Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1670413920215650"
MIME-Version: 1.0
Date: Wed, 7 Dec 2022 11:52:00 +0000
From: "Adam Ciarcinski" <adam@netbsd.org>
Subject: CVS commit: pkgsrc/lang
To: pkgsrc-changes@NetBSD.org
Reply-To: adam@netbsd.org
Message-Id: <20221207115200.C931DFA90@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_1670413920215650
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"

Module Name:	pkgsrc
Committed By:	adam
Date:		Wed Dec  7 11:52:00 UTC 2022

Modified Files:
	pkgsrc/lang/py38-html-docs: Makefile distinfo
	pkgsrc/lang/python38: dist.mk distinfo

Log Message:
python38 py38-html-docs: updated to 3.8.16

Python 3.8.16 final

Security
gh-100001: python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server log.

This is done by changing the http.server BaseHTTPRequestHandler .log_message method to replace control characters with a \xHH hex escape before printing.
gh-87604: Avoid publishing list of active per-interpreter audit hooks via the gc module
gh-98433: The IDNA codec decoder used on DNS hostnames by socket or asyncio related name resolution functions no longer involves a quadratic algorithm. This prevents a potential CPU denial of service if an out-of-spec excessive length hostname involving bidirectional characters were decoded. Some protocols such as urllib http 3xx redirects potentially allow for an attacker to supply such a name.
gh-98739: Update bundled libexpat to 2.5.0
gh-98517: Port XKCP’s fix for the buffer overflows in SHA-3 (CVE-2022-37454).
gh-68966: The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed).


To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/lang/py38-html-docs/Makefile
cvs rdiff -u -r1.18 -r1.19 pkgsrc/lang/py38-html-docs/distinfo
cvs rdiff -u -r1.16 -r1.17 pkgsrc/lang/python38/dist.mk
cvs rdiff -u -r1.29 -r1.30 pkgsrc/lang/python38/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1670413920215650
Content-Disposition: inline
Content-Length: 3389
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/lang/py38-html-docs/Makefile
diff -u pkgsrc/lang/py38-html-docs/Makefile:1.16 pkgsrc/lang/py38-html-docs/Makefile:1.17
--- pkgsrc/lang/py38-html-docs/Makefile:1.16	Wed Oct 12 08:37:52 2022
+++ pkgsrc/lang/py38-html-docs/Makefile	Wed Dec  7 11:52:00 2022
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.16 2022/10/12 08:37:52 adam Exp $
+# $NetBSD: Makefile,v 1.17 2022/12/07 11:52:00 adam Exp $
 
-VERS=		3.8.15
+VERS=		3.8.16
 DISTNAME=	python-${VERS}-docs-html
 PKGNAME=	py38-html-docs-${VERS}
 CATEGORIES=	lang python

Index: pkgsrc/lang/py38-html-docs/distinfo
diff -u pkgsrc/lang/py38-html-docs/distinfo:1.18 pkgsrc/lang/py38-html-docs/distinfo:1.19
--- pkgsrc/lang/py38-html-docs/distinfo:1.18	Wed Oct 12 08:37:52 2022
+++ pkgsrc/lang/py38-html-docs/distinfo	Wed Dec  7 11:52:00 2022
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.18 2022/10/12 08:37:52 adam Exp $
+$NetBSD: distinfo,v 1.19 2022/12/07 11:52:00 adam Exp $
 
-BLAKE2s (python-3.8.15-docs-html.tar.bz2) = edfe98c210feaf41c31d8597264da82402b29fb44e26c098ed0d686096fe7183
-SHA512 (python-3.8.15-docs-html.tar.bz2) = c05cdf16c59ef213872b08bd54d0ddcef5f11bd80cfa78be21c9e57828bd0c7a63b553f525b6e68c578d6098c427e84f5f609680a74421c6a9baa58186b46c34
-Size (python-3.8.15-docs-html.tar.bz2) = 6695025 bytes
+BLAKE2s (python-3.8.16-docs-html.tar.bz2) = a7de685c4bd4f7db5d549521485c9312300d899b2399f367b5cb1b383a62420c
+SHA512 (python-3.8.16-docs-html.tar.bz2) = aaffc1f4d56be0ff7fbd35c7ca690d9089f9686d957669852aff1406efad2bee52b2b965ffd652780da6048ff9d89e6bbc421e92588841b89d73af43ad4970fb
+Size (python-3.8.16-docs-html.tar.bz2) = 6697934 bytes

Index: pkgsrc/lang/python38/dist.mk
diff -u pkgsrc/lang/python38/dist.mk:1.16 pkgsrc/lang/python38/dist.mk:1.17
--- pkgsrc/lang/python38/dist.mk:1.16	Wed Oct 12 08:37:52 2022
+++ pkgsrc/lang/python38/dist.mk	Wed Dec  7 11:52:00 2022
@@ -1,6 +1,6 @@
-# $NetBSD: dist.mk,v 1.16 2022/10/12 08:37:52 adam Exp $
+# $NetBSD: dist.mk,v 1.17 2022/12/07 11:52:00 adam Exp $
 
-PY_DISTVERSION=	3.8.15
+PY_DISTVERSION=	3.8.16
 DISTNAME=	Python-${PY_DISTVERSION}
 EXTRACT_SUFX=	.tar.xz
 DISTINFO_FILE=	${.CURDIR}/../../lang/python38/distinfo

Index: pkgsrc/lang/python38/distinfo
diff -u pkgsrc/lang/python38/distinfo:1.29 pkgsrc/lang/python38/distinfo:1.30
--- pkgsrc/lang/python38/distinfo:1.29	Wed Oct 12 08:37:52 2022
+++ pkgsrc/lang/python38/distinfo	Wed Dec  7 11:52:00 2022
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.29 2022/10/12 08:37:52 adam Exp $
+$NetBSD: distinfo,v 1.30 2022/12/07 11:52:00 adam Exp $
 
-BLAKE2s (Python-3.8.15.tar.xz) = b40b2c941e351d036d746ff591344cc962126597ec25df4cb1aa23243e6716d4
-SHA512 (Python-3.8.15.tar.xz) = 4fb3827b13c2452faa75e5ed18dddf381e80b4fffcfde046e289b4629cff0bb87fba1d09916b9b8a6f8039dc422c952293ebdb381c49f8ca7e7893ae4be6c28d
-Size (Python-3.8.15.tar.xz) = 19038408 bytes
+BLAKE2s (Python-3.8.16.tar.xz) = 81247a2d04d1f2bad19ca2a0c374237ab1bebb013aa7cdaafa83fe4d2e873c73
+SHA512 (Python-3.8.16.tar.xz) = d206e80806409410c00ef8acd8c3d90e3cc9553f996d0a57faa63802f2415e9d7591542b2e84b5e8e79245f40f6478790b5ba2acf1da98ebbc9495999183f7fd
+Size (Python-3.8.16.tar.xz) = 19046724 bytes
 SHA1 (patch-Lib_ctypes_util.py) = 032cc99ebad93ddddfd89073c60424a952e3faa3
 SHA1 (patch-Lib_distutils_sysconfig.py) = 6822eafb4dfded86d7f7353831816aeb8119e6cf
 SHA1 (patch-Lib_distutils_unixccompiler.py) = 2e65a8dd5dd3fe25957206c062106fa7a6fc4e69


--_----------=_1670413920215650--