Download raw body.
python 3.12.13 update
On 2026/03/16 23:23, Stuart Henderson wrote:
> This updates to February's release, and cherry-picks two recent CVE
> fixes (med/high). I expect another release will be on the way at some
> point but seems worth bringing them in already.
>
> Diff to follow for 7.8-stable.
There's no commit on the 3.12 branch for those CVEs yet; probably
doesn't need a lot of work but for now here's the 3.12.13 update with
the required bits to cope with our expat build.
Index: Makefile
===================================================================
RCS file: /cvs/ports/lang/python/3/Makefile,v
diff -u -p -r1.15 Makefile
--- Makefile 14 Jun 2025 20:08:20 -0000 1.15
+++ Makefile 16 Mar 2026 23:27:53 -0000
@@ -3,12 +3,15 @@
# requirement of the PSF license, if it constitutes a change to
# Python itself.
-FULL_VERSION = 3.12.11
+FULL_VERSION = 3.12.13
SHARED_LIBS = python3.12 0.0
VERSION_SPEC = >=3.12,<3.13
PORTROACH = limit:^3\.12
AUTOCONF_VERSION = 2.71
+
+# XXX - should come from expat_config.h, which isn't installed in base
+CFLAGS += -DXML_DTD -DXML_GE=1
CONFIGURE_ENV += ac_cv_working_openssl_hashlib=yes \
TCLTK_CFLAGS="-I${MODTCL_INCDIR} -I${MODTK_INCDIR} -I${X11BASE}/include" \
Index: distinfo
===================================================================
RCS file: /cvs/ports/lang/python/3/distinfo,v
diff -u -p -r1.6 distinfo
--- distinfo 14 Jun 2025 20:08:20 -0000 1.6
+++ distinfo 16 Mar 2026 23:27:53 -0000
@@ -1,2 +1,2 @@
-SHA256 (Python-3.12.11.tgz) = e41Zr4IWBE0jE96BIL/CzACpvS5ULxV5Xh1hbFH689Y=
-SIZE (Python-3.12.11.tgz) = 27126512
+SHA256 (Python-3.12.13.tgz) = CBbEdhyX7Ns/UKOSTeCpP9eMtj7o5sBCAd367cpQCws=
+SIZE (Python-3.12.13.tgz) = 27262093
Index: files/CHANGES.OpenBSD
===================================================================
RCS file: /cvs/ports/lang/python/3/files/CHANGES.OpenBSD,v
diff -u -p -r1.2 CHANGES.OpenBSD
--- files/CHANGES.OpenBSD 21 Dec 2024 11:32:44 -0000 1.2
+++ files/CHANGES.OpenBSD 16 Mar 2026 23:27:53 -0000
@@ -25,5 +25,7 @@ which results in loading an incorrect ve
8. Adjust #ifdef to use LibreSSL's version of X509_STORE_get1_objects().
+9. Work around expat_config.h missing from base.
+
These changes are available in the OpenBSD CVS repository
<http://www.openbsd.org/anoncvs.html> in ports/lang/python/3.
Index: patches/patch-Modules_pyexpat_c
===================================================================
RCS file: patches/patch-Modules_pyexpat_c
diff -N patches/patch-Modules_pyexpat_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-Modules_pyexpat_c 16 Mar 2026 23:27:53 -0000
@@ -0,0 +1,15 @@
+- remove #include "expat_config.h"; this (or an alternative, see
+textproc/xmlwf for another approach) needs to be kept unless expat
+in base starts providing this config header
+
+Index: Modules/pyexpat.c
+--- Modules/pyexpat.c.orig
++++ Modules/pyexpat.c
+@@ -8,7 +8,6 @@
+
+ #include <stdbool.h>
+ #include "structmember.h" // PyMemberDef
+-#include "expat_config.h"
+ #include "expat.h"
+
+ #include "pyexpat.h"
Index: pkg/PLIST-tests
===================================================================
RCS file: /cvs/ports/lang/python/3/pkg/PLIST-tests,v
diff -u -p -r1.8 PLIST-tests
--- pkg/PLIST-tests 15 Apr 2025 20:36:43 -0000 1.8
+++ pkg/PLIST-tests 16 Mar 2026 23:27:53 -0000
@@ -4820,7 +4820,7 @@ lib/python3.12/test/typinganndata/ann_mo
lib/python3.12/test/typinganndata/ann_module9.py
lib/python3.12/test/typinganndata/mod_generics_cache.py
lib/python3.12/test/wheeldata/
-lib/python3.12/test/wheeldata/setuptools-67.6.1-py3-none-any.whl
+lib/python3.12/test/wheeldata/setuptools-79.0.1-py3-none-any.whl
lib/python3.12/test/wheeldata/wheel-0.40.0-py3-none-any.whl
lib/python3.12/test/win_console_handler.py
lib/python3.12/test/xmltestdata/
python 3.12.13 update