Now
MAIN commitmail json YAML
pkgsrc/lang/py310-html-docs/Makefile@1.15
/
diff
pkgsrc/lang/py310-html-docs/PLIST@1.4 / diff
pkgsrc/lang/py310-html-docs/distinfo@1.17 / diff
pkgsrc/lang/python310/Makefile@1.32 / diff
pkgsrc/lang/python310/dist.mk@1.15 / diff
pkgsrc/lang/python310/distinfo@1.30 / diff
pkgsrc/lang/py310-html-docs/PLIST@1.4 / diff
pkgsrc/lang/py310-html-docs/distinfo@1.17 / diff
pkgsrc/lang/python310/Makefile@1.32 / diff
pkgsrc/lang/python310/dist.mk@1.15 / diff
pkgsrc/lang/python310/distinfo@1.30 / diff
python310 py310-html-docs: updated to 3.10.14
Python 3.10.14
Security
gh-115398: Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:
xml.etree.ElementTree.XMLParser.flush()
xml.etree.ElementTree.XMLPullParser.flush()
xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
xml.sax.expatreader.ExpatParser.flush()
gh-115399: Update bundled libexpat to 2.6.0
gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the certificate store, when the ssl.SSLContext is shared across multiple threads.
gh-113659: Skip .pth files with names starting with a dot or hidden file attribute.
Core and Builtins
gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds
Library
gh-115197: urllib.request no longer resolves the hostname before checking it against the system窶冱 proxy bypass list on macOS and Windows.
gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.
gh-81194: Fix a crash in socket.if_indextoname() with specific value (UINT_MAX). Fix an integer overflow in socket.if_indextoname() on 64-bit non-Windows platforms.
gh-109858: Protect zipfile from 窶徠uoted-overlap窶� zipbomb. It now raises BadZipFile when try to read an entry that overlaps with other entry or central directory.
gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, which now no longer dereferences symlinks when working around file system permission errors.
Documentation
gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under 窶弭ML vulnerabilities窶�.
Windows
gh-111239: Update Windows builds to use zlib v1.3.1.
gh-109991: Windows builds now use OpenSSL 1.1.1w. Note that OpenSSL 1.1 has reached its end of life and no future fixes will be made, and this version of Python is no longer receiving maintenance fixes and will not be updated to OpenSSL 3.0.
Tools/Demos
gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use 1.1.1w, 3.0.11, and 3.1.3.
Python 3.10.14
Security
gh-115398: Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods:
xml.etree.ElementTree.XMLParser.flush()
xml.etree.ElementTree.XMLPullParser.flush()
xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
xml.sax.expatreader.ExpatParser.flush()
gh-115399: Update bundled libexpat to 2.6.0
gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the certificate store, when the ssl.SSLContext is shared across multiple threads.
gh-113659: Skip .pth files with names starting with a dot or hidden file attribute.
Core and Builtins
gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds
Library
gh-115197: urllib.request no longer resolves the hostname before checking it against the system窶冱 proxy bypass list on macOS and Windows.
gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.
gh-81194: Fix a crash in socket.if_indextoname() with specific value (UINT_MAX). Fix an integer overflow in socket.if_indextoname() on 64-bit non-Windows platforms.
gh-109858: Protect zipfile from 窶徠uoted-overlap窶� zipbomb. It now raises BadZipFile when try to read an entry that overlaps with other entry or central directory.
gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, which now no longer dereferences symlinks when working around file system permission errors.
Documentation
gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under 窶弭ML vulnerabilities窶�.
Windows
gh-111239: Update Windows builds to use zlib v1.3.1.
gh-109991: Windows builds now use OpenSSL 1.1.1w. Note that OpenSSL 1.1 has reached its end of life and no future fixes will be made, and this version of Python is no longer receiving maintenance fixes and will not be updated to OpenSSL 3.0.
Tools/Demos
gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to use 1.1.1w, 3.0.11, and 3.1.3.