forked from pool/python39
- Update to 3.9.4:
- bpo#43710: Reverted the fix for https://bugs.python.org/issue42500 as it changed the PyThreadState struct size and broke the 3.9.x ABI in the 3.9.3 release (visible on 32-bit platforms using binaries compiled using an earlier version of Python 3.9.x headers). - bpo#26053: Fixed bug where the pdb interactive run command echoed the args from the shell command line, even if those have been overridden at the pdb prompt. - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile feature of the pydoc module which could be abused to read arbitrary files on the disk (directory traversal vulnerability). Moreover, even source code of Python modules can contain sensitive data like passwords. Vulnerability reported by David Schwörer. - bpo#43285: ftplib no longer trusts the IP address value returned from the server in response to the PASV command by default. This prevents a malicious FTP server from using the response to probe IPv4 address and port combinations on the client network. Code that requires the former vulnerable behavior may set a trust_server_pasv_ipv4_address attribute on their ftplib.FTP instances to True to re-enable it. - bpo#43439: Add audit hooks for gc.get_objects(), gc.get_referrers() and gc.get_referents(). Patch by Pablo Galindo. - bpo#43660: Fix crash that happens when replacing sys.stderr with a callable that can remove the object while an exception is being printed. Patch by Pablo Galindo. - bpo#43555: Report the column offset for SyntaxError for invalid line continuation characters. Patch by Pablo Galindo. - bpo#43517: Fix misdetection of circular imports when using OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=62
This commit is contained in:
Git OBS Bridge
104
python39.changes
104
python39.changes
@@ -1,3 +1,107 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 28 16:39:54 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
||||
|
||||
- Update to 3.9.4:
|
||||
- bpo#43710: Reverted the fix for https://bugs.python.org/issue42500
|
||||
as it changed the PyThreadState struct size and broke the 3.9.x ABI
|
||||
in the 3.9.3 release (visible on 32-bit platforms using binaries
|
||||
compiled using an earlier version of Python 3.9.x headers).
|
||||
- bpo#26053: Fixed bug where the pdb interactive run command echoed
|
||||
the args from the shell command line, even if those have been
|
||||
overridden at the pdb prompt.
|
||||
- bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile
|
||||
feature of the pydoc module which could be abused to read
|
||||
arbitrary files on the disk (directory traversal
|
||||
vulnerability). Moreover, even source code of Python modules
|
||||
can contain sensitive data like passwords. Vulnerability
|
||||
reported by David Schwörer.
|
||||
- bpo#43285: ftplib no longer trusts the IP address value
|
||||
returned from the server in response to the PASV command by
|
||||
default. This prevents a malicious FTP server from using the
|
||||
response to probe IPv4 address and port combinations on the
|
||||
client network. Code that requires the former vulnerable
|
||||
behavior may set a trust_server_pasv_ipv4_address attribute
|
||||
on their ftplib.FTP instances to True to re-enable it.
|
||||
- bpo#43439: Add audit hooks for gc.get_objects(),
|
||||
gc.get_referrers() and gc.get_referents(). Patch by Pablo
|
||||
Galindo.
|
||||
- bpo#43660: Fix crash that happens when replacing sys.stderr
|
||||
with a callable that can remove the object while an exception
|
||||
is being printed. Patch by Pablo Galindo.
|
||||
- bpo#43555: Report the column offset for SyntaxError for
|
||||
invalid line continuation characters. Patch by Pablo Galindo.
|
||||
- bpo#43517: Fix misdetection of circular imports when using
|
||||
from pkg.mod import attr, which caused false positives in
|
||||
non-trivial multi-threaded code.
|
||||
- bpo#35883: Python no longer fails at startup with a fatal
|
||||
error if a command line argument contains an invalid Unicode
|
||||
character. The Py_DecodeLocale() function now escapes byte
|
||||
sequences which would be decoded as Unicode characters
|
||||
outside the [U+0000; U+10ffff] range.
|
||||
- bpo#43406: Fix a possible race condition where
|
||||
PyErr_CheckSignals tries to execute a non-Python signal
|
||||
handler.
|
||||
- bpo#42500: Improve handling of exceptions near recursion
|
||||
limit. Converts a number of Fatal Errors in RecursionErrors.
|
||||
- bpo#43433: xmlrpc.client.ServerProxy no longer ignores query
|
||||
and fragment in the URL of the server.
|
||||
- bpo#35930: Raising an exception raised in a “future” instance
|
||||
will create reference cycles.
|
||||
- bpo#43577: Fix deadlock when using ssl.SSLContext debug
|
||||
callback with ssl.SSLContext.sni_callback().
|
||||
- bpo#43521: ast.unparse can now render NaNs and empty sets.
|
||||
- bpo#43423: subprocess.communicate() no longer raises an
|
||||
IndexError when there is an empty stdout or stderr IO buffer
|
||||
during a timeout on Windows.
|
||||
- bpo#27820: Fixed long-standing bug of smtplib.SMTP where
|
||||
doing AUTH LOGIN with initial_response_ok=False will fail.
|
||||
The cause is that SMTP.auth_login _always_ returns a password
|
||||
if provided with a challenge string, thus non-compliant with
|
||||
the standard for AUTH LOGIN. Also fixes bug with the test for
|
||||
smtpd.
|
||||
- bpo#43332: Improves the networking efficiency of http.client
|
||||
when using a proxy via set_tunnel(). Fewer small send calls
|
||||
are made during connection setup.
|
||||
- bpo#43399: Fix ElementTree.extend not working on iterators
|
||||
when using the Python implementation
|
||||
- bpo#43316: The python -m gzip command line application now
|
||||
properly fails when detecting an unsupported extension. It
|
||||
exits with a non-zero exit code and prints an error message
|
||||
to stderr.
|
||||
- bpo#43260: Fix TextIOWrapper can not flush internal buffer
|
||||
forever after very large text is written.
|
||||
- bpo#42782: Fail fast in shutil.move() to avoid creating
|
||||
destination directories on failure.
|
||||
- bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn
|
||||
introduced in Python 3.7.
|
||||
- bpo#43199: Answer “Why is there no goto?” in the Design and
|
||||
History FAQ.
|
||||
- bpo#43407: Clarified that a result from time.monotonic(),
|
||||
time.perf_counter(), time.process_time(), or
|
||||
time.thread_time() can be compared with the result from any
|
||||
following call to the same function - not just the next
|
||||
immediate call.
|
||||
- bpo#27646: Clarify that ‘yield from <expr>’ works with any
|
||||
iterable, not just iterators.
|
||||
- bpo#36346: Update some deprecated unicode APIs which are
|
||||
documented as “will be removed in 4.0” to “3.12”. See PEP 623
|
||||
for detail.
|
||||
- bpo#37945: Fix test_getsetlocale_issue1813() of test_locale:
|
||||
skip the test if setlocale() fails. Patch by Victor Stinner.
|
||||
- bpo#41561: Add workaround for Ubuntu’s custom OpenSSL
|
||||
security level policy.
|
||||
- bpo#43288: Fix test_importlib to correctly skip Unicode file
|
||||
tests if the fileystem does not support them.
|
||||
- bpo#43617: Improve configure.ac: Check for presence of
|
||||
autoconf-archive package and remove our copies of M4 macros.
|
||||
- bpo#42225: Document that IDLE can fail on Unix either from
|
||||
misconfigured IP masquerage rules or failure displaying
|
||||
complex colored (non-ascii) characters.
|
||||
- bpo#43283: Document why printing to IDLE’s Shell is often
|
||||
slower than printing to a system terminal and that it can be
|
||||
made faster by pre-formatting a single string before
|
||||
printing.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 19 16:58:38 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user