forked from pool/python39
- Update to 3.9.19:
- Security
- gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
(CVE-2023-52425) by adding five new methods:
xml.etree.ElementTree.XMLParser.flush()
xml.etree.ElementTree.XMLPullParser.flush()
xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
xml.sax.expatreader.ExpatParser.flush()
- gh-115399: Update bundled libexpat to 2.6.0
- gh-113659: Skip .pth files with names starting with a dot
or hidden file attribute.
- Core and Builtins
- gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004
codecs read out of bounds
- Library
- gh-115197: urllib.request no longer resolves the hostname
before checking it against the system’s proxy bypass list
on macOS and Windows.
- gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.
- gh-81194: Fix a crash in socket.if_indextoname() with
specific value (UINT_MAX). Fix an integer overflow in
socket.if_indextoname() on 64-bit non-Windows platforms.
- gh-109858: Protect zipfile from “quoted-overlap”
zipbomb. It now raises BadZipFile when try to read an entry
that overlaps with other entry or central directory.
- gh-107077: Seems that in some conditions, OpenSSL will
return SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL
when a certification verification has failed, but
the error parameters will still contain ERR_LIB_SSL
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=176
This commit is contained in:
Git OBS Bridge
@@ -93,7 +93,7 @@
|
||||
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
|
||||
%bcond_without profileopt
|
||||
Name: %{python_pkg_name}%{psuffix}
|
||||
Version: 3.9.18
|
||||
Version: 3.9.19
|
||||
Release: 0
|
||||
Summary: Python 3 Interpreter
|
||||
License: Python-2.0
|
||||
@@ -178,12 +178,6 @@ Patch41: downport-Sphinx-features.patch
|
||||
# indicate the parsing error (old API), from gh#python/cpython!105127
|
||||
# Patch carries a REGRESSION (gh#python/cpython#106669), so it has been also partially REVERTED
|
||||
Patch42: CVE-2023-27043-email-parsing-errors.patch
|
||||
# PATCH-FIX-UPSTREAM libexpat260.patch gh#python/cpython#115289
|
||||
# Fix tests for XMLPullParser with Expat 2.6.0
|
||||
Patch43: libexpat260.patch
|
||||
# PATCH-FIX-UPSTREAM CVE-2023-6597-TempDir-cleaning-symlink.patch bsc#1219666 mcepl@suse.com
|
||||
# tempfile.TemporaryDirectory: fix symlink bug in cleanup (from gh#python/cpython!99930)
|
||||
Patch44: CVE-2023-6597-TempDir-cleaning-symlink.patch
|
||||
BuildRequires: autoconf-archive
|
||||
BuildRequires: automake
|
||||
BuildRequires: fdupes
|
||||
@@ -448,8 +442,6 @@ other applications.
|
||||
%patch -P 41 -p1
|
||||
%endif
|
||||
%patch -P 42 -p1
|
||||
%patch -P 43 -p1
|
||||
%patch -P 44 -p1
|
||||
|
||||
# drop Autoconf version requirement
|
||||
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
|
||||
|
||||
Reference in New Issue
Block a user