Subject: CVS commit: pkgsrc/lang
From: Adam Ciarcinski
Date: 2021-02-16 20:39:53
Message id: 20210216193953.AC36BFA95@cvs.NetBSD.org

Log Message:
python36 py36-html-docs: updated to 3.6.13

Python 3.6.13 final

Security
bpo-42967: Fix web cache poisoning vulnerability by defaulting the query args \ 
separator to &, and allowing the user to choose a custom separator.
bpo-42938: Avoid static buffers when computing the repr of ctypes.c_double and \ 
ctypes.c_longdouble values.
bpo-42103: Prevented potential DoS attack via CPU and RAM exhaustion when \ 
processing malformed Apple Property List files in binary format.
bpo-42051: The plistlib module no longer accepts entity declarations in XML \ 
plist files to avoid XML vulnerabilities. This should not affect users as entity \ 
declarations are not used in regular plist files.
bpo-40791: Add volatile to the accumulator variable in hmac.compare_digest, \ 
making constant-time-defeating optimizations less likely.

Core and Builtins
bpo-35560: Fix an assertion error in format() in debug build for floating point \ 
formatting with ā€œnā€ format, zero padding and small width. Release build is \ 
not impacted. Patch by Karthikeyan Singaravelan.

Library
bpo-42103: InvalidFileException and RecursionError are now the only errors \ 
caused by loading malformed binary Plist file (previously ValueError and \ 
TypeError could be raised in some specific cases).

Tests
bpo-42794: Update test_nntplib to use offical group name of news.aioe.org for \ 
testing. Patch by Dong-hee Na.
bpo-41944: Tests for CJK codecs no longer call eval() on content received via HTTP.

Files:
RevisionActionfile
1.35modifypkgsrc/lang/python36/distinfo
1.14modifypkgsrc/lang/python36/dist.mk
1.31modifypkgsrc/lang/python36/Makefile
1.13modifypkgsrc/lang/py36-html-docs/distinfo
1.14modifypkgsrc/lang/py36-html-docs/Makefile