NOTICE: This package has been removed from pkgsrc

./lang/python37, Interpreted, interactive, object-oriented programming language

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ]


Branch: CURRENT, Version: 3.7.17, Package name: python37-3.7.17, Maintainer: pkgsrc-users

Python is an interpreted, interactive, object-oriented
programming language that combines remarkable power with
very clear syntax. For an introduction to programming in
Python you are referred to the Python Tutorial. The
Python Library Reference documents built-in and standard
types, constants, functions and modules. Finally, the
Python Reference Manual describes the syntax and semantics
of the core language in (perhaps too) much detail.

Python's basic power can be extended with your own modules
written in C or C++. On most systems such modules may be
dynamically loaded. Python is also adaptable as an exten-
sion language for existing applications. See the internal
documentation for hints.

This package provides Python version 3.7.x. While technically not
EOL, it is de-supported in pkgsrc in that py37-foo packages are not
built by default.


Required to run:
[security/openssl] [devel/libffi] [devel/libuuid]

Required to build:
[devel/readline] [pkgtools/cwrappers]

Package options: x11

Master sites:

Filesize: 17642.77 KB

Version history: (Expand)


CVS history: (Expand)


   2023-07-30 16:41:06 by Adam Ciarcinski | Files touched by this commit (52) | Package removed
Log message:
python37, py37-html-docs: removed; end of life; use Python 3.8, 3.9, 3.10 or 3.11
   2023-06-27 12:35:30 by Taylor R Campbell | Files touched by this commit (12)
Log message:
python: Override sys.platform with PY_PLATNAME when cross-compiling.

For this purpose, factor the PY_PLATNAME definition out into a new
lang/pythonNN/platname.mk file.  It's not the same for 2.x and 3.x;
perhaps we could factor it out further into a single 2.x vs 3.x
conditional but this is a more mechanical change that makes it easier
to audit for now.
   2023-06-07 15:23:58 by Adam Ciarcinski | Files touched by this commit (5) | Package updated
Log message:
python37 py37-html-docs: updated to 3.7.17

Python 3.7.17

Security
gh-103142: The version of OpenSSL used in our binary builds has been upgraded to \ 
1.1.1u to address several CVEs.
gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory \ 
traversal based on the input if no out_file was specified.
gh-104049: Do not expose the local on-disk location in directory indexes \ 
produced by http.client.SimpleHTTPRequestHandler.
gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space \ 
characters following the specification for URLs defined by WHATWG in response to \ 
CVE-2023-24329. Patch by Illia Volochii.
gh-101727: Updated the OpenSSL version used in Windows and macOS binary release \ 
builds to 1.1.1t to address CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per \ 
the OpenSSL 2023-02-07 security advisory.
gh-101283: subprocess.Popen now uses a safer approach to find cmd.exe when \ 
launching with shell=True. Patch by Eryk Sun, based on a patch by Oleg Iarygin.

Library
gh-101997: Upgrade pip wheel bundled with ensurepip (pip 23.0.1)

Build
gh-102306: Avoid GHA CI macOS test_posix failure by using the appropriate macOS SDK.

Windows
gh-100180: Update Windows installer to OpenSSL 1.1.1s
   2023-05-02 18:06:59 by Nikita | Files touched by this commit (2) | Package updated
Log message:
python37: update to version 3.7.16

Changelog:

Python 3.7.16

Release Date: Dec. 6, 2022
This is a security release of Python 3.7

Note: The release you're looking at is Python 3.7.16, a security bugfix release \ 
for the legacy 3.7 series. Python 3.11 is now the latest feature release series \ 
of Python 3. Get the latest release of 3.11.x here.
Security content in this release

    gh-98739: Updated bundled libexpat to 2.5.0 to fix CVE-2022-43680 (heap \ 
use-after-free).
    gh-98517: Port XKCP’s fix for the buffer overflows in SHA-3 to fix \ 
CVE-2022-37454.
    gh-98433: The IDNA codec decoder used on DNS hostnames by socket or asyncio \ 
related name resolution functions no longer involves a quadratic algorithm to \ 
fix CVE-2022-45061. This prevents a potential CPU denial of service if an \ 
out-of-spec excessive length hostname involving bidirectional characters were \ 
decoded. Some protocols such as urllib http 3xx redirects potentially allow for \ 
an attacker to supply such a name.
    gh-68966: The deprecated mailcap module now refuses to inject unsafe text \ 
(filenames, MIME types, parameters) into shell commands to address \ 
CVE-2015-20107. Instead of using such text, it will warn and act as if a match \ 
was not found (or for test commands, as if the test failed).
    gh-100001: python -m http.server no longer allows terminal control \ 
characters sent within a garbage request to be printed to the stderr server log.

No installers

According to the release calendar specified in PEP 537, Python 3.7 is now in the \ 
"security fixes only" stage of its life cycle: 3.7 branch only accepts \ 
security fixes and releases of those are made irregularly in source-only form \ 
until June 2023. Python 3.7 does not receive regular bug fixes anymore, and \ 
binary installers are no longer provided for it. Python 3.7.9 was the last full \ 
bugfix release of Python 3.7 with binary installers.
   2022-11-06 14:38:50 by Greg Troxel | Files touched by this commit (1)
Log message:
lang/python37: Note pkgsrc deprecation
   2022-10-12 10:38:36 by Adam Ciarcinski | Files touched by this commit (4) | Package updated
Log message:
python37 py37-html-docs: updated to 3.7.15

Python 3.7.15

Security

gh-97616: Fix multiplying a list by an integer (list *= int): detect the integer \ 
overflow when the new allocated length is close to the maximum size. Issue \ 
reported by Jordan Limor. Patch by Victor Stinner.
gh-97612: Fix a shell code injection vulnerability in the \ 
get-remote-certificate.py example script. The script no longer uses a shell to \ 
run openssl commands. Issue reported and initial fix by Caleb Shortt. Patch by \ 
Victor Stinner.

Core and Builtins

gh-96848: Fix command line parsing: reject -X int_max_str_digits option with no \ 
value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a \ 
valid limit. Patch by Victor Stinner.
gh-95778: When ValueError is raised if an integer is larger than the limit, \ 
mention the sys.set_int_max_str_digits() function in the error message. Patch by \ 
Victor Stinner.

Library

gh-97005: Update bundled libexpat to 2.4.9

Windows

gh-96577: Fixes a potential buffer overrun in msilib.
   2022-09-12 09:58:55 by Adam Ciarcinski | Files touched by this commit (6) | Package updated
Log message:
python37 py37-html-docs: updated to 3.7.14

Python 3.7.14

Security
gh-95778: Converting between int and str in bases other than 2 (binary), 4, 8 \ 
(octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a \ 
ValueError if the number of digits in string form is above a limit to avoid \ 
potential denial of service attacks due to the algorithmic complexity. This is a \ 
mitigation for CVE-2020-10735.

This new limit can be configured or disabled by environment variable, command \ 
line flag, or sys APIs. See the integer string conversion length limitation \ 
documentation. The default limit is 4300 digits in string form.

Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback \ 
from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and Mark Dickinson.
gh-87389: http.server: Fix an open redirection vulnerability in the HTTP server \ 
when an URI path starts with //. Vulnerability discovered, and initial fix \ 
proposed, by Hamza Avvan.

Core and Builtins
gh-93065: Fix contextvars HAMT implementation to handle iteration over deep trees.

The bug was discovered and fixed by Eli Libman. See MagicStack/immutables#84 for \ 
more details.

Library
bpo-36073: Raise ProgrammingError instead of segfaulting on recursive usage of \ 
cursors in sqlite3 converters. Patch by Sergey Fedoseev.

Documentation
gh-91888: Add a new gh role to the documentation to link to GitHub issues.
bpo-47138: Pin Jinja to a version compatible with Sphinx version 2.3.1.

Tests
gh-94208: test_ssl is now checking for supported TLS version and protocols in \ 
more tests.
bpo-47016: Create a GitHub Actions workflow for verifying bundled pip and \ 
setuptools. Patch by Illia Volochii and Adam Turner.
bpo-41306: Fixed a failure in test_tk.test_widgets.ScaleTest happening when \ 
executing the test with Tk 8.6.10.

Windows
bpo-47194: Update zlib to v1.2.12 to resolve CVE-2018-25032.
   2022-07-29 22:37:48 by Jonathan Perkin | Files touched by this commit (1)
Log message:
python37: Skip __pycache__ files seen in macOS build too.