forked from pool/python39
- Update to 3.9.14:
- (CVE-2020-10735, bsc#1203125). Converting between int
and str in bases other than 2 (binary), 4, 8 (octal), 16
(hexadecimal), or 32 such as base 10 (decimal) now raises a
ValueError if the number of digits in string form is above a
limit to avoid potential denial of service attacks due to the
algorithmic complexity.
This new limit can be configured or disabled by environment
variable, command line flag, or sys APIs. See the integer
string conversion length limitation documentation. The
default limit is 4300 digits in string form.
- Also other bug fixes:
- http.server: Fix an open redirection vulnerability in the
HTTP server when an URI path starts with //. Vulnerability
discovered, and initial fix proposed, by Hamza Avvan.
- Fix contextvars HAMT implementation to handle iteration
over deep trees. The bug was discovered and fixed by Eli
Libman. See MagicStack/immutables#84 for more details.
- Fix binding of unix socket to empty address on Linux to use
an available address from the abstract namespace, instead
of “0”.
- Suppress writing an XML declaration in open files
in ElementTree.write() with encoding='unicode' and
xml_declaration=None.
- Fix the formatting for await x and not x in the operator
precedence table when using the help() system.
- Fix ensurepip environment isolation for subprocess running
pip.
- Fix problem with test_ssl test_get_ciphers on systems that
require perfect forward secrecy (PFS) ciphers.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=116
This commit is contained in:
Git OBS Bridge
@@ -57,7 +57,7 @@
|
||||
%define tarversion %{version}
|
||||
%endif
|
||||
# We don't process beta signs well
|
||||
%define folderversion 3.9.13
|
||||
%define folderversion %{version}
|
||||
%define tarname Python-%{tarversion}
|
||||
%define sitedir %{_libdir}/python%{python_version}
|
||||
# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149
|
||||
@@ -93,7 +93,7 @@
|
||||
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
|
||||
%bcond_without profileopt
|
||||
Name: %{python_pkg_name}%{psuffix}
|
||||
Version: 3.9.13
|
||||
Version: 3.9.14
|
||||
Release: 0
|
||||
Summary: Python 3 Interpreter
|
||||
License: Python-2.0
|
||||
@@ -161,9 +161,6 @@ Patch35: support-expat-CVE-2022-25236-patched.patch
|
||||
# PATCH-FIX-UPSTREAM CVE-2015-20107-mailcap-unsafe-filenames.patch bsc#1198511 mcepl@suse.com
|
||||
# avoid the command injection in the mailcap module.
|
||||
Patch36: CVE-2015-20107-mailcap-unsafe-filenames.patch
|
||||
# PATCH-FIX-UPSTREAM CVE-2021-28861 bsc#1202624 gh#python/cpython#94093
|
||||
# Coerce // to / in Lib/http/server.py
|
||||
Patch37: CVE-2021-28861-double-slash-path.patch
|
||||
BuildRequires: autoconf-archive
|
||||
BuildRequires: automake
|
||||
BuildRequires: fdupes
|
||||
@@ -423,7 +420,6 @@ other applications.
|
||||
%endif
|
||||
%patch35 -p1
|
||||
%patch36 -p1
|
||||
%patch37 -p1
|
||||
|
||||
# drop Autoconf version requirement
|
||||
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
|
||||
|
||||
Reference in New Issue
Block a user