Vec2D.__rmul__() for arguments which are not int or float.
bpo-39728: fix default _missing_ so a duplicate ValueError is not set as the __context__ of the original ValueError
bpo-37479: When Enum.__str__ is overridden in a derived class, the override will be used by Enum.__format__ regardless of whether mixin classes are present.

Documentation
bpo-35293: Fix RemovedInSphinx40Warning when building the documentation. Patch by Dong-hee Na.
bpo-37149: Change Shipman tkinter doc link from archive.org to TkDocs. (The doc has been removed from the NMT server.) The new link responds much faster and includes a short explanatory note.

Tests
bpo-41731: Make test_cmd_line_script pass with option vv

Windows
bpo-41744: Fixes automatic import of props file when using the Nuget package.

IDLE
bpo-35764: Rewrite the Calltips doc section.
bpo-40181: In calltips, stop reminding that marks the end of positional-only arguments.


Python 3.8.6 release candidate 1

Core and Builtins
bpo-41654: Fix a crash that occurred when destroying subclasses of MemoryError. Patch by Pablo Galindo.
bpo-41533: Free the stack allocated in va_build_stack if do_mkstack fails and the stack is not a small_stack.
bpo-38156: Handle interrupts that come after EOF correctly in PyOS_StdioReadline.

Library
bpo-41696: Fix handling of debug mode in asyncio.run(). This allows setting PYTHONASYNCIODEBUG or -X dev to enable asyncio debug mode when using asyncio.run().
bpo-39010: Restarting a ProactorEventLoop on Windows no longer logs spurious ConnectionResetErrors.
bpo-41609: The pdb whatis command correctly reports instance methods as Ϯethodrather than ϧunction
bpo-32751: When cancelling the task due to a timeout, asyncio.wait_for() will now wait until the cancellation is complete also in the case when timeout is <= 0, like it does with positive timeouts.
bpo-37658: asyncio.wait_for() now properly handles races between cancellation of itself and the completion of the wrapped awaitable.
bpo-40782: Change the method asyncio.AbstractEventLoop.run_in_executor to not be a coroutine.
bpo-41520: Fix codeop regression that prevented turning compile warnings into errors.
bpo-41503: Fixed a race between setTarget and flush in logging.handlers.MemoryHandler.
bpo-41497: Fix potential UnicodeDecodeError in dis module.
bpo-41490: Update ensurepip to install pip 20.2.1 and setuptools 49.2.1.
bpo-41467: On Windows, fix asyncio recv_into() return value when the socket/pipe is closed (BrokenPipeError): return 0 rather than an empty byte string (b'').
bpo-41425: Make tkinter doc example runnable.
bpo-41384: Raise TclError instead of TypeError when an unknown option is passed to tkinter.OptionMenu.
bpo-38731: Fix NameError in command-line interface of py_compile.
bpo-41364: Reduce import overhead of uuid.
bpo-41344: Prevent creating shared_memory.SharedMemory objects with size=0.
bpo-40726: Handle cases where the end_lineno is None on ast.increment_lineno().
bpo-31122: ssl.wrap_socket() now raises ssl.SSLEOFError rather than OSError when peer closes connection during TLS negotiation
bpo-33660: Fix pathlib.PosixPath to resolve a relative path located on the root directory properly.

Documentation
bpo-41624: Fix the signature of typing.Coroutine.
bpo-40204: Enable Sphinx 3.2 c_allow_pre_v3 option and disable c_warn_on_allowed_pre_v3 option to make the documentation compatible with Sphinx 2 and Sphinx 3.
bpo-41045: Add documentation for debug feature of f-strings.
bpo-41314: Changed the release when from __future__ import annotations becomes the default from 4.0 to 3.10 (following a change in PEP 563).
bpo-39883: Make code, examples, and recipes in the Python documentation be licensed under the more permissive BSD0 license in addition to the existing Python 2.0 license.

Windows
bpo-41492: Fixes the description that appears in UAC prompts.
bpo-40741: Update Windows release to include SQLite 3.32.3.

IDLE
bpo-41468: Improve IDLE run crash error message (which users should never see).
bpo-41373: Save files loaded with no line ending, as when blank, or different line endings, by setting its line ending to the system default. Fix regression in 3.8.4 and 3.9.0b4.

C API
bpo-41524: Fix bug in PyOS_mystrnicmp and PyOS_mystricmp that incremented pointers beyond the end of a string.

Revision 1.6 / (download) - annotate - [select for diffs], Tue Jul 21 16:31:15 2020 UTC (3 years, 2 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base, pkgsrc-2020Q3
Changes since 1.5: +5 -5 lines
Diff to previous 1.5 (colored)

python38 py38-html-docs: updated to 3.8.5

Python 3.8.5 final

Security
bpo-41304: Fixes python3x._pth being ignored on Windows, caused by the fix for bpo-29778 (CVE-2020-15801).
bpo-39603: Prevent http header injection by rejecting control characters in http.client.putrequest(.

Core and Builtins
bpo-41295: Resolve a regression in CPython 3.8.4 where defining _setattr__in a multi-inheritance setup and calling up the hierarchy chain could fail if builtins/extension types were involved in the base types.

Library
bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing.
bpo-39017: Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907).

Documentation
bpo-37703: Updated Documentation to comprehensively elaborate on the behaviour of gather.cancel()

Build
bpo-41302: Enable building Python 3.8 with libmpdec-2.5.0 to ease maintenance for Linux distributions. Patch by Felix Yan.

macOS
bpo-40741: Update macOS installer to use SQLite 3.32.3.

IDLE
bpo-41300: Save files with non-ascii chars. Fix regression released in 3.9.0b4 and 3.8.4.

Revision 1.5 / (download) - annotate - [select for diffs], Tue Jul 14 19:12:31 2020 UTC (3 years, 2 months ago) by adam
Branch: MAIN
Changes since 1.4: +5 -5 lines
Diff to previous 1.4 (colored)

python38 py38-html-docs: updated to 3.8.4

Python 3.8.4 final

Security
bpo-41162: Audit hooks are now cleared later during finalization to avoid missing events.
bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded (CVE-2020-15523).

Core and Builtins
bpo-41247: Always cache the running loop holder when running asyncio.set_running_loop.
bpo-41252: Fix incorrect refcounting in _ssl.c _servername_callback().
bpo-41218: Python 3.8.3 had a regression where compiling with ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would aggressively mark list comprehension with CO_COROUTINE. Now only list comprehension making use of async/await will tagged as so.
bpo-41175: Guard against a NULL pointer dereference within bytearrayobject triggered by the bytearray() + bytearray() operation.
bpo-39960: The ackcheckthat prevents sneaking around a type __setattr__() by calling the superclass method was rewritten to allow C implemented heap types.

Library
bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params().
bpo-41193: The write_history() atexit function of the readline completer now ignores any OSError to ignore error if the filesystem is read-only, instead of only ignoring FileNotFoundError and PermissionError.
bpo-41043: Fixed the use of glob() in the stdlib: literal part of the path is now always correctly escaped.
bpo-39384: Fixed email.contentmanager to allow set_content() to set a null string.

IDLE
bpo-37765: Add keywords to module name completion list. Rewrite Completions section of IDLE doc.
bpo-41152: The encoding of stdin, stdout and stderr in IDLE is now always UTF-8.


Python 3.8.4 release candidate 1

Security
bpo-41004: The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address).
bpo-39073: Disallow CR or LF in email.headerregistry.Address arguments to guard against header injection attacks.
Core and Builtins
bpo-41094: Fix decoding errors with audit when open files with non-ASCII names on non-UTF-8 locale.
bpo-41056: Fixes a reference to deallocated stack space during startup when constructing sys.path involving a relative symlink when code was supplied via -c. (discovered via Coverity)
bpo-35975: Stefan Behnel reported that cf_feature_version is used even when PyCF_ONLY_AST is not set. This is against the intention and against the documented behavior, so it been fixed.
bpo-40957: Fix refleak in _Py_fopen_obj() when PySys_Audit() fails
bpo-40870: Raise ValueError when validating custom AST where the constants True, False and None are used within a ast.Name node.
bpo-40826: Fix GIL usage in PyOS_Readline(): lock the GIL to set an exception and pass the Python thread state when checking if there is a pending signal.
bpo-40824: Unexpected errors in calling the __iter__ method are no longer masked by TypeError in the in operator and functions contains(), indexOf() and countOf() of the operator module.
bpo-40663: Correctly generate annotations where parentheses are omitted but required (e.g: Type[(str, int, *other))].

