a9055a2611
- Update to 3.9.20: - Tests - gh-112769: The tests now correctly compare zlib version when :const:`zlib.ZLIB_RUNTIME_VERSION` contains non-integer suffixes. For example zlib-ng defines the version as ``1.3.0.zlib-ng``. - gh-117187: Fix XML tests for vanilla Expat <2.6.0. - Security - gh-123678: Upgrade libexpat to 2.6.3 - gh-121957: Fixed missing audit events around interactive use of Python, now also properly firing for ``python -i``, as well as for ``python -m asyncio``. The event in question is ``cpython.run_stdin``. - gh-122133: Authenticate the socket connection for the ``socket.socketpair()`` fallback on platforms where ``AF_UNIX`` is not available like Windows. Patch by Gregory P. Smith <greg@krypto.org> and Seth Larson <seth@python.org>. Reported by Ellie <el@horse64.org> - gh-121285: Remove backtracking from tarfile header parsing for ``hdrcharset``, PAX, and GNU sparse headers (bsc#1230227, CVE-2024-6232). - gh-118486: :func:`os.mkdir` on Windows now accepts *mode* of ``0o700`` to restrict the new directory to the current user. This fixes CVE-2024-4030 affecting :func:`tempfile.mkdtemp` in scenarios where the base temporary directory is more permissive than the default. - gh-114572: :meth:`ssl.SSLContext.cert_store_stats` and :meth:`ssl.SSLContext.get_ca_certs` now correctly lock access to the certificate store, when the :class:`ssl.SSLContext` is shared across multiple threads (bsc#1226447, CVE-2024-0397). - gh-116741: Update bundled libexpat to 2.6.2 - Library - gh-123270: Applied a more surgical fix for malformed payloads in :class:`zipfile.Path` causing infinite loops (gh-122905) without breaking contents using legitimate characters (bsc#1229704, CVE-2024-8088). - gh-123067: Fix quadratic complexity in parsing ``"``-quoted cookie values with backslashes by :mod:`http.cookies`. - gh-121650: :mod:`email` headers with embedded newlines are now quoted on output. The :mod:`~email.generator` will now refuse to serialize (write) headers that are unsafely folded or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`. (Contributed by Bas Bloemsaat and Petr Viktorin in :gh:`121650`; CVE-2024-6923, bsc#1228780). - gh-113171: Fixed various false positives and false negatives in * :attr:`ipaddress.IPv4Address.is_private` (see these docs for details) * :attr:`ipaddress.IPv4Address.is_global` * :attr:`ipaddress.IPv6Address.is_private` * :attr:`ipaddress.IPv6Address.is_global` Also in the corresponding :class:`ipaddress.IPv4Network` and :class:`ipaddress.IPv6Network` attributes Fixes bsc#1226448 (CVE-2024-4032). - gh-102988: :func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now return ``('', '')`` 2-tuples in more situations where invalid email addresses are encountered instead of potentially inaccurate values. Add optional *strict* parameter to these two functions: use ``strict=False`` to get the old behavior, accept malformed inputs. ``getattr(email.utils, 'supports_strict_parsing', False)`` can be use to check if the *strict* paramater is available. Patch by Thomas Dwyer and Victor Stinner to improve the CVE-2023-27043 fix (bsc#1210638). - gh-67693: Fix :func:`urllib.parse.urlunparse` and :func:`urllib.parse.urlunsplit` for URIs with path starting with multiple slashes and no authority. Based on patch by Ashwin Ramaswami. - Core and Builtins - gh-112275: A deadlock involving ``pystate.c``'s ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now fixed. Patch by ChuBoning based on previous Python 3.12 fix by Victor Stinner. - Remove upstreamed patches: - CVE-2023-27043-email-parsing-errors.patch - CVE-2024-6232-cookies-quad-complex.patch - CVE-2024-4032-private-IP-addrs.patch - CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch - CVE-2024-8088-inf-loop-zipfile_Path.patch - CVE-2024-6923-email-hdr-inject.patch OBS-URL: https://build.opensuse.org/request/show/1199746 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python39?expand=0&rev=64 |
||
---|---|---|
_multibuild | ||
.gitattributes | ||
.gitignore | ||
98437-sphinx.locale._-as-gettext-in-pyspecific.patch | ||
99366-patch.dict-can-decorate-async.patch | ||
baselibs.conf | ||
bluez-devel-vendor.tar.xz | ||
bpo-31046_ensurepip_honours_prefix.patch | ||
bpo-37596-make-set-marshalling.patch | ||
bso1227999-reproducible-builds.patch | ||
CVE-2023-52425-libexpat-2.6.0-backport.patch | ||
CVE-2024-5642-OpenSSL-API-buf-overread-NPN.patch | ||
decimal.patch | ||
distutils-reproducible-compile.patch | ||
downport-Sphinx-features.patch | ||
F00251-change-user-install-location.patch | ||
gh120226-fix-sendfile-test-kernel-610.patch | ||
gh-78214-marshal_stabilize_FLAG_REF.patch | ||
idle3.appdata.xml | ||
idle3.desktop | ||
import_failed.map | ||
import_failed.py | ||
macros.python3 | ||
no-skipif-doctests.patch | ||
PACKAGING-NOTES | ||
pre_checkin.sh | ||
python3-imp-returntype.patch | ||
python39.changes | ||
python39.spec | ||
python-3.3.0b1-fix_date_time_compiler.patch | ||
python-3.3.0b1-localpath.patch | ||
python-3.3.0b1-test-posix_fadvise.patch | ||
Python-3.9.20.tar.xz | ||
Python-3.9.20.tar.xz.asc | ||
python.keyring | ||
README.SUSE | ||
skip-test_pyobject_freed_is_freed.patch | ||
skipped_tests.py | ||
sphinx-update-removed-function.patch | ||
subprocess-raise-timeout.patch | ||
support-expat-CVE-2022-25236-patched.patch |
Python 3 in SUSE ============== * Subpackages * Python 3 is split into several subpackages, based on external dependencies. The main package 'python3' has soft dependencies on all subpackages needed to assemble the standard library; however, these might not all be installed by default. If you attempt to import a module that is currently not installed, an ImportError is thrown, with instructions to install the missing subpackage. Installing the subpackage might result in installing libraries that the subpackage requires to function. * ensurepip * The 'ensurepip' module from Python 3 standard library (PEP 453) is supposed to deploy a bundled copy of the pip installer. This makes no sense in a managed distribution like SUSE. Instead, you need to install package 'python3-pip'. Usually this will be installed automatically with 'python3'. Using 'ensurepip' when pip is not installed will result in an ImportError with instructions to install 'python3-pip'. * Documentation * You can find documentation in seprarate packages: python3-doc and python3-doc-pdf. These contan following documents: Tutorial, What's New in Python, Global Module Index, Library Reference, Macintosh Module Reference, Installing Python Modules, Distributing Python Modules, Language Reference, Extending and Embedding, Python/C API, Documenting Python The python3-doc package constains many text files from source tarball. * Interactive mode * Interactive mode is by default enhanced with of history and command completion. If you don't like these features, you can unset the PYTHONSTARTUP variable in your .profile or disable it system wide in /etc/profile.d/python.sh.