- python -m http.server no longer allows terminal
control characters sent within a garbage request to be
printed to the stderr server lo This is done by changing
the http.server BaseHTTPRequestHandler .log_message method
to replace control characters with a \xHH hex escape before
printin
- Avoid publishing list of active per-interpreter
audit hooks via the gc module
- The IDNA codec decoder used on DNS hostnames by
socket or asyncio related name resolution functions no
longer involves a quadratic algorithm. This prevents a
potential CPU denial of service if an out-of-spec excessive
length hostname involving bidirectional characters were
decoded. Some protocols such as urllib http 3xx redirects
potentially allow for an attacker to supply such a name.
- Update bundled libexpat to 2.5.0
- Port XKCP’s fix for the buffer overflows in SHA-3
(CVE-2022-37454).
- On Linux the multiprocessing module returns
to using filesystem backed unix domain sockets for
communication with the forkserver process instead of the
Linux abstract socket namespace. Only code that chooses
to use the “forkserver” start method is affected Abstract
sockets have no permissions and could allow any user
on the system in the same network namespace (often the
whole system) to inject code into the multiprocessing
forkserver process. This was a potential privilege
escalation. Filesystem based socket permissions restrict
this to the forkserver process user as was the default in
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=68
- PEP 623 – Deprecate and prepare for the removal of the wstr
member in PyUnicodeObject.
- PEP 604 – Allow writing union types as X | Y
- PEP 612 – Parameter Specification Variables
- PEP 626 – Precise line numbers for debugging and other tools.
- PEP 618 – Add Optional Length-Checking To zip.
- bpo-12782: Parenthesized context managers are now officially
allowed.
- PEP 632 – Deprecate distutils module.
- PEP 613 – Explicit Type Aliases
- PEP 634 – Structural Pattern Matching: Specification
- PEP 635 – Structural Pattern Matching: Motivation and
Rationale
- PEP 636 – Structural Pattern Matching: Tutorial
- PEP 644 – Require OpenSSL 1.1.1 or newer
- PEP 624 – Remove Py_UNICODE encoder APIs
- PEP 597 – Add optional EncodingWarning
- Patches readjusted:
- bpo-31046_ensurepip_honours_prefix.patch
- python-3.3.0b1-fix_date_time_compiler.patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=27