Library
bpo-41138: Fixed the trace module CLI for Python source files with non-UTF-8 encoding.
bpo-31938: Fix default-value signatures of several functions in the select module - by Anthony Sottile.
bpo-41068: Fixed reading files with non-ASCII names from ZIP archive directly after writing them.
bpo-41058: pdb.find_function() now correctly determines the source file encoding.
bpo-41056: Fix a NULL pointer dereference within the ssl module during a MemoryError in the keylog callback. (discovered by Coverity)
bpo-41048: mimetypes.read_mime_types() function reads the rule file using UTF-8 encoding, not the locale encoding. Patch by Srinivas Reddy Thatiparthy.
bpo-40448: ensurepip now disables the use of pip cache when installing the bundled versions of pip and setuptools. Patch by Krzysztof Konopko.
bpo-40855: The standard deviation and variance functions in the statistics module were ignoring their mu and xbar arguments.
bpo-40807: Stop codeop._maybe_compile, used by code.InteractiveInterpreter (and IDLE). from from emitting each warning three times.
bpo-40834: Fix truncate when sending str object with_xxsubinterpreters.channel_send.
bpo-38488: Update ensurepip to install pip 20.1.1 and setuptools 47.1.0.
bpo-40767: webbrowser now properly finds the default browser in pure Wayland systems by checking the WAYLAND_DISPLAY environment variable. Patch contributed by Jérémy Attali.
bpo-40795: ctypes module: If ctypes fails to convert the result of a callback or if a ctypes callback function raises an exception, sys.unraisablehook is now called with an exception set. Previously, the error was logged into stderr by PyErr_Print().
bpo-30008: Fix ssl code to be compatible with OpenSSL 1.1.x builds that use no-deprecated and --api=1.1.0.
bpo-40614: ast.parse() will not parse self documenting expressions in f-strings when passed feature_version is less than (3, 8).
bpo-40626: Add h5 file extension as MIME Type application/x-hdf5, as per HDF Group recommendation for HDF5 formatted data files. Patch contributed by Mark Schwab.
bpo-25872: linecache could crash with a KeyError when accessed from multiple threads. Fix by Michael Graczyk.
bpo-40597: If text content lines are longer than policy.max_line_length, always use a content-encoding to make sure they are wrapped.
bpo-40515: The ssl and hashlib modules now actively check that OpenSSL is build with thread support. Python 3.7.0 made thread support mandatory and no longer works safely with a no-thread builds.
bpo-13097: ctypes now raises an ArgumentError when a callback is invoked with more than 1024 arguments.
bpo-40457: The ssl module now support OpenSSL builds without TLS 1.0 and 1.1 methods.
bpo-39830: Add zipfile.Path to __all__ in the zipfile module.
bpo-40025: Raise TypeError when _generate_next_value_ is defined after members. Patch by Ethan Onstott.
bpo-39244: Fixed multiprocessing.context.get_all_start_methods to properly return the default method first on macOS.
bpo-39040: Fix parsing of invalid mime headers parameters by collapsing whitespace between encoded words in a bare-quote-string.
bpo-35714: struct.error is now raised if there is a null character in a struct format string.
bpo-36290: AST nodes are now raising TypeError on conflicting keyword arguments. Patch contributed by Rémi Lapeyre.
bpo-29620: assertWarns() no longer raises a RuntimeException when accessing a module __warningregistry__ causes importation of a new module, or when a new module is imported in another thread. Patch by Kernc.
bpo-34226: Fix cgi.parse_multipart without content_length. Patch by Roger Duran

Tests
bpo-41085: Fix integer overflow in the array.array.index() method on 64-bit Windows for index larger than 2**31.
bpo-38377: On Linux, skip tests using multiprocessing if the current user cannot create a file in /dev/shm/ directory. Add the skip_if_broken_multiprocessing_synchronize() function to the test.support module.
bpo-41009: Fix use of support.require_{linux|mac|freebsd}_version() decorators as class decorator.
bpo-41003: Fix test_copyreg when numpy is installed: test.pickletester now saves/restores warnings filters when importing numpy, to ignore filters installed by numpy.
bpo-40964: Disable remote imaplib tests, host cyrus.andrew.cmu.edu is blocking incoming connections.
bpo-40055: distutils.tests now saves/restores warnings filters to leave them unchanged. Importing tests imports docutils which imports pkg_resources which adds a warnings filter.
bpo-34401: Make test_gdb properly run on HP-UX. Patch by Michael Osipov.

Build
bpo-40204: Pin Sphinx version to 2.3.1 in Doc/Makefile.
bpo-40653: Move _dirnameW out of HAVE_SYMLINK to fix a potential compiling issue.

Windows
bpo-41074: Fixed support of non-ASCII names in functions msilib.OpenDatabase() and msilib.init_database() and non-ASCII SQL in method msilib.Database.OpenView().
bpo-40164: Updates Windows OpenSSL to 1.1.1g
bpo-39631: Changes the registered MIME type for .py files on Windows to text/x-python instead of text/plain.
bpo-40677: Manually define IO_REPARSE_TAG_APPEXECLINK in case some old Windows SDK doesn have it.
bpo-40650: Include winsock2.h in pytime.c for timeval.
bpo-39148: Add IPv6 support to asyncio datagram endpoints in ProactorEventLoop. Change the raised exception for unknown address families to ValueError as it not coming from Windows API.

macOS
bpo-39580: Avoid opening Finder window if running installer from the command line. Patch contributed by Rick Heil.
bpo-41100: Fix configure error when building on macOS 11. Note that the current Python release was released shortly after the first developer preview of macOS 11 (Big Sur); there are other known issues with building and running on the developer preview. Big Sur is expected to be fully supported in a future bugfix release of Python 3.8.x and with 3.9.0.
bpo-41005: fixed an XDG settings issue not allowing macos to open browser in webbrowser.py
bpo-40741: Update macOS installer to use SQLite 3.32.2.

IDLE
bpo-41144: Make Open Module open a special module such as os.path.
bpo-39885: Make context menu Cut and Copy work again when right-clicking within a selection.
bpo-40723: Make test_idle pass when run after import.

Tools/Demos
bpo-40479: Update multissltest helper to test with latest OpenSSL 1.0.2, 1.1.0, 1.1.1, and 3.0.0-alpha.
bpo-40163: Fix multissltest tool. OpenSSL has changed download URL for old releases. The multissltest tool now tries to download from current and old download URLs.

Revision 1.4 / (download) - annotate - [select for diffs], Fri May 15 08:24:50 2020 UTC (3 years, 4 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base, pkgsrc-2020Q2
Changes since 1.3: +5 -5 lines
Diff to previous 1.3 (colored)

python38: updated to 3.8.3

Python 3.8.3 final

Core and Builtins
bpo-40527: Fix command line argument parsing: no longer write errors multiple times into stderr.
bpo-40417: Fix imp module deprecation warning when PyImport_ReloadModule is called. Patch by Robert Rouhani.
bpo-39562: The constant values of future flags in the __future__ module are updated in order to prevent collision with compiler flags. Previously PyCF_ALLOW_TOP_LEVEL_AWAIT was clashing with CO_FUTURE_DIVISION.

Library
bpo-40559: Fix possible memory leak in the C implementation of asyncio.Task.
bpo-40355: Improve error reporting in ast.literal_eval() in the presence of malformed ast.Dict nodes instead of silently ignoring any non-conforming elements. Patch by Curtis Bucher.
bpo-40459: platform.win32_ver() now produces correct ptype strings instead of empty strings.
bpo-40398: typing.get_args() now always returns an empty tuple for special generic aliases.

Documentation
bpo-40561: Provide docstrings for webbrowser open functions.
bpo-39435: Fix an incorrect signature for pickle.loads() in the docs

Windows
bpo-40458: Increase reserved stack space to prevent overflow crash on Windows.

C API
bpo-40412: Nullify inittab_copy during finalization, preventing future interpreter initializations in an embedded situation from crashing.

Revision 1.3 / (download) - annotate - [select for diffs], Thu Feb 27 14:33:02 2020 UTC (3 years, 6 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base, pkgsrc-2020Q1
Changes since 1.2: +5 -5 lines
Diff to previous 1.2 (colored)

python38: updated to 3.8.2

Python 3.8.2 final

Core and Builtins
bpo-39382: Fix a use-after-free in the single inheritance path of issubclass(), when the __bases__ of an object has a single reference, and so does its first item. Patch by Yonatan Goldschmidt.
bpo-39427: Document all possibilities for the -X options in the command line help section. Patch by Pablo Galindo.

Library
bpo-39649: Remove obsolete check for __args__ in bdb.Bdb.format_stack_entry.
bpo-39681: Fix a regression where the C pickle module wouldn allow unpickling from a file-like object that doesn expose a readinto() method.
bpo-39546: Fix a regression in ArgumentParser where allow_abbrev=False was ignored for long options that used a prefix character other than 
bpo-39432: Implement PEP-489 algorithm for non-ascii ױyInit_ symbol names in distutils to make it export the correct init symbol also on Windows.

Documentation
bpo-17422: The language reference now specifies restrictions on class namespaces. Adapted from a patch by Ethan Furman.
bpo-39572: Updated documentation of total flag of TypeDict.
bpo-39654: In pyclbr doc, update lassto odulewhere appropriate and add readmodule comment. Patch by Hakan elik.

IDLE
bpo-39663: Add tests for pyparse find_good_parse_start().

Revision 1.2 / (download) - annotate - [select for diffs], Sat Dec 28 22:40:35 2019 UTC (3 years, 8 months ago) by adam
Branch: MAIN
Changes since 1.1: +5 -5 lines
Diff to previous 1.1 (colored)

py38-html-docs: updated to 3.8.1

Match lang/python38.

Revision 1.1 / (download) - annotate - [select for diffs], Wed Oct 16 11:05:36 2019 UTC (3 years, 11 months ago) by leot
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base, pkgsrc-2019Q4

py38-html-docs: Import py38-html-docs-3.8.0 as lang/py38-html-docs

HTML Documentation for Python 3.8

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>