SHA256
1
0
forked from pool/python38
Commit Graph

7 Commits

Author SHA256 Message Date
9921186373 - Update to 3.8.19:
- Security
    - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
      (CVE-2023-52425) by adding five new methods:
        xml.etree.ElementTree.XMLParser.flush()
        xml.etree.ElementTree.XMLPullParser.flush()
        xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
        xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
        xml.sax.expatreader.ExpatParser.flush()
    - gh-115399: Update bundled libexpat to 2.6.0
    - gh-113659: Skip .pth files with names starting with a dot
      or hidden file attribute.
  - Core and Builtins
    - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004
      codecs read out of bounds
  - Library
    - gh-115197: urllib.request no longer resolves the hostname
      before checking it against the system’s proxy bypass list
      on macOS and Windows.
    - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.
    - gh-81194: Fix a crash in socket.if_indextoname() with
      specific value (UINT_MAX). Fix an integer overflow in
      socket.if_indextoname() on 64-bit non-Windows platforms.
    - gh-109858: Protect zipfile from “quoted-overlap”
      zipbomb. It now raises BadZipFile when try to read an entry
      that overlaps with other entry or central directory.
    - gh-107077: Seems that in some conditions, OpenSSL will
      return SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL
      when a certification verification has failed, but
      the error parameters will still contain ERR_LIB_SSL

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=149
2024-03-21 20:34:23 +00:00
8f9c4e7712 - Update to 3.8.13:
Core and Builtins
    bpo-46794: Bump up the libexpat version into 2.4.6
    bpo-46985: Upgrade pip wheel bundled with ensurepip (pip 22.0.4)
    bpo-46932: Update bundled libexpat to 2.4.7
    bpo-46811: Make test suite support Expat >=2.4.5
    bpo-46784: Fix libexpat symbols collisions with user
      dynamically loaded or statically linked libexpat in embedded
      Python.
    bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4
    bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid
      potential REDoS by limiting ambiguity in consecutive
      whitespace.
    bpo-44849: Fix the os.set_inheritable() function on FreeBSD
      14 for file descriptor opened with the O_PATH flag: ignore
      the EBADF error on ioctl(), fallback on the fcntl()
      implementation.
    bpo-41028: Language and version switchers, previously
      maintained in every cpython branches, are now handled by
      docsbuild-script.
    bpo-45195: Fix test_readline.test_nonascii(): sometimes, the
      newline character is not written at the end, so don’t
      expect it in the output.
    bpo-44949: Fix auto history tests of test_readline:
      sometimes, the newline character is not written at the end,
      so don’t expect it in the output.
    bpo-45405: Prevent internal configure error when running
      configure with recent versions of clang.
- Remove upstreamed patches:
  - support-expat-245.patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=85
2022-03-26 22:17:57 +00:00
e509746279 - Update to 3.8.10:
- Security
    - bpo-43434: Creating a sqlite3.Connection object now also
      produces a sqlite3.connect auditing event. Previously this
      event was only produced by sqlite3.connect() calls. Patch
      by Erlend E. Aasland.
    - bpo-43472: Ensures interpreter-level audit hooks receive
      the cpython.PyInterpreterState_New event when called
      through the _xxsubinterpreters module.
    - bpo-43075: Fix Regular Expression Denial of Service (ReDoS)
      vulnerability in urllib.request.AbstractBasicAuthHandler.
      The ReDoS-vulnerable regex has quadratic worst-case
      complexity and it allows cause a denial of service when
      identifying crafted invalid RFCs. This ReDoS issue is on
      the client side and needs remote attackers to control the
      HTTP server.
  - Core and Builtins
    - bpo-43105: Importlib now resolves relative paths when
      creating module spec objects from file locations.
    - bpo-42924: Fix bytearray repetition incorrectly copying
      data from the start of the buffer, even if the data is
      offset within the buffer (e.g. after reassigning a slice at
      the start of the bytearray to a shorter byte string).
  - Library
    - bpo-43993: Update bundled pip to 21.1.1.
    - bpo-43937: Fixed the turtle module working with non-default
      root window.
    - bpo-43930: Update bundled pip to 21.1 and setuptools to
      56.0.0
    - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=66
2021-05-05 15:36:38 +00:00
8d39a136b6 - Update to 3.8.9:
- bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile
    feature of the pydoc module which could be abused to read
    arbitrary files on the disk (directory traversal
    vulnerability). Moreover, even source code of Python modules
    can contain sensitive data like passwords. Vulnerability
    reported by David Schwörer.
  - bpo-43285: ftplib no longer trusts the IP address value
    returned from the server in response to the PASV command by
    default. This prevents a malicious FTP server from using the
    response to probe IPv4 address and port combinations on the
    client network.
  - Code that requires the former vulnerable behavior may set
    a trust_server_pasv_ipv4_address attribute on their
    ftplib.FTP instances to True to re-enable it.
  - bpo-43439: Add audit hooks for gc.get_objects(),
    gc.get_referrers() and gc.get_referents(). Patch by Pablo
    Galindo.
  - bpo-43660: Fix crash that happens when replacing sys.stderr
    with a callable that can remove the object while an exception
    is being printed. Patch by Pablo Galindo.
  - bpo-35883: Python no longer fails at startup with a fatal
    error if a command line argument contains an invalid Unicode
    character. The Py_DecodeLocale() function now escapes byte
    sequences which would be decoded as Unicode characters
    outside the [U+0000; U+10ffff] range.
  - bpo-43406: Fix a possible race condition where
    PyErr_CheckSignals tries to execute a non-Python signal
    handler.
  - bpo-35930: Raising an exception raised in a “future” instance

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=62
2021-04-28 17:38:20 +00:00
00b0633e60 - Update to 3.8.7:
- bugfix release
  - multiple patches realigned:
    - F00102-lib64.patch
    - SUSE-FEDORA-multilib.patch
    - bpo-31046_ensurepip_honours_prefix.patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=44
2020-12-22 08:33:15 +00:00
a4b422fc49 Update patches
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=37
2020-11-09 12:28:44 +00:00
Tomáš Chvátal
aef62c368c osc copypac from project:devel:languages:python:Factory package:python3 revision:376, using expand
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=1
2020-07-10 07:12:09 +00:00