[pkgsrc/trunk]: pkgsrc/lang python37: updated to 3.7.11

[adam <adam%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/2f30234e1dc3
branches:  trunk
changeset: 455190:2f30234e1dc3
user:      adam <adam%pkgsrc.org@localhost>
date:      Tue Jun 29 12:39:10 2021 +0000

description:
python37: updated to 3.7.11

Python 3.7.11 final

Security

bpo-44022: mod:http.client now avoids infinitely reading potential HTTP headers after a 100 Continue status response from the server.
bpo-43882: The presence of newline or tab characters in parts of a URL could allow some forms of attacks.

Following the controlling specification for URLs defined by WHATWG urllib.parse() now removes ASCII newlines and tabs from URLs, preventing such attacks.
bpo-42988: CVE-2021-3426: Remove the getfile feature of the pydoc module which could be abused to read arbitrary files on the disk (directory traversal vulnerability). Moreover, even source code of 
Python modules can contain sensitive data like passwords. Vulnerability reported by David Schwörer.
bpo-43285: ftplib no longer trusts the IP address value returned from the server in response to the PASV command by default. This prevents a malicious FTP server from using the response to probe IPv4 
address and port combinations on the client network.

Code that requires the former vulnerable behavior may set a trust_server_pasv_ipv4_address attribute on their ftplib.FTP instances to True to re-enable it.
bpo-43075: Fix Regular Expression Denial of Service (ReDoS) vulnerability in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows 
cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server.

Core and Builtins

bpo-43660: Fix crash that happens when replacing sys.stderr with a callable that can remove the object while an exception is being printed. Patch by Pablo Galindo.

Tests

bpo-41561: Add workaround for Ubuntu’s custom OpenSSL security level policy.

diffstat:

 lang/py37-html-docs/Makefile |   4 ++--
 lang/py37-html-docs/distinfo |  10 +++++-----
 lang/python37/dist.mk        |   4 ++--
 lang/python37/distinfo       |  10 +++++-----
 4 files changed, 14 insertions(+), 14 deletions(-)

diffs (57 lines):

diff -r 3bbabef7d411 -r 2f30234e1dc3 lang/py37-html-docs/Makefile
--- a/lang/py37-html-docs/Makefile      Tue Jun 29 12:37:47 2021 +0000
+++ b/lang/py37-html-docs/Makefile      Tue Jun 29 12:39:10 2021 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.11 2021/02/16 19:40:34 adam Exp $
+# $NetBSD: Makefile,v 1.12 2021/06/29 12:39:10 adam Exp $
 
-VERS=          3.7.10
+VERS=          3.7.11
 DISTNAME=      python-${VERS}-docs-html
 PKGNAME=       py37-html-docs-${VERS}
 CATEGORIES=    lang python
diff -r 3bbabef7d411 -r 2f30234e1dc3 lang/py37-html-docs/distinfo
--- a/lang/py37-html-docs/distinfo      Tue Jun 29 12:37:47 2021 +0000
+++ b/lang/py37-html-docs/distinfo      Tue Jun 29 12:39:10 2021 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.11 2021/02/16 19:40:34 adam Exp $
+$NetBSD: distinfo,v 1.12 2021/06/29 12:39:10 adam Exp $
 
-SHA1 (python-3.7.10-docs-html.tar.bz2) = f0fd74f55801dd8518ba61937eba795b9f54f17c
-RMD160 (python-3.7.10-docs-html.tar.bz2) = a68f6dcff3e9752fae41cfd32780574bf9e1e7aa
-SHA512 (python-3.7.10-docs-html.tar.bz2) = c303561ce3b758df1ee017ab8dad862adad116eedf1f2d0ed1180529e0af06526c9293810fe086f8223ec97b2c935cb08ca7e74bc20b9be93dc4e97909f5f561
-Size (python-3.7.10-docs-html.tar.bz2) = 6289108 bytes
+SHA1 (python-3.7.11-docs-html.tar.bz2) = 3d5898ea5d603ac4e689ddffe35820286e14e75f
+RMD160 (python-3.7.11-docs-html.tar.bz2) = c49b3b4f9e76c6f5b2a5a95638ec470bc06f2c1f
+SHA512 (python-3.7.11-docs-html.tar.bz2) = c2e354df460b20cbcf49cde56a93070033dc8364f6678bcab62ffd66dbe9803447d5169c033486331351c2cc1dc7140879297e0ad1ce35c6788c94ad3555b283
+Size (python-3.7.11-docs-html.tar.bz2) = 6294193 bytes
diff -r 3bbabef7d411 -r 2f30234e1dc3 lang/python37/dist.mk
--- a/lang/python37/dist.mk     Tue Jun 29 12:37:47 2021 +0000
+++ b/lang/python37/dist.mk     Tue Jun 29 12:39:10 2021 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: dist.mk,v 1.11 2021/02/16 19:40:33 adam Exp $
+# $NetBSD: dist.mk,v 1.12 2021/06/29 12:39:10 adam Exp $
 
-PY_DISTVERSION=        3.7.10
+PY_DISTVERSION=        3.7.11
 DISTNAME=      Python-${PY_DISTVERSION}
 EXTRACT_SUFX=  .tar.xz
 DISTINFO_FILE= ${.CURDIR}/../../lang/python37/distinfo
diff -r 3bbabef7d411 -r 2f30234e1dc3 lang/python37/distinfo
--- a/lang/python37/distinfo    Tue Jun 29 12:37:47 2021 +0000
+++ b/lang/python37/distinfo    Tue Jun 29 12:39:10 2021 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.25 2021/02/16 19:40:33 adam Exp $
+$NetBSD: distinfo,v 1.26 2021/06/29 12:39:10 adam Exp $
 
-SHA1 (Python-3.7.10.tar.xz) = 847305e6b25f83b80096314fdfdfa7a8cc07016e
-RMD160 (Python-3.7.10.tar.xz) = ae83786be55bf99889d9fe25826e7b4333dd8a52
-SHA512 (Python-3.7.10.tar.xz) = 5cb61739acbd29f526d25073443398b2ca0eef30d01d134e8236c8bbc7ab0586c44ec00689f5a75e6aedc0170acf4551721ada5e967e4b99a146cfcaad949128
-Size (Python-3.7.10.tar.xz) = 17392580 bytes
+SHA1 (Python-3.7.11.tar.xz) = 671e3fed4f3bb5a6663da0ae6691f0f8e9399427
+RMD160 (Python-3.7.11.tar.xz) = ceead7d7eae26ad67e88e8841d454cbd5b839590
+SHA512 (Python-3.7.11.tar.xz) = b8d8c6958444ee9bdd59f0804f7e61d9657c0805c7c58c3352d1c1efb33ba2be8d3485cd2656a2b2b99618a439879687a918f57dfdd125e989af637043600a59
+Size (Python-3.7.11.tar.xz) = 17393380 bytes
 SHA1 (patch-Lib___osx__support.py) = dbec9925c1a0b6b845101df9825af52d83317773
 SHA1 (patch-Lib_ctypes_____init____.py) = ded12eb372028288d85ba88b43e45549c6f48144
 SHA1 (patch-Lib_ctypes_macholib_dyld.py) = 267f0b39f116bc9df0b24c277b48ce59cfecd397