Subject: CVS commit: pkgsrc/lang/python35
From: Adam Ciarcinski
Date: 2019-03-20 20:27:47
Message id: 20190320192747.D6EEFFB16@cvs.NetBSD.org

Log Message:
python35: updated to 3.5.7

Python 3.5.7 final

Security
bpo-36216: Changes urlsplit() to raise ValueError when the URL contains \ 
characters that decompose under IDNA encoding (NFKC-normalization) into \ 
characters that affect how the URL is parsed.
bpo-35121: Don’t send cookies of domain A without Domain attribute to domain B \ 
when domain A is a suffix match of domain B while using a cookiejar with \ 
http.cookiejar.DefaultCookiePolicy policy.

Library
bpo-35121: Don’t set cookie for a request when the request path is a prefix \ 
match of the cookie’s path attribute but doesn’t end with “/”.

Python 3.5.7 release candidate 1

Security
bpo-35746: [CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert \ 
parser did not handle CRL distribution points with empty DP or URI correctly. A \ 
malicious or buggy certificate can result into segfault. Vulnerability \ 
(TALOS-2018-0758).
bpo-34791: The xml.sax and xml.dom.domreg no longer use environment variables to \ 
override parser implementations when sys.flags.ignore_environment is set by -E \ 
or -I arguments.
bpo-34623: CVE-2018-14647: The C accelerated _elementtree module now initializes \ 
hash randomization salt from _Py_HashSecret instead of libexpat’s default \ 
CSPRNG.

Library
bpo-33329: Fix multiprocessing regression on newer glibcs
bpo-33127: The ssl module now compiles with LibreSSL 2.7.1.

Files:
RevisionActionfile
1.17modifypkgsrc/lang/python35/Makefile
1.9modifypkgsrc/lang/python35/PLIST
1.8modifypkgsrc/lang/python35/dist.mk
1.19modifypkgsrc/lang/python35/distinfo