a390e3010f
Python 3.9.14 Security gh-95778: Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. This is a mitigation for CVE-2020-10735. This new limit can be configured or disabled by environment variable, command line flag, or sys APIs. See the integer string conversion length limitation documentation. The default limit is 4300 digits in string form. Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and Mark Dickinson. gh-87389: http.server: Fix an open redirection vulnerability in the HTTP server when an URI path starts with //. Vulnerability discovered, and initial fix proposed, by Hamza Avvan. Core and Builtins gh-93065: Fix contextvars HAMT implementation to handle iteration over deep trees. The bug was discovered and fixed by Eli Libman. See MagicStack/immutables#84 for more details. Library gh-94821: Fix binding of unix socket to empty address on Linux to use an available address from the abstract namespace, instead of “0”. gh-91810: Suppress writing an XML declaration in open files in ElementTree.write() with encoding='unicode' and xml_declaration=None. bpo-45393: Fix the formatting for await x and not x in the operator precedence table when using the help() system. bpo-46197: Fix ensurepip environment isolation for subprocess running pip. Tests gh-95280: Fix problem with test_ssl test_get_ciphers on systems that require perfect forward secrecy (PFS) ciphers. gh-94208: test_ssl is now checking for supported TLS version and protocols in more tests. bpo-47016: Create a GitHub Actions workflow for verifying bundled pip and setuptools. Patch by Illia Volochii and Adam Turner. |
||
|---|---|---|
| archivers | ||
| audio | ||
| benchmarks | ||
| biology | ||
| bootstrap | ||
| cad | ||
| chat | ||
| comms | ||
| converters | ||
| cross | ||
| databases | ||
| devel | ||
| distfiles | ||
| doc | ||
| editors | ||
| emulators | ||
| filesystems | ||
| finance | ||
| fonts | ||
| games | ||
| geography | ||
| graphics | ||
| ham | ||
| inputmethod | ||
| lang | ||
| licenses | ||
| math | ||
| mbone | ||
| meta-pkgs | ||
| misc | ||
| mk | ||
| multimedia | ||
| net | ||
| news | ||
| packages | ||
| parallel | ||
| pkgtools | ||
| regress | ||
| security | ||
| shells | ||
| sysutils | ||
| templates | ||
| textproc | ||
| time | ||
| wm | ||
| www | ||
| x11 | ||
| _NetBSD-pkgdb | ||
| Makefile | ||
| pkglocate | ||
| README.md | ||
pkgsrc
pkgsrc is a framework for building software for a variety of UNIX-like systems.
It produces binary packages, which can be managed with tools such as
pkgin. pkgsrc is highly configurable, supporting
building packages for an arbitrary installation prefix (the default is
/usr/pkg), allowing multiple branches to coexist on one machine, a
build options framework, and a compiler transformation framework, among
other advanced features. Unprivileged use and installation is also supported.
pkgsrc is the default package manager for NetBSD and SmartOS. It's also supported as a first-class option in OmniOS CE and Oasis Linux.
Bootstrapping
To use pkgsrc on operating systems other than NetBSD, you first need to bootstrap:
cd pkgsrc/bootstrap
./bootstrap
Note that this is only for the most simple case, using pkgsrc's defaults.
Please consult bootstrap/README and bootstrap/README.OS for detailed
information about bootstrapping.
Building packages
cd pkgsrc/category/package-name
$PREFIX/bin/bmake install
Where $PREFIX is where you've chosen to install packages
(typically /usr/pkg)
On NetBSD, bmake is simply the built-in make tool.
To build packages in bulk, tools such as pkgtools/pbulk and
pkgtools/pkg_comp can be used.
Community / Troubleshooting
- Join the community IRC channel #pkgsrc @ libera.chat.
- Join the community Matrix room #pkgsrc:nil.im
- Subscribe to the pkgsrc-users mailing list
- Send bugs and patches via web form (use the
pkgcategory).
Latest sources
To fetch the main CVS repository:
cvs -d anoncvs@anoncvs.NetBSD.org:/cvsroot checkout -P pkgsrc
To work in the Git mirror, which is updated every few hours from CVS:
git clone https://github.com/NetBSD/pkgsrc.git
Additional links
- pkgsrc guide - the authoritative document on pkgsrc, also available as
doc/pkgsrc.txt - pkgsrc in the NetBSD Wiki - miscellaneous articles and tutorials
- pkgsrc.se - a searchable web index of pkgsrc
- pkgsrc-wip - a project to get more people actively involved with creating packages for pkgsrc
- pkgsrc on Twitter - announcements to the world
- pkgsrcCon - we get together
- BulkTracker - a web application that tracks pkgsrc bulk builds