The NetBSD Project

CVS log for pkgsrc/lang/python37/Attic/dist.mk

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / lang / python37

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MAIN


Revision 1.19
Sun Jul 30 14:41:06 2023 UTC (17 months, 2 weeks ago) by adam
Branches: MAIN
CVS tags: HEAD
FILE REMOVED
Changes since revision 1.18: +1 -1 lines
python37, py37-html-docs: removed; end of life; use Python 3.8, 3.9, 3.10 or 3.11

Revision 1.18: download - view: text, markup, annotated - select for diffs
Wed Jun 7 13:23:58 2023 UTC (19 months, 1 week ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2023Q2-base, pkgsrc-2023Q2
Diff to: previous 1.17: preferred, colored
Changes since revision 1.17: +3 -3 lines
python37 py37-html-docs: updated to 3.7.17

Python 3.7.17

Security
gh-103142: The version of OpenSSL used in our binary builds has been upgraded to 1.1.1u to address several CVEs.
gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified.
gh-104049: Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler.
gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329. Patch by Illia Volochii.
gh-101727: Updated the OpenSSL version used in Windows and macOS binary release builds to 1.1.1t to address CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the OpenSSL 2023-02-07 security advisory.
gh-101283: subprocess.Popen now uses a safer approach to find cmd.exe when launching with shell=True. Patch by Eryk Sun, based on a patch by Oleg Iarygin.

Library
gh-101997: Upgrade pip wheel bundled with ensurepip (pip 23.0.1)

Build
gh-102306: Avoid GHA CI macOS test_posix failure by using the appropriate macOS SDK.

Windows
gh-100180: Update Windows installer to OpenSSL 1.1.1s

Revision 1.17: download - view: text, markup, annotated - select for diffs
Tue May 2 16:06:59 2023 UTC (20 months, 2 weeks ago) by nikita
Branches: MAIN
Diff to: previous 1.16: preferred, colored
Changes since revision 1.16: +2 -2 lines
python37: update to version 3.7.16

Changelog:


Python 3.7.16

Release Date: Dec. 6, 2022
This is a security release of Python 3.7

Note: The release you're looking at is Python 3.7.16, a security bugfix release for the legacy 3.7 series. Python 3.11 is now the latest feature release series of Python 3. Get the latest release of 3.11.x here.
Security content in this release

    gh-98739: Updated bundled libexpat to 2.5.0 to fix CVE-2022-43680 (heap use-after-free).
    gh-98517: Port XKCP’s fix for the buffer overflows in SHA-3 to fix CVE-2022-37454.
    gh-98433: The IDNA codec decoder used on DNS hostnames by socket or asyncio related name resolution functions no longer involves a quadratic algorithm to fix CVE-2022-45061. This prevents a potential CPU denial of service if an out-of-spec excessive length hostname involving bidirectional characters were decoded. Some protocols such as urllib http 3xx redirects potentially allow for an attacker to supply such a name.
    gh-68966: The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands to address CVE-2015-20107. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed).
    gh-100001: python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server log.

No installers

According to the release calendar specified in PEP 537, Python 3.7 is now in the "security fixes only" stage of its life cycle: 3.7 branch only accepts security fixes and releases of those are made irregularly in source-only form until June 2023. Python 3.7 does not receive regular bug fixes anymore, and binary installers are no longer provided for it. Python 3.7.9 was the last full bugfix release of Python 3.7 with binary installers.

Revision 1.16: download - view: text, markup, annotated - select for diffs
Wed Oct 12 08:38:36 2022 UTC (2 years, 3 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2023Q1-base, pkgsrc-2023Q1, pkgsrc-2022Q4-base, pkgsrc-2022Q4
Diff to: previous 1.15: preferred, colored
Changes since revision 1.15: +2 -2 lines
python37 py37-html-docs: updated to 3.7.15

Python 3.7.15

Security

gh-97616: Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. Issue reported by Jordan Limor. Patch by Victor Stinner.
gh-97612: Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. Issue reported and initial fix by Caleb Shortt. Patch by Victor Stinner.

Core and Builtins

gh-96848: Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. Patch by Victor Stinner.
gh-95778: When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. Patch by Victor Stinner.

Library

gh-97005: Update bundled libexpat to 2.4.9

Windows

gh-96577: Fixes a potential buffer overrun in msilib.

Revision 1.15: download - view: text, markup, annotated - select for diffs
Mon Sep 12 07:58:55 2022 UTC (2 years, 4 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2022Q3-base, pkgsrc-2022Q3
Diff to: previous 1.14: preferred, colored
Changes since revision 1.14: +2 -2 lines
python37 py37-html-docs: updated to 3.7.14

Python 3.7.14

Security
gh-95778: Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. This is a mitigation for CVE-2020-10735.

This new limit can be configured or disabled by environment variable, command line flag, or sys APIs. See the integer string conversion length limitation documentation. The default limit is 4300 digits in string form.

Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and Mark Dickinson.
gh-87389: http.server: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. Vulnerability discovered, and initial fix proposed, by Hamza Avvan.

Core and Builtins
gh-93065: Fix contextvars HAMT implementation to handle iteration over deep trees.

The bug was discovered and fixed by Eli Libman. See MagicStack/immutables#84 for more details.

Library
bpo-36073: Raise ProgrammingError instead of segfaulting on recursive usage of cursors in sqlite3 converters. Patch by Sergey Fedoseev.

Documentation
gh-91888: Add a new gh role to the documentation to link to GitHub issues.
bpo-47138: Pin Jinja to a version compatible with Sphinx version 2.3.1.

Tests
gh-94208: test_ssl is now checking for supported TLS version and protocols in more tests.
bpo-47016: Create a GitHub Actions workflow for verifying bundled pip and setuptools. Patch by Illia Volochii and Adam Turner.
bpo-41306: Fixed a failure in test_tk.test_widgets.ScaleTest happening when executing the test with Tk 8.6.10.

Windows
bpo-47194: Update zlib to v1.2.12 to resolve CVE-2018-25032.

Revision 1.14: download - view: text, markup, annotated - select for diffs
Sat Mar 19 18:55:44 2022 UTC (2 years, 9 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1
Diff to: previous 1.13: preferred, colored
Changes since revision 1.13: +2 -2 lines
python37 py37-html-docs: updated to 3.7.13

Python 3.7.13 final

Library

bpo-46985: Upgrade pip wheel bundled with ensurepip (pip 22.0.4)
bpo-46932: Update bundled libexpat to 2.4.7
bpo-46811: Make test suite support Expat >=2.4.5
bpo-46784: Fix libexpat symbols collisions with user dynamically loaded or statically linked libexpat in embedded Python.
bpo-46756: Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which allowed to bypass authorization. For example, access to URI example.org/foobar was allowed if the user was authorized for URI example.org/foo.

Build

bpo-47024: Update Windows builds and macOS installer build to use OpenSSL 1.1.1n.
bpo-45405: Prevent internal configure error when running configure with recent versions of clang. Patch by David Bohman.

Windows

bpo-44549: Update bzip2 to 1.0.8 in Windows builds to mitigate CVE-2016-3189 and CVE-2019-12900
bpo-46948: Prevent CVE-2022-26488 by ensuring the Add to PATH option in the Windows installer uses the correct path when being repaired.

Revision 1.13: download - view: text, markup, annotated - select for diffs
Mon Sep 6 07:25:13 2021 UTC (3 years, 4 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2021Q4-base, pkgsrc-2021Q4, pkgsrc-2021Q3-base, pkgsrc-2021Q3
Diff to: previous 1.12: preferred, colored
Changes since revision 1.12: +2 -2 lines
python37: updated to 3.7.12

Python 3.7.12 final

Security

bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 “Billion Laughs” vulnerability. This copy is most used on Windows and macOS.
bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection.

Library

bpo-45001: Made email date parsing more robust against malformed input, namely a whitespace-only Date: header. Patch by Wouter Bolsterlee.

Revision 1.12: download - view: text, markup, annotated - select for diffs
Tue Jun 29 12:39:10 2021 UTC (3 years, 6 months ago) by adam
Branches: MAIN
Diff to: previous 1.11: preferred, colored
Changes since revision 1.11: +2 -2 lines
python37: updated to 3.7.11

Python 3.7.11 final

Security

bpo-44022: mod:http.client now avoids infinitely reading potential HTTP headers after a 100 Continue status response from the server.
bpo-43882: The presence of newline or tab characters in parts of a URL could allow some forms of attacks.

Following the controlling specification for URLs defined by WHATWG urllib.parse() now removes ASCII newlines and tabs from URLs, preventing such attacks.
bpo-42988: CVE-2021-3426: Remove the getfile feature of the pydoc module which could be abused to read arbitrary files on the disk (directory traversal vulnerability). Moreover, even source code of Python modules can contain sensitive data like passwords. Vulnerability reported by David Schwörer.
bpo-43285: ftplib no longer trusts the IP address value returned from the server in response to the PASV command by default. This prevents a malicious FTP server from using the response to probe IPv4 address and port combinations on the client network.

Code that requires the former vulnerable behavior may set a trust_server_pasv_ipv4_address attribute on their ftplib.FTP instances to True to re-enable it.
bpo-43075: Fix Regular Expression Denial of Service (ReDoS) vulnerability in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server.

Core and Builtins

bpo-43660: Fix crash that happens when replacing sys.stderr with a callable that can remove the object while an exception is being printed. Patch by Pablo Galindo.

Tests

bpo-41561: Add workaround for Ubuntu’s custom OpenSSL security level policy.

Revision 1.11: download - view: text, markup, annotated - select for diffs
Tue Feb 16 19:40:33 2021 UTC (3 years, 10 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2021Q2-base, pkgsrc-2021Q2, pkgsrc-2021Q1-base, pkgsrc-2021Q1
Diff to: previous 1.10: preferred, colored
Changes since revision 1.10: +2 -2 lines
python37 py37-html-docs: updated to 3.7.10

Python 3.7.10

Security
bpo-42967: Fix web cache poisoning vulnerability by defaulting the query args separator to &, and allowing the user to choose a custom separator.
bpo-42938: Avoid static buffers when computing the repr of ctypes.c_double and ctypes.c_longdouble values.
bpo-42103: Prevented potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
bpo-42051: The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. This should not affect users as entity declarations are not used in regular plist files.
bpo-40791: Add volatile to the accumulator variable in hmac.compare_digest, making constant-time-defeating optimizations less likely.

Library
bpo-42103: InvalidFileException and RecursionError are now the only errors caused by loading malformed binary Plist file (previously ValueError and TypeError could be raised in some specific cases).
bpo-41976: Fixed a bug that was causing ctypes.util.find_library() to return None when triying to locate a library in an environment when gcc>=9 is available and ldconfig is not. Patch by Pablo Galindo

Documentation
bpo-17140: Add documentation for the multiprocessing.pool.ThreadPool class.

Tests
bpo-42794: Update test_nntplib to use offical group name of news.aioe.org for testing. Patch by Dong-hee Na.
bpo-41944: Tests for CJK codecs no longer call eval() on content received via HTTP.

Revision 1.10: download - view: text, markup, annotated - select for diffs
Wed Aug 19 07:08:34 2020 UTC (4 years, 4 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2020Q4-base, pkgsrc-2020Q4, pkgsrc-2020Q3-base, pkgsrc-2020Q3
Diff to: previous 1.9: preferred, colored
Changes since revision 1.9: +2 -2 lines
python37 py37-html-docs: updated to 3.7.9

Python 3.7.9 final

Security
bpo-41304: Fixes python3x._pth being ignored on Windows, caused by the fix for bpo-29778 (CVE-2020-15801).
bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded (CVE-2020-15523).
bpo-41004: CVE-2020-14422: The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address).
bpo-39603: Prevent http header injection by rejecting control characters in http.client.putrequest(…).
Core and Builtins
bpo-33786: Fix asynchronous generators to handle GeneratorExit in athrow() correctly

Library
bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing.
bpo-39017: Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907).
bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params().

macOS
bpo-41100: Additional fixes for testing on macOS 11 Big Sur Intel. Note: macOS 11 is not yet released, this release of Python is not fully supported on 11.0, and not all tests pass.

Revision 1.9: download - view: text, markup, annotated - select for diffs
Tue Jun 30 05:56:02 2020 UTC (4 years, 6 months ago) by adam
Branches: MAIN
Diff to: previous 1.8: preferred, colored
Changes since revision 1.8: +2 -2 lines
python37: updated to 3.7.8

Python 3.7.8 final

Tests

bpo-41009: Fix use of support.require_{linux|mac|freebsd}_version() decorators as class decorator.
macOS

bpo-41100: Fix configure error when building on macOS 11. Note that 3.7.8 was released shortly after the first developer preview of macOS 11 (Big Sur); there are other known issues with building and running on the developer preview. Big Sur is expected to be fully supported in a future bugfix release of Python 3.8.x and with 3.9.0.


Python 3.7.8 release candidate 1

Security
bpo-39073: Disallow CR or LF in email.headerregistry.Address arguments to guard against header injection attacks.
bpo-38576: Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised.
bpo-39503: CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager.

Core and Builtins
bpo-40663: Correctly generate annotations where parentheses are omitted but required (e.g: Type[(str, int, *other))].
bpo-40417: Fix imp module deprecation warning when PyImport_ReloadModule is called. Patch by Robert Rouhani.
bpo-20526: Fix PyThreadState_Clear(). PyThreadState.frame is a borrowed reference, not a strong reference: PyThreadState_Clear() must not call Py_CLEAR(tstate->frame).
bpo-38894: Fix a bug that was causing incomplete results when calling pathlib.Path.glob in the presence of symlinks that point to files where the user does not have read access. Patch by Pablo Galindo and Matt Wozniski.
bpo-39871: Fix a possible SystemError in math.{atan2,copysign,remainder}() when the first argument cannot be converted to a float. Patch by Zachary Spytz.
bpo-39520: Fix unparsing of ext slices with no items (foo[:,]). Patch by Batuhan Taskaya.
bpo-24048: Save the live exception during import.c’s remove_module().
bpo-22490: Don’t leak environment variable __PYVENV_LAUNCHER__ into the interpreter session on macOS.

Library
bpo-40448: ensurepip now disables the use of pip cache when installing the bundled versions of pip and setuptools. Patch by Krzysztof Konopko.
bpo-40807: Stop codeop._maybe_compile, used by code.InteractiveInterpreter (and IDLE). from from emitting each warning three times.
bpo-38488: Update ensurepip to install pip 20.1.1 and setuptools 47.1.0.
bpo-40767: webbrowser now properly finds the default browser in pure Wayland systems by checking the WAYLAND_DISPLAY environment variable. Patch contributed by Jérémy Attali.
bpo-30008: Fix ssl code to be compatible with OpenSSL 1.1.x builds that use no-deprecated and --api=1.1.0.
bpo-25872: linecache could crash with a KeyError when accessed from multiple threads. Fix by Michael Graczyk.
bpo-40515: The ssl and hashlib modules now actively check that OpenSSL is build with thread support. Python 3.7.0 made thread support mandatory and no longer works safely with a no-thread builds.
bpo-13097: ctypes now raises an ArgumentError when a callback is invoked with more than 1024 arguments.
bpo-40559: Fix possible memory leak in the C implementation of asyncio.Task.
bpo-40457: The ssl module now support OpenSSL builds without TLS 1.0 and 1.1 methods.
bpo-40459: platform.win32_ver() now produces correct ptype strings instead of empty strings.
bpo-40138: Fix the Windows implementation of os.waitpid() for exit code larger than INT_MAX >> 8. The exit status is now interpreted as an unsigned number.
bpo-39942: Set “__main__” as the default module name when “__name__” is missing in typing.TypeVar. Patch by Weipeng Hong.
bpo-40287: Fixed SpooledTemporaryFile.seek() to return the position.
bpo-40196: Fix a bug in the symtable module that was causing incorrectly report global variables as local. Patch by Pablo Galindo.
bpo-40126: Fixed reverting multiple patches in unittest.mock. Patcher’s __exit__() is now never called if its __enter__() is failed. Returning true from __exit__() silences now the exception.
bpo-40089: Fix threading._after_fork(): if fork was not called by a thread spawned by threading.Thread, threading._after_fork() now creates a _MainThread instance for _main_thread, instead of a _DummyThread instance.
bpo-39503: AbstractBasicAuthHandler of urllib.request now parses all WWW-Authenticate HTTP headers and accepts multiple challenges per header: use the realm of the first Basic challenge.
bpo-40014: Fix os.getgrouplist(): if getgrouplist() function fails because the group list is too small, retry with a larger group list. On failure, the glibc implementation of getgrouplist() sets ngroups to the total number of groups. For other implementations, double the group list size.
bpo-40025: Raise TypeError when _generate_next_value_ is defined after members. Patch by Ethan Onstott.
bpo-40016: In re docstring, clarify the relationship between inline and argument compile flags.
bpo-39652: The column name found in sqlite3.Cursor.description is now truncated on the first ‘[‘ only if the PARSE_COLNAMES option is set.
bpo-38662: The ensurepip module now invokes pip via the runpy module. Hence it is no longer tightly coupled with the internal API of the bundled pip version, allowing easier updates to a newer pip version both internally and for distributors.
bpo-39916: More reliable use of os.scandir() in Path.glob(). It no longer emits a ResourceWarning when interrupted.
bpo-39850: multiprocessing now supports abstract socket addresses (if abstract sockets are supported in the running platform). Patch by Pablo Galindo.
bpo-39828: Fix json.tool to catch BrokenPipeError. Patch by Dong-hee Na.
bpo-39040: Fix parsing of invalid mime headers parameters by collapsing whitespace between encoded words in a bare-quote-string.
bpo-35714: struct.error is now raised if there is a null character in a struct format string.
bpo-36541: lib2to3 now recognizes named assignment expressions (the walrus operator, :=)
bpo-29620: assertWarns() no longer raises a RuntimeException when accessing a module’s __warningregistry__ causes importation of a new module, or when a new module is imported in another thread. Patch by Kernc.
bpo-34226: Fix cgi.parse_multipart without content_length. Patch by Roger Duran
bpo-31758: Prevent crashes when using an uninitialized _elementtree.XMLParser object. Patch by Oren Milman.

Documentation
bpo-40561: Provide docstrings for webbrowser open functions.
bpo-27635: The pickle documentation incorrectly claimed that __new__ isn’t called by default when unpickling.
bpo-39879: Updated Data model docs to include dict() insertion order preservation. Patch by Furkan Onder and Samy Lahfa.
bpo-39677: Changed operand name of MAKE_FUNCTION from argc to flags for module dis
bpo-39435: Fix an incorrect signature for pickle.loads() in the docs
bpo-38387: Document PyDoc_STRVAR macro in the C-API reference.

Tests
bpo-40964: Disable remote imaplib tests, host cyrus.andrew.cmu.edu is blocking incoming connections.
bpo-40055: distutils.tests now saves/restores warnings filters to leave them unchanged. Importing tests imports docutils which imports pkg_resources which adds a warnings filter.
bpo-40436: test_gdb and test.pythoninfo now check gdb command exit code.
bpo-39932: Fix multiprocessing test_heap(): a new Heap object is now created for each test run.
bpo-40162: Update Travis CI configuration to OpenSSL 1.1.1f.
bpo-40146: Update OpenSSL to 1.1.1f in Azure Pipelines.
bpo-40019: test_gdb now skips tests if it detects that gdb failed to read debug information because the Python binary is optimized.
bpo-27807: test_site.test_startup_imports() is now skipped if a path of sys.path contains a .pth file.
bpo-39793: Use the same domain when testing make_msgid. Patch by Batuhan Taskaya.
bpo-1812: Fix newline handling in doctest.testfile when loading from a package whose loader has a get_data method. Patch by Peter Donis.
bpo-37957: test.regrtest now can receive a list of test patterns to ignore (using the -i/–ignore argument) or a file with a list of patterns to ignore (using the –ignore-file argument). Patch by Pablo Galindo.
bpo-38502: test.regrtest now uses process groups in the multiprocessing mode (-jN command line option) if process groups are available: if os.setsid() and os.killpg() functions are available.
bpo-37421: multiprocessing tests now stop the ForkServer instance if it’s running: close the “alive” file descriptor to ask the server to stop and then remove its UNIX address.
bpo-37421: multiprocessing tests now explicitly call _run_finalizers() to immediately remove temporary directories created by tests.

Build
bpo-40653: Move _dirnameW out of HAVE_SYMLINK to fix a potential compiling issue.
bpo-38360: Support single-argument form of macOS -isysroot flag.
bpo-40204: Pin Sphinx version to 2.3.1 in Doc/Makefile.
bpo-40158: Fix CPython MSBuild Properties in NuGet Package (build/native/python.props)

Windows
bpo-40164: Updates Windows OpenSSL to 1.1.1g
bpo-39631: Changes the registered MIME type for .py files on Windows to text/x-python instead of text/plain.
bpo-40650: Include winsock2.h in pytime.c for timeval.
bpo-39930: Ensures the required vcruntime140.dll is included in install packages.
bpo-39847: Avoid hang when computer is hibernated whilst waiting for a mutex (for lock-related objects from threading) around 49-day uptime.
bpo-38492: Remove pythonw.exe dependency on the Microsoft C++ runtime.

macOS
bpo-39580: Avoid opening Finder window if running installer from the command line.
bpo-40400: Update the macOS installer build scripts to build with Python 3.x and to build correctly on newer macOS systems with SIP.
bpo-40741: Update macOS installer to use SQLite 3.32.2.
bpo-38329: python.org macOS installers now update the Current version symlink of /Library/Frameworks/Python.framework/Versions for 3.9 installs. Previously, Current was only updated for Python 2.x installs. This should make it easier to embed Python 3 into other macOS applications.
bpo-40164: Update macOS installer builds to use OpenSSL 1.1.1g.

IDLE
bpo-39885: Make context menu Cut and Copy work again when right-clicking within a selection.
bpo-40723: Make test_idle pass when run after import.
bpo-27115: For ‘Go to Line’, use a Query box subclass with IDLE standard behavior and improved error checking.
bpo-39885: Since clicking to get an IDLE context menu moves the cursor, any text selection should be and now is cleared.
bpo-39852: Edit “Go to line” now clears any selection, preventing accidental deletion. It also updates Ln and Col on the status bar.
bpo-38439: Add a 256×256 pixel IDLE icon to support more modern environments. Created by Andrew Clover. Delete the unused macOS idle.icns icon file.
bpo-38689: IDLE will no longer freeze when inspect.signature fails when fetching a calltip.

Tools/Demos
bpo-40479: Update multissltest helper to test with latest OpenSSL 1.0.2, 1.1.0, 1.1.1, and 3.0.0-alpha.
bpo-40179: Fixed translation of #elif in Argument Clinic.
bpo-40163: Fix multissltest tool. OpenSSL has changed download URL for old releases. The multissltest tool now tries to download from current and old download URLs.
bpo-36184: Port python-gdb.py to FreeBSD. python-gdb.py now checks for “take_gil” function name to check if a frame tries to acquire the GIL, instead of checking for “pthread_cond_timedwait” which is specific to Linux and can be a different condition than the GIL.
bpo-39889: Fixed unparse.py for extended slices containing a single element (e.g. a[i:j,]). Remove redundant tuples when index with a tuple (e.g. a[i, j]).
C API
bpo-39884: _PyMethodDef_RawFastCallDict() and _PyMethodDef_RawFastCallKeywords() now include the method name in the SystemError “bad call flags” error message to ease debug.
bpo-38643: PyNumber_ToBase() now raises a SystemError instead of crashing when called with invalid base.

Revision 1.8: download - view: text, markup, annotated - select for diffs
Wed Mar 11 08:31:57 2020 UTC (4 years, 10 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2020Q2-base, pkgsrc-2020Q2, pkgsrc-2020Q1-base, pkgsrc-2020Q1
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +2 -2 lines
python37: updated to 3.7.7

Python 3.7.7 final

Library
bpo-13487: Avoid a possible “RuntimeError: dictionary changed size during iteration” from inspect.getmodule() when it tried to loop through sys.modules.
Documentation
bpo-17422: The language reference no longer restricts default class namespaces to dicts only.


Python 3.7.7 release candidate 1

Security
bpo-39401: Avoid unsafe load of api-ms-win-core-path-l1-1-0.dll at startup on Windows 7.
Core and Builtins
bpo-39776: Fix race condition where threads created by PyGILState_Ensure() could get a duplicate id.

This affects consumers of tstate->id like the contextvar caching machinery, which could return invalid cached objects under heavy thread load (observed in embedded scenarios).
bpo-39778: Fixed a crash due to incorrect handling of weak references in collections.OrderedDict classes. Patch by Pablo Galindo.
bpo-39382: Fix a use-after-free in the single inheritance path of issubclass(), when the __bases__ of an object has a single reference, and so does its first item. Patch by Yonatan Goldschmidt.
bpo-39606: Fix regression caused by fix for bpo-39386, that prevented calling aclose on an async generator that had already been closed or exhausted.
bpo-39510: Fix segfault in readinto() method on closed BufferedReader.
bpo-39453: Fixed a possible crash in list.__contains__() when a list is changed during comparing items. Patch by Dong-hee Na.
bpo-39427: Document all possibilities for the -X options in the command line help section. Patch by Pablo Galindo.
bpo-39421: Fix possible crashes when operating with the functions in the heapq module and custom comparison operators.
bpo-39386: Prevent double awaiting of async iterator.
bpo-38588: Fix possible crashes in dict and list when calling PyObject_RichCompareBool().
bpo-39031: When parsing an “elif” node, lineno and col_offset of the node now point to the “elif” keyword and not to its condition, making it consistent with the “if” node. Patch by Lysandros Nikolaou.
bpo-38610: Fix possible crashes in several list methods by holding strong references to list elements when calling PyObject_RichCompareBool().
Library
bpo-39794: Add –without-decimal-contextvar build option. This enables a thread-local rather than a coroutine local context.
bpo-39769: The compileall.compile_dir() function’s ddir parameter and the compileall command line flag -d no longer write the wrong pathname to the generated pyc file for submodules beneath the root of the directory tree being compiled. This fixes a regression introduced with Python 3.5.
bpo-30566: Fix IndexError when trying to decode an invalid string with punycode codec.
bpo-39649: Remove obsolete check for __args__ in bdb.Bdb.format_stack_entry.
bpo-27657: The original fix for bpo-27657, “Fix urlparse() with numeric paths” (GH-16839) included in 3.7.6, inadvertently introduced a behavior change that broke several third-party packages relying on the original undefined parsing behavior. The change is reverted in 3.7.7, restoring the behavior of 3.7.5 and earlier releases.
bpo-21016: The pydoc and trace modules now use the sysconfig module to get the path to the Python standard library, to support uncommon installation path like /usr/lib64/python3.9/ on Fedora. Patch by Jan Matějek.
bpo-39548: Fix handling of header in urllib.request.AbstractDigestAuthHandler when the optional qop parameter is not present.
bpo-39450: Striped whitespace from docstring before returning it from unittest.case.shortDescription().
bpo-39493: Mark typing.IO.closed as a property
bpo-39485: Fix a bug in unittest.mock.create_autospec() that would complain about the wrong number of arguments for custom descriptors defined in an extension module returning functions.
bpo-39430: Fixed race condition in lazy imports in tarfile.
bpo-39389: Write accurate compression level metadata in gzip archives, rather than always signaling maximum compression.
bpo-39274: bool(fraction.Fraction) now returns a boolean even if (numerator != 0) does not return a boolean (ex: numpy number).
bpo-39242: Updated the Gmane domain from news.gmane.org to news.gmane.io which is used for examples of NNTP news reader server and nntplib tests.
bpo-39152: Fix ttk.Scale.configure([name]) to return configuration tuple for name or all options. Giovanni Lombardo contributed part of the patch.
bpo-39198: If an exception were to be thrown in Logger.isEnabledFor (say, by asyncio timeouts or stopit) , the logging global lock may not be released appropriately, resulting in deadlock. This change wraps that block of code with try...finally to ensure the lock is released.
bpo-39191: Perform a check for running loop before starting a new task in loop.run_until_complete() to fail fast; it prevents the side effect of new task spawning before exception raising.
bpo-38871: Correctly parenthesize filter-based statements that contain lambda expressions in mod:lib2to3. Patch by Dong-hee Na.
bpo-39142: A change was made to logging.config.dictConfig to avoid converting instances of named tuples to ConvertingTuple. It’s assumed that named tuples are too specialised to be treated like ordinary tuples; if a user of named tuples requires ConvertingTuple functionality, they will have to implement that themselves in their named tuple class.
bpo-38971: Open issue in the BPO indicated a desire to make the implementation of codecs.open() at parity with io.open(), which implements a try/except to assure file stream gets closed before an exception is raised.
bpo-39057: urllib.request.proxy_bypass_environment() now ignores leading dots and no longer ignores a trailing newline.
bpo-39056: Fixed handling invalid warning category in the -W option. No longer import the re module if it is not needed.
bpo-39055: base64.b64decode() with validate=True raises now a binascii.Error if the input ends with a single \n.
bpo-38878: Fixed __subclasshook__ of os.PathLike to return a correct result upon inheritence. Patch by Bar Harel.
bpo-35182: Fixed Popen.communicate() subsequent call crash when the child process has already closed any piped standard stream, but still continues to be running. Patch by Andriy Maletsky.
bpo-38473: Use signature from inner mock for autospecced methods attached with unittest.mock.attach_mock(). Patch by Karthikeyan Singaravelan.
bpo-38293: Add copy.copy() and copy.deepcopy() support to property() objects.
bpo-37953: In typing, improved the __hash__ and __eq__ methods for ForwardReferences.
bpo-36406: Handle namespace packages in doctest. Patch by Karthikeyan Singaravelan.
Documentation
bpo-13790: Change ‘string’ to ‘specification’ in format doc.
bpo-39530: Fix misleading documentation about mixed-type numeric comparisons.
bpo-17422: The language reference now specifies restrictions on class namespaces. Adapted from a patch by Ethan Furman.
bpo-39654: In pyclbr doc, update ‘class’ to ‘module’ where appropriate and add readmodule comment. Patch by Hakan Çelik.
bpo-39392: Explain that when filling with turtle, overlap regions may be left unfilled.
bpo-39381: Mention in docs that asyncio.get_event_loop() implicitly creates new event loop only if called from the main thread.
bpo-38918: Add an entry for __module__ in the “function” & “method” sections of the inspect docs types and members table
bpo-3530: In the ast module documentation, fix a misleading NodeTransformer example and add advice on when to use the fix_missing_locations function.
Tests
bpo-38546: Fix test_ressources_gced_in_workers() of test_concurrent_futures: explicitly stop the manager to prevent leaking a child process running in the background after the test completes.
Build
bpo-39144: The ctags and etags build targets both include Modules/_ctypes and Python standard library source files.
Windows
bpo-38597: distutils will no longer statically link vcruntime140.dll when a redistributable version is unavailable. All future releases of CPython will include a copy of this DLL to ensure distributed extensions can continue to load.
bpo-38380: Update Windows builds to use SQLite 3.31.1
bpo-39439: Reduce overhead when using multiprocessing in a Windows virtual environment
bpo-39185: The build.bat script has additional options for very-quiet output (-q) and very-verbose output (-vv)
macOS
bpo-38380: Update macOS builds to use SQLite 3.31.1
IDLE
bpo-39781: Selecting code context lines no longer causes a jump.
bpo-39663: Add tests for pyparse find_good_parse_start().
bpo-39600: In the font configuration window, remove duplicated font names.
bpo-30780: Add remaining configdialog tests for buttons and highlights and keys tabs.
bpo-39388: IDLE Settings Cancel button now cancels pending changes
bpo-39050: Make IDLE Settings dialog Help button work again.
bpo-34118: Tag memoryview, range, and tuple as classes, the same as list, etcetera, in the library manual built-in functions list.
bpo-38792: Close an IDLE shell calltip if a KeyboardInterrupt or shell restart occurs. Patch by Zackery Spytz.
bpo-32989: Add tests for editor newline_and_indent_event method. Remove dead code from pyparse find_good_parse_start method.

Revision 1.7: download - view: text, markup, annotated - select for diffs
Sat Dec 28 22:30:24 2019 UTC (5 years ago) by adam
Branches: MAIN
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +2 -2 lines
python37: updated to 3.7.6

Python 3.7.6 is the next bugfix release of Python 3.7.

Revision 1.6: download - view: text, markup, annotated - select for diffs
Wed Oct 16 07:04:04 2019 UTC (5 years, 3 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2019Q4-base, pkgsrc-2019Q4
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +2 -2 lines
python37: updated to 3.7.5

Python 3.7.5 is the fifth and most recent maintenance release of Python 3.7. The Python 3.7 series contains many new features and optimizations.

Revision 1.5: download - view: text, markup, annotated - select for diffs
Tue Jul 9 07:46:37 2019 UTC (5 years, 6 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2019Q3-base, pkgsrc-2019Q3
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +2 -2 lines
python37: updated to 3.7.4

Python 3.7.4 final

Core and Builtins
bpo-37500: Due to unintended side effects, revert the change introduced by bpo-1875 in 3.7.4rc1 to check for syntax errors in dead conditional code blocks.
Documentation
bpo-37149: Replace the dead link to the Tkinter 8.5 reference by John Shipman, New Mexico Tech, with a link to the archive.org copy.


Python 3.7.4 release candidate 2

Security
bpo-37463: ssl.match_hostname() no longer accepts IPv4 addresses with additional text after the address and only quad-dotted notation without trailing whitespaces. Some inet_aton() implementations ignore whitespace and all data after whitespace, e.g. ‘127.0.0.1 whatever’.

Core and Builtins
bpo-24214: Improved support of the surrogatepass error handler in the UTF-8 and UTF-16 incremental decoders.

Library
bpo-37440: http.client now enables TLS 1.3 post-handshake authentication for default context or if a cert_file is passed to HTTPSConnection.
bpo-37437: Update vendorized expat version to 2.2.7.
bpo-37428: SSLContext.post_handshake_auth = True no longer sets SSL_VERIFY_POST_HANDSHAKE verify flag for client connections. Although the option is documented as ignored for clients, OpenSSL implicitly enables cert chain validation when the flag is set.
bpo-32627: Fix compile error when _uuid headers conflicting included.

Windows
bpo-37369: Fixes path for sys.executable when running from the Microsoft Store.
bpo-35360: Update Windows builds to use SQLite 3.28.0.

macOS
bpo-34602: Avoid test suite failures on macOS by no longer calling resource.setrlimit to increase the process stack size limit at runtime. The runtime change is no longer needed since the interpreter is being built with a larger default stack size.

Revision 1.4: download - view: text, markup, annotated - select for diffs
Tue Mar 26 20:54:55 2019 UTC (5 years, 9 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2019Q2-base, pkgsrc-2019Q2, pkgsrc-2019Q1-base, pkgsrc-2019Q1
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +2 -2 lines
python37: updated to 3.7.3

Python 3.7.3:
Security
bpo-36216: Changes urlsplit() to raise ValueError when the URL contains characters that decompose under IDNA encoding (NFKC-normalization) into characters that affect how the URL is parsed.
bpo-35746: [CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco.
bpo-35121: Don’t send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with http.cookiejar.DefaultCookiePolicy policy. Patch by Karthikeyan Singaravelan.

Core and Builtins
bpo-35942: The error message emitted when returning invalid types from __fspath__ in interfaces that allow passing PathLike objects has been improved and now it does explain the origin of the error.
bpo-35992: Fix __class_getitem__() not being called on a class with a custom non-subscriptable metaclass.
bpo-35991: Fix a potential double free in Modules/_randommodule.c.
bpo-35961: Fix a crash in slice_richcompare(): use strong references rather than stolen references for the two temporary internal tuples.
bpo-31506: Clarify the errors reported when object.__new__ and object.__init__ receive more than one argument. Contributed by Sanyam Khurana.
bpo-35720: Fixed a minor memory leak in pymain_parse_cmdline_impl function in Modules/main.c
bpo-35623: Fix a crash when sorting very long lists. Patch by Stephan Hohe.
bpo-35214: clang Memory Sanitizer build instrumentation was added to work around false positives from posix, socket, time, test_io, and test_faulthandler.
bpo-35560: Fix an assertion error in format() in debug build for floating point formatting with “n” format, zero padding and small width. Release build is not impacted. Patch by Karthikeyan Singaravelan.
bpo-35552: Format characters %s and %V in PyUnicode_FromFormat() and %s in PyBytes_FromFormat() no longer read memory past the limit if precision is specified.
bpo-35504: Fix segfaults and SystemErrors when deleting certain attributes. Patch by Zackery Spytz.
bpo-33989: Fix a possible crash in list.sort() when sorting objects with ob_type->tp_richcompare == NULL. Patch by Zackery Spytz.

Library
bpo-35931: The pdb debug command now gracefully handles all exceptions.
bpo-36251: Fix format strings used for stderrprinter and re.Match reprs. Patch by Stephan Hohe.
bpo-35807: Update ensurepip to install pip 19.0.3 and setuptools 40.8.0.
bpo-36179: Fix two unlikely reference leaks in _hashopenssl. The leaks only occur in out-of-memory cases.
bpo-35178: Ensure custom warnings.formatwarning() function can receive line as positional argument. Based on patch by Tashrif Billah.
bpo-36106: Resolve potential name clash with libm’s sinpi(). Patch by Dmitrii Pasechnik.
bpo-35512: unittest.mock.patch.dict() used as a decorator with string target resolves the target during function call instead of during decorator construction. Patch by Karthikeyan Singaravelan.
bpo-36091: Clean up reference to async generator in Lib/types. Patch by Henry Chen.
bpo-35899: Enum has been fixed to correctly handle empty strings and strings with non-Latin characters (ie. ‘α’, ‘א’) without crashing. Original patch contributed by Maxwell. Assisted by Stéphane Wirtel.
bpo-35918: Removed broken has_key method from multiprocessing.managers.SyncManager.dict. Contributed by Rémi Lapeyre.
bpo-35960: Fix dataclasses.field() throwing away empty mapping objects passed as metadata.
bpo-35847: RISC-V needed the CTYPES_PASS_BY_REF_HACK. Fixes ctypes Structure test_pass_by_value.
bpo-35780: Fix lru_cache() errors arising in recursive, reentrant, or multi-threaded code. These errors could result in orphan links and in the cache being trapped in a state with fewer than the specified maximum number of links. Fix handling of negative maxsize which should have been treated as zero. Fix errors in toggling the “full” status flag. Fix misordering of links when errors are encountered. Sync-up the C code and pure Python code for the space saving path in functions with a single positional argument. In this common case, the space overhead of an lru cache entry is reduced by almost half. Fix counting of cache misses. In error cases, the miss count was out of sync with the actual number of times the underlying user function was called.
bpo-23846: asyncio.ProactorEventLoop now catches and logs send errors when the self-pipe is full.
bpo-34323: asyncio: Enhance IocpProactor.close() log: wait 1 second before the first log, then log every second. Log also the number of seconds since close() was called.
bpo-34294: re module, fix wrong capturing groups in rare cases. re.search(), re.findall(), re.sub() and other functions that scan through string looking for a match, should reset capturing groups between two match attempts. Patch by Ma Lin.
bpo-35717: Fix KeyError exception raised when using enums and compile. Patch contributed by Rémi Lapeyre.
bpo-35699: Fixed detection of Visual Studio Build Tools 2017 in distutils
bpo-32710: Fix memory leaks in asyncio ProactorEventLoop on overlapped operation failure.
bpo-32710: Fix a memory leak in asyncio in the ProactorEventLoop when ReadFile() or WSASend() overlapped operation fail immediately: release the internal buffer.
bpo-35682: Fix asyncio.ProactorEventLoop.sendfile(): don’t attempt to set the result of an internal future if it’s already done.
bpo-35283: Add a pending deprecated warning for the threading.Thread.isAlive() method. Patch by Dong-hee Na.
bpo-35643: Fixed a SyntaxWarning: invalid escape sequence in Modules/_sha3/cleanup.py. Patch by Mickaël Schoentgen.
bpo-35615: weakref: Fix a RuntimeError when copying a WeakKeyDictionary or a WeakValueDictionary, due to some keys or values disappearing while iterating.
bpo-28503: The crypt module now internally uses the crypt_r() library function instead of crypt() when available.
bpo-35121: Don’t set cookie for a request when the request path is a prefix match of the cookie’s path attribute but doesn’t end with “/”. Patch by Karthikeyan Singaravelan.
bpo-35585: Speed-up building enums by value, e.g. http.HTTPStatus(200).
bpo-21478: Calls to a child function created with unittest.mock.create_autospec() should propagate to the parent. Patch by Karthikeyan Singaravelan.
bpo-35513: TextTestRunner of unittest.runner now uses time.perf_counter() rather than time.time() to measure the execution time of a test: time.time() can go backwards, whereas time.perf_counter() is monotonic.
bpo-35502: Fixed reference leaks in xml.etree.ElementTree.TreeBuilder in case of unfinished building of the tree (in particular when an error was raised during parsing XML).
bpo-31446: Copy command line that was passed to CreateProcessW since this function can change the content of the input buffer.
bpo-20239: Allow repeated assignment deletion of unittest.mock.Mock attributes. Patch by Pablo Galindo.
bpo-17185: Set __signature__ on mock for inspect to get signature. Patch by Karthikeyan Singaravelan.
bpo-10496: check_environ() of distutils.utils now catches KeyError on calling pwd.getpwuid(): don’t create the HOME environment variable in this case.
bpo-35066: Previously, calling the strftime() method on a datetime object with a trailing ‘%’ in the format string would result in an exception. However, this only occured when the datetime C module was being used; the python implementation did not match this behavior. Datetime is now PEP-399 compliant, and will not throw an exception on a trailing ‘%’.
bpo-24746: Avoid stripping trailing whitespace in doctest fancy diff. Orignial patch by R. David Murray & Jairo Trad. Enhanced by Sanyam Khurana.
bpo-35198: Fix C++ extension compilation on AIX
bpo-28441: On Cygwin and MinGW, ensure that sys.executable always includes the full filename in the path, including the .exe suffix (unless it is a symbolic link).
bpo-34572: Fix C implementation of pickle.loads to use importlib’s locking mechanisms, and thereby avoid using partially-loaded modules. Patch by Tim Burgess.
bpo-33687: Fix the call to os.chmod() for uu.decode() if a mode is given or decoded. Patch by Timo Furrer.
bpo-32146: Document the interaction between frozen executables and the spawn and forkserver start methods in multiprocessing.

Revision 1.3: download - view: text, markup, annotated - select for diffs
Mon Dec 31 10:07:59 2018 UTC (6 years ago) by adam
Branches: MAIN
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +2 -2 lines
python37: updated to 3.7.2

Python 3.7.2 final

Library
- bpo-31715: Associate .mjs file extension with application/javascript MIME Type.

Build
- bpo-35499: make profile-opt no longer replaces CFLAGS_NODIST with CFLAGS. It now adds profile-guided optimization (PGO) flags to CFLAGS_NODIST: existing CFLAGS_NODIST flags are kept.
- bpo-35257: Avoid leaking the linker flags from Link Time Optimizations (LTO) into distutils when compiling C extensions.

C API
- bpo-35259: Conditionally declare Py_FinalizeEx() (new in 3.6) based on Py_LIMITED_API.


Python 3.7.2 release candidate 1

Security
- bpo-34812: The -I command line option (run Python in isolated mode) is now also copied by the multiprocessing and distutils modules when spawning child processes. Previously, only -E and -s options (enabled by -I) were copied.
- bpo-34791: The xml.sax and xml.dom.domreg no longer use environment variables to override parser implementations when sys.flags.ignore_environment is set by -E or -I arguments.

Core and Builtins
- bpo-35444: Fixed error handling in pickling methods when fail to look up builtin “getattr”.
- bpo-35436: Fix various issues with memory allocation error handling. Patch by Zackery Spytz.
- bpo-35357: Internal attributes’ names of unittest.mock._Call and unittest.mock.MagicProxy (name, parent & from_kall) are now prefixed with _mock_ in order to prevent clashes with widely used object attributes. Fixed minor typo in test function name.
- bpo-35372: Fixed the code page decoder for input longer than 2 GiB containing undecodable bytes.
- bpo-35336: Fix PYTHONCOERCECLOCALE=1 environment variable: only coerce the C locale if the LC_CTYPE locale is “C”.
- bpo-33954: For str.format(), float.__format__() and complex.__format__() methods for non-ASCII decimal point when using the “n” formatter.
- bpo-35269: Fix a possible segfault involving a newly-created coroutine. Patch by Zackery Spytz.
- bpo-35214: Fixed an out of bounds memory access when parsing a truncated unicode escape sequence at the end of a string such as '\N'. It would read one byte beyond the end of the memory allocation.
- bpo-35214: The interpreter and extension modules have had annotations added so that they work properly under clang’s Memory Sanitizer. A new configure flag –with-memory-sanitizer has been added to make test builds of this nature easier to perform.
- bpo-35193: Fix an off by one error in the bytecode peephole optimizer where it could read bytes beyond the end of bounds of an array when removing unreachable code. This bug was present in every release of Python 3.6 and 3.7 until now.
- bpo-29341: Clarify in the docstrings of os methods that path-like objects are also accepted as input parameters.
- bpo-35050: socket: Fix off-by-one bug in length check for AF_ALG name and type.
- bpo-34974: bytes and bytearray constructors no longer convert unexpected exceptions (e.g. MemoryError and KeyboardInterrupt) to TypeError.
- bpo-34973: Fixed crash in bytes() when the list argument is mutated while it is iterated.
- bpo-34824: Fix a possible null pointer dereference in Modules/_ssl.c. Patch by Zackery Spytz.
- bpo-1621: Do not assume signed integer overflow behavior (C undefined behavior) when performing set hash table resizing.

Library
- bpo-35052: Fix xml.dom.minidom cloneNode() on a document with an entity: pass the correct arguments to the user data handler of an entity.
- bpo-35330: When a Mock instance was used to wrap an object, if side_effect is used in one of the mocks of it methods, don’t call the original implementation and return the result of using the side effect the same way that it is done with return_value.
- bpo-34172: Revert the fix for this issue previously released in 3.7.1 pending further investigation: Fix a reference issue inside multiprocessing.Pool that caused the pool to remain alive if it was deleted without being closed or terminated explicitly.
- bpo-10496: posixpath.expanduser() now returns the input path unchanged if the HOME environment variable is not set and the current user has no home directory (if the current user identifier doesn’t exist in the password database). This change fix the site module if the current user doesn’t exist in the password database (if the user has no home directory).
- bpo-35310: Fix a bug in select.select() where, in some cases, the file descriptor sequences were returned unmodified after a signal interruption, even though the file descriptors might not be ready yet. select.select() will now always return empty lists if a timeout has occurred. Patch by Oran Avraham.
- bpo-35380: Enable TCP_NODELAY on Windows for proactor asyncio event loop.
- bpo-35341: Add generic version of collections.OrderedDict to the typing module. Patch by Ismo Toijala.
- bpo-35371: Fixed possible crash in os.utime() on Windows when pass incorrect arguments.
- bpo-27903: Fix ResourceWarning in platform.dist() on SuSE and Caldera OpenLinux. Patch by Ville Skyttä.
- bpo-35308: Fix regression in webbrowser where default browsers may be preferred over browsers in the BROWSER environment variable.
- bpo-28604: locale.localeconv() now sets temporarily the LC_CTYPE locale to the LC_MONETARY locale if the two locales are different and monetary strings are non-ASCII. This temporary change affects other threads.
- bpo-35277: Update ensurepip to install pip 18.1 and setuptools 40.6.2.
- bpo-35226: Recursively check arguments when testing for equality of unittest.mock.call objects and add note that tracking of parameters used to create ancestors of mocks in mock_calls is not possible.
- bpo-29564: The warnings module now suggests to enable tracemalloc if the source is specified, the tracemalloc module is available, but tracemalloc is not tracing memory allocations.
- bpo-35189: Modify the following fnctl function to retry if interrupted by a signal (EINTR): flock, lockf, fnctl
- bpo-35062: Fix incorrect parsing of _io.IncrementalNewlineDecoder’s translate argument.
- bpo-35079: Improve difflib.SequenceManager.get_matching_blocks doc by adding ‘non-overlapping’ and changing ‘!=’ to ‘<’.
- bpo-35017: socketserver.BaseServer.serve_forever() now exits immediately if it’s shutdown() method is called while it is polling for new events.
- bpo-31047: Fix ntpath.abspath regression where it didn’t remove a trailing separator on Windows. Patch by Tim Graham.
- bpo-34794: Fixed a leak in Tkinter when pass the Python wrapper around Tcl_Obj back to Tcl/Tk.
- bpo-35008: Fixed references leaks when call the __setstate__() method of xml.etree.ElementTree.Element in the C implementation for already initialized element.
- bpo-23420: Verify the value for the parameter ‘-s’ of the cProfile CLI. Patch by Robert Kuska
- bpo-33947: dataclasses now handle recursive reprs without raising RecursionError.
- bpo-16965: The 2to3 execfile fixer now opens the file with mode 'rb'. Patch by Zackery Spytz.
- bpo-34966: pydoc now supports aliases not only to methods defined in the end class, but also to inherited methods. The docstring is not duplicated for aliases.
- bpo-34941: Methods find(), findtext() and findall() of the Element class in the xml.etree.ElementTree module are now able to find children which are instances of Element subclasses.
- bpo-34936: Fix TclError in tkinter.Spinbox.selection_element(). Patch by Juliette Monsel.
- bpo-34866: Adding max_num_fields to cgi.FieldStorage to make DOS attacks harder by limiting the number of MiniFieldStorage objects created by FieldStorage.
- bpo-34022: The SOURCE_DATE_EPOCH environment variable no longer overrides the value of the invalidation_mode argument to py_compile.compile(), and determines its default value instead.
- bpo-34738: ZIP files created by distutils will now include entries for directories.
- bpo-31177: Fix bug that prevented using reset_mock on mock instances with deleted attributes
- bpo-34536: Enum._missing_: raise ValueError if None returned and TypeError if non-member is returned.
- bpo-34604: Fix possible mojibake in the error message of pwd.getpwnam and grp.getgrnam using string representation because of invisible characters or trailing whitespaces. Patch by William Grzybowski.
- bpo-34574: OrderedDict iterators are not exhausted during pickling anymore. Patch by Sergey Fedoseev.
- bpo-34052: sqlite3.Connection.create_aggregate(), sqlite3.Connection.create_function(), sqlite3.Connection.set_authorizer(), sqlite3.Connection.set_progress_handler() methods raises TypeError when unhashable objects are passed as callable. These methods now don’t pass such objects to SQLite API. Previous behavior could lead to segfaults. Patch by Sergey Fedoseev.
- bpo-29877: compileall: import ProcessPoolExecutor only when needed, preventing hangs on low resource platforms
- bpo-22005: Implemented unpickling instances of datetime, date and time pickled by Python 2. encoding='latin1' should be used for successful decoding.

Revision 1.2: download - view: text, markup, annotated - select for diffs
Mon Oct 22 17:32:48 2018 UTC (6 years, 2 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2018Q4-base, pkgsrc-2018Q4
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +2 -2 lines
python37: updated to 3.7.1

Notable changes in Python 3.7.1

Starting in 3.7.1, Py_Initialize() now consistently reads and respects all of the same environment settings as Py_Main() (in earlier Python versions, it respected an ill-defined subset of those environment variables, while in Python 3.7.0 it didn’t read any of them due to bpo-34247). If this behavior is unwanted, set Py_IgnoreEnvironmentFlag to 1 before calling Py_Initialize().

In 3.7.1 the C API for Context Variables was updated to use PyObject pointers.

xml.dom.minidom and xml.sax modules no longer process external entities by default.

Revision 1.1: download - view: text, markup, annotated - select for diffs
Tue Jul 3 03:55:40 2018 UTC (6 years, 6 months ago) by adam
Branches: MAIN
CVS tags: pkgsrc-2018Q3-base, pkgsrc-2018Q3
python37: added version 3.7.0

Python 3.7.0 is the newest major release of the Python language, and it contains many new features and optimizations.

Among the major new features in Python 3.7 are:

PEP 539, new C API for thread-local storage
PEP 545, Python documentation translations
New documentation translations: Japanese, French, and Korean.
PEP 552, Deterministic pyc files
PEP 553, Built-in breakpoint()
PEP 557, Data Classes
PEP 560, Core support for typing module and generic types
PEP 562, Customization of access to module attributes
PEP 563, Postponed evaluation of annotations
PEP 564, Time functions with nanosecond resolution
PEP 565, Improved DeprecationWarning handling
PEP 567, Context Variables
Avoiding the use of ASCII as a default text encoding (PEP 538, legacy C locale coercion and PEP 540, forced UTF-8 runtime mode)
The insertion-order preservation nature of dict objects is now an official part of the Python language spec.
Notable performance improvements in many areas.

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options

CVSweb <webmaster@jp.NetBSD.org>