https://www.python.org/downloads/release/python-3107/

* gh-95778: Converting between int and str in bases other than 2
(binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10
(decimal) now raises a ValueError if the number of digits in string form
is above a limit to avoid potential denial of service attacks due to the
algorithmic complexity. This is a mitigation for CVE-2020-10735.

This new limit can be configured or disabled by environment variable,
command line flag, or sys APIs. See the integer string conversion length
limitation documentation. The default limit is 4300 digits in string
form.

Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with
feedback from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily,
and Mark Dickinson.

ok?

(Probably also should be backports to 7.1)

--Kurt

Index: Makefile
===================================================================
RCS file: /cvs/ports/lang/python/3.10/Makefile,v
retrieving revision 1.20
diff -u -p -r1.20 Makefile
--- Makefile    2 Sep 2022 16:53:49 -0000       1.20
+++ Makefile    7 Sep 2022 20:24:08 -0000
@@ -3,11 +3,9 @@
 # requirement of the PSF license, if it constitutes a change to
 # Python itself.
 
-FULL_VERSION =         3.10.6
+FULL_VERSION =         3.10.7
 SHARED_LIBS =          python3.10 0.0
 VERSION_SPEC =         >=3.10,<3.11
 PORTROACH =            limit:^3\.10
-
-REVISION =             1
 
 .include <bsd.port.mk>
Index: distinfo
===================================================================
RCS file: /cvs/ports/lang/python/3.10/distinfo,v
retrieving revision 1.5
diff -u -p -r1.5 distinfo
--- distinfo    11 Aug 2022 14:01:18 -0000      1.5
+++ distinfo    7 Sep 2022 20:24:08 -0000
@@ -1,2 +1,2 @@
-SHA256 (Python-3.10.6.tgz) = hIywalyqhdpcRb16kiG7gh4z/CvcugiMEnxY+tROY0M=
-SIZE (Python-3.10.6.tgz) = 25986768
+SHA256 (Python-3.10.7.tgz) = Gy5OLfaXxS02cxZml55ki+7aWUHQ+VdAqvv0Fj5cwSY=
+SIZE (Python-3.10.7.tgz) = 26006589
Index: pkg/PLIST-main
===================================================================
RCS file: /cvs/ports/lang/python/3.10/pkg/PLIST-main,v
retrieving revision 1.10
diff -u -p -r1.10 PLIST-main
--- pkg/PLIST-main      11 Aug 2022 14:01:18 -0000      1.10
+++ pkg/PLIST-main      7 Sep 2022 20:24:10 -0000
@@ -1848,7 +1848,7 @@ lib/python3.10/ensurepip/_bundled/__pyca
 lib/python3.10/ensurepip/_bundled/__pycache__/__init__.cpython-310.opt-1.pyc
 lib/python3.10/ensurepip/_bundled/__pycache__/__init__.cpython-310.opt-2.pyc
 lib/python3.10/ensurepip/_bundled/__pycache__/__init__.cpython-310.pyc
-lib/python3.10/ensurepip/_bundled/pip-22.2.1-py3-none-any.whl
+lib/python3.10/ensurepip/_bundled/pip-22.2.2-py3-none-any.whl
 lib/python3.10/ensurepip/_bundled/setuptools-63.2.0-py3-none-any.whl
 lib/python3.10/ensurepip/_uninstall.py
 lib/python3.10/enum.py
@@ -2562,15 +2562,15 @@ lib/python3.10/site-packages/_distutils_
 lib/python3.10/site-packages/_distutils_hack/override.py
 lib/python3.10/site-packages/distutils-precedence.pth
 lib/python3.10/site-packages/pip/
-lib/python3.10/site-packages/pip-22.2.1.dist-info/
-lib/python3.10/site-packages/pip-22.2.1.dist-info/INSTALLER
-lib/python3.10/site-packages/pip-22.2.1.dist-info/LICENSE.txt
-lib/python3.10/site-packages/pip-22.2.1.dist-info/METADATA
-lib/python3.10/site-packages/pip-22.2.1.dist-info/RECORD
-lib/python3.10/site-packages/pip-22.2.1.dist-info/REQUESTED
-lib/python3.10/site-packages/pip-22.2.1.dist-info/WHEEL
-lib/python3.10/site-packages/pip-22.2.1.dist-info/entry_points.txt
-lib/python3.10/site-packages/pip-22.2.1.dist-info/top_level.txt
+lib/python3.10/site-packages/pip-22.2.2.dist-info/
+lib/python3.10/site-packages/pip-22.2.2.dist-info/INSTALLER
+lib/python3.10/site-packages/pip-22.2.2.dist-info/LICENSE.txt
+lib/python3.10/site-packages/pip-22.2.2.dist-info/METADATA
+lib/python3.10/site-packages/pip-22.2.2.dist-info/RECORD
+lib/python3.10/site-packages/pip-22.2.2.dist-info/REQUESTED
+lib/python3.10/site-packages/pip-22.2.2.dist-info/WHEEL
+lib/python3.10/site-packages/pip-22.2.2.dist-info/entry_points.txt
+lib/python3.10/site-packages/pip-22.2.2.dist-info/top_level.txt
 lib/python3.10/site-packages/pip/__init__.py
 lib/python3.10/site-packages/pip/__main__.py
 lib/python3.10/site-packages/pip/__pip-runner__.py

Reply via email to