| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
lang/python34: security fix
Revisions pulled up:
- lang/python34/PLIST 1.7
- lang/python34/dist.mk 1.6
- lang/python34/distinfo 1.21
---
Module Name: pkgsrc
Committed By: adam
Date: Sat Jul 2 15:23:33 UTC 2016
Modified Files:
pkgsrc/lang/python34: PLIST dist.mk distinfo
Log Message:
Changes 3.4.5:
Core and Builtins
Issue 26478: Fix semantic bugs when using binary operators with dictionary views and tuples.
Issue 26171: Fix possible integer overflow and heap corruption in zipimporter.get_data().
Library
Issue 26556: Update expat to 2.1.1, fixes CVE-2015-1283.
Fix TLS stripping vulnerability in smptlib, CVE-2016-0772. Reported by Team Oststrom
Issue 25939: On Windows open the cert store readonly in ssl.enum_certificates.
Issue 26012: Don?t traverse into symlinks for ** pattern in pathlib.Path.[r]glob().
Issue 24120: Ignore PermissionError when traversing a tree with pathlib.Path.[r]glob(). Patch by Ulrich Petri.
Skip getaddrinfo if host is already resolved. Patch by A. Jesse Jiryu Davis.
Add asyncio.timeout() context manager.
Issue 26050: Add asyncio.StreamReader.readuntil() method. Patch by ???? ?????????.
Tests
Issue 25940: Changed test_ssl to use self-signed.pythontest.net. This avoids relying on svn.python.org, which recently changed root certificate.
|
|
This is a bug-fix release.
|
|
|
|
all platforms that use GNU ld. This is of course completely wrong. Some
platforms have always implemented the sane semantic for DT_RPATH already
and newer saw a reason for implementing the then-redundant DT_RUNPATH.
Unbreak them by trusting the compiler to actually know what the platform
default should be. Bump revision.
|
|
|
|
New syntax features:
* PEP 492, coroutines with async and await syntax.
* PEP 465, a new matrix multiplication operator: a @ b.
* PEP 448, additional unpacking generalizations.
New library modules:
* typing: PEP 484 – Type Hints.
* zipapp: PEP 441 Improving Python ZIP Application Support.
New built-in features:
* bytes % args, bytearray % args: PEP 461 – Adding % formatting to bytes and bytearray.
* New bytes.hex(), bytearray.hex() and memoryview.hex() methods. (Contributed by Arnon Yaari in issue 9951.)
* memoryview now supports tuple indexing (including multi-dimensional). (Contributed by Antoine Pitrou in issue 23632.)
* Generators have a new gi_yieldfrom attribute, which returns the object being iterated by yield from expressions. (Contributed by Benno Leslie and Yury Selivanov in issue 24450.)
* A new RecursionError exception is now raised when maximum recursion depth is reached. (Contributed by Georg Brandl in issue 19235.)
CPython implementation improvements:
* When the LC_TYPE locale is the POSIX locale (C locale), sys.stdin and sys.stdout now use the surrogateescape error handler, instead of the strict error handler. (Contributed by Victor Stinner in issue 19977.)
* .pyo files are no longer used and have been replaced by a more flexible scheme that includes the optimization level explicitly in .pyc name. (See PEP 488 overview.)
* Builtin and extension modules are now initialized in a multi-phase process, which is similar to how Python modules are loaded. (See PEP 489 overview.)
Significant improvements in the standard library:
* collections.OrderedDict is now implemented in C, which makes it 4 to 100 times faster.
* The ssl module gained support for Memory BIO, which decouples SSL protocol handling from network IO.
* The new os.scandir() function provides a better and significantly faster way of directory traversal.
* functools.lru_cache() has been mostly reimplemented in C, yielding much better performance.
* The new subprocess.run() function provides a streamlined way to run subprocesses.
* The traceback module has been significantly enhanced for improved performance and developer convenience.
Security improvements:
* SSLv3 is now disabled throughout the standard library. It can still be enabled by instantiating a ssl.SSLContext manually. (See issue 22638 for more details; this change was backported to CPython 3.4 and 2.7.)
* HTTP cookie parsing is now stricter, in order to protect against potential injection attacks. (Contributed by Antoine Pitrou in issue 22796.)
Windows improvements:
* A new installer for Windows has replaced the old MSI. See Using Python on Windows for more information.
* Windows builds now use Microsoft Visual C++ 14.0, and extension modules should use the same.
|
|
Bump PKGREVISION for python27, python33 and python34.
|
|
Problems found with existing digests:
Package nhc98 distfile nhc98src-1.22.tar.gz
a8adc8f22371998ee0657bc0e01058a57d876abc [recorded]
81975fcb5f1dda5efeaabc30ce8c6dceae55e591 [calculated]
Problems found locating distfiles:
Package gcc-aux: missing distfile ada-bootstrap.i386.dragonfly.36A.tar.bz2
Package gcc-aux: missing distfile ada-bootstrap.i386.freebsd.84.tar.bz2
Package gcc-aux: missing distfile ada-bootstrap.x86_64.dragonfly.36A.tar.bz2
Package gcc-aux: missing distfile ada-bootstrap.x86_64.freebsd.84.tar.bz2
Package gcc-aux: missing distfile ada-bootstrap.x86_64.solaris.511.tar.bz2
Package gcc5-aux: missing distfile ada-bootstrap.i386.dragonfly.36A.tar.bz2
Package gcc5-aux: missing distfile ada-bootstrap.i386.freebsd.84.tar.bz2
Package gcc5-aux: missing distfile ada-bootstrap.x86_64.dragonfly.36A.tar.bz2
Package gcc5-aux: missing distfile ada-bootstrap.x86_64.freebsd.84.tar.bz2
Package gcc5-aux: missing distfile ada-bootstrap.x86_64.solaris.511.tar.bz2
Package ghc7: missing distfile ghc-7.6.3-boot-i386-unknown-freebsd.tar.xz
Package icc11: missing distfile l_cproc_p_11.1.080.tgz
Package jini: missing distfile jini-1_2_1_001-src.zip
Package oo2c: missing distfile oo2c_32-2.0.11.tar.bz2
Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-freebsd-10-amd64-20150301.tar.xz
Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-5-i386-20150301.tar.xz
Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-6-i386-20150301.tar.xz
Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-earmv6hf-20150306.tar.xz
Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-sparc64-20150301.tar.xz
Package openjdk7: missing distfile openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.8-amd64-20140719.tar.bz2
Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-freebsd-10-amd64-20150301.tar.xz
Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-5-i386-20150301.tar.xz
Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-6-i386-20150301.tar.xz
Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-earmv6hf-20150306.tar.xz
Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-sparc64-20150301.tar.xz
Package openjdk8: missing distfile openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.8-amd64-20140719.tar.bz2
Package oracle-jdk8: missing distfile jdk-8u60-linux-i586.tar.gz
Package oracle-jdk8: missing distfile jdk-8u60-solaris-x64.tar.gz
Package oracle-jre8: missing distfile jre-8u60-linux-i586.tar.gz
Package oracle-jre8: missing distfile jre-8u60-solaris-x64.tar.gz
Package sun-jdk6: missing distfile jdk-6u45-linux-i586.bin
Package sun-jdk6: missing distfile jdk-6u45-solaris-i586.sh
Package sun-jdk7: missing distfile jdk-7u72-linux-i586.tar.gz
Package sun-jdk7: missing distfile jdk-7u72-solaris-i586.tar.gz
Package sun-jre6: missing distfile jce_policy-6.zip
Package sun-jre6: missing distfile jre-6u45-linux-x64.bin
Package sun-jre6: missing distfile jre-6u45-solaris-x64.sh
Package sun-jre7: missing distfile jre-7u72-linux-i586.tar.gz
Package sun-jre7: missing distfile jre-7u72-solaris-i586.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
|
settings of INSTALL_UNSTRIPPED=yes for Darwin in individual packages.
|
|
From Kamil Rytarowski in PR 49915.
|
|
launches a submake for _freeze_importlib before all the object files have
been compiled. List $(LIBRARY_OBJS_OMIT_FROZEN) as dependencies to make it
wait until it is safe to launch the submake.
Should fix occasional errors of the sort:
Python/Python-ast.o: file not recognized: File truncated
*** [Modules/_freeze_importlib] Error code 1
|
|
Issue 6639: Module-level turtle functions no longer raise TclError after closing the window.
Issues 814253, 9179: Warnings now are raised when group references and conditional group references are used in lookbehind assertions in regular expressions.
Issue 23215: Multibyte codecs with custom error handlers that ignores errors consumed too much memory and raised SystemError or MemoryError. Original patch by Aleksi Torhamo.
Issue 5700: io.FileIO() called flush() after closing the file. flush() was not called in close() if closefd=False.
Issue 23374: Fixed pydoc failure with non-ASCII files when stdout encoding differs from file system encoding (e.g. on Mac OS).
Issue 23481: Remove RC4 from the SSL module’s default cipher list.
Issue 21548: Fix pydoc.synopsis() and pydoc.apropos() on modules with empty docstrings.
Issue 22885: Fixed arbitrary code execution vulnerability in the dbm.dumb module. Original patch by Claudiu Popa.
Issue 23146: Fix mishandling of absolute Windows paths with forward slashes in pathlib.
Issue 23421: Fixed compression in tarfile CLI. Patch by wdv4758h.
Issue 23361: Fix possible overflow in Windows subprocess creation code.
|
|
python27. From J. Lewis Muir.
Note that the correct way to solve this is to do this in the Darwin
specific config files, but until that has landed, this at least fixes the
build.
|
|
|
|
new feature for Mac OS X users: the OS X installers are now distributed as signed installer package files compatible with the OS X Gatekeeper security feature.
|
|
http://bugs.python.org/issue21766
Bump PKGREVISION.
|
|
|
|
module under DragonFly
DragonFly has not sem_open/sem_unlink etc.
Make consistent with POSIX named semaphore conditionals.
|
|
Matches ryoon's commit to python33.
|
|
tried this in the last X > 5 years. If I'm incorrect, let me know.
(trying to reduce diffs to upstream).
|
|
Remove the patch which included in upstream
Upstream changes:
Python 3.4.1
Release date: 2014-05-18
Core and Builtins
Issue #21418: Fix a crash in the builtin function super() when called without argument and without current frame (ex: embedded Python).
Issue #21425: Fix flushing of standard streams in the interactive interpreter.
Issue #21435: In rare cases, when running finalizers on objects in cyclic trash a bad pointer dereference could occur due to a subtle flaw in internal iteration logic.
Library
Issue #10744: Fix PEP 3118 format strings on ctypes objects with a nontrivial shape.
Issue #20998: Fixed re.fullmatch() of repeated single character pattern with ignore case. Original patch by Matthew Barnett.
Issue #21075: fileinput.FileInput now reads bytes from standard stream if binary mode is specified. Patch by Sam Kimbrel.
Issue #21396: Fix TextIOWrapper(..., write_through=True) to not force a flush() on the underlying binary stream. Patch by akira.
Issue #21470: Do a better job seeding the random number generator by using enough bytes to span the full state space of the Mersenne Twister.
Issue #21398: Fix an unicode error in the pydoc pager when the documentation contains characters not encodable to the stdout encoding.
Tests
Issue #17756: Fix test_code test when run from the installed location.
Issue #17752: Fix distutils tests when run from the installed location.
IDLE
Issue #18104: Add idlelib/idle_test/htest.py with a few sample tests to begin consolidating and improving human-validated tests of Idle. Change other files as needed to work with htest. Running the module as __main__ runs all tests.
Python 3.4.1rc1
Release date: 2014-05-05
Core and Builtins
Issue #21274: Define PATH_MAX for GNU/Hurd in Python/pythonrun.c.
Issue #21209: Fix sending tuples to custom generator objects with the yield from syntax.
Issue #21134: Fix segfault when str is called on an uninitialized UnicodeEncodeError, UnicodeDecodeError, or UnicodeTranslateError object.
Issue #19537: Fix PyUnicode_DATA() alignment under m68k. Patch by Andreas Schwab.
Issue #20929: Add a type cast to avoid shifting a negative number.
Issue #20731: Properly position in source code files even if they are opened in text mode. Patch by Serhiy Storchaka.
Issue #20637: Key-sharing now also works for instance dictionaries of subclasses. Patch by Peter Ingebretson.
Issue #12546: Allow x00 to be used as a fill character when using str, int, float, and complex __format__ methods.
Issue #13598: Modify string.Formatter to support auto-numbering of replacement fields. It now matches the behavior of str.format() in this regard. Patches by Phil Elson and Ramchandra Apte.
Library
Issue #21088: Bugfix for curses.window.addch() regression in 3.4.0. In porting to Argument Clinic, the first two arguments were reversed.
Issue #21469: Reduced the risk of false positives in robotparser by checking to make sure that robots.txt has been read or does not exist prior to returning True in can_fetch().
Issue #21321: itertools.islice() now releases the reference to the source iterator when the slice is exhausted. Patch by Anton Afanasyev.
Issue #9815: assertRaises now tries to clear references to local variables in the exceptions traceback.
Issue #13204: Calling sys.flags.__new__ would crash the interpreter, now it raises a TypeError.
Issue #19385: Make operations on a closed dbm.dumb database always raise the same exception.
Issue #21207: Detect when the os.urandom cached fd has been closed or replaced, and open it anew.
Issue #21291: subprocesss Popen.wait() is now thread safe so that multiple threads may be calling wait() or poll() on a Popen instance at the same time without losing the Popen.returncode value.
Issue #21127: Path objects can now be instantiated from str subclass instances (such as numpy.str_).
Issue #15002: urllib.response object to use _TemporaryFileWrapper (and _TemporaryFileCloser) facility. Provides a better way to handle file descriptor close. Patch contributed by Christian Theune.
Issue #12220: mindom now raises a custom ValueError indicating it doesnt support spaces in URIs instead of letting a split ValueError bubble up.
Issue #21239: patch.stopall() didnt work deterministically when the same name was patched more than once.
Issue #21222: Passing name keyword argument to mock.create_autospec now works.
Issue #21197: Add lib64 -> lib symlink in venvs on 64-bit non-OS X POSIX.
Issue #17498: Some SMTP servers disconnect after certain errors, violating strict RFC conformance. Instead of losing the error code when we issue the subsequent RSET, smtplib now returns the error code and defers raising the SMTPServerDisconnected error until the next command is issued.
Issue #17826: setting an iterable side_effect on a mock function created by create_autospec now works. Patch by Kushal Das.
Issue #7776: Fix Host: header and reconnection when using http.client.HTTPConnection.set_tunnel(). Patch by Nikolaus Rath.
Issue #20968: unittest.mock.MagicMock now supports division. Patch by Johannes Baiter.
Fix arbitrary memory access in JSONDecoder.raw_decode with a negative second parameter. Bug reported by Guido Vranken.
Issue #21169: getpass now handles non-ascii characters that the input stream encoding cannot encode by re-encoding using the replace error handler.
Issue #21171: Fixed undocumented filter API of the rot13 codec. Patch by Berker Peksag.
Issue #21172: isinstance check relaxed from dict to collections.Mapping.
Issue #21155: asyncio.EventLoop.create_unix_server() now raises a ValueError if path and sock are specified at the same time.
Issue #21149: Improved thread-safety in logging cleanup during interpreter shutdown. Thanks to Devin Jeanpierre for the patch.
Issue #20145: assertRaisesRegex and assertWarnsRegex now raise a TypeError if the second argument is not a string or compiled regex.
Issue #21058: Fix a leak of file descriptor in tempfile.NamedTemporaryFile(), close the file descriptor if io.open() fails
Issue #21200: Return None from pkgutil.get_loader() when __spec__ is missing.
Issue #21013: Enhance ssl.create_default_context() when used for server side sockets to provide better security by default.
Issue #20633: Replace relative import by absolute import.
Issue #20980: Stop wrapping exception when using ThreadPool.
Issue #21082: In os.makedirs, do not set the process-wide umask. Note this changes behavior of makedirs when exist_ok=True.
Issue #20990: Fix issues found by pyflakes for multiprocessing.
Issue #21015: SSL contexts will now automatically select an elliptic curve for ECDH key exchange on OpenSSL 1.0.2 and later, and otherwise default to prime256v1.
Issue #20995: Enhance default ciphers used by the ssl module to enable better security an prioritize perfect forward secrecy.
Issue #20884: Dont assume that __file__ is defined on importlib.__init__.
Issue #21499: Ignore __builtins__ in several test_importlib.test_api tests.
Issue #20879: Delay the initialization of encoding and decoding tables for base32, ascii85 and base85 codecs in the base64 module, and delay the initialization of the unquote_to_bytes() table of the urllib.parse module, to not waste memory if these modules are not used.
Issue #19157: Include the broadcast address in the usuable hosts for IPv6 in ipaddress.
Issue #11599: When an external command (e.g. compiler) fails, distutils now prints out the whole command line (instead of just the command name) if the environment variable DISTUTILS_DEBUG is set.
Issue #4931: distutils should not produce unhelpful error: None messages anymore. distutils.util.grok_environment_error is kept but doc-deprecated.
Issue #20875: Prevent possible gzip read is not defined NameError. Patch by Claudiu Popa.
Issue #11558: email.message.Message.attach now returns a more useful error message if attach is called on a message for which is_multipart is False.
Issue #20283: RE pattern methods now accept the string keyword parameters as documented. The pattern and source keyword parameters are left as deprecated aliases.
Issue #20778: Fix modulefinder to work with bytecode-only modules.
Issue #20791: copy.copy() now doesnt make a copy when the input is a bytes object. Initial patch by Peter Otten.
Issue #19748: On AIX, time.mktime() now raises an OverflowError for year outsize range [1902; 2037].
Issue #20816: Fix inspect.getcallargs() to raise correct TypeError for missing keyword-only arguments. Patch by Jeremiah Lowin.
Issue #20817: Fix inspect.getcallargs() to fail correctly if more than 3 arguments are missing. Patch by Jeremiah Lowin.
Issue #6676: Ensure a meaningful exception is raised when attempting to parse more than one XML document per pyexpat xmlparser instance. (Original patches by Hirokazu Yamamoto and Amaury Forgeot dArc, with suggested wording by David Gutteridge)
Issue #21117: Fix inspect.signature to better support functools.partial. Due to the specifics of functools.partial implementation, positional-or-keyword arguments passed as keyword arguments become keyword-only.
Issue #21209: Fix asyncio.tasks.CoroWrapper to workaround a bug in yield-from implementation in CPythons prior to 3.4.1.
asyncio: Add gi_{frame,running,code} properties to CoroWrapper (upstream issue #163).
Issue #21311: Avoid exception in _osx_support with non-standard compiler configurations. Patch by John Szakmeister.
Issue #11571: Ensure that the turtle window becomes the topmost window when launched on OS X.
Extension Modules
Issue #21276: posixmodule: Dont define USE_XATTRS on KFreeBSD and the Hurd.
Issue #21226: Set up modules properly in PyImport_ExecCodeModuleObject (and friends).
IDLE
Issue #21139: Change default paragraph width to 72, the PEP 8 recommendation.
Issue #21284: Paragraph reformat test passes after user changes reformat width.
Issue #17654: Ensure IDLE menus are customized properly on OS X for non-framework builds and for all variants of Tk.
Build
The Windows build now includes OpenSSL 1.0.1g
Issue #21285: Refactor and fix curses configure check to always search in a ncursesw directory.
Issue #15234: For BerkelyDB and Sqlite, only add the found library and include directories if they arent already being searched. This avoids an explicit runtime library dependency.
Issue #20644: OS X installer build support for documentation build changes in 3.4.1: assume externally supplied sphinx-build is available in /usr/bin.
C API
Issue #20942: PyImport_ImportFrozenModuleObject() no longer sets __file__ to match what importlib does; this affects _frozen_importlib as well as any module loaded using imp.init_frozen().
Documentation
Issue #17386: Expanded functionality of the Doc/make.bat script to make it much more comparable to Doc/Makefile.
Issue #21043: Remove the recommendation for specific CA organizations and to mention the ability to load the OS certificates.
Issue #20765: Add missing documentation for PurePath.with_name() and PurePath.with_suffix().
Issue #19407: New package installation and distribution guides based on the Python Packaging Authority tools. Existing guides have been retained as legacy links from the distutils docs, as they still contain some required reference material for tool developers that isnt recorded anywhere else.
Issue #19697: Document cases where __main__.__spec__ is None.
Tests
Issue #18604: Consolidated checks for GUI availability. All platforms now at least check whether Tk can be instantiated when the GUI resource is requested.
Issue #21275: Fix a socket test on KFreeBSD.
Issue #21223: Pass test_site/test_startup_imports when some of the extensions are built as builtins.
Issue #20635: Added tests for Tk geometry managers.
Add test case for freeze.
Issue #20743: Fix a reference leak in test_tcl.
Issue #21097: Move test_namespace_pkgs into test_importlib.
Issue #20939: Avoid various network test failures due to new redirect of http://www.python.org/ to https://www.python.org: use http://www.example.com instead.
Issue #20668: asyncio tests no longer rely on tests.txt file. (Patch by Vajrasky Kok)
Issue #21093: Prevent failures of ctypes test_macholib on OS X if a copy of libz exists in $HOME/lib or /usr/local/lib.
Tools/Demos
Add support for yield from to 2to3.
Add support for the PEP 465 matrix multiplication operator to 2to3.
Issue #16047: Fix module exception list and __file__ handling in freeze. Patch by Meador Inge.
Issue #11824: Consider ABI tags in freeze. Patch by Meador Inge.
Issue #20535: PYTHONWARNING no longer affects the run_tests.py script. Patch by Arfrever Frehtes Taifersar Arahesis.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Python is an interpreted, interactive, object-oriented
programming language that combines remarkable power with
very clear syntax. For an introduction to programming in
Python you are referred to the Python Tutorial. The
Python Library Reference documents built-in and standard
types, constants, functions and modules. Finally, the
Python Reference Manual describes the syntax and semantics
of the core language in (perhaps too) much detail.
Python's basic power can be extended with your own modules
written in C or C++. On most systems such modules may be
dynamically loaded. Python is also adaptable as an exten-
sion language for existing applications. See the internal
documentation for hints.
This package provides Python version 3.4.x.
|
