Path to this page:
Subject: CVS commit: pkgsrc/lang
From: Adam Ciarcinski
Date: 2023-06-07 15:25:09
Message id: 20230607132509.31D09FA89@cvs.NetBSD.org
Log Message:
python38 py38-html-docs: updated to 3.8.17
Python 3.8.17
Security
gh-103142: The version of OpenSSL used in our binary builds has been upgraded to \
1.1.1u to address several CVEs.
gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory \
traversal based on the input if no out_file was specified.
gh-104049: Do not expose the local on-disk location in directory indexes \
produced by http.client.SimpleHTTPRequestHandler.
gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space \
characters following the specification for URLs defined by WHATWG in response to \
CVE-2023-24329. Patch by Illia Volochii.
gh-101727: Updated the OpenSSL version used in Windows and macOS binary release \
builds to 1.1.1t to address CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per \
the OpenSSL 2023-02-07 security advisory.
gh-101283: subprocess.Popen now uses a safer approach to find cmd.exe when \
launching with shell=True. Patch by Eryk Sun, based on a patch by Oleg Iarygin.
Library
gh-103935: Use io.open_code() for files to be executed instead of raw open()
gh-102953: The extraction methods in tarfile, and shutil.unpack_archive(), have \
a new a filter argument that allows limiting tar features than may be surprising \
or dangerous, such as creating files outside the destination directory. See \
Extraction filters for details.
gh-101997: Upgrade pip wheel bundled with ensurepip (pip 23.0.1)
Build
gh-102306: [3.8] Avoid GHA CI macOS test_posix failure by using the appropriate \
macOS SDK.
Windows
gh-100180: Update Windows installer to OpenSSL 1.1.1s
macOS
gh-103142: Update macOS installer to use OpenSSL 1.1.1u.
Files: