Up to [cvs.NetBSD.org] / pkgsrc / lang / python37 / patches
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.2, Mon Sep 12 07:58:55 2022 UTC (14 months, 3 weeks ago) by adam
CVS Tags: HEAD
Changes since 1.1: +1 -1 lines
python37 py37-html-docs: updated to 3.7.14 Python 3.7.14 Security gh-95778: Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. This is a mitigation for CVE-2020-10735. This new limit can be configured or disabled by environment variable, command line flag, or sys APIs. See the integer string conversion length limitation documentation. The default limit is 4300 digits in string form. Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and Mark Dickinson. gh-87389: http.server: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. Vulnerability discovered, and initial fix proposed, by Hamza Avvan. Core and Builtins gh-93065: Fix contextvars HAMT implementation to handle iteration over deep trees. The bug was discovered and fixed by Eli Libman. See MagicStack/immutables#84 for more details. Library bpo-36073: Raise ProgrammingError instead of segfaulting on recursive usage of cursors in sqlite3 converters. Patch by Sergey Fedoseev. Documentation gh-91888: Add a new gh role to the documentation to link to GitHub issues. bpo-47138: Pin Jinja to a version compatible with Sphinx version 2.3.1. Tests gh-94208: test_ssl is now checking for supported TLS version and protocols in more tests. bpo-47016: Create a GitHub Actions workflow for verifying bundled pip and setuptools. Patch by Illia Volochii and Adam Turner. bpo-41306: Fixed a failure in test_tk.test_widgets.ScaleTest happening when executing the test with Tk 8.6.10. Windows bpo-47194: Update zlib to v1.2.12 to resolve CVE-2018-25032.
Revision 1.1 / (download) - annotate - [select for diffs], Tue Nov 17 19:33:26 2020 UTC (3 years ago) by sjmulder
CVS Tags: pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4, pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2, pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4
lang/python37: Fix for macOS 11 and Apple Silicon (Apple Silicon being their aarch64 platform.) This is backport of the same in lang/python39 and lang/python38. Some parts weren't applicable in 3.7. The setup.py script needed some work on the ffi code. Otherwise, minor changes. Patches consist of: - Upstream work: https://github.com/python/cpython/pull/22855 - Fix for setup.py to find libbz2.tbd and libz.tbd now that with the shared library cache there's nothing in /usr/lib. See: https://bugs.python.org/issue41116 - Addition of __arch64__ case to fix _decimal module. A very similar fix has since been committed upstream.
This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.