forked from pool/python39
Matej Cepl
ad933f5c9f
- Tests
- gh-112769: The tests now correctly compare zlib version when
:const:`zlib.ZLIB_RUNTIME_VERSION` contains non-integer suffixes. For
example zlib-ng defines the version as ``1.3.0.zlib-ng``.
- gh-117187: Fix XML tests for vanilla Expat <2.6.0.
- Security
- gh-123678: Upgrade libexpat to 2.6.3
- gh-121957: Fixed missing audit events around interactive use of Python,
now also properly firing for ``python -i``, as well as for ``python -m
asyncio``. The event in question is ``cpython.run_stdin``.
- gh-122133: Authenticate the socket connection for the
``socket.socketpair()`` fallback on platforms where ``AF_UNIX`` is not
available like Windows.
Patch by Gregory P. Smith <greg@krypto.org> and Seth Larson
<seth@python.org>. Reported by Ellie <el@horse64.org>
- gh-121285: Remove backtracking from tarfile header parsing for
``hdrcharset``, PAX, and GNU sparse headers
(bsc#1230227, CVE-2024-6232).
- gh-118486: :func:`os.mkdir` on Windows now accepts *mode* of ``0o700`` to
restrict the new directory to the current user. This fixes CVE-2024-4030
affecting :func:`tempfile.mkdtemp` in scenarios where the base temporary
directory is more permissive than the default.
- gh-114572: :meth:`ssl.SSLContext.cert_store_stats` and
:meth:`ssl.SSLContext.get_ca_certs` now correctly lock access to the
certificate store, when the :class:`ssl.SSLContext` is shared across
multiple threads (bsc#1226447, CVE-2024-0397).
- gh-116741: Update bundled libexpat to 2.6.2
- Library
- gh-123270: Applied a more surgical fix for malformed payloads in
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=201
27 lines
1.1 KiB
Plaintext
27 lines
1.1 KiB
Plaintext
Notes for packagers of Python3
|
|
==============================
|
|
|
|
0. Faster build turnaround
|
|
--------------------------
|
|
|
|
By default, python builds with profile-guided optimization. This needs
|
|
an additional run of the test suite and it is generally slow.
|
|
PGO build takes around 50 minutes.
|
|
|
|
For development, use "--without profileopt" option to disable PGO. This
|
|
shortens the build time to ~5 minutes including test suite.
|
|
|
|
1. import_failed.map
|
|
----------------------
|
|
|
|
This is a mechanism installed as part of python3-base, that places shim modules
|
|
on python's path (through a generated zzzz-import-failed-hooks.pth file, so that
|
|
it is imported as much at the end as makes sense; and an _import_failed subdir
|
|
of /usr/lib/pythonX.Y). Then when the user tries to import a module that is part
|
|
of a subpackage, the ImportError will contain a helpful message telling them
|
|
which missing subpackage to install.
|
|
|
|
This can sometimes cause problems on non-standard configurations, if the pth
|
|
gets included too early (for instance if you are using a script to include all
|
|
pths by hand in some strange order). Just something to look out for.
|