Currently cad/oce does not build on Darwin, in part because sed
substitutions in CMakeFiles fail because the suffixes (.dylib) differ
from expected (.so). There are, however, two additional problems.
First, frameworks are not used by pkgsrc, yet CMakeLists.txt expects
them on Darwin and uses special installation steps. Instead, use the
standard installation steps. Additionally, there are a few PLIST
differences between Darwin and other platforms, which are handled with
PLIST.* variables that differentiate Darwin from other systems.
Upstream changes:
1.160000 2022-02-01 11:41:36-07:00 America/Denver
- Preserve incremental version release numbers.
The previous release number can be consider being
lower than 1.151940
1.16 2022-01-28 16:29:44-07:00 America/Denver
- Add Kosovo to the list of supported countries
- Add get_all_countries helper
- Remove Memoize dependency and make Faster faster
The R package installs the file lib/R/etc/Makeconf, which is intended
to be used by R packages that themselves compile programs. This
feature is rarely used, but the math/R-nimble package is an example of
one that does. For this to work, the compiler flags embedded within
Makeconf must be compatible with the system compiler. At least on
MacOS, this is not the case by default, and so nimble compilations
fail. This substitutes ${COMPILER_RPATH_FLAG} into configure.ac, so
that it is used when creating Makeconf. Since neither R itself nor
most R packages compile other programs, Makeconf is generally not used
and this fix will have no impact.
Python 3.10.3 final
Core and Builtins
bpo-46940: Avoid overriding AttributeError metadata information for nested attribute access calls. Patch by Pablo Galindo.
bpo-46852: Rename the private undocumented float.__set_format__() method to float.__setformat__() to fix a typo introduced in Python 3.7. The method is only used by test_float. Patch by Victor Stinner.
bpo-46794: Bump up the libexpat version into 2.4.6
bpo-46820: Fix parsing a numeric literal immediately (without spaces) followed by “not in” keywords, like in 1not in x. Now the parser only emits a warning, not a syntax error.
bpo-46762: Fix an assert failure in debug builds when a ‘<’, ‘>’, or ‘=’ is the last character in an f-string that’s missing a closing right brace.
bpo-46724: Make sure that all backwards jumps use the JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an argument of (2**32)+offset.
bpo-46732: Correct the docstring for the __bool__() method. Patch by Jelle Zijlstra.
bpo-46707: Avoid potential exponential backtracking when producing some syntax errors involving lots of brackets. Patch by Pablo Galindo.
bpo-40479: Add a missing call to va_end() in Modules/_hashopenssl.c.
bpo-46615: When iterating over sets internally in setobject.c, acquire strong references to the resulting items from the set. This prevents crashes in corner-cases of various set operations where the set gets mutated.
bpo-45773: Remove two invalid “peephole” optimizations from the bytecode compiler.
bpo-43721: Fix docstrings of getter, setter, and deleter to clarify that they create a new copy of the property.
bpo-46503: Fix an assert when parsing some invalid N escape sequences in f-strings.
bpo-46417: Fix a race condition on setting a type __bases__ attribute: the internal function add_subclass() now gets the PyTypeObject.tp_subclasses member after calling PyWeakref_NewRef() which can trigger a garbage collection which can indirectly modify PyTypeObject.tp_subclasses. Patch by Victor Stinner.
bpo-46383: Fix invalid signature of _zoneinfo’s module_free function to resolve a crash on wasm32-emscripten platform.
bpo-46070: Py_EndInterpreter() now explicitly untracks all objects currently tracked by the GC. Previously, if an object was used later by another interpreter, calling PyObject_GC_UnTrack() on the object crashed if the previous or the next object of the PyGC_Head structure became a dangling pointer. Patch by Victor Stinner.
bpo-46339: Fix a crash in the parser when retrieving the error text for multi-line f-strings expressions that do not start in the first line of the string. Patch by Pablo Galindo
bpo-46240: Correct the error message for unclosed parentheses when the tokenizer doesn’t reach the end of the source when the error is reported. Patch by Pablo Galindo
bpo-46091: Correctly calculate indentation levels for lines with whitespace character that are ended by line continuation characters. Patch by Pablo Galindo
Library
bpo-43253: Fix a crash when closing transports where the underlying socket handle is already invalid on the Proactor event loop.
bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, including bugfix for EntryPoint.extras, which was returning match objects and not the extras strings.
bpo-46985: Upgrade pip wheel bundled with ensurepip (pip 22.0.4)
bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically determine size of signal handler stack size CPython allocates using getauxval(AT_MINSIGSTKSZ). This changes allows for Python extension’s request to Linux kernel to use AMX_TILE instruction set on Sapphire Rapids Xeon processor to succeed, unblocking use of the ISA in frameworks.
bpo-46955: Expose asyncio.base_events.Server as asyncio.Server. Patch by Stefan Zabka.
bpo-23325: The signal module no longer assumes that SIG_IGN and SIG_DFL are small int singletons.
bpo-46932: Update bundled libexpat to 2.4.7
bpo-25707: Fixed a file leak in xml.etree.ElementTree.iterparse() when the iterator is not exhausted. Patch by Jacob Walls.
bpo-44886: Inherit asyncio proactor datagram transport from asyncio.DatagramTransport.
bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() for selector-based event loops. Patch by Thomas Grainger.
bpo-46811: Make test suite support Expat >=2.4.5
bpo-46252: Raise TypeError if ssl.SSLSocket is passed to transport-based APIs.
bpo-46784: Fix libexpat symbols collisions with user dynamically loaded or statically linked libexpat in embedded Python.
bpo-39327: shutil.rmtree() can now work with VirtualBox shared folders when running from the guest operating-system.
bpo-46756: Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which allowed to bypass authorization. For example, access to URI example.org/foobar was allowed if the user was authorized for URI example.org/foo.
bpo-46643: In typing.get_type_hints(), support evaluating stringified ParamSpecArgs and ParamSpecKwargs annotations. Patch by Gregory Beauregard.
bpo-45863: When the tarfile module creates a pax format archive, it will put an integer representation of timestamps in the ustar header (if possible) for the benefit of older unarchivers, in addition to the existing full-precision timestamps in the pax extended header.
bpo-46676: Make typing.ParamSpec args and kwargs equal to themselves. Patch by Gregory Beauregard.
bpo-46672: Fix NameError in asyncio.gather() when initial type check fails.
bpo-46655: In typing.get_type_hints(), support evaluating bare stringified TypeAlias annotations. Patch by Gregory Beauregard.
bpo-45948: Fixed a discrepancy in the C implementation of the xml.etree.ElementTree module. Now, instantiating an xml.etree.ElementTree.XMLParser with a target=None keyword provides a default xml.etree.ElementTree.TreeBuilder target as the Python implementation does.
bpo-46521: Fix a bug in the codeop module that was incorrectly identifying invalid code involving string quotes as valid code.
bpo-46581: Brings ParamSpec propagation for GenericAlias in line with Concatenate (and others).
bpo-46591: Make the IDLE doc URL on the About IDLE dialog clickable.
bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4
bpo-46487: Add the get_write_buffer_limits method to asyncio.transports.WriteTransport and to the SSL transport.
bpo-45173: Note the configparser deprecations will be removed in Python 3.12.
bpo-46539: In typing.get_type_hints(), support evaluating stringified ClassVar and Final annotations inside Annotated. Patch by Gregory Beauregard.
bpo-46491: Allow typing.Annotated to wrap typing.Final and typing.ClassVar. Patch by Gregory Beauregard.
bpo-46436: Fix command-line option -d/--directory in module http.server which is ignored when combined with command-line option --cgi. Patch by Géry Ogam.
bpo-41403: Make mock.patch() raise a TypeError with a relevant error message on invalid arg. Previously it allowed a cryptic AttributeError to escape.
bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid potential REDoS by limiting ambiguity in consecutive whitespace.
bpo-46469: asyncio generic classes now return types.GenericAlias in __class_getitem__ instead of the same class.
bpo-46434: pdb now gracefully handles help when __doc__ is missing, for example when run with pregenerated optimized .pyc files.
bpo-46333: The __eq__() and __hash__() methods of typing.ForwardRef now honor the module parameter of typing.ForwardRef. Forward references from different modules are now differentiated.
bpo-46246: Add missing __slots__ to importlib.metadata.DeprecatedList. Patch by Arie Bovenberg.
bpo-46266: Improve day constants in calendar.
Now all constants (MONDAY … SUNDAY) are documented, tested, and added to __all__.
bpo-46232: The ssl module now handles certificates with bit strings in DN correctly.
bpo-43118: Fix a bug in inspect.signature() that was causing it to fail on some subclasses of classes with a __text_signature__ referencing module globals. Patch by Weipeng Hong.
bpo-26552: Fixed case where failing asyncio.ensure_future() did not close the coroutine. Patch by Kumar Aditya.
bpo-21987: Fix an issue with tarfile.TarFile.getmember() getting a directory name with a trailing slash.
bpo-20392: Fix inconsistency with uppercase file extensions in MimeTypes.guess_type(). Patch by Kumar Aditya.
bpo-46080: Fix exception in argparse help text generation if a argparse.BooleanOptionalAction argument’s default is argparse.SUPPRESS and it has help specified. Patch by Felix Fontein.
bpo-44439: Fix .write() method of a member file in ZipFile, when the input data is an object that supports the buffer protocol, the file length may be wrong.
bpo-45703: When a namespace package is imported before another module from the same namespace is created/installed in a different sys.path location while the program is running, calling the importlib.invalidate_caches() function will now also guarantee the new module is noticed.
bpo-24959: Fix bug where unittest sometimes drops frames from tracebacks of exceptions raised in tests.
bpo-44791: Fix substitution of ParamSpec in Concatenate with different parameter expressions. Substitution with a list of types returns now a tuple of types. Substitution with Concatenate returns now a Concatenate with concatenated lists of arguments.
bpo-14156: argparse.FileType now supports an argument of ‘-’ in binary mode, returning the .buffer attribute of sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and ‘a’ are treated equivalently to ‘w’ when argument is ‘-’. Patch contributed by Josh Rosenberg
Documentation
bpo-46463: Fixes escape4chm.py script used when building the CHM documentation file
Tests
bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is built with undefined behavior sanitizer (UBSAN): disable UBSAN on the faulthandler_sigfpe() function. Patch by Victor Stinner.
bpo-46708: Prevent default asyncio event loop policy modification warning after test_asyncio execution.
bpo-46678: The function make_legacy_pyc in Lib/test/support/import_helper.py no longer fails when PYTHONPYCACHEPREFIX is set to a directory on a different device from where tempfiles are stored.
bpo-46616: Ensures test_importlib.test_windows cleans up registry keys after completion.
bpo-44359: test_ftplib now silently ignores socket errors to prevent logging unhandled threading exceptions. Patch by Victor Stinner.
bpo-46542: Fix a Python crash in test_lib2to3 when using Python built in debug mode: limit the recursion limit. Patch by Victor Stinner.
bpo-46576: test_peg_generator now disables compiler optimization when testing compilation of its own C extensions to significantly speed up the testing on non-debug builds of CPython.
bpo-46542: Fix test_json tests checking for RecursionError: modify these tests to use support.infinite_recursion(). Patch by Victor Stinner.
bpo-13886: Skip test_builtin PTY tests on non-ASCII characters if the readline module is loaded. The readline module changes input() behavior, but test_builtin is not intented to test the readline module. Patch by Victor Stinner.
Build
bpo-47032: Ensure Windows install builds fail correctly with a non-zero exit code when part of the build fails.
bpo-47024: Update OpenSSL to 1.1.1n for macOS installers and all Windows builds.
bpo-38472: Fix GCC detection in setup.py when cross-compiling. The C compiler is now run with LC_ALL=C. Previously, the detection failed with a German locale.
bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro and pyconfig.h no longer defines reserved symbol __CHAR_UNSIGNED__.
bpo-45925: Update Windows installer to use SQLite 3.37.2.
Windows
bpo-44549: Update bzip2 to 1.0.8 in Windows builds to mitigate CVE-2016-3189 and CVE-2019-12900
bpo-46948: Prevent CVE-2022-26488 by ensuring the Add to PATH option in the Windows installer uses the correct path when being repaired.
bpo-46638: Ensures registry virtualization is consistently disabled. For 3.10 and earlier, it remains enabled (some registry writes are protected), while for 3.11 and later it is disabled (registry modifications affect all applications).
macOS
bpo-45925: Update macOS installer to SQLite 3.37.2.
IDLE
bpo-46630: Make query dialogs on Windows start with a cursor in the entry box.
bpo-45296: Clarify close, quit, and exit in IDLE. In the File menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows). In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there are no other windows, this also exits IDLE.
bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch by Alex Waygood and Terry Jan Reedy.
C API
bpo-46433: The internal function _PyType_GetModuleByDef now correctly handles inheritance patterns involving static types.
bpo-14916: Fixed bug in the tokenizer that prevented PyRun_InteractiveOne from parsing from the provided FD.
Python 3.9.11 final
Core and Builtins
bpo-46852: Rename the private undocumented float.__set_format__() method to float.__setformat__() to fix a typo introduced in Python 3.7. The method is only used by test_float. Patch by Victor Stinner.
bpo-46794: Bump up the libexpat version into 2.4.6
bpo-46762: Fix an assert failure in debug builds when a ‘<’, ‘>’, or ‘=’ is the last character in an f-string that’s missing a closing right brace.
bpo-46732: Correct the docstring for the __bool__() method. Patch by Jelle Zijlstra.
bpo-40479: Add a missing call to va_end() in Modules/_hashopenssl.c.
bpo-46615: When iterating over sets internally in setobject.c, acquire strong references to the resulting items from the set. This prevents crashes in corner-cases of various set operations where the set gets mutated.
bpo-43721: Fix docstrings of getter, setter, and deleter to clarify that they create a new copy of the property.
bpo-46503: Fix an assert when parsing some invalid N escape sequences in f-strings.
bpo-46417: Fix a race condition on setting a type __bases__ attribute: the internal function add_subclass() now gets the PyTypeObject.tp_subclasses member after calling PyWeakref_NewRef() which can trigger a garbage collection which can indirectly modify PyTypeObject.tp_subclasses. Patch by Victor Stinner.
bpo-46383: Fix invalid signature of _zoneinfo’s module_free function to resolve a crash on wasm32-emscripten platform.
Library
bpo-43253: Fix a crash when closing transports where the underlying socket handle is already invalid on the Proactor event loop.
bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, including bugfix for EntryPoint.extras, which was returning match objects and not the extras strings.
bpo-46985: Upgrade pip wheel bundled with ensurepip (pip 22.0.4)
bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically determine size of signal handler stack size CPython allocates using getauxval(AT_MINSIGSTKSZ). This changes allows for Python extension’s request to Linux kernel to use AMX_TILE instruction set on Sapphire Rapids Xeon processor to succeed, unblocking use of the ISA in frameworks.
bpo-46955: Expose asyncio.base_events.Server as asyncio.Server. Patch by Stefan Zabka.
bpo-46932: Update bundled libexpat to 2.4.7
bpo-25707: Fixed a file leak in xml.etree.ElementTree.iterparse() when the iterator is not exhausted. Patch by Jacob Walls.
bpo-44886: Inherit asyncio proactor datagram transport from asyncio.DatagramTransport.
bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() for selector-based event loops. Patch by Thomas Grainger.
bpo-46811: Make test suite support Expat >=2.4.5
bpo-46252: Raise TypeError if ssl.SSLSocket is passed to transport-based APIs.
bpo-46784: Fix libexpat symbols collisions with user dynamically loaded or statically linked libexpat in embedded Python.
bpo-39327: shutil.rmtree() can now work with VirtualBox shared folders when running from the guest operating-system.
bpo-46756: Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which allowed to bypass authorization. For example, access to URI example.org/foobar was allowed if the user was authorized for URI example.org/foo.
bpo-45863: When the tarfile module creates a pax format archive, it will put an integer representation of timestamps in the ustar header (if possible) for the benefit of older unarchivers, in addition to the existing full-precision timestamps in the pax extended header.
bpo-46672: Fix NameError in asyncio.gather() when initial type check fails.
bpo-45948: Fixed a discrepancy in the C implementation of the xml.etree.ElementTree module. Now, instantiating an xml.etree.ElementTree.XMLParser with a target=None keyword provides a default xml.etree.ElementTree.TreeBuilder target as the Python implementation does.
bpo-46591: Make the IDLE doc URL on the About IDLE dialog clickable.
bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4
bpo-46487: Add the get_write_buffer_limits method to asyncio.transports.WriteTransport and to the SSL transport.
bpo-46539: In typing.get_type_hints(), support evaluating stringified ClassVar and Final annotations inside Annotated. Patch by Gregory Beauregard.
bpo-46491: Allow typing.Annotated to wrap typing.Final and typing.ClassVar. Patch by Gregory Beauregard.
bpo-46436: Fix command-line option -d/--directory in module http.server which is ignored when combined with command-line option --cgi. Patch by Géry Ogam.
bpo-41403: Make mock.patch() raise a TypeError with a relevant error message on invalid arg. Previously it allowed a cryptic AttributeError to escape.
bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid potential REDoS by limiting ambiguity in consecutive whitespace.
bpo-46469: asyncio generic classes now return types.GenericAlias in __class_getitem__ instead of the same class.
bpo-46434: pdb now gracefully handles help when __doc__ is missing, for example when run with pregenerated optimized .pyc files.
bpo-46333: The __eq__() and __hash__() methods of typing.ForwardRef now honor the module parameter of typing.ForwardRef. Forward references from different modules are now differentiated.
bpo-43118: Fix a bug in inspect.signature() that was causing it to fail on some subclasses of classes with a __text_signature__ referencing module globals. Patch by Weipeng Hong.
bpo-21987: Fix an issue with tarfile.TarFile.getmember() getting a directory name with a trailing slash.
bpo-20392: Fix inconsistency with uppercase file extensions in MimeTypes.guess_type(). Patch by Kumar Aditya.
bpo-46080: Fix exception in argparse help text generation if a argparse.BooleanOptionalAction argument’s default is argparse.SUPPRESS and it has help specified. Patch by Felix Fontein.
bpo-44439: Fix .write() method of a member file in ZipFile, when the input data is an object that supports the buffer protocol, the file length may be wrong.
bpo-45703: When a namespace package is imported before another module from the same namespace is created/installed in a different sys.path location while the program is running, calling the importlib.invalidate_caches() function will now also guarantee the new module is noticed.
bpo-24959: Fix bug where unittest sometimes drops frames from tracebacks of exceptions raised in tests.
