Commit Graph

4 Commits

Author SHA256 Message Date
7757e5a6dc - Update to 3.10.9:
- python -m http.server no longer allows terminal
    control characters sent within a garbage request to be
    printed to the stderr server lo This is done by changing
    the http.server BaseHTTPRequestHandler .log_message method
    to replace control characters with a \xHH hex escape before
    printin
  - Avoid publishing list of active per-interpreter
    audit hooks via the gc module
  - The IDNA codec decoder used on DNS hostnames by
    socket or asyncio related name resolution functions no
    longer involves a quadratic algorithm. This prevents a
    potential CPU denial of service if an out-of-spec excessive
    length hostname involving bidirectional characters were
    decoded. Some protocols such as urllib http 3xx redirects
    potentially allow for an attacker to supply such a name.
  - Update bundled libexpat to 2.5.0
  - Port XKCP’s fix for the buffer overflows in SHA-3
    (CVE-2022-37454).
  - On Linux the multiprocessing module returns
    to using filesystem backed unix domain sockets for
    communication with the forkserver process instead of the
    Linux abstract socket namespace. Only code that chooses
    to use the “forkserver” start method is affected Abstract
    sockets have no permissions and could allow any user
    on the system in the same network namespace (often the
    whole system) to inject code into the multiprocessing
    forkserver process. This was a potential privilege
    escalation. Filesystem based socket permissions restrict
    this to the forkserver process user as was the default in

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=68
2022-12-08 14:49:07 +00:00
a525b95311 - Reapply patches
-  bpo-31046_ensurepip_honours_prefix.patch
  -  fix_configure_rst.patch
  -  no-skipif-doctests.patch
  -  skip-test_pyobject_freed_is_freed.patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=50
2022-08-02 21:52:43 +00:00
83b3ac1d53 - Upgrade to 3.10.1:
- PEP 623 – Deprecate and prepare for the removal of the wstr
    member in PyUnicodeObject.
  - PEP 604 – Allow writing union types as X | Y
  - PEP 612 – Parameter Specification Variables
  - PEP 626 – Precise line numbers for debugging and other tools.
  - PEP 618 – Add Optional Length-Checking To zip.
  - bpo-12782: Parenthesized context managers are now officially
    allowed.
  - PEP 632 – Deprecate distutils module.
  - PEP 613 – Explicit Type Aliases
  - PEP 634 – Structural Pattern Matching: Specification
  - PEP 635 – Structural Pattern Matching: Motivation and
    Rationale
  - PEP 636 – Structural Pattern Matching: Tutorial
  - PEP 644 – Require OpenSSL 1.1.1 or newer
  - PEP 624 – Remove Py_UNICODE encoder APIs
  - PEP 597 – Add optional EncodingWarning
- Patches readjusted:
  - bpo-31046_ensurepip_honours_prefix.patch
  - python-3.3.0b1-fix_date_time_compiler.patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=27
2021-12-08 13:20:38 +00:00
db99c9d1b7 Accepting request 900325 from home:mcepl:work
Sending the project to the development project.

OBS-URL: https://build.opensuse.org/request/show/900325
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=1
2021-06-16 06:49:07 +00:00