- Fix for CVE-2020-10735 (bsc#1203125) Converting between int
and str in bases other than 2 (binary), 4, 8 (octal), 16
(hexadecimal), or 32 such as base 10 (decimal) now raises
a ValueError if the number of digits in string form is above
a limit to avoid potential denial of service attacks due to
the algorithmic complexity.
- Other bug fixes:
- Fixed a bug that caused _PyCode_GetExtra to return garbage
for negative indexes.
- Fix format string in _PyPegen_raise_error_known_location
that can lead to memory corruption on some 64bit systems.
The function was building a tuple with i (int) instead of
n (Py_ssize_t) for Py_ssize_t arguments.
- Fix misleading contents of error message when converting an
all-whitespace string to float.
- coroutine.throw() now properly initializes the frame.f_back
when resuming a stack of coroutines. This allows e.g.
traceback.print_stack() to work correctly when an exception
(such as CancelledError) is thrown into a coroutine.
- ast.parse() will no longer parse function definitions with
positional-only params when passed feature_version less
than (3, 8).
- Correct conversion of numbers.Rational’s to float.
- Fix a performance regression in logging
TimedRotatingFileHandler. Only check for special files when
the rollover time has passed.
- Fix unused localName parameter in the Attr class in
xml.dom.minidom.
- Update bundled pip to 22.2.2.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=56
%primary_interpreter.
- Switch primary_interpreter from python38 to python310 for
Factory (only)
- (bsc#1196784, CVE-2022-25236) Rename patch:
support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch
and update the patch to detect expat >= 2.4.4 instead of >= 2.4.5
as it was fully patched against CVE-2022-25236.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=41
