python-interpreters/python39
SHA256
6
0
Fork 0
forked from pool/python39
Code Pull Requests Activity

Update to 3.9.25

Browse Source 
Security
    - gh-137836: Add support of the “plaintext” element, RAWTEXT
      elements “xmp”, “iframe”, “noembed” and “noframes”, and
      optionally RAWTEXT element “noscript” in
      html.parser.HTMLParser.
    - gh-136063: email.message: ensure linear complexity for
      legacy HTTP parameters parsing. Patch by Bénédikt Tran.
    - gh-136065: Fix quadratic complexity in
      os.path.expandvars() (CVE-2025-6075, bsc#1252974).
Library
    - gh-98793: Fix argument typechecks in
      _overlapped.WSAConnect() and
      _overlapped.Overlapped.WSASendTo() functions. bpo-44817:
      Ignore WinError 53 (ERROR_BAD_NETPATH), 65
      (ERROR_NETWORK_ACCESS_DENIED) and 161 (ERROR_BAD_PATHNAME)
      when using ntpath.realpath().
Core and Builtins
    - gh-120384: Fix an array out of bounds crash in
      list_ass_subscript, which could be invoked via some
      specificly tailored input: including concurrent
      modification of a list object, where one thread assigns
      a slice and another clears it.
    - gh-120298: Fix use-after free in list_richcompare_impl
      which can be invoked via some specificly tailored evil
      input.
This commit is contained in:
Matej Cepl
2025-12-11 22:48:48 +01:00
parent 9cf0841df6
commit a7506e8af6
8 changed files with 51 additions and 403 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
python39.spec
View File

@@ -99,7 +99,7 @@
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
%bcond_without profileopt
Name: %{python_pkg_name}%{psuffix}
Version: 3.9.24
Version: 3.9.25
Release: 0
Summary: Python 3 Interpreter
License: Python-2.0
@@ -194,9 +194,6 @@ Patch50: gh120226-fix-sendfile-test-kernel-610.patch
Patch51: sphinx-802.patch
# PATCH-FIX-OPENSUSE gh139257-Support-docutils-0.22.patch gh#python/cpython#139257 daniel.garcia@suse.com
Patch52: gh139257-Support-docutils-0.22.patch
# PATCH-FIX-UPSTREAM CVE-2025-6075-expandvars-perf-degrad.patch bsc#1252974 mcepl@suse.com
# Avoid potential quadratic complexity vulnerabilities in path modules
Patch53: CVE-2025-6075-expandvars-perf-degrad.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes