Date: Thu, 05 Feb 2026 00:26:55 +0000 From: Matthias Andree <mandree@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-branches@FreeBSD.org Subject: git: 68ea4f718786 - 2026Q1 - lang/python314: SECURITY update to v3.14.3 Message-ID: <6983e3cf.32842.238e8e3f@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch 2026Q1 has been updated by mandree: URL: https://cgit.FreeBSD.org/ports/commit/?id=68ea4f7187866c1bdfec041862d8e2c9b5e7181f commit 68ea4f7187866c1bdfec041862d8e2c9b5e7181f Author: Matthias Andree <mandree@FreeBSD.org> AuthorDate: 2026-02-04 23:52:01 +0000 Commit: Matthias Andree <mandree@FreeBSD.org> CommitDate: 2026-02-05 00:25:15 +0000 lang/python314: SECURITY update to v3.14.3 ChangeLog: https://docs.python.org/release/3.14.3/whatsnew/changelog.html MFH: 2026Q1 (immediately) Security fixes: * gh-144125: BytesGenerator will now refuse to serialize (write) headers that are unsafely folded or delimited; see verify_generated_headers. (Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650). * gh-143935: Fixed a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs. * gh-143925: Reject control characters in data: URL media types. * gh-143919: Reject control characters in http.cookies.Morsel fields and values. * gh-143916: Reject C0 control characters within wsgiref.headers.Headers fields, values, and parameters. Security: CVE-2026-0865 Security: CVE-2026-1299 Security: bfe9adc8-0224-11f1-8790-c5fb948922ad (cherry picked from commit ac8b1c3293727c806d352be64fd74b606f1e27b7) --- lang/python314/Makefile.version | 2 +- lang/python314/distinfo | 6 +++--- lang/python314/pkg-plist | 21 +++++++++++++++++++++ 3 files changed, 25 insertions(+), 4 deletions(-) diff --git a/lang/python314/Makefile.version b/lang/python314/Makefile.version index 195c6b219bb1..bd8623e62931 100644 --- a/lang/python314/Makefile.version +++ b/lang/python314/Makefile.version @@ -4,4 +4,4 @@ # 1. Update python documentation (lang/python-doc-*) # Run "make -C lang/python-doc-html makesum" # 2. Remove PORTREVISION in Makefile -PYTHON_DISTVERSION= 3.14.2 +PYTHON_DISTVERSION= 3.14.3 diff --git a/lang/python314/distinfo b/lang/python314/distinfo index d32c6d8fe382..a8bc1fff91f4 100644 --- a/lang/python314/distinfo +++ b/lang/python314/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1765225069 -SHA256 (python/Python-3.14.2.tar.xz) = ce543ab854bc256b61b71e9b27f831ffd1bfd60a479d639f8be7f9757cf573e9 -SIZE (python/Python-3.14.2.tar.xz) = 23566248 +TIMESTAMP = 1770247285 +SHA256 (python/Python-3.14.3.tar.xz) = a97d5549e9ad81fe17159ed02c68774ad5d266c72f8d9a0b5a9c371fe85d902b +SIZE (python/Python-3.14.3.tar.xz) = 23778568 diff --git a/lang/python314/pkg-plist b/lang/python314/pkg-plist index 90b1c0f9ea58..9eb131523957 100644 --- a/lang/python314/pkg-plist +++ b/lang/python314/pkg-plist @@ -2787,10 +2787,14 @@ lib/python%%XYDOT%%/pydoc_data/__init__.py lib/python%%XYDOT%%/pydoc_data/__pycache__/__init__.cpython-%%XY%%.opt-1.pyc lib/python%%XYDOT%%/pydoc_data/__pycache__/__init__.cpython-%%XY%%.opt-2.pyc lib/python%%XYDOT%%/pydoc_data/__pycache__/__init__.cpython-%%XY%%.pyc +lib/python%%XYDOT%%/pydoc_data/__pycache__/module_docs.cpython-%%XY%%.opt-1.pyc +lib/python%%XYDOT%%/pydoc_data/__pycache__/module_docs.cpython-%%XY%%.opt-2.pyc +lib/python%%XYDOT%%/pydoc_data/__pycache__/module_docs.cpython-%%XY%%.pyc lib/python%%XYDOT%%/pydoc_data/__pycache__/topics.cpython-%%XY%%.opt-1.pyc lib/python%%XYDOT%%/pydoc_data/__pycache__/topics.cpython-%%XY%%.opt-2.pyc lib/python%%XYDOT%%/pydoc_data/__pycache__/topics.cpython-%%XY%%.pyc lib/python%%XYDOT%%/pydoc_data/_pydoc.css +lib/python%%XYDOT%%/pydoc_data/module_docs.py lib/python%%XYDOT%%/pydoc_data/topics.py lib/python%%XYDOT%%/queue.py lib/python%%XYDOT%%/quopri.py @@ -2973,9 +2977,15 @@ lib/python%%XYDOT%%/test/__pycache__/mp_preload_flush.cpython-%%XY%%.pyc lib/python%%XYDOT%%/test/__pycache__/mp_preload_main.cpython-%%XY%%.opt-1.pyc lib/python%%XYDOT%%/test/__pycache__/mp_preload_main.cpython-%%XY%%.opt-2.pyc lib/python%%XYDOT%%/test/__pycache__/mp_preload_main.cpython-%%XY%%.pyc +lib/python%%XYDOT%%/test/__pycache__/mp_preload_sysargv.cpython-%%XY%%.opt-1.pyc +lib/python%%XYDOT%%/test/__pycache__/mp_preload_sysargv.cpython-%%XY%%.opt-2.pyc +lib/python%%XYDOT%%/test/__pycache__/mp_preload_sysargv.cpython-%%XY%%.pyc lib/python%%XYDOT%%/test/__pycache__/multibytecodec_support.cpython-%%XY%%.opt-1.pyc lib/python%%XYDOT%%/test/__pycache__/multibytecodec_support.cpython-%%XY%%.opt-2.pyc lib/python%%XYDOT%%/test/__pycache__/multibytecodec_support.cpython-%%XY%%.pyc +lib/python%%XYDOT%%/test/__pycache__/picklecommon.cpython-%%XY%%.opt-1.pyc +lib/python%%XYDOT%%/test/__pycache__/picklecommon.cpython-%%XY%%.opt-2.pyc +lib/python%%XYDOT%%/test/__pycache__/picklecommon.cpython-%%XY%%.pyc lib/python%%XYDOT%%/test/__pycache__/pickletester.cpython-%%XY%%.opt-1.pyc lib/python%%XYDOT%%/test/__pycache__/pickletester.cpython-%%XY%%.opt-2.pyc lib/python%%XYDOT%%/test/__pycache__/pickletester.cpython-%%XY%%.pyc @@ -4170,6 +4180,9 @@ lib/python%%XYDOT%%/test/__pycache__/test_xml_etree_c.cpython-%%XY%%.pyc lib/python%%XYDOT%%/test/__pycache__/test_xmlrpc.cpython-%%XY%%.opt-1.pyc lib/python%%XYDOT%%/test/__pycache__/test_xmlrpc.cpython-%%XY%%.opt-2.pyc lib/python%%XYDOT%%/test/__pycache__/test_xmlrpc.cpython-%%XY%%.pyc +lib/python%%XYDOT%%/test/__pycache__/test_xpickle.cpython-%%XY%%.opt-1.pyc +lib/python%%XYDOT%%/test/__pycache__/test_xpickle.cpython-%%XY%%.opt-2.pyc +lib/python%%XYDOT%%/test/__pycache__/test_xpickle.cpython-%%XY%%.pyc lib/python%%XYDOT%%/test/__pycache__/test_xxlimited.cpython-%%XY%%.opt-1.pyc lib/python%%XYDOT%%/test/__pycache__/test_xxlimited.cpython-%%XY%%.opt-2.pyc lib/python%%XYDOT%%/test/__pycache__/test_xxlimited.cpython-%%XY%%.pyc @@ -4209,6 +4222,9 @@ lib/python%%XYDOT%%/test/__pycache__/win_console_handler.cpython-%%XY%%.pyc lib/python%%XYDOT%%/test/__pycache__/xmltests.cpython-%%XY%%.opt-1.pyc lib/python%%XYDOT%%/test/__pycache__/xmltests.cpython-%%XY%%.opt-2.pyc lib/python%%XYDOT%%/test/__pycache__/xmltests.cpython-%%XY%%.pyc +lib/python%%XYDOT%%/test/__pycache__/xpickle_worker.cpython-%%XY%%.opt-1.pyc +lib/python%%XYDOT%%/test/__pycache__/xpickle_worker.cpython-%%XY%%.opt-2.pyc +lib/python%%XYDOT%%/test/__pycache__/xpickle_worker.cpython-%%XY%%.pyc lib/python%%XYDOT%%/test/_code_definitions.py lib/python%%XYDOT%%/test/_crossinterp_definitions.py lib/python%%XYDOT%%/test/_test_atexit.py @@ -4665,7 +4681,10 @@ lib/python%%XYDOT%%/test/mp_fork_bomb.py lib/python%%XYDOT%%/test/mp_preload.py lib/python%%XYDOT%%/test/mp_preload_flush.py lib/python%%XYDOT%%/test/mp_preload_main.py +lib/python%%XYDOT%%/test/mp_preload_sysargv.py lib/python%%XYDOT%%/test/multibytecodec_support.py +lib/python%%XYDOT%%/test/NormalizationTest-3.2.0.txt +lib/python%%XYDOT%%/test/picklecommon.py lib/python%%XYDOT%%/test/pickletester.py lib/python%%XYDOT%%/test/profilee.py lib/python%%XYDOT%%/test/pstats.pck @@ -7853,6 +7872,8 @@ lib/python%%XYDOT%%/test/xmltestdata/simple.xml lib/python%%XYDOT%%/test/xmltestdata/test.xml lib/python%%XYDOT%%/test/xmltestdata/test.xml.out lib/python%%XYDOT%%/test/xmltests.py +lib/python%%XYDOT%%/test/test_xpickle.py +lib/python%%XYDOT%%/test/xpickle_worker.py lib/python%%XYDOT%%/test/zipimport_data/sparse-zip64-c0-0x000000000.part lib/python%%XYDOT%%/test/zipimport_data/sparse-zip64-c0-0x100000000.part lib/python%%XYDOT%%/test/zipimport_data/sparse-zip64-c0-0x200000000.parthome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6983e3cf.32842.238e8e3f>