CVSROOT: /cvs
Module name: ports
Changes by: t...@cvs.openbsd.org 2021/02/16 16:25:44
Modified files:
lang/python/3.7: Tag: OPENBSD_6_8 Makefile distinfo
lang/python/3.7/patches: Tag: OPENBSD_6_8
patch-Modules__hashopenssl_c
patch-Modules__ssl_c patch-configure_ac
lang/python/3.7/pkg: Tag: OPENBSD_6_8 PLIST-main
Log message:
Update to Python 3.7.10, ok sthen
This includes a fix for the high severity issue (bpo-42938) and a few
others.
* bpo-42967: Fix web cache poisoning vulnerability by defaulting the
query args separator to &, and allowing the user to choose a custom
separator.
* bpo-42938: Avoid static buffers when computing the repr of
ctypes.c_double and ctypes.c_longdouble values.
* bpo-42103: Prevented potential DoS attack via CPU and RAM exhaustion
when processing malformed Apple Property List files in binary format.
* bpo-42051: The plistlib module no longer accepts entity declarations
in XML plist files to avoid XML vulnerabilities. This should not
affect users as entity declarations are not used in regular plist
files.
* bpo-40791: Add volatile to the accumulator variable in
hmac.compare_digest, making constant-time-defeating optimizations
less likely.
Full change log here:
https://docs.python.org/release/3.7.10/whatsnew/changelog.html#changelog
