forked from pool/python313
Matej Cepl
e8c68d65d4
- Security
- gh-135034: Fixes multiple issues that allowed tarfile
extraction filters (filter="data" and filter="tar") to be
bypassed using crafted symlinks and hard links.
Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138
(bsc#1244059), CVE-2025-4330 (bsc#1244060), and
CVE-2025-4517 (bsc#1244032).
- gh-133767: Fix use-after-free in the “unicode-escape”
decoder with a non-“strict” error handler (CVE-2025-4516,
bsc#1243273).
- gh-128840: Short-circuit the processing of long IPv6
addresses early in ipaddress to prevent excessive memory
consumption and a minor denial-of-service.
- Library
- gh-134718: ast.dump() now only omits None and [] values if
they are default values.
- gh-128840: Fix parsing long IPv6 addresses with embedded
IPv4 address.
- gh-134696: Built-in HACL* and OpenSSL implementations of
hash function constructors now correctly accept the same
documented named arguments. For instance, md5() could be
previously invoked as md5(data=data) or md5(string=string)
depending on the underlying implementation but these calls
were not compatible. Patch by Bénédikt Tran.
- gh-134210: curses.window.getch() now correctly handles
signals. Patch by Bénédikt Tran.
- gh-80334: multiprocessing.freeze_support() now checks for
work on any “spawn” start method platform rather than only
on Windows.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python313?expand=0&rev=100
16 lines
470 B
Diff
16 lines
470 B
Diff
---
|
|
Lib/site.py | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
--- a/Lib/site.py
|
|
+++ b/Lib/site.py
|
|
@@ -78,7 +78,7 @@ import stat
|
|
import errno
|
|
|
|
# Prefixes for site-packages; add additional prefixes like /usr/local here
|
|
-PREFIXES = [sys.prefix, sys.exec_prefix]
|
|
+PREFIXES = [sys.prefix, sys.exec_prefix, '/usr/local']
|
|
# Enable per user site-packages directory
|
|
# set it to False to disable the feature or True to force the feature
|
|
ENABLE_USER_SITE = None
|