./lang/python38, Interpreted, interactive, object-oriented programming language

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.8.15, Package name: python38-3.8.15, Maintainer: pkgsrc-users

Python is an interpreted, interactive, object-oriented
programming language that combines remarkable power with
very clear syntax. For an introduction to programming in
Python you are referred to the Python Tutorial. The
Python Library Reference documents built-in and standard
types, constants, functions and modules. Finally, the
Python Reference Manual describes the syntax and semantics
of the core language in (perhaps too) much detail.

Python's basic power can be extended with your own modules
written in C or C++. On most systems such modules may be
dynamically loaded. Python is also adaptable as an exten-
sion language for existing applications. See the internal
documentation for hints.

This package provides Python version 3.8.x.


Required to run:
[security/openssl] [devel/libffi] [devel/libuuid]

Required to build:
[devel/readline] [pkgtools/cwrappers]

Package options: x11

Master sites:

Filesize: 18592.195 KB

Version history: (Expand)


CVS history: (Expand)


   2022-10-12 10:37:53 by Adam Ciarcinski | Files touched by this commit (4) | Package updated
Log message:
python38 py38-html-docs: updated to 3.8.15

Python 3.8.15

Security

gh-97616: Fix multiplying a list by an integer (list *= int): detect the integer \ 
overflow when the new allocated length is close to the maximum size. Issue \ 
reported by Jordan Limor. Patch by Victor Stinner.
gh-97612: Fix a shell code injection vulnerability in the \ 
get-remote-certificate.py example script. The script no longer uses a shell to \ 
run openssl commands. Issue reported and initial fix by Caleb Shortt. Patch by \ 
Victor Stinner.

Core and Builtins

gh-96848: Fix command line parsing: reject -X int_max_str_digits option with no \ 
value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a \ 
valid limit. Patch by Victor Stinner.
gh-95778: When ValueError is raised if an integer is larger than the limit, \ 
mention the sys.set_int_max_str_digits() function in the error message. Patch by \ 
Victor Stinner.

Library

gh-97005: Update bundled libexpat to 2.4.9

Windows

gh-96577: Fixes a potential buffer overrun in msilib.
   2022-09-07 17:32:34 by Adam Ciarcinski | Files touched by this commit (5) | Package updated
Log message:
python38 py38-html-docs: updated to 3.8.14

Python 3.8.14

Security
gh-95778: Converting between int and str in bases other than 2 (binary), 4, 8 \ 
(octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a \ 
ValueError if the number of digits in string form is above a limit to avoid \ 
potential denial of service attacks due to the algorithmic complexity. This is a \ 
mitigation for CVE-2020-10735.

This new limit can be configured or disabled by environment variable, command \ 
line flag, or sys APIs. See the integer string conversion length limitation \ 
documentation. The default limit is 4300 digits in string form.

Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback \ 
from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and Mark Dickinson.
gh-87389: http.server: Fix an open redirection vulnerability in the HTTP server \ 
when an URI path starts with //. Vulnerability discovered, and initial fix \ 
proposed, by Hamza Avvan.

Core and Builtins
gh-93065: Fix contextvars HAMT implementation to handle iteration over deep trees.

The bug was discovered and fixed by Eli Libman. See MagicStack/immutables#84 for \ 
more details.

Library
bpo-46197: Fix ensurepip environment isolation for subprocess running pip.
bpo-36073: Raise ProgrammingError instead of segfaulting on recursive usage of \ 
cursors in sqlite3 converters. Patch by Sergey Fedoseev.

Documentation
gh-91888: Add a new gh role to the documentation to link to GitHub issues.
bpo-47138: Pin Jinja to a version compatible with Sphinx version 2.4.4.

Tests
gh-94208: test_ssl is now checking for supported TLS version and protocols in \ 
more tests.
bpo-47016: Create a GitHub Actions workflow for verifying bundled pip and \ 
setuptools. Patch by Illia Volochii and Adam Turner.
bpo-46114: Fix test case for OpenSSL 3.0.1 version. OpenSSL 3.0 uses 0xMNN00PP0L.

