- Tools/Demos
- gh-135968: Stubs for strip are now provided as part of an
iOS install.
- gh-133600: Backport file reorganization for .
Tools/wasm/wasi This should make backporting future code .
changes easier. It also simplifies instructions around how.
to do WASI builds in the devguide .
- Tests
- gh-135966: The iOS testbed now handles the app_packages
folder as a site directory.
- gh-135494: Fix regrtest to support excluding tests from
--pgo tests. Patch by Victor Stinner.
- Security
- gh-136053: marshal: fix a possible crash when deserializing
slice objects.
- gh-135661: Fix parsing start and end tags in
html.parser.HTMLParser according to the HTML5 standard.
- Whitespaces no longer accepted between </ and the tag
name. E.g. </ script> does not end the script section.
- Vertical tabulation (\v) and non-ASCII whitespaces no
longer recognized as whitespaces. The only whitespaces
are \t\n\r\f and space.
- Null character (U+0000) no longer ends the tag name.
- Attributes and slashes after the tag name in end tags are
now ignored, instead of terminating after the first > in
quoted attribute value. E.g. </script/foo=">"/>.
- Multiple slashes and whitespaces between the last
attribute and closing > are now ignored in both start and
end tags. E.g. <a foo=bar/ //>.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python314?expand=0&rev=80
- Tests
- gh-132815: Fix test__opcode: add JUMP_BACKWARD to
specialization stats.
- gh-135489: Show verbose output for failing tests during PGO
profiling step with –enable-optimizations.
- gh-135120: Add test.support.subTests().
- Security
- gh-135462: Fix quadratic complexity in processing specially
crafted input in html.parser.HTMLParser. End-of-file errors
are now handled according to the HTML5 specs – comments and
declarations are automatically closed, tags are ignored.
- gh-135034: Fixes multiple issues that allowed tarfile
extraction filters (filter="data" and filter="tar") to be
bypassed using crafted symlinks and hard links.
Addresses CVE 2024-12718, CVE 2025-4138, CVE 2025-4330, and
CVE 2025-4517.
- Library
- gh-65697: configparser’s error message when attempting to
write an invalid key is now more helpful.
- gh-135497: Fix os.getlogin() failing for longer usernames
on BSD-based platforms.
- gh-135429: Fix the argument mismatch in _lsprof for
PY_THROW event.
- gh-135368: Fix unittest.mock.Mock generation on
dataclasses.dataclass() objects. Now all special attributes
are set as it was before gh-124429.
- gh-133967: Do not normalize locale name ‘C.UTF-8’ to
‘en_US.UTF-8’.
- gh-135321: Raise a correct exception for values greater
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python314?expand=0&rev=73
