Now
MAIN commitmail json YAML
pkgsrc/lang/py37-html-docs/Makefile@1.17
/
diff
pkgsrc/lang/py37-html-docs/distinfo@1.19 / diff
pkgsrc/lang/python37/PLIST@1.16 / diff
pkgsrc/lang/python37/dist.mk@1.18 / diff
pkgsrc/lang/python37/distinfo@1.36 / diff
pkgsrc/lang/py37-html-docs/distinfo@1.19 / diff
pkgsrc/lang/python37/PLIST@1.16 / diff
pkgsrc/lang/python37/dist.mk@1.18 / diff
pkgsrc/lang/python37/distinfo@1.36 / diff
python37 py37-html-docs: updated to 3.7.17
Python 3.7.17
Security
gh-103142: The version of OpenSSL used in our binary builds has been upgraded to 1.1.1u to address several CVEs.
gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified.
gh-104049: Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler.
gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329. Patch by Illia Volochii.
gh-101727: Updated the OpenSSL version used in Windows and macOS binary release builds to 1.1.1t to address CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the OpenSSL 2023-02-07 security advisory.
gh-101283: subprocess.Popen now uses a safer approach to find cmd.exe when launching with shell=True. Patch by Eryk Sun, based on a patch by Oleg Iarygin.
Library
gh-101997: Upgrade pip wheel bundled with ensurepip (pip 23.0.1)
Build
gh-102306: Avoid GHA CI macOS test_posix failure by using the appropriate macOS SDK.
Windows
gh-100180: Update Windows installer to OpenSSL 1.1.1s
Python 3.7.17
Security
gh-103142: The version of OpenSSL used in our binary builds has been upgraded to 1.1.1u to address several CVEs.
gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified.
gh-104049: Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler.
gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329. Patch by Illia Volochii.
gh-101727: Updated the OpenSSL version used in Windows and macOS binary release builds to 1.1.1t to address CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the OpenSSL 2023-02-07 security advisory.
gh-101283: subprocess.Popen now uses a safer approach to find cmd.exe when launching with shell=True. Patch by Eryk Sun, based on a patch by Oleg Iarygin.
Library
gh-101997: Upgrade pip wheel bundled with ensurepip (pip 23.0.1)
Build
gh-102306: Avoid GHA CI macOS test_posix failure by using the appropriate macOS SDK.
Windows
gh-100180: Update Windows installer to OpenSSL 1.1.1s