./lang/python37, Interpreted, interactive, object-oriented programming language

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 3.7.11, Package name: python37-3.7.11, Maintainer: pkgsrc-users

Python is an interpreted, interactive, object-oriented
programming language that combines remarkable power with
very clear syntax. For an introduction to programming in
Python you are referred to the Python Tutorial. The
Python Library Reference documents built-in and standard
types, constants, functions and modules. Finally, the
Python Reference Manual describes the syntax and semantics
of the core language in (perhaps too) much detail.

Python's basic power can be extended with your own modules
written in C or C++. On most systems such modules may be
dynamically loaded. Python is also adaptable as an exten-
sion language for existing applications. See the internal
documentation for hints.

This package provides Python version 3.7.x.

Required to run:
[security/openssl] [devel/libffi] [devel/libuuid]

Required to build:
[devel/readline] [pkgtools/cwrappers]

Package options: x11

Master sites:

SHA1: 671e3fed4f3bb5a6663da0ae6691f0f8e9399427
RMD160: ceead7d7eae26ad67e88e8841d454cbd5b839590
Filesize: 16985.723 KB

Version history: (Expand)

CVS history: (Expand)

   2021-06-29 14:39:10 by Adam Ciarcinski | Files touched by this commit (4) | Package updated
Log message:
python37: updated to 3.7.11

Python 3.7.11 final


bpo-44022: mod:http.client now avoids infinitely reading potential HTTP headers \ 
after a 100 Continue status response from the server.
bpo-43882: The presence of newline or tab characters in parts of a URL could \ 
allow some forms of attacks.

Following the controlling specification for URLs defined by WHATWG \ 
urllib.parse() now removes ASCII newlines and tabs from URLs, preventing such \ 
bpo-42988: CVE-2021-3426: Remove the getfile feature of the pydoc module which \ 
could be abused to read arbitrary files on the disk (directory traversal \ 
vulnerability). Moreover, even source code of Python modules can contain \ 
sensitive data like passwords. Vulnerability reported by David Schwörer.
bpo-43285: ftplib no longer trusts the IP address value returned from the server \ 
in response to the PASV command by default. This prevents a malicious FTP server \ 
from using the response to probe IPv4 address and port combinations on the \ 
client network.

Code that requires the former vulnerable behavior may set a \ 
trust_server_pasv_ipv4_address attribute on their ftplib.FTP instances to True \ 
to re-enable it.
bpo-43075: Fix Regular Expression Denial of Service (ReDoS) vulnerability in \ 
urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has \ 
quadratic worst-case complexity and it allows cause a denial of service when \ 
identifying crafted invalid RFCs. This ReDoS issue is on the client side and \ 
needs remote attackers to control the HTTP server.

Core and Builtins

bpo-43660: Fix crash that happens when replacing sys.stderr with a callable that \ 
can remove the object while an exception is being printed. Patch by Pablo \ 


bpo-41561: Add workaround for Ubuntu’s custom OpenSSL security level policy.
   2021-02-16 20:40:34 by Adam Ciarcinski | Files touched by this commit (5) | Package updated
Log message:
python37 py37-html-docs: updated to 3.7.10

Python 3.7.10

bpo-42967: Fix web cache poisoning vulnerability by defaulting the query args \ 
separator to &, and allowing the user to choose a custom separator.
bpo-42938: Avoid static buffers when computing the repr of ctypes.c_double and \ 
ctypes.c_longdouble values.
bpo-42103: Prevented potential DoS attack via CPU and RAM exhaustion when \ 
processing malformed Apple Property List files in binary format.
bpo-42051: The plistlib module no longer accepts entity declarations in XML \ 
plist files to avoid XML vulnerabilities. This should not affect users as entity \ 
declarations are not used in regular plist files.
bpo-40791: Add volatile to the accumulator variable in hmac.compare_digest, \ 
making constant-time-defeating optimizations less likely.

bpo-42103: InvalidFileException and RecursionError are now the only errors \ 
caused by loading malformed binary Plist file (previously ValueError and \ 
TypeError could be raised in some specific cases).
bpo-41976: Fixed a bug that was causing ctypes.util.find_library() to return \ 
None when triying to locate a library in an environment when gcc>=9 is \ 
available and ldconfig is not. Patch by Pablo Galindo

bpo-17140: Add documentation for the multiprocessing.pool.ThreadPool class.

bpo-42794: Update test_nntplib to use offical group name of news.aioe.org for \ 
testing. Patch by Dong-hee Na.
bpo-41944: Tests for CJK codecs no longer call eval() on content received via HTTP.
   2020-12-07 14:14:39 by Nia Alarie | Files touched by this commit (5)
Log message:
python*: Revert shm_open workaround now it's fixed in mksandbox
   2020-12-06 12:35:32 by Nia Alarie | Files touched by this commit (5)
Log message:
python*: Disable runtime configure test on sem_getvalue behaviour

Like the other test, because /dev/shm isn't available in the build
environment doesn't mean it won't be available on the destination
machine for the packages.
   2020-12-06 12:11:32 by Nia Alarie | Files touched by this commit (5)
Log message:
python*: Avoid configure test for POSIX semaphores on Linux.

This attempts to build and run a program that uses POSIX semaphores.

This fails in a pbulk sandbox that doesn't contain /dev/shm, resulting
in a broken package where the idea that the platform doesn't support
POSIX semaphores is baked in forever. In newer Python versions,
this means Python doesn't even build properly.

XXX: We might want to avoid it on other platforms too...
   2020-11-19 17:29:43 by Benny Siegert | Files touched by this commit (7)
Log message:
python3{7,8,9}: build fix when include files have invalid UTF-8

I happen to have include/gts.h installed, which includes an accented
ISO-8859-1 character in its copyright message. This trips up the configuration
of Python in pkgsrc.

Ignore files with invalid unicode characters.

Also regenerate one other patch. No revision bump since the result is the same.
   2020-11-18 12:03:31 by Sijmen J. Mulder | Files touched by this commit (3)
Log message:
lang/python37: Fix on CentOS 7

Same as lang/python38 fix just now:

Move __has_attribute() inside #if defined(__has_attribute) body so the
preprocessor doesn't break on that.
   2020-11-17 20:33:26 by Sijmen J. Mulder | Files touched by this commit (25)
Log message:
lang/python37: Fix for macOS 11 and Apple Silicon

(Apple Silicon being their aarch64 platform.)

This is backport of the same in lang/python39 and lang/python38. Some
parts weren't applicable in 3.7. The setup.py script needed some work
on the ffi code. Otherwise, minor changes.

Patches consist of:
 - Upstream work: https://github.com/python/cpython/pull/22855
 - Fix for setup.py to find libbz2.tbd and libz.tbd now that with the
   shared library cache there's nothing in /usr/lib.
   See: https://bugs.python.org/issue41116
 - Addition of __arch64__ case to fix _decimal module. A very similar fix
   has since been committed upstream.