CVSROOT: /cvs Module name: ports Changes by: t...@cvs.openbsd.org 2021/02/16 16:25:44
Modified files: lang/python/3.7: Tag: OPENBSD_6_8 Makefile distinfo lang/python/3.7/patches: Tag: OPENBSD_6_8 patch-Modules__hashopenssl_c patch-Modules__ssl_c patch-configure_ac lang/python/3.7/pkg: Tag: OPENBSD_6_8 PLIST-main Log message: Update to Python 3.7.10, ok sthen This includes a fix for the high severity issue (bpo-42938) and a few others. * bpo-42967: Fix web cache poisoning vulnerability by defaulting the query args separator to &, and allowing the user to choose a custom separator. * bpo-42938: Avoid static buffers when computing the repr of ctypes.c_double and ctypes.c_longdouble values. * bpo-42103: Prevented potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. * bpo-42051: The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. This should not affect users as entity declarations are not used in regular plist files. * bpo-40791: Add volatile to the accumulator variable in hmac.compare_digest, making constant-time-defeating optimizations less likely. Full change log here: https://docs.python.org/release/3.7.10/whatsnew/changelog.html#changelog