Windows
bpo-47194: Update zlib to v1.2.12 to resolve CVE-2018-25032.
   2022-03-19 19:56:44 by Adam Ciarcinski | Files touched by this commit (7) | Package updated
Log message:
python38 py38-html-docs: updated to 3.8.13

Python 3.8.13 final

Core and Builtins

bpo-46794: Bump up the libexpat version into 2.4.6
Library
bpo-46985: Upgrade pip wheel bundled with ensurepip (pip 22.0.4)
bpo-46932: Update bundled libexpat to 2.4.7
bpo-46811: Make test suite support Expat >=2.4.5
bpo-46784: Fix libexpat symbols collisions with user dynamically loaded or \ 
statically linked libexpat in embedded Python.
bpo-46756: Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and \ 
urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which allowed to \ 
bypass authorization. For example, access to URI example.org/foobar was allowed \ 
if the user was authorized for URI example.org/foo.
bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4
bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid potential REDoS by \ 
limiting ambiguity in consecutive whitespace.
bpo-44849: Fix the os.set_inheritable() function on FreeBSD 14 for file \ 
descriptor opened with the O_PATH flag: ignore the EBADF error on ioctl(), \ 
fallback on the fcntl() implementation. Patch by Victor Stinner.

Documentation

bpo-41028: Language and version switchers, previously maintained in every \ 
cpython branches, are now handled by docsbuild-script.

Tests

bpo-45195: Fix test_readline.test_nonascii(): sometimes, the newline character \ 
is not written at the end, so don’t expect it in the output. Patch by Victor \ 
Stinner.
bpo-44949: Fix auto history tests of test_readline: sometimes, the newline \ 
character is not written at the end, so don’t expect it in the output.

Build

bpo-47024: Update Windows builds and macOS installer build to use OpenSSL 1.1.1n.
bpo-45405: Prevent internal configure error when running configure with recent \ 
versions of clang. Patch by David Bohman.
bpo-45220: Avoid building with the Windows 11 SDK previews automatically. This \ 
may be overridden by setting the DefaultWindowsSDKVersion environment variable \ 
before building.

Windows

bpo-44549: Update bzip2 to 1.0.8 in Windows builds to mitigate CVE-2016-3189 and \ 
CVE-2019-12900
bpo-46948: Prevent CVE-2022-26488 by ensuring the Add to PATH option in the \ 
Windows installer uses the correct path when being repaired.

macOS

bpo-44828: Avoid tkinter file dialog failure on macOS 12 Monterey when using the \ 
Tk 8.6.11 provided by python.org macOS installers. Patch by Marc Culler of the \ 
Tk project.
   2022-01-27 22:33:42 by Amitai Schleier | Files touched by this commit (4)
Log message:
According to the noted issue, the compiler to avoid is llvm-gcc-4.2,
which means 11.x and 12.x according to mk/platform/Darwin.mk. On 10.x
(i386 Snow Leopard Server, at least), no problem with the system gcc.
Adjust the scope of the workaround to match.
   2022-01-25 13:16:54 by Jonathan Perkin | Files touched by this commit (4)
Log message:
python3*: Switch to CFLAGS, CPPFLAGS is ignored.

Fixes build on SmartOS.
   2022-01-21 11:43:52 by Jonathan Perkin | Files touched by this commit (4)
Log message:
python3*: Add REPLACE_SH, from pekdon via IRC.
   2022-01-20 12:52:28 by Jonathan Perkin | Files touched by this commit (3)
Log message:
python38: Solaris 10 fixes, from pekdon via IRC.
   2022-01-12 09:49:02 by Thomas Klausner | Files touched by this commit (14)
Log message:
python*: remove no-egg support

This was added in the pkgsrc stone age when pkgsrc had no egg support,
and then carried forward up to python 3.10. This ends now.

Bump PKGREVISION.