Path to this page:
Subject: CVS commit: pkgsrc/lang
From: Adam Ciarcinski
Date: 2021-02-16 20:39:53
Message id: 20210216193953.AC36BFA95@cvs.NetBSD.org
Log Message:
python36 py36-html-docs: updated to 3.6.13
Python 3.6.13 final
Security
bpo-42967: Fix web cache poisoning vulnerability by defaulting the query args \
separator to &, and allowing the user to choose a custom separator.
bpo-42938: Avoid static buffers when computing the repr of ctypes.c_double and \
ctypes.c_longdouble values.
bpo-42103: Prevented potential DoS attack via CPU and RAM exhaustion when \
processing malformed Apple Property List files in binary format.
bpo-42051: The plistlib module no longer accepts entity declarations in XML \
plist files to avoid XML vulnerabilities. This should not affect users as entity \
declarations are not used in regular plist files.
bpo-40791: Add volatile to the accumulator variable in hmac.compare_digest, \
making constant-time-defeating optimizations less likely.
Core and Builtins
bpo-35560: Fix an assertion error in format() in debug build for floating point \
formatting with ānā format, zero padding and small width. Release build is \
not impacted. Patch by Karthikeyan Singaravelan.
Library
bpo-42103: InvalidFileException and RecursionError are now the only errors \
caused by loading malformed binary Plist file (previously ValueError and \
TypeError could be raised in some specific cases).
Tests
bpo-42794: Update test_nntplib to use offical group name of news.aioe.org for \
testing. Patch by Dong-hee Na.
bpo-41944: Tests for CJK codecs no longer call eval() on content received via HTTP.
Files: