This includes a fix for the high severity issue (bpo-42938) and a few others.
* bpo-42967: Fix web cache poisoning vulnerability by defaulting the query args separator to &, and allowing the user to choose a custom separator. * bpo-42938: Avoid static buffers when computing the repr of ctypes.c_double and ctypes.c_longdouble values. * bpo-42103: Prevented potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. * bpo-42051: The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. This should not affect users as entity declarations are not used in regular plist files. * bpo-40791: Add volatile to the accumulator variable in hmac.compare_digest, making constant-time-defeating optimizations less likely. Full change log here: https://docs.python.org/release/3.7.10/whatsnew/changelog.html#changelog >From looking at the diff, it's exhaustive. Index: Makefile =================================================================== RCS file: /cvs/ports/lang/python/3.7/Attic/Makefile,v retrieving revision 1.19.2.1 diff -u -p -r1.19.2.1 Makefile --- Makefile 13 Oct 2020 12:42:22 -0000 1.19.2.1 +++ Makefile 16 Feb 2021 18:33:40 -0000 @@ -6,12 +6,9 @@ # Python itself. VERSION = 3.7 -PATCHLEVEL = .9 +PATCHLEVEL = .10 SHARED_LIBS = python3.7m 0.0 VERSION_SPEC = >=3.7,<3.8 - -REVISION-idle = 0 -REVISION-main = 0 CONFIGURE_ARGS += --with-ensurepip=no CONFIGURE_ARGS += --enable-loadable-sqlite-extensions Index: distinfo =================================================================== RCS file: /cvs/ports/lang/python/3.7/Attic/distinfo,v retrieving revision 1.7 diff -u -p -r1.7 distinfo --- distinfo 24 Aug 2020 15:00:29 -0000 1.7 +++ distinfo 16 Feb 2021 18:33:40 -0000 @@ -1,2 +1,2 @@ -SHA256 (Python-3.7.9.tgz) = ObAYvH2KFl5ZqoJ9muRcRZAXObC7sTch5Plz81IcFmo= -SIZE (Python-3.7.9.tgz) = 23277790 +SHA256 (Python-3.7.10.tgz) = yWSa2E3DpDTIY332ljEAsuVghpf5ulbYLjgJ5BSOCXU= +SIZE (Python-3.7.10.tgz) = 23281560 Index: patches/patch-Modules__hashopenssl_c =================================================================== RCS file: /cvs/ports/lang/python/3.7/patches/Attic/patch-Modules__hashopenssl_c,v retrieving revision 1.1 diff -u -p -r1.1 patch-Modules__hashopenssl_c --- patches/patch-Modules__hashopenssl_c 21 Apr 2019 09:33:32 -0000 1.1 +++ patches/patch-Modules__hashopenssl_c 16 Feb 2021 18:33:40 -0000 @@ -3,7 +3,7 @@ $OpenBSD: patch-Modules__hashopenssl_c,v Index: Modules/_hashopenssl.c --- Modules/_hashopenssl.c.orig +++ Modules/_hashopenssl.c -@@ -38,7 +38,8 @@ module _hashlib +@@ -42,7 +42,8 @@ module _hashlib #define HASH_OBJ_CONSTRUCTOR 0 #endif Index: patches/patch-Modules__ssl_c =================================================================== RCS file: /cvs/ports/lang/python/3.7/patches/Attic/patch-Modules__ssl_c,v retrieving revision 1.1 diff -u -p -r1.1 patch-Modules__ssl_c --- patches/patch-Modules__ssl_c 21 Apr 2019 09:33:32 -0000 1.1 +++ patches/patch-Modules__ssl_c 16 Feb 2021 18:33:40 -0000 @@ -6,7 +6,7 @@ exactly what python's lock protects Index: Modules/_ssl.c --- Modules/_ssl.c.orig +++ Modules/_ssl.c -@@ -135,7 +135,8 @@ static void _PySSLFixErrno(void) { +@@ -139,7 +139,8 @@ static void _PySSLFixErrno(void) { /* Include generated data (error codes) */ #include "_ssl_data.h" @@ -16,7 +16,7 @@ Index: Modules/_ssl.c # define OPENSSL_VERSION_1_1 1 # define PY_OPENSSL_1_1_API 1 #endif -@@ -196,6 +197,9 @@ static void _PySSLFixErrno(void) { +@@ -209,6 +210,9 @@ static void _PySSLFixErrno(void) { #if defined(OPENSSL_VERSION_1_1) && !defined(OPENSSL_NO_SSL2) #define OPENSSL_NO_SSL2 Index: patches/patch-configure_ac =================================================================== RCS file: /cvs/ports/lang/python/3.7/patches/Attic/patch-configure_ac,v retrieving revision 1.1 diff -u -p -r1.1 patch-configure_ac --- patches/patch-configure_ac 21 Apr 2019 09:33:32 -0000 1.1 +++ patches/patch-configure_ac 16 Feb 2021 18:33:40 -0000 @@ -15,7 +15,7 @@ Index: configure.ac # The later defininition of _XOPEN_SOURCE disables certain features # on Linux, so we need _GNU_SOURCE to re-enable them (makedev, tm_zone). -@@ -2789,18 +2789,7 @@ AC_CHECK_LIB(dl, dlopen) # Dynamic linking for SunOS/S +@@ -2792,18 +2792,7 @@ AC_CHECK_LIB(dl, dlopen) # Dynamic linking for SunOS/S AC_CHECK_LIB(dld, shl_load) # Dynamic linking for HP-UX # checks for uuid.h location Index: pkg/PLIST-main =================================================================== RCS file: /cvs/ports/lang/python/3.7/pkg/Attic/PLIST-main,v retrieving revision 1.15 diff -u -p -r1.15 PLIST-main --- pkg/PLIST-main 24 Aug 2020 15:00:29 -0000 1.15 +++ pkg/PLIST-main 16 Feb 2021 18:33:40 -0000 @@ -1983,9 +1983,9 @@ lib/python3.7/lib-dynload/ @so lib/python3.7/lib-dynload/zlib.so lib/python3.7/lib2to3/ lib/python3.7/lib2to3/Grammar.txt -lib/python3.7/lib2to3/Grammar3.7.9.final.0.pickle +lib/python3.7/lib2to3/Grammar3.7.10.final.0.pickle lib/python3.7/lib2to3/PatternGrammar.txt -lib/python3.7/lib2to3/PatternGrammar3.7.9.final.0.pickle +lib/python3.7/lib2to3/PatternGrammar3.7.10.final.0.pickle lib/python3.7/lib2to3/__init__.py lib/python3.7/lib2to3/__main__.py lib/python3.7/lib2to3/__pycache__/
