Python 3.3.6 was released on October 11, 2014.
Python 3.3.6 includes fixes for a few of our previously added patches,
as well as other important security-related fixes. Local changes:
rename the configure patch, remove now-included patches.
Upstream list of changes for this version:
Core and Builtins
-----------------
- Issue #22518: Fixed integer overflow issues in "backslashreplace",
"xmlcharrefreplace", and "surrogatepass" error handlers.
- Issue #22520: Fix overflow checking when generating the repr of a unicode
object.
- Issue #22519: Fix overflow checking in PyBytes_Repr.
- Issue #22518: Fix integer overflow issues in latin-1 encoding.
Library
-------
- Issue #22517: When a io.BufferedRWPair object is deallocated, clear its
weakrefs.
- Issue #22419: Limit the length of incoming HTTP request in wsgiref server to
65536 bytes and send a 414 error code for higher lengths. Patch contributed
by Devin Cook.
- Lax cookie parsing in http.cookies could be a security issue when combined
with non-standard cookie handling in some Web browsers. Reported by
Sergey Bobrov.
- Issue #21766: Prevent a security hole in CGIHTTPServer by URL unquoting paths
before checking for a CGI script at that path.
- Fix arbitrary memory access in JSONDecoder.raw_decode with a negative second
parameter. Bug reported by Guido Vranken.
- Issue #20633: Replace relative import by absolute import.
- Issue #21082: In os.makedirs, do not set the process-wide umask. Note this
changes behavior of makedirs when exist_ok=True.
- Issue #20875: Prevent possible gzip "'read' is not defined" NameError.
Patch by Claudiu Popa.
- Issue #11599: When an external command (e.g. compiler) fails, distutils now
prints out the whole command line (instead of just the command name) if the
environment variable DISTUTILS_DEBUG is set.
- Issue #4931: distutils should not produce unhelpful "error: None" messages
anymore. distutils.util.grok_environment_error is kept but doc-deprecated.
- Issue #20283: RE pattern methods now accept the string keyword parameters
as documented. The pattern and source keyword parameters are left as
deprecated aliases.
- Issue #21323: Fix http.server to again handle scripts in CGI subdirectories,
broken by the fix for security issue #19435. Patch by Zach Byrne.
Tests
-----
- Issue #17752: Fix distutils tests when run from the installed location.
- Issue #20946: Correct alignment assumptions of some ctypes tests.
- Issue #20939: Fix test_geturl failure in test_urllibnet due to
new redirect of http://www.python.org/ to https://www.python.org.
The GNU Compiler Collection (GCC) includes front ends for C, C++, Objective-C,
Fortran, and Go, as well as libraries for these languages (libstdc++,
libgfortran, ...).
To select gcc46-libs over gcc46, this package's PKGREVISION should start
from 4 (gcc46's 3 + 1).
Qore is a modular, multi-threaded, SQL-integrated dynamically typed
scripting language with optional hard typing and procedural and
object-oriented features, powerful and easy-to-use data types,
structures, and operators, a clean and easy-to-lean/read syntax.
- Add options.mk and make most of the heavy depends optional.
- Add optional support for SDL, disabled by default.
- Fix curses buildlinking; closes PR 49478.
- Update readline support for semi-recent API changes.
- Update PLIST accordingly.
PKGREVISION -> 20.
changes include:
- The entirety of Python 3.4's ssl module has been backported for
Python 2.7.9. See PEP 466 for justification.
- HTTPS certificate validation using the system's certificate store
is now enabled by default. See PEP 476 for details.
- SSLv3 has been disabled by default in httplib and its reverse
dependencies due to the POODLE attack.
- The ensurepip module module has been backported, which provides the
pip package manager in every Python 2.7 installation. See PEP 477.
Prompted by Rhialto in private mail.
Squeak 4.4 - Ulam Spiral
Changelog:
* Cleanup and simplification of Morphic text editing
* Add host window support, letting you display things
in a host window. (Currently only on Windows and Mac.)
* Bugfixes in the Compiler, Parser and Debugger toolchain
* Stub support for the ability to evolve the bytecode set
* Better printing of Floats, hashing of DateAndTimes
* ChangeSorter improvements
* ToolBuilder improvements
* Merged network improvements from Etoys
* Monticello browsing can now group versions by branch,
making tracking of parallel developments easier
* Decreased coupling between core packages
* IPv6 support (if your VM provides it)
Today we announce Go 1.4, the fifth major stable release of Go,
arriving six months after our previous major release Go 1.3. It
contains a small language change, support for more operating systems
and processor architectures, and improvements to the tool chain
and libraries. As always, Go 1.4 keeps the promise of compatibility,
and almost everything will continue to compile and run without
change when moved to 1.4. For the full details, see the Go 1.4
release notes.
The most notable new feature in this release is official support
for Android. Using the support in the core and the libraries in
the golang.org/x/mobile repository, it is now possible to write
simple Android apps using only Go code. At this stage, the support
libraries are still nascent and under heavy development. Early
adopters should expect a bumpy ride, but we welcome the community
to get involved.
The language change is a tweak to the syntax of for-range loops.
You may now write "for range s {" to loop over each item from s,
without having to assign the value, loop index, or map key. See
the release notes for details.
The go command has a new subcommand, go generate, to automate the
running of tools to generate source code before compilation. For
example, it can be used to automate the generation of String methods
for typed constants using the new stringer tool. For more information,
see the design document.
Most programs will run about the same speed or slightly faster in
1.4 than in 1.3; some will be slightly slower. There are many
changes, making it hard to be precise about what to expect. See
the release notes for more discussion.
And, of course, there are many more improvements and bug fixes.
In case you missed it, a few weeks ago the sub-repositories were
moved to new locations. For example, the go.tools packages are now
imported from "golang.org/x/tools". See the announcement post for
details.
This release also coincides with the project's move from Mercurial
to Git (for source control), Rietveld to Gerrit (for code review),
and Google Code to Github (for issue tracking and wiki). The move
affects the core Go repository and its sub-repositories. You can
find the canonical Git repositories at go.googlesource.com, and
the issue tracker and wiki at the golang/go GitHub repo.
Guile has had multiple versions in pkgsrc because of compatibility
problems, starting with 1.4. Currently, 1.8 is the stable version and
2.0 the new version in pkgsrc, even though in the regular world 1.8 is
old and 2.0 is stable. As far as I know, no one uses guile 1.6 any
more, and it has no depending packages in pkgsrc (tex2page was the
last one).
* Switch to GCC 4.9.2 based.
* binutils of NetBSD 7.99 is modern enough, and use binutils in base.
Fix build under NetBSD/amd64 7.99.1 with this workaround.
