./lang/python310, Interpreted, interactive, object-oriented programming language

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.10.14nb1, Package name: python310-3.10.14nb1, Maintainer: pkgsrc-users

Python is an interpreted, interactive, object-oriented
programming language that combines remarkable power with
very clear syntax. For an introduction to programming in
Python you are referred to the Python Tutorial. The
Python Library Reference documents built-in and standard
types, constants, functions and modules. Finally, the
Python Reference Manual describes the syntax and semantics
of the core language in (perhaps too) much detail.

Python's basic power can be extended with your own modules
written in C or C++. On most systems such modules may be
dynamically loaded. Python is also adaptable as an exten-
sion language for existing applications. See the internal
documentation for hints.

This package provides Python version 3.10.x.



Package options: x11

Master sites:

Filesize: 19140.809 KB

Version history: (Expand)


CVS history: (Expand)


   2024-03-20 16:42:26 by Adam Ciarcinski | Files touched by this commit (6) | Package updated
Log message:
python310 py310-html-docs: updated to 3.10.14

Python 3.10.14

Security

gh-115398: Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) \ 
by adding five new methods:
xml.etree.ElementTree.XMLParser.flush()
xml.etree.ElementTree.XMLPullParser.flush()
xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
xml.sax.expatreader.ExpatParser.flush()
gh-115399: Update bundled libexpat to 2.6.0
gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() \ 
now correctly lock access to the certificate store, when the ssl.SSLContext is \ 
shared across multiple threads.
gh-113659: Skip .pth files with names starting with a dot or hidden file attribute.

Core and Builtins

gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds

Library

gh-115197: urllib.request no longer resolves the hostname before checking it \ 
against the system’s proxy bypass list on macOS and Windows.
gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.
gh-81194: Fix a crash in socket.if_indextoname() with specific value (UINT_MAX). \ 
Fix an integer overflow in socket.if_indextoname() on 64-bit non-Windows \ 
platforms.
gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now raises \ 
BadZipFile when try to read an entry that overlaps with other entry or central \ 
directory.
gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, which now no longer \ 
dereferences symlinks when working around file system permission errors.

Documentation

gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML \ 
vulnerabilities”.

Windows

gh-111239: Update Windows builds to use zlib v1.3.1.
gh-109991: Windows builds now use OpenSSL 1.1.1w. Note that OpenSSL 1.1 has \ 
reached its end of life and no future fixes will be made, and this version of \ 
Python is no longer receiving maintenance fixes and will not be updated to \ 
OpenSSL 3.0.

Tools/Demos

gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to \ 
use 1.1.1w, 3.0.11, and 3.1.3.
   2024-01-23 07:51:45 by Adam Ciarcinski | Files touched by this commit (6)
Log message:
python39 python310: fix build on Darwin
   2024-01-13 05:24:29 by Taylor R Campbell | Files touched by this commit (8)
Log message:
lang/python3*: Fix cross-build by patching out broken readline crud.

Python's setup.py tries to decide whether readline is available by
running readelf on the path it thinks it can find to libreadline.so.
Since we always use a single static readline/curses choice in Pythin
(readline, not editline, with (fake-)ncurses), just patch all that
buggy detection goo away.

No new maintenance burden because this logic has been ripped out of
Python 3.12 anyway.  Python 3.8 skipped for now because it doesn't
cross-build at the moment anyway -- more work needed to make that
happen (and it's not as easy as Python>=3.9 as I recall).
   2023-11-29 12:02:41 by Jonathan Perkin | Files touched by this commit (6)
Log message:
python: Exclude dependencies for build.

When python bl3 files are included with PYTHON_FOR_BUILD_ONLY=yes, their
DEPMETHOD is set to "build", in which case we do not want to include
indirect dependencies as they will then be tagged as "build" also.  Fixes
potential runtime issues exposed by indirect dependency checks.
   2023-11-23 13:43:35 by Jonathan Perkin | Files touched by this commit (3)
Log message:
python*: Remove -luuid hack on SunOS.

This ends up leaking into the shipped python-config, which wouldn't normally
be a problem, but broken build systems such as waf end up linking against
libraries that are not buildlinked, resulting in missing libuuid references.

If this is still required for builtin libuuid support then that will need to
be done in a different way that doesn't end up in the exported libraries.
   2023-11-10 17:55:32 by Nia Alarie | Files touched by this commit (6)
Log message:
Revert previous
   2023-11-10 13:13:22 by Nia Alarie | Files touched by this commit (5)
Log message:
python: Honour user's choice of readline implementation.
   2023-11-10 10:48:40 by Nia Alarie | Files touched by this commit (10)
Log message:
python39, python310: Fixes for Mac OS X 10.4 via MacPorts.