Path to this page:
Subject: CVS commit: pkgsrc/lang/python311
From: Adam Ciarcinski
Date: 2023-06-07 15:28:49
Message id: 20230607132849.DAC48FA89@cvs.NetBSD.org
Log Message:
python311: updated to 3.11.4
Python 3.11.4
Security
gh-103142: The version of OpenSSL used in our binary builds has been upgraded to \
1.1.1u to address several CVEs.
gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory \
traversal based on the input if no out_file was specified.
gh-104049: Do not expose the local on-disk location in directory indexes \
produced by http.client.SimpleHTTPRequestHandler.
gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space \
characters following the specification for URLs defined by WHATWG in response to \
CVE-2023-24329. Patch by Illia Volochii.
Core and Builtins
gh-105164: Ensure annotations are set up correctly if the only annotation in a \
block is within a match block. Patch by Jelle Zijlstra.
gh-104615: Fix wrong ordering of assignments in code like a, a = x, y. \
Contributed by Carl Meyer.
gh-104482: Fix three error handling bugs in ast.c’s validation of pattern \
matching statements.
gh-102818: Do not add a frame to the traceback in the sys.setprofile and \
sys.settrace trampoline functions. This ensures that frames are not duplicated \
if an exception is raised in the callback function, and ensures that frames are \
not omitted if a C callback is used and that does not add the frame.
gh-104405: Fix an issue where some bytecode instructions could ignore PEP 523 \
when “inlining” calls.
gh-104018: Disallow the “z” format specifier in %-format of bytes objects.
gh-103971: Fix an issue where incorrect locations numbers could be assigned to \
code following case blocks.
gh-102310: Change the error range for invalid bytes literals.
gh-103590: Do not wrap a single exception raised from a try-except* construct in \
an ExceptionGroup.
gh-101517: Fix bug in line numbers of instructions emitted for except*.
gh-103242: Migrate set_ecdh_curve() method not to use deprecated OpenSSL APIs. \
Patch by Dong-hee Na.
gh-102700: Allow built-in modules to be submodules. This allows submodules to be \
statically linked into a CPython binary.
gh-101857: Fix xattr support detection on Linux systems by widening the check to \
linux, not just glibc. This fixes support for musl.
gh-99184: Bypass instance attribute access of __name__ in repr of weakref.ref.
gh-96670: The parser now raises SyntaxError when parsing source code containing \
null bytes. Backported from aab01e3. Patch by Pablo Galindo
bpo-31821: Fix pause_reading() to work when called from connection_made() in asyncio.
Library
gh-105080: Fixed inconsistent signature on derived classes for inspect.signature()
gh-104874: Document the __name__ and __supertype__ attributes of typing.NewType. \
Patch by Jelle Zijlstra.
gh-104340: When an asyncio pipe protocol loses its connection due to an error, \
and the caller doesn’t await wait_closed() on the corresponding StreamWriter, \
don’t log a warning about an exception that was never retrieved. After all, \
according to the StreamWriter.close() docs, the wait_closed() call is optional \
(“not mandatory”).
gh-104372: Refactored the _posixsubprocess internals to avoid Python C API usage \
between fork and exec when marking pass_fds= file descriptors inheritable.
gh-75367: Fix data descriptor detection in inspect.getattr_static().
gh-104536: Fix a race condition in the internal multiprocessing.process cleanup \
logic that could manifest as an unintended AttributeError when calling \
process.close().
gh-104399: Prepare the _tkinter module for building with Tcl 9.0 and future \
libtommath by replacing usage of deprecated functions mp_to_unsigned_bin_n() and \
mp_unsigned_bin_size() when necessary.
gh-104307: socket.getnameinfo() now releases the GIL while contacting the DNS server
gh-87695: Fix issue where pathlib.Path.glob() raised OSError when it encountered \
a symlink to an overly long path.
gh-104265: Prevent possible crash by disallowing instantiation of the \
_csv.Reader and _csv.Writer types. The regression was introduced in 3.10.0a4 \
with PR 23224 (bpo-14935). Patch by Radislav Chugunov.
gh-104035: Do not ignore user-defined __getstate__ and __setstate__ methods for \
slotted frozen dataclasses.
gh-103987: In mmap, fix several bugs that could lead to access to memory-mapped \
files after they have been invalidated.
gh-103935: Use io.open_code() for files to be executed instead of raw open()
gh-100370: Fix potential OverflowError in sqlite3.Connection.blobopen() for \
32-bit builds. Patch by Erlend E. Aasland.
gh-103848: Add checks to ensure that [ bracketed ] hosts found by \
urllib.parse.urlsplit() are of IPv6 or IPvFuture format.
gh-103872: Update the bundled copy of pip to version 23.1.2.
gh-103861: Fix zipfile.Zipfile creating invalid zip files when force_zip64 was \
used to add files to them. Patch by Carey Metcalfe.
gh-103685: Prepare tkinter.Menu.index() for Tk 8.7 so that it does not raise \
TclError: expected integer but got "" when it should return None.
gh-81403: urllib.request.CacheFTPHandler no longer raises URLError if a cached \
FTP instance is reused. ftplib’s endtransfer method calls voidresp to drain \
the connection to handle FTP instance reuse properly.
gh-103578: Fixed a bug where pdb crashes when reading source file with different \
encoding by replacing io.open() with io.open_code(). The new method would also \
call into the hook set by PyFile_SetOpenCodeHook().
gh-103556: Now creating inspect.Signature objects with positional-only parameter \
with a default followed by a positional-or-keyword parameter without one is \
impossible.
gh-103559: Update the bundled copy of pip to version 23.1.1.
gh-103365: Set default Flag boundary to STRICT and fix bitwise operations.
gh-103472: Avoid a potential ResourceWarning in http.client.HTTPConnection by \
closing the proxy / tunnel’s CONNECT response explicitly.
gh-103449: Fix a bug in doc string generation in dataclasses.dataclass().
gh-103256: Fixed a bug that caused hmac to raise an exception when the requested \
hash algorithm was not available in OpenSSL despite being available separately \
as part of hashlib itself. It now falls back properly to the built-in. This \
could happen when, for example, your OpenSSL does not include SHA3 support and \
you want to compute hmac.digest(b'K', b'M', 'sha3_256').
gh-103225: Fix a bug in pdb when displaying line numbers of module-level source code.
gh-93910: Remove deprecation of enum memmber.member access.
gh-102978: Fixes unittest.mock.patch() not enforcing function signatures for \
methods decorated with @classmethod or @staticmethod when patch is called with \
autospec=True.
gh-103204: Fixes http.server accepting HTTP requests with HTTP version numbers \
preceded by ‘+’, or ‘-’, or with digit-separating ‘_’ characters. \
The length of the version numbers is also constrained.
gh-102953: The extraction methods in tarfile, and shutil.unpack_archive(), have \
a new a filter argument that allows limiting tar features than may be surprising \
or dangerous, such as creating files outside the destination directory. See \
Extraction filters for details.
gh-101640: argparse.ArgumentParser now catches errors when writing messages, \
such as when sys.stderr is None. Patch by Oleg Iarygin.
gh-96522: Fix potential deadlock in pty.spawn()
gh-87474: Fix potential file descriptor leaks in subprocess.Popen.
Documentation
gh-89455: Add missing documentation for the max_group_depth and max_group_width \
parameters and the exceptions attribute of the traceback.TracebackException \
class.
gh-89412: Add missing documentation for the end_lineno and end_offset attributes \
of the traceback.TracebackException class.
gh-104943: Remove mentions of old Python versions in typing.NamedTuple.
gh-67056: Document that the effect of registering or unregistering an atexit \
cleanup function from within a registered cleanup function is undefined.
gh-48241: Clarifying documentation about the url parameter to \
urllib.request.urlopen and urllib.request.Requst needing to be encoded properly.
Tests
gh-104494: Update test_pack_configure_in and test_place_configure_in for changes \
to error message formatting in Tk 8.7.
gh-104461: Run test_configure_screen on X11 only, since the DISPLAY environment \
variable and -screen option for toplevels are not useful on Tk for Win32 or \
Aqua.
gh-103329: Regression tests for the behaviour of unittest.mock.PropertyMock were \
added.
gh-85984: Utilize new “winsize” functions from termios in pty tests.
gh-75729: Fix the os.spawn* tests failing on Windows when the working directory \
or interpreter path contains spaces.
Build
gh-90005: Fix a regression in configure where we could end up unintentionally \
linking with libbsd.
gh-104106: Add gcc fallback of mkfifoat/mknodat for macOS. Patch by Dong-hee Na.
gh-99069: Extended workaround defining static_assert when missing from the libc \
headers to all clang and gcc builds. In particular, this fixes building on macOS \
<= 10.10.
Windows
gh-105146: Updated the links at the end of the installer to point to Discourse \
rather than the mailing lists.
gh-104623: Update Windows installer to use SQLite 3.42.0.
gh-102997: Update Windows installer to use SQLite 3.41.2.
gh-88013: Fixed a bug where TypeError was raised when calling ntpath.realpath() \
with a bytes parameter in some cases.
macOS
gh-103142: Update macOS installer to use OpenSSL 1.1.1u.
gh-104623: Update macOS installer to SQLite 3.42.0.
gh-102997: Update macOS installer to SQLite 3.41.2.
IDLE
gh-104719: Remove IDLE’s modification of tokenize.tabsize and test other uses \
of tokenize data and methods.
gh-104499: Fix completions for Tk Aqua 8.7 (currently blank).
gh-104496: About prints both tcl and tk versions if different (expected someday).
gh-88496: Fix IDLE test hang on macOS.
Files: