./lang/python34, Interpreted, interactive, object-oriented programming language

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 3.4.7, Package name: python34-3.4.7, Maintainer: pkgsrc-users

Python is an interpreted, interactive, object-oriented
programming language that combines remarkable power with
very clear syntax. For an introduction to programming in
Python you are referred to the Python Tutorial. The
Python Library Reference documents built-in and standard
types, constants, functions and modules. Finally, the
Python Reference Manual describes the syntax and semantics
of the core language in (perhaps too) much detail.

Python's basic power can be extended with your own modules
written in C or C++. On most systems such modules may be
dynamically loaded. Python is also adaptable as an exten-
sion language for existing applications. See the internal
documentation for hints.

This package provides Python version 3.4.x.


Required to run:

Required to build:
[devel/readline] [pkgtools/cwrappers]

Package options: x11

Master sites:

SHA1: 7b05bf099f3f311ba568232d0d03d64e67da9908
RMD160: 8c4cde8603a15cd55b59b665a84efd0e8f9d7553
Filesize: 14171.258 KB

Version history: (Expand)

CVS history: (Expand)

   2017-11-01 22:51:22 by Thomas Klausner | Files touched by this commit (8)
Log message:
python*: remove patch for py_curses.h that doesn't make sense to me

(nor upstream)

If this is still needed, please explain it. Thanks.
   2017-09-03 10:53:18 by Thomas Klausner | Files touched by this commit (165)
Log message:
Follow some redirects.
   2017-08-14 11:20:00 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
Python 3.4.7:

* bpo-29591: Update expat copy from 2.1.1 to 2.2.0 to get fixes of CVE-2016-0718 \ 
and CVE-2016-4472. See https://sourceforge.net/p/expat/bugs/537/ for more \ 
* bpo-30694: Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple \ 
security vulnerabilities including: CVE-2017-9233 (External entity infinite loop \ 
DoS), CVE-2016-9063 (Integer overflow, re-fix), CVE-2016-0718 (Fix regression \ 
bugs from 2.2.0’s fix to CVE-2016-0718) and CVE-2012-0876 (Counter hash \ 
flooding with SipHash). Note: the CVE-2016-5300 (Use os- specific entropy \ 
sources like getrandom) doesn’t impact Python, since Python already gets \ 
entropy from the OS to set the expat secret using XML_SetHashSalt().
* bpo-26657: Fix directory traversal vulnerability with http.server on Windows. \ 
This fixes a regression that was introduced in 3.3.4rc1 and 3.4.0rc1. Based on \ 
patch by Philipp Hagemeister.
* bpo-30500: Fix urllib.parse.splithost() to correctly parse fragments. For \ 
example, splithost('//') now correctly returns the \ 
host, instead of treating @evil.com as the host in an authentification \ 
* bpo-30730: Prevent environment variables injection in subprocess on Windows. \ 
Prevent passing other invalid environment variables and command arguments.
   2017-05-30 16:04:54 by Manuel Bouyer | Files touched by this commit (10)
Log message:
Add support for NetBSD's socketcan implementation.
Tested with the example from
http://www.bencz.com/hacks/2016/07/10/p … socketcan/
Needs <netcan/can.h> rev 1.3 or newer.
   2017-02-01 12:47:45 by Jonathan Perkin | Files touched by this commit (3)
Log message:
Put back bdb bl3, required for the dbm module.
   2017-01-26 10:45:23 by Jonathan Perkin | Files touched by this commit (9)
Log message:
Remove obsolete bsddb bits carried over from python2.  Patch from jcea in
   2017-01-19 02:25:09 by Wen Heping | Files touched by this commit (4) | Package updated
Log message:
Update to 3.4.6

Upstream changes:
What's New in Python 3.4.6?

Release date: 2017-01-16

There were no changes between 3.4.6rc1 and 3.4.6 final.

What's New in Python 3.4.6rc1?

Release date: 2017-01-02

Core and Builtins

- Issue #28648: Fixed crash in Py_DecodeLocale() in debug build on Mac OS X
  when decode astral characters.  Patch by Xiang Zhang.

- Issue #28426: Fixed potential crash in PyUnicode_AsDecodedObject() in debug


- Issue #28563: Fixed possible DoS and arbitrary code execution when handle
  plural form selections in the gettext module.  The expression parser now
  supports exact syntax supported by GNU gettext.

- In the curses module, raise an error if window.getstr() or window.instr() is
  passed a negative value.

- Issue #27783: Fix possible usage of uninitialized memory in operator.methodcaller.

- Issue #27774: Fix possible Py_DECREF on unowned object in _sre.

- Issue #27760: Fix possible integer overflow in binascii.b2a_qp.

- Issue #27758: Fix possible integer overflow in the _csv module for large record

- Issue #27568: Prevent HTTPoxy attack (CVE-2016-1000110). Ignore the
  HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates
  that the script is in CGI mode.

- Issue #27759: Fix selectors incorrectly retain invalid file descriptors.
  Patch by Mark Williams.


- Issue #28248: Update Windows build to use OpenSSL 1.0.2j.


- Issue #27369: In test_pyexpat, avoid testing an error message detail that
  changed in Expat 2.2.0.
   2017-01-06 00:16:43 by Roy Marples | Files touched by this commit (9)
Log message:
Fix prior patches to use is_pad(3) rather than is_keypad(3).
Bump py-curses.