On Sun, 2021-05-02 at 23:17 +0300, Matti Picus wrote: > In order to fix some problems with the 7.3.4 release, I am releasing a > 7.3.5 bugfix. The rc1 candidates are available at > https://downloads.python.org/pypy/ and the checksums can be found in the > PR to pypy.org > https://608f07a183d23c00083f6115--keen-mestorf-442210.netlify.app/download_advanced.html#checksums > > > The changes are (as can be seen in the release note > https://doc.pypy.org/en/latest/release-v7.3.5.html): > > > - The new windows 64-bit builds improperly named c-extension modules > with the same extension as the 32-bit build (issue 3443) > > - A change to the python 3.7 sysconfig.get_config_var('LIBDIR') was > wrong, leading to problems finding libpypy3-c.so for embedded PyPy > (issue 3442). > > - Two upstream (CPython) security patches were applied: BPO 42988 to > remove pydoc.getfile and BPO 43285 to not trust the PASV response in ftplib. >
Hope it's not too late for a few more. I've been working on security backports today, and I have a few patches you could apply: For PyPy3.7: https://gitweb.gentoo.org/fork/cpython.git/commit/?h=gentoo-3.7.10_p3&id=f80b05c6d0dbad28453a824d10cc7a5336dd090f https://gitweb.gentoo.org/fork/cpython.git/commit/?h=gentoo-3.7.10_p3&id=7c53e5864fddc139a85a674583e0c6fb825b6378 https://gitweb.gentoo.org/fork/cpython.git/commit/?h=gentoo-3.7.10_p3&id=b84a761c292f6f04a1c238908c1ebc42af52fd53 (note that the last patch is actually a fixup to the previous one) For PyPy2.7: https://gitweb.gentoo.org/fork/cpython.git/commit/?h=gentoo-2.7-vanilla&id=f9e5d7ae605bd9739b1cf3423f03daa909ee4a0c https://gitweb.gentoo.org/fork/cpython.git/commit/?h=gentoo-2.7-vanilla&id=41823e6111ee1c9b4f114764548f4323ada85dd1 -- Best regards, Michał Górny _______________________________________________ pypy-dev mailing list pypy-dev@python.org https://mail.python.org/mailman/listinfo/pypy-dev
