pool/python39
SHA256
8
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • c7dccba328 Accepting request 1297167 from devel:languages:python:Factory factory Dominique Leuenberger 2025-08-03 11:37:50 +00:00
  • 493db1096a Upstream patch depended unnecessarily on archiver_tests module, which is only in 3.11+ branches. devel Matej Cepl 2025-08-02 15:57:55 +00:00
  • a74f2b808f - Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now validates archives to ensure member offsets are non-negative (gh#python/cpython#130577, CVE-2025-8194, bsc#1247249). Matej Cepl 2025-08-01 20:25:20 +00:00
  • 1309e04380 Accepting request 1290034 from devel:languages:python:Factory Ana Guerrero 2025-07-03 10:10:51 +00:00
  • 9f343d4b19 - Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705). Matej Cepl 2025-07-02 16:10:52 +00:00
  • fb0f2c0f89 Accepting request 1288602 from devel:languages:python:Factory Ana Guerrero 2025-06-26 09:38:14 +00:00
  • fe8dd13261 Also addresses CVE-2025-4435 (gh#135034, bsc#1244061). Matej Cepl 2025-06-25 20:05:19 +00:00
  • c2915d540e Accepting request 1284262 from devel:languages:python:Factory Ana Guerrero 2025-06-10 10:24:42 +00:00
  • db68008d03 Fix sphinx patch Matej Cepl 2025-06-09 17:32:07 +00:00
  • 64818e1d6b - Update to 3.9.23: - Security - gh-135034: Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links. - Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138 (bsc#1244059), CVE-2025-4330 (bsc#1244060), and CVE-2025-4517 (bsc#1244032). - gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-“strict” error handler (CVE-2025-4516, bsc#1243273). - gh-128840: Short-circuit the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service. - gh-80222: Fix bug in the folding of quoted strings when flattening an email message using a modern email policy. Previously when a quoted string was folded so that it spanned more than one line, the surrounding quotes and internal escapes would be omitted. This could theoretically be used to spoof header lines using a carefully constructed quoted string if the resulting rendered email was transmitted or re-parsed. - Library - gh-128840: Fix parsing long IPv6 addresses with embedded IPv4 address. - gh-134062: ipaddress: fix collisions in __hash__() for IPv4Network and IPv6Network objects. - gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output according to RFC 3596, §2.5. Patch by Bénédikt Tran. - bpo-43633: Improve the textual representation of Matej Cepl 2025-06-09 16:29:52 +00:00
  • df6df60726 Accepting request 1281888 from devel:languages:python:Factory Ana Guerrero 2025-06-02 20:01:04 +00:00
  • 2a7083b52f - Add CVE-2025-4516-DecodeError-handler.patch fixing CVE-2025-4516 (bsc#1243273) blocking DecodeError handling vulnerability, which could lead to DoS. %%files. - Use python3 modules to build the documentation. * Support Expat >= 2.4.5 - allow build with Sphinx >= 3.x * remove importlib_resources and importlib-metadata - bpo-41304: Fixes python3x._pth being ignored on Windows, caused - bpo-29778: Ensure python3.dll is loaded from correct locations - bpo-39603: Prevent http header injection by rejecting control “__setattr__” in a multi-inheritance setup and - bpo-41247: Always cache the running loop holder when running - bpo-41252: Fix incorrect refcounting in - bpo-41215: Use non-NULL default values in the PEG parser - bpo-41218: Python 3.8.3 had a regression where compiling with ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would - bpo-41175: Guard against a NULL pointer dereference within - bpo-39960: The “hackcheck” that prevents sneaking around a type’s __setattr__() by calling the superclass method was - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the - bpo-39017: Avoid infinite loop when reading specially crafted - bpo-41207: In distutils.spawn, restore expectation that - bpo-41194: Fix a crash in the _ast module: it can no longer be - bpo-39384: Fixed email.contentmanager to allow set_content() to set a - bpo-41300: Save files with non-ascii chars. - bpo-37765: Add keywords to module name completion list. - bpo-40170: Revert PyType_HasFeature() change: it reads again directly the PyTypeObject.tp_flags member when the limited C API is not used, rather than always calling Matej Cepl 2025-05-30 16:01:02 +00:00
  • b3445ff772 Accepting request 1276660 from devel:languages:python:Factory Ana Guerrero 2025-05-12 14:50:25 +00:00
  • 16a3758f99 - Remove python-3.3.0b1-test-posix_fadvise.patch (not needed since kernel 3.6-rc1) Matej Cepl 2025-05-10 11:42:42 +00:00
  • 819fb77284 Accepting request 1269058 from devel:languages:python:Factory Ana Guerrero 2025-04-14 10:58:58 +00:00
  • 975044e74b update patches Matej Cepl 2025-04-11 07:57:50 +00:00
  • 303cf28c8d - Update to 3.9.22: - gh-131809: Update bundled libexpat to 2.7.1 - gh-131261: Upgrade to libexpat 2.7.0 - gh-105704: When using urllib.parse.urlsplit() and urllib.parse.urlparse() host parsing would not reject domain names containing square brackets ([ and ]). Square brackets are only valid for IPv6 and IPvFuture hosts according to RFC 3986 Section 3.2.2 (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704). - gh-121284: Fix bug in the folding of rfc2047 encoded-words when flattening an email message using a modern email policy. Previously when an encoded-word was too long for a line, it would be decoded, split across lines, and re-encoded. But commas and other special characters in the original text could be left unencoded and unquoted. This could theoretically be used to spoof header lines using a carefully constructed encoded-word if the resulting rendered email was transmitted or re-parsed. - gh-119511: Fix a potential denial of service in the imaplib module. When connecting to a malicious server, it could cause an arbitrary amount of memory to be allocated. On many systems this is harmless as unused virtual memory is only a mapping, but if this hit a virtual address size limit it could lead to a MemoryError or other process crash. On unusual systems or builds where all allocated memory is touched and backed by actual ram or storage it could’ve consumed resources doing so until similarly crashing. - gh-121277: Writers of CPython’s documentation can now use next as the version for the versionchanged, versionadded, deprecated directives. Matej Cepl 2025-04-09 20:09:20 +00:00
  • 6dcdf81612 Accepting request 1252712 from devel:languages:python:Factory Ana Guerrero 2025-03-13 14:07:39 +00:00
  • af4e895cc2 - Skip PGO with %want_reproducible_builds (bsc#1239210) Matej Cepl 2025-03-13 10:06:16 +00:00
  • 557343380e Accepting request 1244103 from devel:languages:python:Factory Ana Guerrero 2025-02-07 22:06:52 +00:00
  • 81e576898b - Add CVE-2025-0938-sq-brackets-domain-names.patch which disallows square brackets ([ and ]) in domain names for parsed URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704) Matej Cepl 2025-02-07 08:50:25 +00:00
  • f857ffb685 Accepting request 1228377 from devel:languages:python:Factory Ana Guerrero 2024-12-05 16:09:09 +00:00
  • b657f1bd02 Fix changelog Matej Cepl 2024-12-04 21:30:02 +00:00
  • 0e5b96eafc - Update to 3.9.21: - Tests - gh-125041: Re-enable skipped tests for zlib on the s390x architecture: only skip checks of the compressed bytes, which can be different between zlib’s software implementation and the hardware-accelerated implementation. - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a longer key: FIPS mode requires at least of at least 112 bits. The previous key was only 32 bits. Patch by Victor Stinner. - gh-100454: Fix SSL tests CI for OpenSSL 3.1+ - Security - gh-126623: Upgrade libexpat to 2.6.4 - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified. - Library - gh-124651: Properly quote template strings in venv activation scripts. - gh-103848: Add checks to ensure that [ bracketed ] hosts found by urllib.parse.urlsplit() are of IPv6 or IPvFuture format. - Documentation - gh-95588: Clarified the conflicting advice given in the ast documentation about ast.literal_eval() being “safe” for use on untrusted input while at the same time warning that it can crash the process. The latter statement is true and is deemed unfixable without a large amount of work unsuitable Matej Cepl 2024-12-04 19:54:44 +00:00
  • 935cc14ece Accepting request 1224263 from devel:languages:python:Factory Ana Guerrero 2024-11-15 14:42:40 +00:00
  • 77334d03b1 - Remove -IVendor/ from python-config boo#1231795 Matej Cepl 2024-11-14 16:27:13 +00:00
  • 3b3841013a - Add CVE-2024-11168-validation-IPv6-addrs.patch fixing bsc#1233307 (CVE-2024-11168, gh#python/cpython#103848): Improper validation of IPv6 and IPvFuture addresses. Matej Cepl 2024-11-13 14:54:20 +00:00
  • 090db10a8a Accepting request 1220114 from devel:languages:python:Factory Dominique Leuenberger 2024-11-01 22:03:28 +00:00
  • 28d2065b0f - Update CVE-2024-9287-venv_path_unquoted.patch according to the upstream PR gh#python/cpython!126301. Matej Cepl 2024-11-01 21:18:24 +00:00
  • 8b5e0d922c Update the patch Matej Cepl 2024-11-01 17:07:01 +00:00
  • 79cfd15358 Accepting request 1218097 from devel:languages:python:Factory Ana Guerrero 2024-10-25 17:19:37 +00:00
  • 087c362626 - Add CVE-2024-9287-venv_path_unquoted.patch to properly quote path names provided when creating a virtual environment (bsc#1232241, CVE-2024-9287) Matej Cepl 2024-10-24 17:06:14 +00:00
  • c05bd945fa Fix the changelog Matej Cepl 2024-10-03 15:06:05 +00:00
  • 88f27fa1de - Drop .pyc files from docdir for reproducible builds Matej Cepl 2024-10-02 16:24:07 +00:00
  • a3040dacb7 Accepting request 1204230 from devel:languages:python:Factory Ana Guerrero 2024-09-29 16:10:02 +00:00
  • 63de619ed6 No autopatch Matej Cepl 2024-09-20 16:44:09 +00:00
  • a456d9d1b0 - Add sphinx-802.patch to overcome working both with the most recent and older Sphinx versions. Matej Cepl 2024-09-20 15:25:39 +00:00
  • ff3037e669 Accepting request 1202002 from devel:languages:python:Factory Ana Guerrero 2024-09-19 19:17:16 +00:00
  • 7dad477866 Fix changelog Matej Cepl 2024-09-19 12:27:39 +00:00
  • 3fc2e6a2ef Fix changes Matej Cepl 2024-09-11 15:30:21 +00:00
  • a9055a2611 Accepting request 1199746 from devel:languages:python:Factory Ana Guerrero 2024-09-10 19:13:31 +00:00
  • ad933f5c9f - Update to 3.9.20: - Tests - gh-112769: The tests now correctly compare zlib version when :const:zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For example zlib-ng defines the version as `1.3.0.zlib-ng. - gh-117187: Fix XML tests for vanilla Expat <2.6.0. - Security - gh-123678: Upgrade libexpat to 2.6.3 - gh-121957: Fixed missing audit events around interactive use of Python, now also properly firing for python -i, as well as for python -m asyncio. The event in question is cpython.run_stdin. - gh-122133: Authenticate the socket connection for the socket.socketpair() fallback on platforms where AF_UNIX is not available like Windows. Patch by Gregory P. Smith <greg@krypto.org> and Seth Larson <seth@python.org>. Reported by Ellie <el@horse64.org> - gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX, and GNU sparse headers (bsc#1230227, CVE-2024-6232). - gh-118486: :func:os.mkdir on Windows now accepts *mode* of 0o700 to restrict the new directory to the current user. This fixes CVE-2024-4030 affecting :func:tempfile.mkdtemp in scenarios where the base temporary directory is more permissive than the default. - gh-114572: :meth:ssl.SSLContext.cert_store_stats and :meth:ssl.SSLContext.get_ca_certs now correctly lock access to the certificate store, when the :class:ssl.SSLContext` is shared across multiple threads (bsc#1226447, CVE-2024-0397). - gh-116741: Update bundled libexpat to 2.6.2 - Library - gh-123270: Applied a more surgical fix for malformed payloads in Matej Cepl 2024-09-09 20:10:25 +00:00
  • f39c6ce1fe Accepting request 1199546 from devel:languages:python:Factory Ana Guerrero 2024-09-09 12:44:59 +00:00
  • 1955425d20 - Add CVE-2024-6232-cookies-quad-complex.patch to avoid quadratic complexity in parsing "-quoted cookie values with backslashes (bsc#1229596, CVE-2024-6232). Matej Cepl 2024-09-05 13:45:40 +00:00
  • 52ba2746e2 Update patch Matej Cepl 2024-09-05 11:13:45 +00:00
  • 9196daa838 - Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with patched libexpat below 2.6.0 that doesn't update the version number, just in SLE. - Remove old-libexpat.patch, of course. Matej Cepl 2024-09-05 08:12:03 +00:00
  • ee4c161ee9 - Add gh120226-fix-sendfile-test-kernel-610.patch to avoid failing test_sendfile_close_peer_in_the_middle_of_receiving tests on Linux >= 6.10 (GH-120227). Matej Cepl 2024-09-02 12:36:06 +00:00
  • 51d667b29b Accepting request 1197416 from devel:languages:python:Factory Dominique Leuenberger 2024-08-29 13:44:17 +00:00
  • e7e6aae574 - Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent malformed payload to cause infinite loops in zipfile.Path (bsc#1229704, CVE-2024-8088). Matej Cepl 2024-08-28 20:33:16 +00:00
  • e4bde5df1c Accepting request 1192673 from devel:languages:python:Factory Dominique Leuenberger 2024-08-09 14:15:52 +00:00
  • 477d837ffc Fix the patch Matej Cepl 2024-08-08 17:05:11 +00:00
  • 0abadf881e Fix the patch Matej Cepl 2024-08-08 13:56:09 +00:00
  • 5c5b1d5bd8 - Add CVE-2024-6923-email-hdr-inject.patch to prevent email header injection due to unquoted newlines (bsc#1228780, CVE-2024-6923). - Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 adding reproducibility patches from gh#python/cpython!121872 and gh#python/cpython!121883. - Add CVE-2024-5642-OpenSSL-API-buf-overread-NPN.patch removing support for anything but OpenSSL 1.1.1 or newer (bsc#1227233, CVE-2024-5642). - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999) Matej Cepl 2024-08-07 20:58:51 +00:00
  • 402bcdd59b Accepting request 1190346 from devel:languages:python:Factory Dominique Leuenberger 2024-07-30 09:55:04 +00:00
  • 5e7bedbe7b - Remove %suse_update_desktop_file macro as it is not useful any more. Matej Cepl 2024-07-22 21:25:21 +00:00
  • a6bb102623 Accepting request 1189045 from devel:languages:python:Factory Ana Guerrero 2024-07-22 15:19:13 +00:00
  • 9ed46c99a2 - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). Matej Cepl 2024-07-15 12:17:08 +00:00
  • af01200932 Accepting request 1183504 from devel:languages:python:Factory Ana Guerrero 2024-06-27 14:04:00 +00:00
  • b08f4f5b35 - Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448 (CVE-2024-4032) rearranging definition of private v global IP addresses. Matej Cepl 2024-06-26 22:23:08 +00:00
  • 9dfd78f56c Accepting request 1182485 from devel:languages:python:Factory Ana Guerrero 2024-06-22 11:23:24 +00:00
  • b66ea2b702 - Add CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch fixing bsc#1226447 (CVE-2024-0397) by removing memory race condition in ssl.SSLContext certificate store methods. Matej Cepl 2024-06-21 09:45:51 +00:00
  • f364a35c85 Accepting request 1166527 from devel:languages:python:Factory Matej Cepl 2024-04-09 23:57:11 +00:00
  • db43d93a80 - (bsc#1222509) Remove *.exe and *.dll files from bundled wheels. Matej Cepl 2024-04-09 19:38:17 +00:00
  • 2ee23ed438 Accepting request 1161042 from devel:languages:python:Factory Ana Guerrero 2024-03-26 18:24:40 +00:00
  • f0704e96b5 - Add old-libexpat.patch making the test suite work with libexpat < 2.6.0 (gh#python/cpython#117187). Matej Cepl 2024-03-24 00:46:11 +00:00
  • 731de38310 Fix *.changes Matej Cepl 2024-03-22 09:05:09 +00:00
  • e6aa51477e - Update to 3.9.19: - Security - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods: xml.etree.ElementTree.XMLParser.flush() xml.etree.ElementTree.XMLPullParser.flush() xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() xml.sax.expatreader.ExpatParser.flush() - gh-115399: Update bundled libexpat to 2.6.0 - gh-113659: Skip .pth files with names starting with a dot or hidden file attribute. - Core and Builtins - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds - Library - gh-115197: urllib.request no longer resolves the hostname before checking it against the system’s proxy bypass list on macOS and Windows. - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0. - gh-81194: Fix a crash in socket.if_indextoname() with specific value (UINT_MAX). Fix an integer overflow in socket.if_indextoname() on 64-bit non-Windows platforms. - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now raises BadZipFile when try to read an entry that overlaps with other entry or central directory. - gh-107077: Seems that in some conditions, OpenSSL will return SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification verification has failed, but the error parameters will still contain ERR_LIB_SSL Matej Cepl 2024-03-21 20:28:22 +00:00
  • 103e541cc6 Accepting request 1157648 from devel:languages:python:Factory Ana Guerrero 2024-03-14 16:42:40 +00:00
  • 22ffaaf624 Accepting request 1155683 from home:pmonrealgonzalez:branches:devel:languages:python:Factory Matej Cepl 2024-03-06 21:50:52 +00:00
  • 289cc66e3c Accepting request 1153059 from devel:languages:python:Factory Dominique Leuenberger 2024-03-01 22:34:05 +00:00
  • 7ff141432c - Update SPEC file to build on SLE-15-SP5 (jsc#PED-7886). Matej Cepl 2024-02-28 22:56:56 +00:00
  • 15c8751a4b Accepting request 1152789 from devel:languages:python:Factory Ana Guerrero 2024-02-28 18:44:34 +00:00
  • 7c8ca681d6 - Remove double definition of /usr/bin/idle%%{version} in %%files. Matej Cepl 2024-02-20 22:17:10 +00:00
  • 6d21418eaf Accepting request 1146870 from devel:languages:python:Factory Ana Guerrero 2024-02-15 19:59:22 +00:00
  • 2c60467072 Accepting request 1146816 from home:dgarcia:branches:devel:languages:python:Factory Matej Cepl 2024-02-15 14:36:41 +00:00
  • 068535b602 - Refresh CVE-2023-27043-email-parsing-errors.patch to gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). - Thus we can remove Revert-gh105127-left-tests.patch, which is now useless. Matej Cepl 2024-02-12 13:14:48 +00:00
  • c154c39fde Accepting request 1119266 from devel:languages:python:Factory Ana Guerrero 2023-10-22 19:01:04 +00:00
  • 311f19ba89 - (bsc#1215454, gh-108310)Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith. - Update to 3.9.17 (bsc#1212015): * Support Expat >= 2.4.4 (jsc#SLE-21253, CVE-2022-25236) Matej Cepl 2023-10-13 16:13:04 +00:00
  • 9b86048150 Accepting request 1109203 from devel:languages:python:Factory Ana Guerrero 2023-09-10 11:09:09 +00:00
  • b8f8306bca - Update to 3.9.18 (bsc#1214692): - gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith. - gh-107845: tarfile.data_filter() now takes the location of symlinks into account when determining their target, so it will no longer reject some valid tarballs with LinkOutsideDestinationError. - gh-107565: Update multissltests and GitHub CI workflows to use OpenSSL 1.1.1v, 3.0.10, and 3.1.2. Daniel Garcia 2023-09-06 06:39:22 +00:00
  • 89466274a0 Accepting request 1102236 from devel:languages:python:Factory Dominique Leuenberger 2023-08-06 14:29:14 +00:00
  • 96f7ae7576 - IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) partially reverting CVE-2023-27043-email-parsing-errors.patch, because of the regression in gh#python/cpython#106669. - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API). (The patch is faulty, gh#python/cpython#106669, but upstream decided not to just revert it). Matej Cepl 2023-08-03 15:29:05 +00:00
  • fb0cb0d77e Accepting request 1101338 from devel:languages:python:Factory Yuchen Lin 2023-08-01 12:15:34 +00:00
  • dbd04e1e44 Fix patches Matej Cepl 2023-07-29 20:30:07 +00:00
  • c13a3979ae - Add bpo-37596-make-set-marshalling.patch making marshalling of set and frozenset deterministic (bsc#1211765). Matej Cepl 2023-07-29 20:19:21 +00:00
  • 0999da949b Accepting request 1100886 from devel:languages:python:Factory Ana Guerrero 2023-07-27 14:49:51 +00:00
  • b5917212a3 - Add gh-78214-marshal_stabilize_FLAG_REF.patch to marshal.c for stabilizing FLAG_REF usage (required for reproduceability; bsc#1213463). Matej Cepl 2023-07-26 14:05:15 +00:00
  • 9d7c3614b4 - Revert faulty fix for CVE-2023-27043 (gh#python/cpython#106669) Matej Cepl 2023-07-14 10:26:09 +00:00
  • 4182a08672 Accepting request 1098657 from devel:languages:python:Factory Matej Cepl 2023-07-14 10:24:55 +00:00
  • 745f5ba19c - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API). Matej Cepl 2023-07-11 07:36:50 +00:00
  • 22c0faa015 Accepting request 1096213 from devel:languages:python:Factory Dominique Leuenberger 2023-07-01 21:18:01 +00:00
  • 27cb2961b5 - Add downport-Sphinx-features.patch to make documentation buildable even on SLE-15. Matej Cepl 2023-06-30 21:00:48 +00:00
  • 69c4eef74b Accepting request 1096147 from devel:languages:python:Factory Matej Cepl 2023-06-30 13:47:16 +00:00
  • 0ed644a292 - Patch skip-test_pyobject_freed_is_freed.patch should be used for SLE-15-SP4 as well. Matej Cepl 2023-06-30 08:18:36 +00:00
  • 97bb975b72 Fix changes Matej Cepl 2023-06-28 20:06:49 +00:00
  • 6c43cd2475 - Update to 3.9.17: - gh-103142: The version of OpenSSL used in Windows and Mac installers has been upgraded to 1.1.1u to address CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 fixed previously in 1.1.1t (gh-101727). - gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329 (bsc#1208471). - gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified. - gh-104049: Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler. - gh-101283: subprocess.Popen now uses a safer approach to find cmd.exe when launching with shell=True. - gh-103935: trace.__main__ now uses io.open_code() for files to be executed instead of raw open(). - gh-102953: The extraction methods in tarfile, and shutil.unpack_archive(), have a new filter argument that allows limiting tar features than may be surprising or dangerous, such as creating files outside the destination directory. See Extraction filters for details (fixing CVE-2007-4559, bsc#1203750). - gh-102126: Fixed a deadlock at shutdown when clearing thread states if any finalizer tries to acquire the runtime head lock. - gh-100892: Fixed a crash due to a race while iterating over Matej Cepl 2023-06-28 19:17:56 +00:00
  • 5fc7c9de92 Do not use :type: option of :attribute: rST element. Matej Cepl 2023-06-05 15:08:18 +00:00
  • ac33b94579 Accepting request 1085861 from devel:languages:python:Factory Dominique Leuenberger 2023-06-03 22:12:18 +00:00
  • 5caf918e2d Updating link to change in openSUSE:Factory/python39 revision 45 OBS User buildservice-autocommit 2023-06-03 22:12:18 +00:00
  • 83790a812b Accepting request 1087859 from devel:languages:python:Factory Dominique Leuenberger 2023-05-21 17:07:58 +00:00