- Update to 3.8.8:
- bpo#42938 (bsc#1181126): Avoid static buffers when computing
the repr of ctypes.c_double and ctypes.c_longdouble
values. This issue was assigned CVE-2021-3177.
- bpo#42967 (bso#1182379): Fix web cache poisoning
vulnerability by defaulting the query args separator to &,
and allowing the user to choose a custom separator. This
issue was assigned CVE-2021-23336.
- Remove bsc1167501-invalid-alignment.patch and
CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch, which were included
into the upstream tarball.
OBS-URL: https://build.opensuse.org/request/show/874121
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=10
- bpo#42938 (bsc#1181126): Avoid static buffers when computing
the repr of ctypes.c_double and ctypes.c_longdouble
values. This issue was assigned CVE-2021-3177.
- bpo#42967 (bso#1182379): Fix web cache poisoning
vulnerability by defaulting the query args separator to &,
and allowing the user to choose a custom separator. This
issue was assigned CVE-2021-23336.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=53
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
_ctypes/callproc.c, which may lead to remote code execution.
- (bsc#1180125) We really don't Require python-rpm-macros package.
Unnecessary dependency.
- Update to 3.8.7:
- bugfix release
- multiple patches realigned:
- F00102-lib64.patch
- SUSE-FEDORA-multilib.patch
- bpo-31046_ensurepip_honours_prefix.patch
- skip_random_failing_tests.patch
- Last try before this results in an editwar:
* remove importlib_resources and importlib-metadata
provides/obsoletes
* import importlib_resources is not the same as
import importlib.resources, same for metadata
* The backport packages from PyPI needed for older flavors are
specified as such for setuptools or in pyproject.toml. If a
package requires them they typically add them with a python
version qualifier and the packages have their own version
numbers.
- Add patch sphinx-update-removed-function.patch to no longer call
a now removed function and to make documentation build independent of
the Sphinx version (bsc#1179630, gh#python/cpython#13236).
- Add importlib_resources provide/obsolete as it is integral
part of the lang since 3.7 release
OBS-URL: https://build.opensuse.org/request/show/868033
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=8
- Last try before this results in an editwar:
* remove importlib_resources and importlib-metadata
provides/obsoletes
* import importlib_resources is not the same as
import importlib.resources, same for metadata
* The backport packages from PyPI needed for older flavors are
specified as such for setuptools or in pyproject.toml. If a
package requires them they typically add them with a python
version qualifier and the packages have their own version
numbers.
OBS-URL: https://build.opensuse.org/request/show/854402
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=43
- Update to version 3.8.5:
- bpo-39603: Prevent http header injection by rejecting control characters in http.client.putrequest(…).
- bpo-41295: a regression in CPython 3.8.4 where defining “__setattr__” in a multi-inheritance setup and calling up the hierarchy chain could fail if builtins/extension types were involved in the base types.
- bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing.
- bpo-39017: Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907).
- bpo-37703: Updated Documentation to comprehensively elaborate on the behaviour of gather.cancel()
- bpo-41302: Enable building Python 3.8 with libmpdec-2.5.0 to ease maintenance for Linux distributions. Patch by Felix Yan.
- bpo-41300: Save files with non-ascii chars. Fix regression released in 3.9.0b4 and 3.8.4.
OBS-URL: https://build.opensuse.org/request/show/821971
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=21
- Assignment expressions (PEP-572)
- Positional-only parameters (PEP-570)
- Parallel filesystem cache for compiled bytecode files
(PYTHONPYCACHEPREFIX variable)
- Debug build uses the same ABI as release build
- f-strings support = for self-documenting expressions
and debugging
- Python Runtime Audit Hooks (PEP-578)
- Python Initialization Configuration (PEP-587)
- Vectorcall: a fast calling protocol for CPython (PEP-590)
- Pickle protocol 5 with out-of-band data buffers (PEP-574)
- Many other smaller bug fixes
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=16
