- bpo#42938 (bsc#1181126): Avoid static buffers when computing
the repr of ctypes.c_double and ctypes.c_longdouble
values. This issue was assigned CVE-2021-3177.
- bpo#42967 (bso#1182379): Fix web cache poisoning
vulnerability by defaulting the query args separator to &,
and allowing the user to choose a custom separator. This
issue was assigned CVE-2021-23336.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=53
* remove importlib_resources and importlib-metadata
provides/obsoletes
* import importlib_resources is not the same as
import importlib.resources, same for metadata
* The backport packages from PyPI needed for older flavors are
specified as such for setuptools or in pyproject.toml. If a
package requires them they typically add them with a python
version qualifier and the packages have their own version
numbers.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=40
* Core and Builtins
- bpo-38156: Handle interrupts that come after EOF
correctly in PyOS_StdioReadline.
* Library
- bpo-41497: Fix potential UnicodeDecodeError in dis
module.
- bpo-41490: Update ensurepip to install pip 20.2.1 and
setuptools 49.2.1.
- bpo-41467: On Windows, fix asyncio recv_into() return
value when the socket/pipe is closed (BrokenPipeError):
return 0 rather than an empty byte string (b'').
- bpo-41425: Make tkinter doc example runnable.
- bpo-41384: Raise TclError instead of TypeError when an
unknown option is passed to tkinter.OptionMenu.
- bpo-38731: Fix NameError in command-line interface of
py_compile.
- bpo-41317: Use add_done_callback() in
asyncio.loop.sock_accept() to unsubscribe reader early on
cancellation.
- bpo-41364: Reduce import overhead of uuid.
- bpo-41341: Recursive evaluation of typing.ForwardRef in
get_type_hints.
- bpo-41182: selector: use DefaultSelector based upon
implementation
- bpo-40726: Handle cases where the end_lineno is None on
ast.increment_lineno().
* Documentation
- bpo-41045: Add documentation for debug feature of
f-strings.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=26
- Removed CVE-2019-20907_tarfile-inf-loop.patch: fixed in upstream
- Removed recursion.tar: contained in upstream
- Update to 3.9.0b5:
- bpo-41304: Fixes python3x._pth being ignored on Windows, caused
by the fix for bpo-29778 (CVE-2020-15801).
- bpo-41162: Audit hooks are now cleared later during
finalization to avoid missing events.
- bpo-29778: Ensure python3.dll is loaded from correct locations
when Python is embedded (CVE-2020-15523).
- bpo-39603: Prevent http header injection by rejecting control
characters in http.client.putrequest(…).
- bpo-41295: Resolve a regression in CPython 3.8.4 where defining
“__setattr__” in a multi-inheritance setup and
calling up the hierarchy chain could fail if builtins/extension
types were involved in the base types.
- bpo-41247: Always cache the running loop holder when running
asyncio.set_running_loop.
- bpo-41252: Fix incorrect refcounting in
_ssl.c’s _servername_callback().
- bpo-41215: Use non-NULL default values in the PEG parser
keyword list to overcome a bug that was '
preventing Python from being properly compiled when using the
XLC compiler. Patch by Pablo Galindo.
- bpo-41218: Python 3.8.3 had a regression where compiling with
ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would
aggressively mark list comprehension with CO_COROUTINE. Now only
list comprehension making use of async/await will tagged as so.
- bpo-41175: Guard against a NULL pointer dereference within
bytearrayobject triggered by the bytearray() + bytearray() operation.
- bpo-39960: The “hackcheck” that prevents sneaking around a type’s
__setattr__() by calling the superclass method was
rewritten to allow C implemented heap types.
- bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the
C implementation raises now UnpicklingError instead of crashing.
- bpo-39017: Avoid infinite loop when reading specially crafted
TAR files using the tarfile module (CVE-2019-20907, bsc#1174091).
- bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params().
- bpo-41207: In distutils.spawn, restore expectation that
DistutilsExecError is raised when the command is not found.
- bpo-39168: Remove the __new__ method of typing.Generic.
- bpo-41194: Fix a crash in the _ast module: it can no longer be
loaded more than once. It now uses a global state rather than a module state.
- bpo-39384: Fixed email.contentmanager to allow set_content() to set a
null string.
- bpo-41300: Save files with non-ascii chars.
Fix regression released in 3.9.0b4 and 3.8.4.
- bpo-37765: Add keywords to module name completion list.
Rewrite Completions section of IDLE doc.
- bpo-40170: Revert PyType_HasFeature() change: it reads
again directly the PyTypeObject.tp_flags
member when the limited C API is not used, rather than always calling
PyType_GetFlags() which hides implementation details.
OBS-URL: https://build.opensuse.org/request/show/822056
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=18
- Remove upstreamed patches:
- F00102-lib64.patch
- SUSE-FEDORA-multilib.patch
- OBS_dev-shm.patch
- subprocess-raise-timeout.patch
- bpo36302-sort-module-sources.patch
- bpo40784-Fix-sqlite3-deterministic-test.patch
- Update pre_checkin.sh and regenerate
- Convert few dependencies to their pkgconfig counterparts
- Remove release requirement on libpython, it is not really needed
to be equal as the abi changes with versions
- Add provides python3-bla on all the subpkgs in case we are
primary provider of the functionality
- Remove unversioned files from devel subpkg too
- Remove main python3 files from -base based whether we are
primary interpreter or not
- Fix idle to be co-installable
- Add condition to be primary to provide/obsolete python3-*
- Fix doc to build in versioned folder so the pythons can be
installed next to each other
- Revert the full versioning of calls on the macros. These
are generic so they should really just call python3 X
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=3
