forked from pool/python311
- Update to 3.11.1:
- python -m http.server no longer allows terminal control
characters sent within a garbage request to be printed
to the stderr server lo This is done by changing the
http.server BaseHTTPRequestHandler .log_message method to
replace control characters with a \xHH hex escape before
printin
- Avoid publishing list of active per-interpreter audit hooks
via the gc module
- The IDNA codec decoder used on DNS hostnames by socket or
asyncio related name resolution functions no longer involves
a quadratic algorithm. This prevents a potential CPU denial
of service if an out-of-spec excessive length hostname
involving bidirectional characters were decoded. Some
protocols such as urllib http 3xx redirects potentially allow
for an attacker to supply such a name (CVE-2022-45061).
- Update bundled libexpat to 2.5.0
- Fix a shell code injection vulnerability in the
get-remote-certificate.py example script. The script no
longer uses a shell to run openssl commands. Issue reported
and initial fix by Caleb Shortt. Patch by Victor Stinner.
- Fix a crash when an object which does not have a dictionary
frees its instance values.
- Fix a bug in the tokenizer that could cause infinite
recursion when showing syntax warnings that happen in the
first line of the source. Patch by Pablo Galindo
- Fix an issue that could cause frames to be visible to Python
code as they are being torn down, possibly leading to memory
corruption or hard crashes of the interpreter.
- Fix a reference bug in _imp.create_builtin() after the
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=40
This commit is contained in:
Git OBS Bridge
@@ -67,7 +67,7 @@ Obsoletes: python39%{?1:-%{1}}
|
||||
%define tarversion %{version}
|
||||
%endif
|
||||
# We don't process beta signs well
|
||||
%define folderversion 3.11.0
|
||||
%define folderversion %{tarversion}
|
||||
%define tarname Python-%{tarversion}
|
||||
%define sitedir %{_libdir}/python%{python_version}
|
||||
# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149
|
||||
@@ -103,7 +103,7 @@ Obsoletes: python39%{?1:-%{1}}
|
||||
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
|
||||
%bcond_without profileopt
|
||||
Name: %{python_pkg_name}%{psuffix}
|
||||
Version: 3.11.0
|
||||
Version: 3.11.1
|
||||
Release: 0
|
||||
Summary: Python 3 Interpreter
|
||||
License: Python-2.0
|
||||
@@ -166,12 +166,6 @@ Patch35: fix_configure_rst.patch
|
||||
# PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253 mcepl@suse.com
|
||||
# Makes Python resilient to changes of API of libexpat
|
||||
Patch36: support-expat-CVE-2022-25236-patched.patch
|
||||
# PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch gh#python/cpython#98366 mcepl@suse.com
|
||||
# this patch makes things totally awesome
|
||||
Patch37: 98437-sphinx.locale._-as-gettext-in-pyspecific.patch
|
||||
# PATCH-FIX-UPSTREAM CVE-2022-45061-DoS-by-IDNA-decode.patch bsc#1205244 mcepl@suse.com
|
||||
# Avoid DoS by decoding IDNA for too long domain names
|
||||
Patch38: CVE-2022-45061-DoS-by-IDNA-decode.patch
|
||||
BuildRequires: autoconf-archive
|
||||
BuildRequires: automake
|
||||
BuildRequires: fdupes
|
||||
@@ -438,8 +432,6 @@ other applications.
|
||||
%endif
|
||||
%patch35 -p1
|
||||
%patch36 -p1
|
||||
%patch37 -p1
|
||||
%patch38 -p1
|
||||
|
||||
# drop Autoconf version requirement
|
||||
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
|
||||
|
||||
Reference in New Issue
Block a user