Documentation
bpo-46463: Fixes escape4chm.py script used when building the CHM documentation file
Tests
bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is built with undefined behavior sanitizer (UBSAN): disable UBSAN on the faulthandler_sigfpe() function. Patch by Victor Stinner.
bpo-46708: Prevent default asyncio event loop policy modification warning after test_asyncio execution.
bpo-46616: Ensures test_importlib.test_windows cleans up registry keys after completion.
bpo-44359: test_ftplib now silently ignores socket errors to prevent logging unhandled threading exceptions. Patch by Victor Stinner.
bpo-46542: Fix a Python crash in test_lib2to3 when using Python built in debug mode: limit the recursion limit. Patch by Victor Stinner.
bpo-46576: test_peg_generator now disables compiler optimization when testing compilation of its own C extensions to significantly speed up the testing on non-debug builds of CPython.
bpo-46542: Fix test_json tests checking for RecursionError: modify these tests to use support.infinite_recursion(). Patch by Victor Stinner.
bpo-13886: Skip test_builtin PTY tests on non-ASCII characters if the readline module is loaded. The readline module changes input() behavior, but test_builtin is not intented to test the readline module. Patch by Victor Stinner.
Build
bpo-47024: Update OpenSSL to 1.1.1n for macOS installers and all Windows builds.
bpo-38472: Fix GCC detection in setup.py when cross-compiling. The C compiler is now run with LC_ALL=C. Previously, the detection failed with a German locale.
bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro and pyconfig.h no longer defines reserved symbol __CHAR_UNSIGNED__.
bpo-45925: Update Windows installer to use SQLite 3.37.2.
bpo-47032: Ensure Windows install builds fail correctly with a non-zero exit code when part of the build fails.
Windows
bpo-44549: Update bzip2 to 1.0.8 in Windows builds to mitigate CVE-2016-3189 and CVE-2019-12900
bpo-46948: Prevent CVE-2022-26488 by ensuring the Add to PATH option in the Windows installer uses the correct path when being repaired.
bpo-46638: Ensures registry virtualization is consistently disabled. For 3.10 and earlier, it remains enabled (some registry writes are protected), while for 3.11 and later it is disabled (registry modifications affect all applications).
macOS
bpo-45925: Update macOS installer to SQLite 3.37.2.
IDLE
bpo-46630: Make query dialogs on Windows start with a cursor in the entry box.
bpo-45296: Clarify close, quit, and exit in IDLE. In the File menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows). In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there are no other windows, this also exits IDLE.
bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch by Alex Waygood and Terry Jan Reedy.
Python 3.8.13 final
Core and Builtins
bpo-46794: Bump up the libexpat version into 2.4.6
Library
bpo-46985: Upgrade pip wheel bundled with ensurepip (pip 22.0.4)
bpo-46932: Update bundled libexpat to 2.4.7
bpo-46811: Make test suite support Expat >=2.4.5
bpo-46784: Fix libexpat symbols collisions with user dynamically loaded or statically linked libexpat in embedded Python.
bpo-46756: Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which allowed to bypass authorization. For example, access to URI example.org/foobar was allowed if the user was authorized for URI example.org/foo.
bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4
bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid potential REDoS by limiting ambiguity in consecutive whitespace.
bpo-44849: Fix the os.set_inheritable() function on FreeBSD 14 for file descriptor opened with the O_PATH flag: ignore the EBADF error on ioctl(), fallback on the fcntl() implementation. Patch by Victor Stinner.
Documentation
bpo-41028: Language and version switchers, previously maintained in every cpython branches, are now handled by docsbuild-script.
Tests
bpo-45195: Fix test_readline.test_nonascii(): sometimes, the newline character is not written at the end, so don’t expect it in the output. Patch by Victor Stinner.
bpo-44949: Fix auto history tests of test_readline: sometimes, the newline character is not written at the end, so don’t expect it in the output.
Build
bpo-47024: Update Windows builds and macOS installer build to use OpenSSL 1.1.1n.
bpo-45405: Prevent internal configure error when running configure with recent versions of clang. Patch by David Bohman.
bpo-45220: Avoid building with the Windows 11 SDK previews automatically. This may be overridden by setting the DefaultWindowsSDKVersion environment variable before building.
Windows
bpo-44549: Update bzip2 to 1.0.8 in Windows builds to mitigate CVE-2016-3189 and CVE-2019-12900
bpo-46948: Prevent CVE-2022-26488 by ensuring the Add to PATH option in the Windows installer uses the correct path when being repaired.
macOS
bpo-44828: Avoid tkinter file dialog failure on macOS 12 Monterey when using the Tk 8.6.11 provided by python.org macOS installers. Patch by Marc Culler of the Tk project.
Python 3.7.13 final
Library
bpo-46985: Upgrade pip wheel bundled with ensurepip (pip 22.0.4)
bpo-46932: Update bundled libexpat to 2.4.7
bpo-46811: Make test suite support Expat >=2.4.5
bpo-46784: Fix libexpat symbols collisions with user dynamically loaded or statically linked libexpat in embedded Python.
bpo-46756: Fix a bug in urllib.request.HTTPPasswordMgr.find_user_password() and urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() which allowed to bypass authorization. For example, access to URI example.org/foobar was allowed if the user was authorized for URI example.org/foo.
Build
bpo-47024: Update Windows builds and macOS installer build to use OpenSSL 1.1.1n.
bpo-45405: Prevent internal configure error when running configure with recent versions of clang. Patch by David Bohman.
Windows
bpo-44549: Update bzip2 to 1.0.8 in Windows builds to mitigate CVE-2016-3189 and CVE-2019-12900
bpo-46948: Prevent CVE-2022-26488 by ensuring the Add to PATH option in the Windows installer uses the correct path when being repaired.
Changes in the installed share/doc/acme/Changes.txt file but no dates are
mentioned.
There are now more assembly library files.
Original MASTER_SITE no longer available, so rely on a SourceForge snapshot
file.
Changes:
- Removed OpenSSL 1.0.2 support.
- TLS 1.3 is now the default for tls_version.
- Fixed support for Python 3.10 and higher.
- Kore ships with the ffdhe4096 DH parameters.
- Changed the routing configuration context.
- JSON API error handling functions no longer take a kore_json context as
parameter.
- Removed stale out-of-date examples.
- Changed the way the workers log to the parent process.
- Changed kore.domain() and kore.server() for Python API, name is now a
keyword, if omitted defaults to "default".
- Added new HTTP APIs for obtaining headers as native C types.
- http_state_create() no longer takes an onfree callback.
- Updated log levels in the ACME process.
- New logfile configuration option, allowing all Kore logs to go to the given
file instead of stdout.
- New kodev commands: cflags, ldflags and gen.
- New TLS_BACKEND option to compile without TLS.
- New privsep configuration context.
- New @kore.route("url", methods=[]) decorator in Python API.
- New http_response_json() API function.
- New http_response_close() API function.
- New kore_signal_trap() API function.
- New kore_worker_signal() API hook.
- New kore.connection.x509dict in Python API.
- New koreapp.workerstop, koreapp.workerstart hooks for Python.
- New kore.task_id() for Python, returning current coroutine ID.
- New kore.sigtrap() for Python, trapping a given signal.
- New kore.privsep() for Python, for setting up the new privsep
configuration.
- New curlopt keyword for kore.httpclient, allowing setting of specific curl
options directly into it.
- New TARGET_PLATFORM environment variable for cross building Linux.
- New on_body, on_headers and on_free route handlers.
- New kore_mem_zero() function.
- New http.protocol() for Python API.
- Removed run_as and root configuration options.
- Removed keymgr_runas and keymgr_root configuration options.
- Removed acme_runas and acme_root configuration options.
- Added ability for parent to send messages via the msg framework to workers.
- Added several new system calls to seccomp whitelist filters.
- Added support for overriding previously set headers with
http_response_header().
- Added support for 100 in http_response_* APIs.
- Added new "docker" deployment target for Python.
- Updated the pgsql code to understand PGRES_PIPELINE_SYNC and
PGRES_PIPELINE_ABORTED.
- Modified Kore child handling code to wait for processes in its worker
process group.
- And much more..
Bug fixes:
- All kore_pool elements are now always properly aligned on a boundary of 8.
- execve() now takes an environment pointer instead of NULL.
- Fixed a problem in kore.socket.recvfrom() Python API.
- Fixed several wrong log messages while parsing configuration.
- Fixed a bug in the kore_http client related to OPTIONS and DELETE methods.
- Fixed potential uninitialised parameter in accesslog.
- Fixed small bugs in several examples.
- Fix bug in several kore_json_create_*() API functions with regards to
variadic arguments.
- Fixed dependencies in the Kore Makefile.
- Fixed how Kore obtains paths to openssl on Mac platforms.
2021-07-15:
libdwarf, dwarfdump, etc all now use a semantic version
number rather than a date string. As of today the
current version is "0.1.1".
2021-02-15:
dwarfdump given -ku now prints brief lists counting
the uses of every TAG, ATtribute, and FORM,
a concise summary of the basic building blocks of DWARF.
2021-01-23:
dwarfdump now reports and checks-for-sensible-values
the expression block offsets that DW_OP_bra and
DW_OP_skip use. If an expression does not use either of
those operators dwarfdump does not report the individual DW_OP
expression offsets.
2020-12-23:
dwarfdump --print-macinfo now follows DW_MACRO_imports
and does several additional checks on .debug_macro section
data. --check-macros skips printing most entries but does
all that and reports even more about that section. Since
.debug_macro does not reproduce all macro operations in
the original source the MACRONOTEs printed are indications
of things to consider, not errors.
2020-11-21:
dwarfdump now prints DWARF expression operators each on
its own line. This makes viewing DWARF expressions much
nicer given the increased use of much longer expressions.
Those expression operators that reference DIES are now
followed, verified, and the target DW_TAG and DW_AT_name
are printed. A new dwarfdump.conf command 'option:' lets
one specify option: --format-expr-ops-joined in case you
want the old style DWARF expression operators-on-one-line.
Where the DWARF DIE children nest > nine-deep dwarfdump
switches from indentation by spaces to a nest-level number.
2020-09-08:
libdwarf/dwarfdump work well with DWARF4 and DWARF5,
including DWP files.
2020-07-08:
libdwarf now reads .debug_gnu_pubtypes & pubnames
(non-standard but gcc creates them in DWARF5) via a small
number of new functions and dwarfdump --print-debug-gnu
prints both sections. Verifying the .debug_info offsets
is not yet done.
2020-06-29:
Dwarfdump now dumps DWARF5 .debug_rnglists and
.debug_loclists. To handle DWARF5 there are a small
number of new functions. All existing functions are
still supported, but to read DWARF5 some small changes
are required. In libdwarf see libdwarf2.1.pdf and also
see libdwarf/ChangeLog for details.
2020-05-23:
dwarfdump now takes much less malloc() to work, as
measured by valgrind --tool=massif and massif-visualizer.
A dwarfdump run that did 2.2Gib of malloc/free before the
changes now does 1.4GiB.
2020-05-19:
libdwarf and dwarfdump now support DWARF5 .debug_rnglists.
The new interfaces are documented in libdwarf/libdwarf2.1.pdf.
The new option to dwarfdump is "--print-raw-rnglists".
2019-11-04:
The code (dwarfdump/libdwarf), regressiontests,
and readelfobj directories and all their tests
are known to work on Linux(Ubuntu on x86_64 and i686),
FreeBSD, MacOS Catalina (with Apple Command Line Tools),
and IBM s390 (Big Endian!) running Ubuntu Linux.
On Windows-MinGW the full regression tests
have not been tested, but 'make check' works
for dwarfdump/libdwarf (the current dwarfdump
make check actually does run dwarfdump and
checks that dwarfdump basically works).
2019-04-16:
Now a --disable-libelf configure/build of libdwarf/dwarfdump
can read elf, mach-o DSYM, and PE executable/dll object files.
Such a build will not need or use libelf or elf.h .
The dwarfdump options that display Elf section headers
or relocation record data are not available in a
--disable-libelf build.
Nor is dwarfdump's support of reading archive files
available in a --disable-libelf build.
This libdwarf detects corrupt Elf object files much sooner
than before, but does not explain what the corruption
really is. Use GNU readelf (or readelfobj, a project
on sourceforge) to get more detail about the problems found.
See https://www.prevanders.net/dwarf.html for the git clone
command for readelfobj.
With --disable-libelf the --enable-dwarfgen option
does not work: the dwarfgen build will fail.
2019-02-18:
For building on machines without a usable elf.h or libelf
but possibly with a libelf.h visible, --disable-libelf
ensures the build won't use libelf or elf.h anywhere.
-lz will be done if zlib.h is visible, independent of
libelf, libelf.h, and elf.h
2019-02-08:
If one has a standard Bourne shell (sh) available
(such as sh on MacOS and sh in MinGW on Windows)
one may be able to build libdwarf and dwarfdump natively
and they can read Mach-o dSYM and PE object files
to access DWARF information.
This has NOT been tested under MacOS, so will likely
fail on MacOS.
No elf.h, libelf.h or zlib.h should be present.
For example, the following
is known to work under MinGW and this general plan
applies to all builds including all builds with elf.h
and libelf:
mkdir test
cd test
#(copy the source tree into test, if from git
#the name of the top level will likely be 'code')
cd code
sh -x scripts/FIX-CONFIGURE-TIMES
cd ..
mkdir bld
cd bld
../code/configure (choose your preferred options here)
make
2019-01-15:
The pre-build dwarf_names.[hc] and the tag related
files are now part of the standard build so there is
no longer any two-stage aspect of the build.
The build simply compiles files in the distribution.
If you use git to access the source be sure to
sh scripts/FIX-CONFIGURE-TIMES
to adjust the file timestamps as having timestamps
in the right relationships is vital and git
does not maintain timestamps.
The script is always safe to run. It takes about 30 seconds.
2018-12-22:
The complicated process of building certain .c and .h
files has been relegated to the few people updating
files libdwarf/libdwarf.h.in, libdwarf/dwarf_errmsg_list.h,
dwarfdump/tag_attr_ext.list,dwarfdump/tag_attr.list,
dwarfdump/tag_tree_ext.list, and dwarfdump/tag_tree.list.
For everyone else the build is simply compiling
the .c and .h files in the distribution. Simpler.
sh scripts/buildstandardsource.sh
creates these files.
2018-10-22:
dwarfdump can now dump mach-o (MacOS) dSYM dwarf.
All the usual libdwarf interfaces work.
A new libdwarf initialization call dwarf_init_path()
may be convenient for you to use.
2018-08-05:
dwarfdump.conf is now installed by make install
in <install prefix>/shared/libdwarf/dwarfdump .
Any dwarfdump.conf or .dwarfdump.conf in your
$HOME directory will be found before the
one in shared. The file is only opened when
one wants a more accurate register naming in frame
reports (the default is just to name things r54
etc, choosing the right abi with -x abi=<something>
can be helpful at times).
2018-06-24:
The configure has been completely rewritten to follow
current standards and practices. For simple builds
the standard
./configure
make
works as always, but the generated libdwarf.a appears
in libdwarf/.libs/libdwarf.a , as does the shared object
if "./configure --enable-shared" is used.
To build dwarfgen one adds the configure option --enable-dwarfgen
instead of using 'make all'.
To build the example code one adds the configure option
--enable-dwarfexample instead of using 'make all'.
"mkdir /tmp/bld ; cd /tmp/bld ; <sourcebase>/configure"
continues to work, as does configure --host=<name> .
2018-06-14:
A small simplification of build options simplifies building
across different environments. If your environment needs
to use the non-standard elf_open() call instead of unix/linux open()
then do <path>/configure --enable-elf-open which sets
HAVE_ELF_OPEN in config.h.
2018-03-27:
All the DWARF5 FORMs appear to be dealt with.
It's now possible to cross-compile libdwarf and dwarfdump.
See the README.
2016-11-30:
An alternative build mechanism using cmake is now in the source tree.
The builds for product testing continue to be done using configure && make.
==============
Version 2.52.8
==============
Just a bug fix:
- #721 - Catch circular references when rendering patterns.
==============
Version 2.52.7
==============
Backport a fix for the regression that was introduced in the last
release:
- #851 - Output filled text as text for PDF; fixes regression due to
outputting all text as paths.
(This commit message belongs with the previous commit, which had the
wrong commit message due to ENOTENOUGHCOFFEE.)
Upstream changes are bugfixes and
Add support for MSC3202: sending one-time key counts and fallback
key usage states to Application Services. (#11617)
Improve the generated URL previews for some web pages. Contributed
by @AndrewRyanChama. (#11985)
Track cache invalidations in Prometheus metrics, as already happens
for cache eviction based on size or time. (#12000)
Implement experimental support for MSC3720 (account status
endpoints). (#12001, #12067)
Enable modules to set a custom display name when registering a
user. (#12009)
Advertise Matrix 1.1 and 1.2 support on
/_matrix/client/versions. (#12020, (#12022)
Support only the stable identifier for MSC3069's is_guest on
/_matrix/client/v3/account/whoami. (#12021)
Use room version 9 as the default room version (per
MSC3589). (#12058)
Add module callbacks to react to user deactivation status changes
(i.e. deactivations and reactivations) and profile updates. (#12062)
$NetBSD: MESSAGE,v 1.2 2021/04/15 15:54:00 jperkin Exp $
To generate a Synapse configuration, run:
cd ${SYNAPSE_DATA} &&
${PYTHONBIN} -m synapse.app.homeserver \
--server-name my.domain.name \
--config-path ${PKG_SYSCONFDIR}/homeserver.yaml \
--config-directory ${PKG_SYSCONFDIR} \
--generate-config \
--report-stats=no
If you want to use Synapse with SQLite3 on NetBSD, you need to add
PREFER_PKGSRC+= sqlite3 to mk.conf and rebuild databases/py-sqlite3.
===========================================================================
ugrep v3.7.6
New --min-count option, new --hexdump options to grep binary files and display binary matches in hexadecimal with n hex lines before and after the match with --hexdump=Cn, --hexdump=An for n lines after and --hexdump=Bn for n lines before. Omitting n defaults to the entire matching line. Option -X is equivalent to --hexdump=2C for 2 hex columns per line and entire matching line as context. Includes user experience improvements, such as additional --help information and --stats details. This incremental update skips sysfd files that are empty and not searchable (e.g. located in /proc and /sys). We also made ugrep faster overall with performance improvements. More coming soon!
Version 3.7.4 (released 2022-03-17)
** libgnutls: Added support for certificate compression as defined in RFC8879.
** certtool: Added option --compress-cert that allows user to specify compression
methods for certificate compression.
** libgnutls: GnuTLS can now be compiled with --enable-strict-x509 configure
option to enforce stricter certificate sanity checks that are compliant
with RFC5280.
** libgnutls: Removed IA5String type from DirectoryString within issuer
and subject name to make DirectoryString RFC5280 compliant.
** libgnutls: Added function to retrieve the name of current ciphersuite
from session.
** API and ABI modifications:
GNUTLS_COMP_BROTLI: New gnutls_compression_method_t enum member
GNUTLS_COMP_ZSTD: New gnutls_compression_method_t enum member
gnutls_compress_certificate_get_selected_method: Added
gnutls_compress_certificate_set_methods: Added
