python-interpreters/python312
SHA256
6
0
Fork 0
forked from pool/python312
Code Pull Requests Activity

Commit Graph

  • 3ec5b189c8 Fix CVE-2025-13836, CVE-2025-12084, and CVE-2025-13837. factory Matěj Cepl 2025-12-18 16:07:31 +01:00
  • ffa140fab3 - Add pass-test_write_read_limited_history.patch: Matěj Cepl 2025-11-19 20:21:57 +01:00
  • 7ae3f5fa36 Mark the upgrade to 3.12.12 as fixing CVE-2025-8291, bsc#1251305. Matěj Cepl 2025-11-11 21:26:09 +01:00
  • 3c05b2426b Add CVE-2025-6075-expandvars-perf-degrad.patch avoid simple quadratic complexity vulnerabilities of os.path.expandvars() (CVE-2025-6075, bsc#1252974). Reapply patches: - bsc1243155-sphinx-non-determinism.patch - doc-py38-to-py36.patch - fix_configure_rst.patch Matěj Cepl 2025-11-15 19:02:49 +01:00
  • a6fa7f608e Mark the upgrade to 3.12.12 as fixing CVE-2025-8291, bsc#1251305. Matěj Cepl 2025-11-11 21:26:09 +01:00
  • 9c55c6b365 Accepting request 1311761 from devel:languages:python:Factory Ana Guerrero 2025-10-17 15:25:28 +00:00
  • 58bbae4bf2 - Update to 3.12.12: - Tools/Demos - gh-139330: SBOM generation tool didn’t cross-check the version and checksum values against the Modules/expat/refresh.sh script, leading to the values becoming out-of-date during routine updates. - Security - gh-139700: Check consistency of the zip64 end of central directory record. Support records with “zip64 extensible data” if there are no bytes prepended to the ZIP file. - gh-139400: xml.parsers.expat: Make sure that parent Expat parsers are only garbage-collected once they are no longer referenced by subparsers created by ExternalEntityParserCreate(). Patch by Sebastian Pipping. - gh-135661: Fix parsing start and end tags in html.parser.HTMLParser according to the HTML5 standard. * Whitespaces no longer accepted between </ and the tag name. E.g. </ script> does not end the script section. * Vertical tabulation (\v) and non-ASCII whitespaces no longer recognized as whitespaces. The only whitespaces are \t\n\r\f and space. * Null character (U+0000) no longer ends the tag name. * Attributes and slashes after the tag name in end tags are now ignored, instead of terminating after the first > in quoted attribute value. E.g. </script/foo=">"/>. * Multiple slashes and whitespaces between the last attribute and closing > are now ignored in both start and end tags. E.g. <a foo=bar/ //>. * Multiple = between attribute name and value are no longer collapsed. E.g. <a foo==bar> produces attribute “foo” with Matej Cepl 2025-10-16 16:28:40 +00:00
  • d950f101ab Accepting request 1308661 from devel:languages:python:Factory Ana Guerrero 2025-10-03 13:42:41 +00:00
  • 38b4255b86 Merge the cycle-killer as commited in py313 Matej Cepl 2025-10-01 15:12:45 +00:00
  • dcb53a5f06 - Add gh139257-Support-docutils-0.22.patch to fix build with latest docutils (>=0.22) gh#python/cpython#139257 Matej Cepl 2025-09-30 16:17:21 +00:00
  • 3fce62974a - Require AppStream to validate appdata file instead of deprecated appstream-glib. - Update idle3.appdata.xml to pass the more pedantic appstreamcli. Matej Cepl 2025-09-18 13:58:53 +00:00
  • dddd867cb3 Accepting request 1297127 from devel:languages:python:Factory Dominique Leuenberger 2025-08-04 13:22:21 +00:00
  • 1a38434b32 update the patch Matej Cepl 2025-08-01 20:21:08 +00:00
  • e5e0410f4d - Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now validates archives to ensure member offsets are non-negative (gh#python/cpython#130577, CVE-2025-8194, bsc#1247249). Matej Cepl 2025-08-01 20:16:22 +00:00
  • c6a57a8f86 Accepting request 1294513 from devel:languages:python:Factory Ana Guerrero 2025-07-20 13:28:50 +00:00
  • 3ef34dcb3f - Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705). Matej Cepl 2025-07-02 15:09:41 +00:00
  • 31e9631b68 - Add bsc1243155-sphinx-non-determinism.patch (bsc#1243155) to generate ids for audit_events using docname (reproducible builds). Matej Cepl 2025-07-02 14:13:10 +00:00
  • 02b2f50c41 Accepting request 1289840 from home:dgarcia:branches:devel:languages:python:Factory Matej Cepl 2025-07-02 14:06:15 +00:00
  • ca6722de84 Accepting request 1288598 from devel:languages:python:Factory Ana Guerrero 2025-06-26 09:38:04 +00:00
  • f9e1cf1836 extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links. CVE-2025-4517 (bsc#1244032). Also addresses CVE-2025-4435 (gh#135034, bsc#1244061). Matej Cepl 2025-06-25 19:47:39 +00:00
  • b96f7f884b Accepting request 1284283 from devel:languages:python:Factory Ana Guerrero 2025-06-11 14:20:11 +00:00
  • a91a0aca60 - Update to 3.12.11: - Security - gh-135034: Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links. Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138 (bsc#1244059), CVE-2025-4330 (bsc#1244060), and CVE-2025-4517 (bsc#1244032). - gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-“strict” error handler (CVE-2025-4516, bsc#1243273). - gh-128840: Short-circuit the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service. - Library - gh-128840: Fix parsing long IPv6 addresses with embedded IPv4 address. - gh-134062: ipaddress: fix collisions in __hash__() for IPv4Network and IPv6Network objects. - gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output according to RFC 3596, §2.5. Patch by Bénédikt Tran. - bpo-43633: Improve the textual representation of IPv4-mapped IPv6 addresses (RFC 4291 Sections 2.2, 2.5.5.2) in ipaddress. Patch by Oleksandr Pavliuk. - Remove upstreamed patches: - CVE-2025-4516-DecodeError-handler.patch - restrict PEP668 to ALP/Tumbleweed * Support Expat >= 2.4.5 - allow build with Sphinx >= 3.x * remove importlib_resources and importlib-metadata Matej Cepl 2025-06-09 21:22:35 +00:00
  • 8dd75ac7e9 Certainly correct patch Matej Cepl 2025-05-29 14:09:57 +00:00
  • 01d7c30105 fix the patch Matej Cepl 2025-05-27 19:36:16 +00:00
  • 3d0b1fd2f3 fix the patch Matej Cepl 2025-05-27 19:09:08 +00:00
  • 5ffcff295f fix the patch Matej Cepl 2025-05-27 18:45:33 +00:00
  • df350a3d04 fix the patch Matej Cepl 2025-05-27 15:29:36 +00:00
  • 62a8d14b2c Fix the patch Matej Cepl 2025-05-27 15:09:51 +00:00
  • 37c1d3d2e3 Fix patch Matej Cepl 2025-05-27 14:38:51 +00:00
  • 36a106a0a7 REmove A0 chars. Matej Cepl 2025-05-27 14:10:40 +00:00
  • 8b5d8bb101 Fix patch Matej Cepl 2025-05-27 13:52:03 +00:00
  • 1ee29c7d85 Accepting request 1279315 from devel:languages:python:Factory Ana Guerrero 2025-05-26 16:31:57 +00:00
  • a5b17ad854 update SPEC (add link to the source PR) Matej Cepl 2025-05-22 15:46:08 +00:00
  • 6441e5a86b Use patch from Fedora project Matej Cepl 2025-05-22 12:39:01 +00:00
  • af89117d93 Fix patch Matej Cepl 2025-05-19 14:39:54 +00:00
  • b179411cca Fix patch Matej Cepl 2025-05-19 06:20:12 +00:00
  • f1df581bc1 Fix patch Matej Cepl 2025-05-19 00:49:25 +00:00
  • e728127a90 Fix patch Matej Cepl 2025-05-18 23:08:41 +00:00
  • 2410e499d4 Fix patch Matej Cepl 2025-05-18 22:43:29 +00:00
  • 730e031b5a Fix patch Matej Cepl 2025-05-18 22:42:21 +00:00
  • 9b369ae708 Fix patch Matej Cepl 2025-05-18 22:25:16 +00:00
  • d915e370e5 Fix patch Matej Cepl 2025-05-18 21:56:25 +00:00
  • 3f073ea41b Fix patch Matej Cepl 2025-05-18 20:36:32 +00:00
  • d2c62b9b77 Fix patch Matej Cepl 2025-05-18 19:14:03 +00:00
  • 1929c41f46 Fix patch Matej Cepl 2025-05-18 18:22:15 +00:00
  • 8d147e1486 Fix patch Matej Cepl 2025-05-18 18:00:27 +00:00
  • 3bf1e1a8e7 Revert the patch Matej Cepl 2025-05-18 17:09:01 +00:00
  • 3a565bec26 Fix patch Matej Cepl 2025-05-18 06:12:44 +00:00
  • ea7b8271b0 Fix patch Matej Cepl 2025-05-17 21:41:53 +00:00
  • b814d70dca Fix patch Matej Cepl 2025-05-17 21:08:41 +00:00
  • 0a23865f82 Fix tests Matej Cepl 2025-05-17 17:39:47 +00:00
  • 4db7913729 Fix tests Matej Cepl 2025-05-17 15:45:24 +00:00
  • 07eef01e76 fix the patch Matej Cepl 2025-05-17 12:28:05 +00:00
  • bbb6498fe3 - Add CVE-2025-4516-DecodeError-handler.patch fixing CVE-2025-4516 (bsc#1243273) blocking DecodeError handling vulnerability, which could lead to DoS. Matej Cepl 2025-05-17 12:14:17 +00:00
  • 9bf13da52a Accepting request 1276663 from devel:languages:python:Factory Ana Guerrero 2025-05-13 18:11:47 +00:00
  • 2cb6f30213 - Remove python-3.3.0b1-test-posix_fadvise.patch (not needed since kernel 3.6-rc1) Matej Cepl 2025-05-10 11:43:23 +00:00
  • f894003382 Accepting request 1273530 from devel:languages:python:Factory Dominique Leuenberger 2025-05-01 13:22:28 +00:00
  • fa963a9d40 - Remove CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch as well. Matej Cepl 2025-04-29 21:23:32 +00:00
  • 1e0fc4ca6f - New libexpat doesn’t need expectedFailure, it doesn't fail any more. - doc-py38-to-py36.patch needs to substantially extended. Matej Cepl 2025-04-29 21:21:44 +00:00
  • c558688a19 Accepting request 1269059 from devel:languages:python:Factory Ana Guerrero 2025-04-18 14:14:39 +00:00
  • 584c05bad9 - Update to 3.12.10: - gh-131852: msgfmt no longer adds the POT-Creation-Date to generated .mo files for consistency with GNU msgfmt. - gh-85012: Correctly reset msgctxt when compiling messages in msgfmt. - gh-131050: test_ssl.test_dh_params is skipped if the underlying TLS library does not support finite-field ephemeral Diffie-Hellman. - gh-119727: Add --single-process command line option to Python test runner (regrtest). Patch by Victor Stinner. - gh-131809: Update bundled libexpat to 2.7.1 - gh-131261: Upgrade to libexpat 2.7.0 - gh-127371: Avoid unbounded buffering for tempfile.SpooledTemporaryFile.writelines(). Previously, disk spillover was only checked after the lines iterator had been exhausted. This is now done after each line is written. - gh-121284: Fix bug in the folding of rfc2047 encoded-words when flattening an email message using a modern email policy. Previously when an encoded-word was too long for a line, it would be decoded, split across lines, and re-encoded. But commas and other special characters in the original text could be left unencoded and unquoted. This could theoretically be used to spoof header lines using a carefully constructed encoded-word if the resulting rendered email was transmitted or re-parsed. - gh-116608: undeprecate functional API for importlib.resources - gh-132075: Fix possible use of socket address structures with uninitialized members. Now all structure members are initialized with zeroes by default. - gh-132002: Fix crash when deallocating contextvars.ContextVar Matej Cepl 2025-04-11 19:25:19 +00:00
  • b11adbdea3 Accepting request 1251951 from devel:languages:python:Factory Ana Guerrero 2025-03-11 19:42:20 +00:00
  • e82a230b70 Fix bug reference in the changelog Matej Cepl 2025-03-11 06:42:02 +00:00
  • e7906b91e2 - Skip PGO with %want_reproducible_builds (bsc#1239210). Matej Cepl 2025-03-11 06:14:39 +00:00
  • 07ecf72506 - Skip PGO with %want_reproducible_builds (boo#1040589) Matej Cepl 2025-03-10 19:53:26 +00:00
  • b45169abf8 Accepting request 1244005 from devel:languages:python:Factory Dominique Leuenberger 2025-02-09 18:58:58 +00:00
  • 32717178fc Update documentation patch. Matej Cepl 2025-02-06 18:39:10 +00:00
  • f7e695cbd6 Fix changelog Matej Cepl 2025-02-06 08:57:15 +00:00
  • 0496c93f4b Adjust patch Matej Cepl 2025-02-06 08:56:17 +00:00
  • 30f651fd15 Add missing Source: statement Matej Cepl 2025-02-06 08:48:44 +00:00
  • eacdd5e9b5 - Add CVE-2024-9287-venv_path_unquoted.patch to properly quote path names provided when creating a virtual environment (bsc#1232241, CVE-2024-9287) - Update doc-py38-to-py36.patch to include str.removeprefix replacement. Matej Cepl 2025-02-06 08:47:49 +00:00
  • bae099bfd7 Update patch Matej Cepl 2025-02-05 20:50:46 +00:00
  • c062335ad2 Fix the patch Matej Cepl 2025-02-05 16:21:38 +00:00
  • 4fcdd05e86 update Doc/conf.py Matej Cepl 2025-02-05 12:37:56 +00:00
  • 24c111965b - Update to 3.12.9: - Tests - gh-127906: Test the limited C API in test_cppext. Patch by Victor Stinner. - gh-127906: Backport test_cext from the main branch. Patch by Victor Stinner. - gh-127637: Add tests for the dis command-line interface. Patch by Bénédikt Tran. - Security - gh-105704: When using urllib.parse.urlsplit() and urllib.parse.urlparse() host parsing would not reject domain names containing square brackets ([ and ]). Square brackets are only valid for IPv6 and IPvFuture hosts according to RFC 3986 Section 3.2.2. (CVE-2025-0938, bsc#1236705) - gh-127655: Fixed the asyncio.selector_events._SelectorSocketTransport transport not pausing writes for the protocol when the buffer reaches the high water mark when using asyncio.WriteTransport.writelines() (CVE-2024-12254, bsc#1234290). - gh-126108: Fix a possible NULL pointer dereference in PySys_AddWarnOptionUnicode(). - gh-80222: Fix bug in the folding of quoted strings when flattening an email message using a modern email policy. Previously when a quoted string was folded so that it spanned more than one line, the surrounding quotes and internal escapes would be omitted. This could theoretically be used to spoof header lines using a carefully constructed quoted string if the resulting Matej Cepl 2025-02-05 11:02:29 +00:00
  • c4b3c6583b Accepting request 1241508 from devel:languages:python:Factory Ana Guerrero 2025-02-03 20:40:33 +00:00
  • d058a99b8a - Configure externally_managed with a bcond https://en.opensuse.org/openSUSE:Python:Externally_managed bsc#1228165 Matej Cepl 2025-01-30 17:34:53 +00:00
  • 9431cf257f Accepting request 1228975 from devel:languages:python:Factory Ana Guerrero 2024-12-13 21:33:05 +00:00
  • e85ec7c286 Fix documentation Matej Cepl 2024-12-06 22:39:25 +00:00
  • 652065b794 Fix SPEC Matej Cepl 2024-12-06 20:45:54 +00:00
  • a7439aaf5b - Add CVE-2024-12254-unbound-mem-buffering-SelectorSocketTransport.writelines.patch preventing exhaustion of memory (gh#python/cpython#127655, bsc#1234290, CVE-2024-12254). Matej Cepl 2024-12-06 20:41:43 +00:00
  • 694498a6a8 Update patches Matej Cepl 2024-12-05 21:49:05 +00:00
  • 8a08246ce9 Recalculate patches Matej Cepl 2024-12-04 22:03:33 +00:00
  • b9104c7cad - Update to 3.12.8: - Tools/Demos - gh-126807: Fix extraction warnings in pygettext.py caused by mistaking function definitions for function calls. - Tests - gh-126909: Fix test_os extended attribute tests to work on filesystems with 1 KiB xattr size limit. - gh-125041: Re-enable skipped tests for zlib on the s390x architecture: only skip checks of the compressed bytes, which can be different between zlib’s software implementation and the hardware-accelerated implementation. - gh-124295: Add translation tests to the argparse module. - Security - gh-126623: Upgrade libexpat to 2.6.4 - Library - gh-127303: Publicly expose EXACT_TOKEN_TYPES in token.__all__. - gh-123967: Fix faulthandler for trampoline frames. If the top-most frame is a trampoline frame, skip it. Patch by Victor Stinner. - gh-127182: Fix io.StringIO.__setstate__() crash, when None was passed as the first value. - gh-127217: Fix urllib.request.pathname2url() for paths starting with multiple slashes on Posix. - gh-127035: Fix shutil.which on Windows. Now it looks at direct match if and only if the command ends with a PATHEXT extension or X_OK is not in mode. Support extensionless files if “.” is in PATHEXT. Support PATHEXT extensions that end with a dot. - gh-127078: Fix issue where urllib.request.url2pathname() Matej Cepl 2024-12-04 21:53:57 +00:00
  • d5a3615b78 Accepting request 1227202 from devel:languages:python:Factory Ana Guerrero 2024-11-30 12:27:21 +00:00
  • 82050fef68 - Update doc-py38-to-py36.patch to include str.removeprefix replacement. Matej Cepl 2024-11-28 22:25:57 +00:00
  • 094ec27e0f Accepting request 1224261 from devel:languages:python:Factory Ana Guerrero 2024-11-15 14:37:41 +00:00
  • f07b688f29 - Remove -IVendor/ from python-config boo#1231795 Matej Cepl 2024-11-14 16:23:58 +00:00
  • 06a5cb31be Accepting request 1220158 from devel:languages:python:Factory Dominique Leuenberger 2024-11-03 06:17:02 +00:00
  • 803cb95998 Update the patch Matej Cepl 2024-11-02 00:55:18 +00:00
  • cd88adc808 - Add CVE-2024-9287-venv_path_unquoted.patch to properly quote path names provided when creating a virtual environment (bsc#1232241, CVE-2024-9287) Matej Cepl 2024-10-25 13:01:30 +00:00
  • 118ac765b0 Accepting request 1205549 from devel:languages:python:Factory Ana Guerrero 2024-10-06 15:51:43 +00:00
  • 2f2e126886 Fix the changelog Matej Cepl 2024-10-03 15:01:05 +00:00
  • 8c2f054df4 Fix the command Matej Cepl 2024-10-01 23:45:48 +00:00
  • 957ff77855 Fix the command Matej Cepl 2024-10-01 23:44:23 +00:00
  • 2aeb619628 Fix the command Matej Cepl 2024-10-01 23:40:43 +00:00
  • 38ff7e3150 Fix the command Matej Cepl 2024-10-01 21:16:07 +00:00
  • ec208c83f9 - Update to 3.12.7: - Tests - gh-124378: Updated test_ttk to pass with Tcl/Tk 8.6.15. - Security - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the mapped IPv4 address value for deciding properties. Properties which have their behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and is_unspecified. - Library - gh-116850: Fix argparse for namespaces with not directly writable dict (e.g. classes). - gh-58573: Fix conflicts between abbreviated long options in the parent parser and subparsers in argparse. - gh-61181: Fix support of choices with string value in argparse. Substrings of the specified string no longer considered valid values. - gh-80259: Fix argparse support of positional arguments with nargs='?', default=argparse.SUPPRESS and specified type. - gh-124498: Fix typing.TypeAliasType not to be generic, when type_params is an empty tuple. - gh-124345: argparse vim supports abbreviated single-dash long options separated by = from its value. - gh-104860: Fix disallowing abbreviation of single-dash long options in argparse with allow_abbrev=False. - gh-63143: Fix parsing mutually exclusive arguments in argparse. Arguments with the value identical to the default value (e.g. booleans, small integers, empty or 1-character strings) are no longer considered “not present”. - gh-72795: Positional arguments with nargs equal to '*' or Matej Cepl 2024-10-01 15:35:43 +00:00
  • e64f032e0a Accepting request 1204807 from devel:languages:python:Factory Ana Guerrero 2024-10-01 15:11:37 +00:00
  • a00145be7f Drop .pyc files from docdir for reproducible builds Matej Cepl 2024-09-30 16:48:11 +00:00