Path to this page:
Subject: CVS commit: pkgsrc/lang
From: Adam Ciarcinski
Date: 2021-02-16 20:40:34
Message id: 20210216194034.35648FA95@cvs.NetBSD.org
Log Message:
python37 py37-html-docs: updated to 3.7.10
Python 3.7.10
Security
bpo-42967: Fix web cache poisoning vulnerability by defaulting the query args \
separator to &, and allowing the user to choose a custom separator.
bpo-42938: Avoid static buffers when computing the repr of ctypes.c_double and \
ctypes.c_longdouble values.
bpo-42103: Prevented potential DoS attack via CPU and RAM exhaustion when \
processing malformed Apple Property List files in binary format.
bpo-42051: The plistlib module no longer accepts entity declarations in XML \
plist files to avoid XML vulnerabilities. This should not affect users as entity \
declarations are not used in regular plist files.
bpo-40791: Add volatile to the accumulator variable in hmac.compare_digest, \
making constant-time-defeating optimizations less likely.
Library
bpo-42103: InvalidFileException and RecursionError are now the only errors \
caused by loading malformed binary Plist file (previously ValueError and \
TypeError could be raised in some specific cases).
bpo-41976: Fixed a bug that was causing ctypes.util.find_library() to return \
None when triying to locate a library in an environment when gcc>=9 is \
available and ldconfig is not. Patch by Pablo Galindo
Documentation
bpo-17140: Add documentation for the multiprocessing.pool.ThreadPool class.
Tests
bpo-42794: Update test_nntplib to use offical group name of news.aioe.org for \
testing. Patch by Dong-hee Na.
bpo-41944: Tests for CJK codecs no longer call eval() on content received via HTTP.
Files: