python-interpreters/python313
SHA256
6
0
Fork 0
forked from pool/python313
Code Pull Requests Activity

- Update to 3.13.4:

Browse Source 
- Security
    - gh-135034: Fixes multiple issues that allowed tarfile
      extraction filters (filter="data" and filter="tar") to be
      bypassed using crafted symlinks and hard links.
      Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138
      (bsc#1244059), CVE-2025-4330 (bsc#1244060), and
      CVE-2025-4517 (bsc#1244032).
    - gh-133767: Fix use-after-free in the “unicode-escape”
      decoder with a non-“strict” error handler (CVE-2025-4516,
      bsc#1243273).
    - gh-128840: Short-circuit the processing of long IPv6
      addresses early in ipaddress to prevent excessive memory
      consumption and a minor denial-of-service.
  - Library
    - gh-134718: ast.dump() now only omits None and [] values if
      they are default values.
    - gh-128840: Fix parsing long IPv6 addresses with embedded
      IPv4 address.
    - gh-134696: Built-in HACL* and OpenSSL implementations of
      hash function constructors now correctly accept the same
      documented named arguments. For instance, md5() could be
      previously invoked as md5(data=data) or md5(string=string)
      depending on the underlying implementation but these calls
      were not compatible. Patch by Bénédikt Tran.
    - gh-134210: curses.window.getch() now correctly handles
      signals. Patch by Bénédikt Tran.
    - gh-80334: multiprocessing.freeze_support() now checks for
      work on any “spawn” start method platform rather than only
      on Windows.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python313?expand=0&rev=100
This commit is contained in:
Matej Cepl
2025-06-09 21:38:15 +00:00
committed by Git OBS Bridge
parent 6d5d3f96b0
commit 6072bbdbcd
13 changed files with 356 additions and 703 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
python313.spec
View File

@@ -163,7 +163,7 @@
# _md5.cpython-38m-x86_64-linux-gnu.so
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
Name: %{python_pkg_name}%{psuffix}
Version: 3.13.3
Version: 3.13.4
%define tarversion %{version}
%define tarname Python-%{tarversion}
Release: 0
@@ -224,12 +224,6 @@ Patch41: doc-py38-to-py36.patch
# PATCH-FIX-UPSTREAM gh126985-mv-pyvenv.cfg2getpath.patch mcepl@suse.com
# Remove tests failing in test_sysconfig
Patch42: gh126985-mv-pyvenv.cfg2getpath.patch
# PATCH-FIX-UPSTREAM gh-132535-rsrc-warn-test_timeout.patch gh#python/cpython#132535 mcepl@suse.com
# allows test_timeout tests to pass
Patch43: gh-132535-rsrc-warn-test_timeout.patch
# PATCH-FIX-UPSTREAM CVE-2025-4516-DecodeError-handler.patch bsc#1243273 mcepl@suse.com
# this patch makes things totally awesome
Patch44: CVE-2025-4516-DecodeError-handler.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes