python-interpreters/python39
SHA256
7
0
Fork 0
forked from pool/python39
Code Pull Requests Activity

Accepting request 822056 from home:gmbr3:Active

Browse Source 
- Removed CVE-2019-20907_tarfile-inf-loop.patch: fixed in upstream
- Removed recursion.tar: contained in upstream
- Update to 3.9.0b5:
  - bpo-41304: Fixes python3x._pth being ignored on Windows, caused 
    by the fix for bpo-29778 (CVE-2020-15801).
  - bpo-41162: Audit hooks are now cleared later during
    finalization to avoid missing events.
  - bpo-29778: Ensure python3.dll is loaded from correct locations 
    when Python is embedded (CVE-2020-15523).
  - bpo-39603: Prevent http header injection by rejecting control 
    characters in http.client.putrequest(…).
  - bpo-41295: Resolve a regression in CPython 3.8.4 where defining
    “__setattr__” in a multi-inheritance setup and 
    calling up the hierarchy chain could fail if builtins/extension
    types were involved in the base types.
  - bpo-41247: Always cache the running loop holder when running 
    asyncio.set_running_loop.
  - bpo-41252: Fix incorrect refcounting in 
    _ssl.c’s _servername_callback().
  - bpo-41215: Use non-NULL default values in the PEG parser 
    keyword list to overcome a bug that was '
    preventing Python from being properly compiled when using the
    XLC compiler. Patch by Pablo Galindo.
  - bpo-41218: Python 3.8.3 had a regression where compiling with 
    ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would 
    aggressively mark list comprehension with CO_COROUTINE. Now only
    list comprehension making use of async/await will tagged as so.
  - bpo-41175: Guard against a NULL pointer dereference within 
    bytearrayobject triggered by the bytearray() + bytearray() operation.
  - bpo-39960: The “hackcheck” that prevents sneaking around a type’s 
    __setattr__() by calling the superclass method was 
    rewritten to allow C implemented heap types.
  - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the 
    C implementation raises now UnpicklingError instead of crashing.
  - bpo-39017: Avoid infinite loop when reading specially crafted 
    TAR files using the tarfile module (CVE-2019-20907, bsc#1174091).
  - bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params().
  - bpo-41207: In distutils.spawn, restore expectation that 
    DistutilsExecError is raised when the command is not found.
  - bpo-39168: Remove the __new__ method of typing.Generic.
  - bpo-41194: Fix a crash in the _ast module: it can no longer be 
    loaded more than once. It now uses a global state rather than a module state.
  - bpo-39384: Fixed email.contentmanager to allow set_content() to set a 
    null string.
  - bpo-41300: Save files with non-ascii chars. 
    Fix regression released in 3.9.0b4 and 3.8.4.
  - bpo-37765: Add keywords to module name completion list. 
    Rewrite Completions section of IDLE doc.
  - bpo-40170: Revert PyType_HasFeature() change: it reads 
    again directly the PyTypeObject.tp_flags 
    member when the limited C API is not used, rather than always calling 
    PyType_GetFlags() which hides implementation details.

OBS-URL: https://build.opensuse.org/request/show/822056
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=18
This commit is contained in:
Tomáš Chvátal
2020-07-21 11:16:21 +00:00
committed by Git OBS Bridge
parent 71ac2aa56c
commit 63a4856637
8 changed files with 76 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
python39.spec
View File

@@ -86,7 +86,7 @@
%bcond_without profileopt
%endif
Name: %{python_pkg_name}%{psuffix}
Version: 3.9.0b4
Version: 3.9.0b5
Release: 0
Summary: Python 3 Interpreter
License: Python-2.0
@@ -102,8 +102,6 @@ Source10: pre_checkin.sh
Source11: skipped_tests.py
Source19: idle3.desktop
Source20: idle3.appdata.xml
# For Patch 32
Source32: recursion.tar
Source99: python.keyring
# The following files are not used in the build.
# They are listed here to work around missing functionality in rpmbuild,
@@ -140,10 +138,6 @@ Patch29: bpo-31046_ensurepip_honours_prefix.patch
# PATCH-FIX-UPSTREAM bsc1167501-invalid-alignment.patch gh#python/cpython#19133 mcepl@suse.com
# Fix wrong misalignment of pointer to vectorcallfunc
Patch31: bsc1167501-invalid-alignment.patch
# PATCH-FIX-UPSTREAM CVE-2019-20907_tarfile-inf-loop.patch bsc#1174091 mcepl@suse.com
# avoid possible infinite loop in specifically crafted tarball (CVE-2019-20907)
# REQUIRES SOURCE 32
Patch32: CVE-2019-20907_tarfile-inf-loop.patch
BuildRequires: automake
BuildRequires: fdupes
BuildRequires: gmp-devel
@@ -397,10 +391,7 @@ other applications.
%patch27 -p1
%patch29 -p1
%patch31 -p1
%patch32 -p1
# For patch 32
cp -v %{SOURCE32} Lib/test/recursion.tar
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac