Path to this page:
Subject: CVS commit: pkgsrc/lang/python35
From: Adam Ciarcinski
Date: 2019-03-20 20:27:47
Message id: 20190320192747.D6EEFFB16@cvs.NetBSD.org
Log Message:
python35: updated to 3.5.7
Python 3.5.7 final
Security
bpo-36216: Changes urlsplit() to raise ValueError when the URL contains \
characters that decompose under IDNA encoding (NFKC-normalization) into \
characters that affect how the URL is parsed.
bpo-35121: Don’t send cookies of domain A without Domain attribute to domain B \
when domain A is a suffix match of domain B while using a cookiejar with \
http.cookiejar.DefaultCookiePolicy policy.
Library
bpo-35121: Don’t set cookie for a request when the request path is a prefix \
match of the cookie’s path attribute but doesn’t end with “/”.
Python 3.5.7 release candidate 1
Security
bpo-35746: [CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert \
parser did not handle CRL distribution points with empty DP or URI correctly. A \
malicious or buggy certificate can result into segfault. Vulnerability \
(TALOS-2018-0758).
bpo-34791: The xml.sax and xml.dom.domreg no longer use environment variables to \
override parser implementations when sys.flags.ignore_environment is set by -E \
or -I arguments.
bpo-34623: CVE-2018-14647: The C accelerated _elementtree module now initializes \
hash randomization salt from _Py_HashSecret instead of libexpat’s default \
CSPRNG.
Library
bpo-33329: Fix multiprocessing regression on newer glibcs
bpo-33127: The ssl module now compiles with LibreSSL 2.7.1.
Files: