./lang/python39, Interpreted, interactive, object-oriented programming language

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.9.15, Package name: python39-3.9.15, Maintainer: pkgsrc-users

Python is an interpreted, interactive, object-oriented
programming language that combines remarkable power with
very clear syntax. For an introduction to programming in
Python you are referred to the Python Tutorial. The
Python Library Reference documents built-in and standard
types, constants, functions and modules. Finally, the
Python Reference Manual describes the syntax and semantics
of the core language in (perhaps too) much detail.

Python's basic power can be extended with your own modules
written in C or C++. On most systems such modules may be
dynamically loaded. Python is also adaptable as an exten-
sion language for existing applications. See the internal
documentation for hints.

This package provides Python version 3.9.x.



Package options: x11

Master sites:

Filesize: 19250.203 KB

Version history: (Expand)


CVS history: (Expand)


   2022-10-12 10:37:14 by Adam Ciarcinski | Files touched by this commit (4) | Package updated
Log message:
python39 py39-html-docs: updated to 3.9.15

Python 3.9.15

Security

gh-97616: Fix multiplying a list by an integer (list *= int): detect the integer \ 
overflow when the new allocated length is close to the maximum size. Issue \ 
reported by Jordan Limor. Patch by Victor Stinner.
gh-97612: Fix a shell code injection vulnerability in the \ 
get-remote-certificate.py example script. The script no longer uses a shell to \ 
run openssl commands. Issue reported and initial fix by Caleb Shortt. Patch by \ 
Victor Stinner.
Core and Builtins
gh-96848: Fix command line parsing: reject -X int_max_str_digits option with no \ 
value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a \ 
valid limit. Patch by Victor Stinner.
gh-95778: When ValueError is raised if an integer is larger than the limit, \ 
mention the sys.set_int_max_str_digits() function in the error message. Patch by \ 
Victor Stinner.

Library

gh-97005: Update bundled libexpat to 2.4.9

Windows

gh-96577: Fixes a potential buffer overrun in msilib.

macOS

gh-97897: The macOS 13 SDK includes support for the mkfifoat and mknodat system \ 
calls. Using the dir_fd option with either os.mkfifo() or os.mknod() could \ 
result in a segfault if cpython is built with the macOS 13 SDK but run on an \ 
earlier version of macOS. Prevent this by adding runtime support for detection \ 
of these system calls (“weaklinking”) as is done for other newer syscalls on \ 
macOS.
   2022-09-07 17:33:20 by Adam Ciarcinski | Files touched by this commit (6) | Package updated
Log message:
python39 py39-html-docs: updated to 3.9.14

Python 3.9.14

Security
gh-95778: Converting between int and str in bases other than 2 (binary), 4, 8 \ 
(octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a \ 
ValueError if the number of digits in string form is above a limit to avoid \ 
potential denial of service attacks due to the algorithmic complexity. This is a \ 
mitigation for CVE-2020-10735.

This new limit can be configured or disabled by environment variable, command \ 
line flag, or sys APIs. See the integer string conversion length limitation \ 
documentation. The default limit is 4300 digits in string form.

Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback \ 
from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and Mark Dickinson.
gh-87389: http.server: Fix an open redirection vulnerability in the HTTP server \ 
when an URI path starts with //. Vulnerability discovered, and initial fix \ 
proposed, by Hamza Avvan.

Core and Builtins
gh-93065: Fix contextvars HAMT implementation to handle iteration over deep trees.

The bug was discovered and fixed by Eli Libman. See MagicStack/immutables#84 for \ 
more details.

Library
gh-94821: Fix binding of unix socket to empty address on Linux to use an \ 
available address from the abstract namespace, instead of “0”.
gh-91810: Suppress writing an XML declaration in open files in \ 
ElementTree.write() with encoding='unicode' and xml_declaration=None.
bpo-45393: Fix the formatting for await x and not x in the operator precedence \ 
table when using the help() system.
bpo-46197: Fix ensurepip environment isolation for subprocess running pip.

Tests
gh-95280: Fix problem with test_ssl test_get_ciphers on systems that require \ 
perfect forward secrecy (PFS) ciphers.
gh-94208: test_ssl is now checking for supported TLS version and protocols in \ 
more tests.
bpo-47016: Create a GitHub Actions workflow for verifying bundled pip and \ 
setuptools. Patch by Illia Volochii and Adam Turner.
   2022-07-07 17:26:43 by Pierre Pronchery | Files touched by this commit (4)
Log message:
python{39,310}: fix the build when the work directory is in $PREFIX

As documented in pkg/56774, when WRKOBJDIR is in LOCALBASE (eg set to
${LOCALBASE}/work) then changes done to Python's setup.py made it
unable to locate its own built-in modules, then failing to bootstrap and
build.

As suggested by tnn@; tested on NetBSD/amd64.

XXX pull-up to pkgsrc-2022Q2
   2022-06-30 13:19:02 by Nia Alarie | Files touched by this commit (524)
Log message:
*: Revbump packages that use Python at runtime without a PKGNAME prefix
   2022-05-18 10:07:32 by Adam Ciarcinski | Files touched by this commit (5) | Package updated
Log message:
python39 py39-html-docs: updated to 3.9.13

Python 3.9.13

Core and Builtins

gh-92311: Fixed a bug where setting frame.f_lineno to jump over a list \ 
comprehension could misbehave or crash.
gh-92112: Fix crash triggered by an evil custom mro() on a metaclass.
gh-92036: Fix a crash in subinterpreters related to the garbage collector. When \ 
a subinterpreter is deleted, untrack all objects tracked by its GC. To prevent a \ 
crash in deallocator functions expecting objects to be tracked by the GC, leak a \ 
strong reference to these objects on purpose, so they are never deleted and \ 
their deallocator functions are not called. Patch by Victor Stinner.
gh-91421: Fix a potential integer overflow in _Py_DecodeUTF8Ex.
bpo-46775: Some Windows system error codes(>= 10000) are now mapped into the \ 
correct errno and may now raise a subclass of OSError. Patch by Dong-hee Na.
bpo-46962: Classes and functions that unconditionally declared their docstrings \ 
ignoring the --without-doc-strings compilation flag no longer do so.

The classes affected are pickle.PickleBuffer, testcapi.RecursingInfinitelyError, \ 
and types.GenericAlias.

The functions affected are 24 methods in ctypes.

Patch by Oleg Iarygin.
bpo-36819: Fix crashes in built-in encoders with error handlers that return \ 
position less or equal than the starting position of non-encodable characters.

Library

gh-91581: utcfromtimestamp() no longer attempts to resolve fold in the pure \ 
Python implementation, since the fold is never 1 in UTC. In addition to being \ 
slightly faster in the common case, this also prevents some errors when the \ 
timestamp is close to datetime.min. Patch by Paul Ganssle.
gh-92530: Fix an issue that occurred after interrupting threading.Condition.notify().
gh-92049: Forbid pickling constants re._constants.SUCCESS etc. Previously, \ 
pickling did not fail, but the result could not be unpickled.
bpo-47029: Always close the read end of the pipe used by multiprocessing.Queue \ 
after the last write of buffered data to the write end of the pipe to avoid \ 
BrokenPipeError at garbage collection and at multiprocessing.Queue.close() \ 
calls. Patch by Géry Ogam.
gh-91910: Add missing f prefix to f-strings in error messages from the \ 
multiprocessing and asyncio modules.
gh-91810: ElementTree method write() and function tostring() now use the text \ 
file’s encoding (“UTF-8” if not available) instead of locale encoding in \ 
XML declaration when encoding="unicode" is specified.
gh-91832: Add required attribute to argparse.Action repr output.
gh-91734: Fix OSS audio support on Solaris.
gh-91700: Compilation of regular expression containing a conditional expression \ 
(?(group)...) now raises an appropriate re.error if the group number refers to \ 
not defined group. Previously an internal RuntimeError was raised.
gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown the per test event \ 
loop executor before returning from its run method so that a not yet stopped or \ 
garbage collected executor state does not persist beyond the test.
gh-90568: Parsing \N escapes of Unicode Named Character Sequences in a regular \ 
expression raises now re.error instead of TypeError.
gh-91595: Fix the comparison of character and integer inside \ 
Tools.gdb.libpython.write_repr(). Patch by Yu Liu.
gh-90622: Worker processes for concurrent.futures.ProcessPoolExecutor are no \ 
longer spawned on demand (a feature added in 3.9) when the multiprocessing \ 
context start method is "fork" as that can lead to deadlocks in the \ 
child processes due to a fork happening while threads are running.
gh-91575: Update case-insensitive matching in the re module to the latest \ 
Unicode version.
gh-91581: Remove an unhandled error case in the C implementation of calls to \ 
datetime.fromtimestamp with no time zone (i.e. getting a local time from an \ 
epoch timestamp). This should have no user-facing effect other than giving a \ 
possibly more accurate error message when called with timestamps that fall on \ 
10000-01-01 in the local time. Patch by Paul Ganssle.
bpo-34480: Fix a bug where _markupbase raised an UnboundLocalError when an \ 
invalid keyword was found in marked section. Patch by Marek Suscak.
bpo-27929: Fix asyncio.loop.sock_connect() to only resolve names for \ 
socket.AF_INET or socket.AF_INET6 families. Resolution may not make sense for \ 
other families, like socket.AF_BLUETOOTH and socket.AF_UNIX.
bpo-43323: Fix errors in the email module if the charset itself contains \ 
undecodable/unencodable characters.
bpo-46787: Fix concurrent.futures.ProcessPoolExecutor exception memory leak
bpo-46415: Fix ipaddress.ip_{address,interface,network} raising TypeError \ 
instead of ValueError if given invalid tuple as address parameter.
bpo-44911: IsolatedAsyncioTestCase will no longer throw an exception while \ 
cancelling leaked tasks. Patch by Bar Harel.
bpo-44493: Add missing terminated NUL in sockaddr_un’s length

This was potentially observable when using non-abstract AF_UNIX datagram sockets \ 
to processes written in another programming language.
bpo-42627: Fix incorrect parsing of Windows registry proxy settings
bpo-36073: Raise ProgrammingError instead of segfaulting on recursive usage of \ 
cursors in sqlite3 converters. Patch by Sergey Fedoseev.

Documentation

gh-91888: Add a new gh role to the documentation to link to GitHub issues.
gh-91783: Document security issues concerning the use of the function \ 
shutil.unpack_archive()
gh-91547: Remove “Undocumented modules” page.
bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of shutil.copytree().
bpo-38668: Update the introduction to documentation for os.path to remove \ 
warnings that became irrelevant after the implementations of PEP 383 and PEP \ 
529.
bpo-47138: Pin Jinja to a version compatible with Sphinx version 2.4.4.
bpo-46962: All docstrings in code snippets are now wrapped into PyDoc_STR() to \ 
follow the guideline of PEP 7’s Documentation Strings paragraph. Patch by Oleg \ 
Iarygin.
bpo-26792: Improve the docstrings of runpy.run_module() and runpy.run_path(). \ 
Original patch by Andrew Brezovsky.
bpo-45790: Adjust inaccurate phrasing in Defining Extension Types: Tutorial \ 
about the ob_base field and the macros used to access its contents.
bpo-42340: Document that in some circumstances KeyboardInterrupt may cause the \ 
code to enter an inconsistent state. Provided a sample workaround to avoid it if \ 
needed.
bpo-41233: Link the errnos referenced in Doc/library/exceptions.rst to their \ 
respective section in Doc/library/errno.rst, and vice versa. Previously this was \ 
only done for EINTR and InterruptedError. Patch by Yan “yyyyyyyan” Orestes.
bpo-38056: Overhaul the Error Handlers documentation in codecs.
bpo-13553: Document tkinter.Tk args.

Tests

gh-91607: Fix test_concurrent_futures to test the correct multiprocessing start \ 
method context in several cases where the test logic mixed this up.
bpo-47205: Skip test for sched_getaffinity() and sched_setaffinity() error case \ 
on FreeBSD.
bpo-29890: Add tests for ipaddress.IPv4Interface and ipaddress.IPv6Interface \ 
construction with tuple arguments. Original patch and tests by louisom.

Build

bpo-47103: Windows PGInstrument builds now copy a required DLL into the output \ 
directory, making it easier to run the profile stage of a PGO build.

Windows

bpo-47194: Update zlib to v1.2.12 to resolve CVE-2018-25032.
bpo-46785: Fix race condition between os.stat() and unlinking a file on Windows, \ 
by using errors codes returned by FindFirstFileW() when appropriate in \ 
win32_xstat_impl.
bpo-40859: Update Windows build to use xz-5.2.5

Tools/Demos

gh-91583: Fix regression in the code generated by Argument Clinic for functions \ 
with the defining_class parameter.
   2022-04-22 16:25:35 by Sijmen J. Mulder | Files touched by this commit (2)
Log message:
lang/python39: Fix build on OpenBSD
   2022-04-03 12:51:19 by Taylor R Campbell | Files touched by this commit (4)
Log message:
lang/python39: Make it cross-compile.
   2022-03-25 18:54:37 by Adam Ciarcinski | Files touched by this commit (5) | Package updated
Log message:
python39 py39-html-docs: updated to 3.9.12

Python 3.9.12 final

Core and Builtins

bpo-46968: Check for the existence of the “sys/auxv.h” header in \ 
faulthandler to avoid compilation problems in systems where this header \ 
doesn’t exist. Patch by Pablo Galindo

Library

bpo-47101: hashlib.algorithms_available now lists only algorithms that are \ 
provided by activated crypto providers on OpenSSL 3.0. Legacy algorithms are not \ 
listed unless the legacy provider has been loaded into the default OSSL context.
bpo-23691: Protect the re.finditer() iterator from re-entering.
bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to avoid a \ 
“zipfile.BadZipFile: Bad CRC-32 for file” exception when reading a ZipFile \ 
from multiple threads.
bpo-38256: Fix binascii.crc32() when it is compiled to use zlib’c crc32 to \ 
work properly on inputs 4+GiB in length instead of returning the wrong result. \ 
The workaround prior to this was to always feed the function data in increments \ 
smaller than 4GiB or to just call the zlib module function.
bpo-39394: A warning about inline flags not at the start of the regular \ 
expression now contains the position of the flag.
bpo-47061: Deprecate the various modules listed by PEP 594:
aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, imghdr, msilib, \ 
nntplib, nis, ossaudiodev, pipes, smtpd, sndhdr, spwd, sunau, telnetlib, uu, \ 
xdrlib
bpo-2604: Fix bug where doctests using globals would fail when run multiple times.
bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order.
bpo-47022: The asynchat, asyncore and smtpd modules have been deprecated since \ 
at least Python 3.6. Their documentation has now been updated to note they will \ 
removed in Python 3.12 (PEP 594).
bpo-46421: Fix a unittest issue where if the command was invoked as python -m \ 
unittest and the filename(s) began with a dot (.), a ValueError is returned.
bpo-40296: Fix supporting generic aliases in pydoc.
bpo-14156: argparse.FileType now supports an argument of ‘-’ in binary mode, \ 
returning the .buffer attribute of sys.stdin/sys.stdout as appropriate. Modes \ 
including ‘x’ and ‘a’ are treated equivalently to ‘w’ when argument \ 
is ‘-’. Patch contributed by Josh Rosenberg