summaryrefslogtreecommitdiff
path: root/pkgs/development/interpreters/python
AgeCommit message (Collapse)Author
2023-01-01python3: allow enabling framework on darwinWeijia Wang
2022-12-29python3Packages.pythonImportsCheck: set $PYTHONPATHRobert Schütz
Don't rely on the installPhase doing so.
2022-12-25treewide: use splicing convenience functionsArtturin
2022-12-18Merge staging-next into staginggithub-actions[bot]
2022-12-18python27: use ffi/expat as system librariesThiago Kenji Okada
Without `--with-system-{ffi,expat}` flags, Python will use its own embedded libraries that are out-of-date. Thanks to it, they can be a security issue. So let's use our own libraries instead. This is already what Python 3.x does, so should be safe.
2022-12-17treewide: fix typosfigsoda
2022-12-17Merge staging-next into staginggithub-actions[bot]
2022-12-17Merge master into staging-nextgithub-actions[bot]
2022-12-15resholve: strip unused libraries from python27Thiago Kenji Okada
Strip unused libraries from resholve's own python27 derivation, further reducing its size and reducing its attack surface.
2022-12-13Merge staging-next into staginggithub-actions[bot]
2022-12-13Merge master into staging-nextgithub-actions[bot]
2022-12-13resholve: use stripped-down python27Thiago Kenji Okada
This PR strips down the modified `python27` derivation used by `resholve`. The idea is to reduce the possible security issues, and also to make it easier to bootstrap.
2022-12-12Merge staging-next into staginggithub-actions[bot]
2022-12-12python311: revert asyncio changes done in 3.11.1Vladimír Čunát
Almost same as in the parent commit.
2022-12-12python310: revert asyncio changes done in 3.10.9Vladimír Čunát
They brought significant regressions. Upstream is now discussing what to do, but we still want the security fixes from 3.10.9.
2022-12-10Merge pull request #175649 from Artturin/opt-in-structured-attrsRobert Hensing
stdenv: support opt-in __structuredAttrs
2022-12-09Merge branch 'staging-next' into stagingVladimír Čunát
2022-12-08treewide: fix some core package structuredAttrsArtturin
2022-12-08Merge pull request #204903 from mweinelt/cpython-changelogMartin Weinelt
2022-12-07Merge pull request #204902 from mweinelt/cpython-39-310-312Martin Weinelt
2022-12-07python310: 3.10.8 -> 3.10.9Martin Weinelt
https://docs.python.org/release/3.10.9/whatsnew/changelog.html https://pythoninsider.blogspot.com/2022/12/python-3111-3109-3916-3816-3716-and.html Fixes: CVE-2022-37454, CVE-2022-45061, CVE-2022-42919
2022-12-07python39: 3.9.15 -> 3.9.16Martin Weinelt
https://docs.python.org/release/3.9.16/whatsnew/changelog.html https://pythoninsider.blogspot.com/2022/12/python-3111-3109-3916-3816-3716-and.html Fixes: CVE-2022-37454, CVE-2022-42919, CVE-2022-45061, CVE-2015-20107
2022-12-07cpython: Update meta and add changelog urlMartin Weinelt
2022-12-07python312: 3.12.0a2 -> 3.12.0a3Martin Weinelt
https://docs.python.org/3.12/whatsnew/changelog.html#python-3-12-0-alpha3 https://pythoninsider.blogspot.com/2022/12/python-3111-3109-3916-3816-3716-and.html Fixes: CVE-2022-45061
2022-12-07python38: 3.11.0 -> 3.11.1Martin Weinelt
https://www.python.org/downloads/release/python-3111/ https://docs.python.org/release/3.11.1/whatsnew/changelog.html#python-3-11-1 https://pythoninsider.blogspot.com/2022/12/python-3111-3109-3916-3816-3716-and.html Fixes: CVE-2022-45061
2022-12-07python38: 3.8.15 -> 3.8.16Martin Weinelt
https://www.python.org/downloads/release/python-3816/ https://pythoninsider.blogspot.com/2022/12/python-3111-3109-3916-3816-3716-and.html Fixes: CVE-2022-37454, CVE-2022-45061, CVE-2015-20107
2022-12-07python37: 3.7.15 -> 3.7.16Martin Weinelt
https://www.python.org/downloads/release/python-3716/ https://pythoninsider.blogspot.com/2022/12/python-3111-3109-3916-3816-3716-and.html Fixes: CVE-2022-37454, CVE-2022-45061, CVE-2015-20107
2022-12-03Merge remote-tracking branch 'origin/staging-next' into stagingMartin Weinelt
2022-12-03Merge master into staging-nextgithub-actions[bot]
2022-12-02cpython: Restore libxcrypt CFLAGS and LIBS in configureFlagsMartin Weinelt
2022-12-02pypy2, pypy3: drop unused xlibsWrapperSergei Trofimovich
2022-12-02Merge pull request #203468 from mweinelt/python312Martin Weinelt
2022-12-01Merge staging-next into staginggithub-actions[bot]
2022-12-01Merge master into staging-nextgithub-actions[bot]
2022-12-01manylinux: use libxcrypt for libcrypt.so.1Martin Weinelt
2022-11-29python312: init at 3.12.0a2Martin Weinelt
https://blog.python.org/2022/10/python-3120-alpha-1-released.html https://blog.python.org/2022/11/python-3120-alpha-2-released.html
2022-11-29cpython: drop leftover 3.5/3.6 logic and patchesMartin Weinelt
2022-11-28python27: fix CVE-2021-3733Thiago Kenji Okada
2022-11-28python27: add thiagokokada as maintainerThiago Kenji Okada
2022-11-28python27: switch to ActiveState's fork for Python 2Thiago Kenji Okada
ActiveState is a company that is maintaining a fork of Python 2 to fixes its security issues. Their support is paid, however the code is open-source. See the details here: https://www.activestate.com/products/python/python-2-end-of-life-security-updates/ This enable us to drop a bunch of CVE's patches for Python 2.7 and also it should be easier to maintain, since we can just bump the version once ActiveState tags a new version.
2022-11-28Merge pull request #203362 from thiagokokada/add-patches-to-python27-cvesMartin Weinelt
2022-11-27python27: add patches for known security issuesThiago Kenji Okada
Add patches from Arch Linux package (that itself source its patches from Gentoo) to the following known security issues in Python 2.7: - CVE-2020-26116 - CVE-2020-27619 - CVE-2020-8492 This should cover all security issues currently listed in https://www.activestate.com/products/python/python-2-end-of-life-security-updates/.
2022-11-21python3: use openssl_legacyajs124
2022-11-21Revert "Revert "python3: pin to openssl_1_1""ajs124
This reverts commit 017fd895276dc0e45e9a596b1aa1ad199bfc7c4d.
2022-11-11Merge pull request #196906 from helsinki-systems/feat/less-openssl_1_1Lassulus
2022-11-06Merge pull request #195055 from Mic92/buildPythonPackageJörg Thalheim
buildPythonPackage: fix regression if no setuptools is used
2022-11-05Merge pull request #198672 from trofi/pythonFull-without-xlibsWrapperSergei Trofimovich
pythonFull: drop unused xlibsWrapper input
2022-11-01Merge pull request #198802 from delroth/relax-deps-hook-regexpPierre Bourdon
pythonRelaxDepsHook: improve Requires-Dist parsing
2022-10-31pythonRelaxDepsHook: improve Requires-Dist parsingPierre Bourdon
Prior to this commit, pythonRelaxDeps would only support removing version constraints from "Requires-Dist" lines formatted in a particular way ("foo (>= 1.2.3)"). This way is deprecated as per PyPA Core Metadata Specs v2.1 [1]: > Tools parsing the format should accept optional parentheses around > this, but tools generating it should not use parentheses. Additionally, a "Requires-Dist" dependency specification can contain other metadata than just package name and version (extra names, environment marker). These were being silently dropped by the prior version of pythonRelaxDeps, or the version could not be relaxed. The actual grammar is defined in PEP 508 [2]. Our tool of choice here is sed extended regexps, so there's only so much we can do to be correct with this parser. The regexp implemented in this commit makes an attempt at supporting [extra] names, ; env_markers, as well as version specs without parentheses. There are still unsupported features (URL specs) as well as unhandled edge cases, but at some point trying to make the regexp better is bound to awake ZALGO [3]. [1] https://packaging.python.org/en/latest/specifications/core-metadata/#requires-dist-multiple-use [2] https://peps.python.org/pep-0508/#grammar [3] https://stackoverflow.com/a/1732454/179806
2022-10-30pythonFull: drop unused xlibsWrapper inputSergei Trofimovich
Tested as no material change in `out` output with `diffoscope`.
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-26 07:36:14 +0000