Navigation:
Browse pkgsrc
(this page)
lang python39
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] 2025-10-08 09:17:10 by Adam Ciarcinski | Files touched by this commit (37) |  |
Log message: python39: removed; end of life |
2025-06-04 16:12:53 by Adam Ciarcinski | Files touched by this commit (5) |  |
Log message: python39 py39-html-docs: updated to 3.9.23 Python 3.9.23 final Security gh-135034: Fixes multiple issues that allowed tarfile extraction filters \ (filter="data" and filter="tar") to be bypassed using \ crafted symlinks and hard links. Addresses CVE 2024-12718, CVE 2025-4138, CVE 2025-4330, and CVE 2025-4517. gh-133767: Fix use-after-free in the “unicode-escape” decoder with a \ non-“strict” error handler. gh-128840: Short-circuit the processing of long IPv6 addresses early in \ ipaddress to prevent excessive memory consumption and a minor denial-of-service. gh-80222: Fix bug in the folding of quoted strings when flattening an email \ message using a modern email policy. Previously when a quoted string was folded \ so that it spanned more than one line, the surrounding quotes and internal \ escapes would be omitted. This could theoretically be used to spoof header lines \ using a carefully constructed quoted string if the resulting rendered email was \ transmitted or re-parsed. Library gh-128840: Fix parsing long IPv6 addresses with embedded IPv4 address. gh-134062: ipaddress: fix collisions in __hash__() for IPv4Network and \ IPv6Network objects. gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output according to RFC \ 3596, §2.5. Patch by Bénédikt Tran. bpo-43633: Improve the textual representation of IPv4-mapped IPv6 addresses (RFC \ 4291 Sections 2.2, 2.5.5.2) in ipaddress. Patch by Oleksandr Pavliuk. bpo-25264: os.path.realpath() now accepts a strict keyword-only argument. When \ set to True, OSError is raised if a path doesn’t exist or a symlink loop is \ encountered. |
| 2025-04-17 23:53:13 by Thomas Klausner | Files touched by this commit (2449) |
Log message: *: recursive bump for icu 77 and libxml2 2.14 |
| 2025-04-09 16:46:06 by Adam Ciarcinski | Files touched by this commit (4) | |
Log message: python39 py39-html-docs: updated to 3.9.22 Python 3.9.22 final Security gh-131809: Update bundled libexpat to 2.7.1 gh-131261: Upgrade to libexpat 2.7.0 gh-105704: When using urllib.parse.urlsplit() and urllib.parse.urlparse() host \ parsing would not reject domain names containing square brackets ([ and ]). \ Square brackets are only valid for IPv6 and IPvFuture hosts according to RFC \ 3986 Section 3.2.2. gh-121284: Fix bug in the folding of rfc2047 encoded-words when flattening an \ email message using a modern email policy. Previously when an encoded-word was \ too long for a line, it would be decoded, split across lines, and re-encoded. \ But commas and other special characters in the original text could be left \ unencoded and unquoted. This could theoretically be used to spoof header lines \ using a carefully constructed encoded-word if the resulting rendered email was \ transmitted or re-parsed. gh-119511: Fix a potential denial of service in the imaplib module. When \ connecting to a malicious server, it could cause an arbitrary amount of memory \ to be allocated. On many systems this is harmless as unused virtual memory is \ only a mapping, but if this hit a virtual address size limit it could lead to a \ MemoryError or other process crash. On unusual systems or builds where all \ allocated memory is touched and backed by actual ram or storage it could’ve \ consumed resources doing so until similarly crashing. Documentation gh-121277: Writers of CPython’s documentation can now use next as the version \ for the versionchanged, versionadded, deprecated directives. |
| 2025-01-07 20:35:09 by Taylor R Campbell | Files touched by this commit (5) |
Log message: lang/python*: No need for :U with USE_CROSS_COMPILE. After including bsd.prefs.mk or bsd.fast.prefs.mk, this is guaranteed to be defined. If it isn't, there's a bug (like misspelling it), which we should flag early rather than quietly suppress. |
| 2025-01-07 20:34:41 by Taylor R Campbell | Files touched by this commit (5) |
Log message: lang/python3*: Use PY_VER_SUFFIX instead of copying & pasting it. Change is limited to cross-builds. No change to generated package; CONFIGURE_ARGS should be unchanged by this. |
| 2024-12-05 08:49:52 by Adam Ciarcinski | Files touched by this commit (5) | |
Log message: python39 py39-html-docs: updated to 3.9.21 Python 3.9.21 Tests gh-125041: Re-enable skipped tests for zlib on the s390x architecture: only skip \ checks of the compressed bytes, which can be different between zlib’s software \ implementation and the hardware-accelerated implementation. gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a longer key: FIPS \ mode requires at least of at least 112 bits. The previous key was only 32 bits. \ Patch by Victor Stinner. gh-100454: Fix SSL tests CI for OpenSSL 3.1+ Security gh-126623: Upgrade libexpat to 2.6.4 gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the \ mapped IPv4 address value for deciding properties. Properties which have their \ behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and \ is_unspecified. Library gh-124651: Properly quote template strings in venv activation scripts. gh-103848: Add checks to ensure that [ bracketed ] hosts found by \ urllib.parse.urlsplit() are of IPv6 or IPvFuture format. Documentation gh-95588: Clarified the conflicting advice given in the ast documentation about \ ast.literal_eval() being “safe” for use on untrusted input while at the same \ time warning that it can crash the process. The latter statement is true and is \ deemed unfixable without a large amount of work unsuitable for a bugfix. So we \ keep the warning and no longer claim that literal_eval is safe. |
| 2024-11-14 23:22:33 by Thomas Klausner | Files touched by this commit (2428) |
Log message: *: recursive bump for icu 76 shlib major version bump |
New packages: