ok?

Index: Makefile
===================================================================
RCS file: /cvs/ports/lang/python/3/Makefile,v
diff -u -p -r1.25 Makefile
--- Makefile    15 Apr 2026 15:57:02 -0000      1.25
+++ Makefile    2 Jul 2026 15:45:12 -0000
@@ -3,7 +3,7 @@
 # requirement of the PSF license, if it constitutes a change to
 # Python itself.
 
-FULL_VERSION =         3.13.13
+FULL_VERSION =         3.13.14
 SHARED_LIBS =          python3.13 0.0
 VERSION_SPEC =         >=3.13,<3.14
 PORTROACH =            limit:^3\.13
Index: distinfo
===================================================================
RCS file: /cvs/ports/lang/python/3/distinfo,v
diff -u -p -r1.11 distinfo
--- distinfo    14 Apr 2026 10:51:23 -0000      1.11
+++ distinfo    2 Jul 2026 15:45:12 -0000
@@ -1,2 +1,2 @@
-SHA256 (Python-3.13.13.tgz) = +c3nsOLsgWXXMm4qD1nqJobOnQxhfbuz1mp+VNMbdLk=
-SIZE (Python-3.13.13.tgz) = 29842908
+SHA256 (Python-3.13.14.tgz) = WuU1o2rw68pvyhduy4GX9ducHLjI8M0SzfF4cEbbH0E=
+SIZE (Python-3.13.14.tgz) = 29914816
Index: files/CHANGES.OpenBSD
===================================================================
RCS file: /cvs/ports/lang/python/3/files/CHANGES.OpenBSD,v
diff -u -p -r1.6 CHANGES.OpenBSD
--- files/CHANGES.OpenBSD       14 Apr 2026 10:51:23 -0000      1.6
+++ files/CHANGES.OpenBSD       2 Jul 2026 15:45:12 -0000
@@ -24,7 +24,5 @@ which results in loading an incorrect ve
 
