forked from pool/python39
- Update to 3.9.22:
- gh-131809: Update bundled libexpat to 2.7.1
- gh-131261: Upgrade to libexpat 2.7.0
- gh-105704: When using urllib.parse.urlsplit() and
urllib.parse.urlparse() host parsing would not reject domain
names containing square brackets ([ and ]). Square brackets
are only valid for IPv6 and IPvFuture hosts according to RFC
3986 Section 3.2.2 (bsc#1236705, CVE-2025-0938,
gh#python/cpython#105704).
- gh-121284: Fix bug in the folding of rfc2047 encoded-words
when flattening an email message using a modern email
policy. Previously when an encoded-word was too long for
a line, it would be decoded, split across lines, and
re-encoded. But commas and other special characters in the
original text could be left unencoded and unquoted. This
could theoretically be used to spoof header lines using a
carefully constructed encoded-word if the resulting rendered
email was transmitted or re-parsed.
- gh-119511: Fix a potential denial of service in the imaplib
module. When connecting to a malicious server, it could
cause an arbitrary amount of memory to be allocated. On many
systems this is harmless as unused virtual memory is only
a mapping, but if this hit a virtual address size limit
it could lead to a MemoryError or other process crash. On
unusual systems or builds where all allocated memory is
touched and backed by actual ram or storage it could’ve
consumed resources doing so until similarly crashing.
- gh-121277: Writers of CPython’s documentation can now use
next as the version for the versionchanged, versionadded,
deprecated directives.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=226
This commit is contained in:
Git OBS Bridge
BIN
Python-3.9.21.tar.xz
(Stored with Git LFS)
BIN
Python-3.9.21.tar.xz
(Stored with Git LFS)
Binary file not shown.
File diff suppressed because one or more lines are too long
BIN
Python-3.9.22.tar.xz
(Stored with Git LFS)
Normal file
BIN
Python-3.9.22.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
1
Python-3.9.22.tar.xz.sigstore
Normal file
1
Python-3.9.22.tar.xz.sigstore
Normal file
File diff suppressed because one or more lines are too long
@@ -1,3 +1,39 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 9 20:04:17 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
|
||||
|
||||
- Update to 3.9.22:
|
||||
- gh-131809: Update bundled libexpat to 2.7.1
|
||||
- gh-131261: Upgrade to libexpat 2.7.0
|
||||
- gh-105704: When using urllib.parse.urlsplit() and
|
||||
urllib.parse.urlparse() host parsing would not reject domain
|
||||
names containing square brackets ([ and ]). Square brackets
|
||||
are only valid for IPv6 and IPvFuture hosts according to RFC
|
||||
3986 Section 3.2.2 (bsc#1236705, CVE-2025-0938,
|
||||
gh#python/cpython#105704).
|
||||
- gh-121284: Fix bug in the folding of rfc2047 encoded-words
|
||||
when flattening an email message using a modern email
|
||||
policy. Previously when an encoded-word was too long for
|
||||
a line, it would be decoded, split across lines, and
|
||||
re-encoded. But commas and other special characters in the
|
||||
original text could be left unencoded and unquoted. This
|
||||
could theoretically be used to spoof header lines using a
|
||||
carefully constructed encoded-word if the resulting rendered
|
||||
email was transmitted or re-parsed.
|
||||
- gh-119511: Fix a potential denial of service in the imaplib
|
||||
module. When connecting to a malicious server, it could
|
||||
cause an arbitrary amount of memory to be allocated. On many
|
||||
systems this is harmless as unused virtual memory is only
|
||||
a mapping, but if this hit a virtual address size limit
|
||||
it could lead to a MemoryError or other process crash. On
|
||||
unusual systems or builds where all allocated memory is
|
||||
touched and backed by actual ram or storage it could’ve
|
||||
consumed resources doing so until similarly crashing.
|
||||
- gh-121277: Writers of CPython’s documentation can now use
|
||||
next as the version for the versionchanged, versionadded,
|
||||
deprecated directives.
|
||||
- Remote upstreamed patch:
|
||||
- CVE-2025-0938-sq-brackets-domain-names.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 10 15:44:31 UTC 2025 - Bernhard Wiedemann <bwiedemann@suse.com>
|
||||
|
||||
|
||||
@@ -99,7 +99,7 @@
|
||||
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
|
||||
%bcond_without profileopt
|
||||
Name: %{python_pkg_name}%{psuffix}
|
||||
Version: 3.9.21
|
||||
Version: 3.9.22
|
||||
Release: 0
|
||||
Summary: Python 3 Interpreter
|
||||
License: Python-2.0
|
||||
|
||||
Reference in New Issue
Block a user