 8.  Work around expat_config.h missing from base.
 
-9.  Cherry-pick fixes for CVE-2026-4519, CVE-2026-6100.
-
 These changes are available in the OpenBSD CVS repository
 <http://www.openbsd.org/anoncvs.html> in ports/lang/python/3.
Index: patches/patch-Lib_test_test_webbrowser_py
===================================================================
RCS file: patches/patch-Lib_test_test_webbrowser_py
diff -N patches/patch-Lib_test_test_webbrowser_py
--- patches/patch-Lib_test_test_webbrowser_py   14 Apr 2026 10:51:23 -0000      
1.1
+++ /dev/null   1 Jan 1970 00:00:00 -0000
@@ -1,26 +0,0 @@
-Fix fix for CVE 2026-4519
-
-A bypass in :mod:`webbrowser` allowed URLs prefixed with ``%action`` to pass
-the dash-prefix safety check.
-
-https://github.com/python/cpython/pull/148517
-
-Index: Lib/test/test_webbrowser.py
---- Lib/test/test_webbrowser.py.orig
-+++ Lib/test/test_webbrowser.py
-@@ -118,6 +118,15 @@ class ChromeCommandTest(CommandTestMixin, unittest.Tes
-                        arguments=[URL],
-                        kw=dict(new=999))
- 
-+    def test_reject_action_dash_prefixes(self):
-+        browser = self.browser_class(name=CMD_NAME)
-+        with self.assertRaises(ValueError):
-+            browser.open('%action--incognito')
-+        # new=1: action is "--new-window", so "%action" itself expands to
-+        # a dash-prefixed flag even with no dash in the original URL.
-+        with self.assertRaises(ValueError):
-+            browser.open('%action', new=1)
-+
- 
- class EdgeCommandTest(CommandTestMixin, unittest.TestCase):
- 
Index: patches/patch-Lib_webbrowser_py
===================================================================
RCS file: patches/patch-Lib_webbrowser_py
diff -N patches/patch-Lib_webbrowser_py
--- patches/patch-Lib_webbrowser_py     14 Apr 2026 10:51:23 -0000      1.1
+++ /dev/null   1 Jan 1970 00:00:00 -0000
@@ -1,28 +0,0 @@
-Fix fix for CVE 2026-4519
-
-A bypass in :mod:`webbrowser` allowed URLs prefixed with ``%action`` to pass
-the dash-prefix safety check.
-
-https://github.com/python/cpython/pull/148517
-Index: Lib/webbrowser.py
---- Lib/webbrowser.py.orig
-+++ Lib/webbrowser.py
-@@ -275,7 +275,6 @@ class UnixBrowser(BaseBrowser):
- 
-     def open(self, url, new=0, autoraise=True):
-         sys.audit("webbrowser.open", url)
--        self._check_url(url)
-         if new == 0:
-             action = self.remote_action
-         elif new == 1:
-@@ -289,7 +288,9 @@ class UnixBrowser(BaseBrowser):
-             raise Error("Bad 'new' parameter to open(); "
-                         f"expected 0, 1, or 2, got {new}")
- 
--        args = [arg.replace("%s", url).replace("%action", action)
-+        self._check_url(url.replace("%action", action))
-+
-+        args = [arg.replace("%action", action).replace("%s", url)
-                 for arg in self.remote_args]
-         args = [arg for arg in args if arg]
-         success = self._invoke(args, True, autoraise, url)
Index: patches/patch-Modules__bz2module_c
===================================================================
RCS file: patches/patch-Modules__bz2module_c
diff -N patches/patch-Modules__bz2module_c
--- patches/patch-Modules__bz2module_c  14 Apr 2026 10:51:23 -0000      1.1
+++ /dev/null   1 Jan 1970 00:00:00 -0000
@@ -1,21 +0,0 @@
-CVE-2026-6100:
-
-Fix a dangling input pointer in :class:`lzma.LZMADecompressor`,
-:class:`bz2.BZ2Decompressor`, and internal :class:`!zlib._ZlibDecompressor`
-when memory allocation fails with :exc:`MemoryError`, which could let a
-subsequent :meth:`!decompress` call read or write through a stale pointer to
-the already-released caller buffer.
-
-https://github.com/python/cpython/pull/148479
-
-Index: Modules/_bz2module.c
---- Modules/_bz2module.c.orig
-+++ Modules/_bz2module.c
-@@ -589,6 +589,7 @@ decompress(BZ2Decompressor *d, char *data, size_t len,
-     return result;
- 
- error:
-+    bzs->next_in = NULL;
-     Py_XDECREF(result);
-     return NULL;
- }
Index: patches/patch-Modules__lzmamodule_c
===================================================================
RCS file: patches/patch-Modules__lzmamodule_c
diff -N patches/patch-Modules__lzmamodule_c
--- patches/patch-Modules__lzmamodule_c 14 Apr 2026 10:51:23 -0000      1.1
+++ /dev/null   1 Jan 1970 00:00:00 -0000
@@ -1,21 +0,0 @@
-CVE-2026-6100:
-
-Fix a dangling input pointer in :class:`lzma.LZMADecompressor`,
-:class:`bz2.BZ2Decompressor`, and internal :class:`!zlib._ZlibDecompressor`
-when memory allocation fails with :exc:`MemoryError`, which could let a
-subsequent :meth:`!decompress` call read or write through a stale pointer to
-the already-released caller buffer.
-
-https://github.com/python/cpython/pull/148479
-
-Index: Modules/_lzmamodule.c
---- Modules/_lzmamodule.c.orig
-+++ Modules/_lzmamodule.c
-@@ -1112,6 +1112,7 @@ decompress(Decompressor *d, uint8_t *data, size_t len,
-     return result;
- 
- error:
-+    lzs->next_in = NULL;
-     Py_XDECREF(result);
-     return NULL;
- }
Index: patches/patch-Modules_zlibmodule_c
===================================================================
RCS file: patches/patch-Modules_zlibmodule_c
diff -N patches/patch-Modules_zlibmodule_c
--- patches/patch-Modules_zlibmodule_c  14 Apr 2026 10:51:23 -0000      1.1
+++ /dev/null   1 Jan 1970 00:00:00 -0000
@@ -1,21 +0,0 @@
-CVE-2026-6100:
-
-Fix a dangling input pointer in :class:`lzma.LZMADecompressor`,
-:class:`bz2.BZ2Decompressor`, and internal :class:`!zlib._ZlibDecompressor`
-when memory allocation fails with :exc:`MemoryError`, which could let a
-subsequent :meth:`!decompress` call read or write through a stale pointer to
-the already-released caller buffer.
-
-https://github.com/python/cpython/pull/148479
-
-Index: Modules/zlibmodule.c
---- Modules/zlibmodule.c.orig
-+++ Modules/zlibmodule.c
-@@ -1675,6 +1675,7 @@ decompress(ZlibDecompressor *self, uint8_t *data,
-     return result;
- 
- error:
-+    self->zst.next_in = NULL;
-     Py_XDECREF(result);
-     return NULL;
- }
Index: patches/patch-configure_ac
===================================================================
RCS file: /cvs/ports/lang/python/3/patches/patch-configure_ac,v
diff -u -p -r1.5 patch-configure_ac
--- patches/patch-configure_ac  14 Apr 2026 10:51:23 -0000      1.5
+++ patches/patch-configure_ac  2 Jul 2026 15:45:12 -0000
@@ -49,7 +49,7 @@ Index: configure.ac
      # Any changes made here should be reflected in the GCC+Darwin case below
      PGO_PROF_GEN_FLAG="-fprofile-instr-generate"
      PGO_PROF_USE_FLAG="-fprofile-instr-use=\"\$(shell pwd)/code.profclangd\""
-@@ -4369,11 +4370,7 @@ dnl Detect Tcl/Tk. Use pkg-config if available.
+@@ -4391,11 +4392,7 @@ dnl Detect Tcl/Tk. Use pkg-config if available.
  dnl
  found_tcltk=no
  for _QUERY in \
Index: pkg/PLIST-main
===================================================================
RCS file: /cvs/ports/lang/python/3/pkg/PLIST-main,v
diff -u -p -r1.17 PLIST-main
--- pkg/PLIST-main      14 Apr 2026 10:51:23 -0000      1.17
+++ pkg/PLIST-main      2 Jul 2026 15:45:12 -0000
@@ -1809,7 +1809,7 @@ lib/python3.13/ensurepip/__pycache__/_un
 lib/python3.13/ensurepip/__pycache__/_uninstall.cpython-313.opt-2.pyc
 lib/python3.13/ensurepip/__pycache__/_uninstall.cpython-313.pyc
 lib/python3.13/ensurepip/_bundled/
-lib/python3.13/ensurepip/_bundled/pip-26.0.1-py3-none-any.whl
+lib/python3.13/ensurepip/_bundled/pip-26.1.2-py3-none-any.whl
 lib/python3.13/ensurepip/_uninstall.py
 lib/python3.13/enum.py
 lib/python3.13/filecmp.py
Index: pkg/PLIST-tests
===================================================================
RCS file: /cvs/ports/lang/python/3/pkg/PLIST-tests,v
diff -u -p -r1.12 PLIST-tests
--- pkg/PLIST-tests     14 Apr 2026 10:51:23 -0000      1.12
+++ pkg/PLIST-tests     2 Jul 2026 15:45:12 -0000
@@ -2284,6 +2284,9 @@ lib/python3.13/test/test_capi/__pycache_
 lib/python3.13/test/test_capi/__pycache__/test_watchers.cpython-313.opt-1.pyc
 lib/python3.13/test/test_capi/__pycache__/test_watchers.cpython-313.opt-2.pyc
 lib/python3.13/test/test_capi/__pycache__/test_watchers.cpython-313.pyc
+lib/python3.13/test/test_capi/__pycache__/test_weakref.cpython-313.opt-1.pyc
+lib/python3.13/test/test_capi/__pycache__/test_weakref.cpython-313.opt-2.pyc
+lib/python3.13/test/test_capi/__pycache__/test_weakref.cpython-313.pyc
 lib/python3.13/test/test_capi/check_config.py
 lib/python3.13/test/test_capi/test_abstract.py
 lib/python3.13/test/test_capi/test_bytearray.py
@@ -2316,6 +2319,7 @@ lib/python3.13/test/test_capi/test_time.
 lib/python3.13/test/test_capi/test_tuple.py
 lib/python3.13/test/test_capi/test_unicode.py
 lib/python3.13/test/test_capi/test_watchers.py
+lib/python3.13/test/test_capi/test_weakref.py
 lib/python3.13/test/test_cext/
 lib/python3.13/test/test_cext/__init__.py
 lib/python3.13/test/test_cext/__pycache__/
@@ -3797,6 +3801,7 @@ lib/python3.13/test/test_json/__pycache_
 lib/python3.13/test/test_json/__pycache__/test_unicode.cpython-313.opt-1.pyc
 lib/python3.13/test/test_json/__pycache__/test_unicode.cpython-313.opt-2.pyc
 lib/python3.13/test/test_json/__pycache__/test_unicode.cpython-313.pyc
+lib/python3.13/test/test_json/json_lines.jsonl
 lib/python3.13/test/test_json/test_decode.py
 lib/python3.13/test/test_json/test_default.py
 lib/python3.13/test/test_json/test_dump.py

Reply via email to