forked from pool/python39
Matej Cepl
ad933f5c9f
- Tests
- gh-112769: The tests now correctly compare zlib version when
:const:`zlib.ZLIB_RUNTIME_VERSION` contains non-integer suffixes. For
example zlib-ng defines the version as ``1.3.0.zlib-ng``.
- gh-117187: Fix XML tests for vanilla Expat <2.6.0.
- Security
- gh-123678: Upgrade libexpat to 2.6.3
- gh-121957: Fixed missing audit events around interactive use of Python,
now also properly firing for ``python -i``, as well as for ``python -m
asyncio``. The event in question is ``cpython.run_stdin``.
- gh-122133: Authenticate the socket connection for the
``socket.socketpair()`` fallback on platforms where ``AF_UNIX`` is not
available like Windows.
Patch by Gregory P. Smith <greg@krypto.org> and Seth Larson
<seth@python.org>. Reported by Ellie <el@horse64.org>
- gh-121285: Remove backtracking from tarfile header parsing for
``hdrcharset``, PAX, and GNU sparse headers
(bsc#1230227, CVE-2024-6232).
- gh-118486: :func:`os.mkdir` on Windows now accepts *mode* of ``0o700`` to
restrict the new directory to the current user. This fixes CVE-2024-4030
affecting :func:`tempfile.mkdtemp` in scenarios where the base temporary
directory is more permissive than the default.
- gh-114572: :meth:`ssl.SSLContext.cert_store_stats` and
:meth:`ssl.SSLContext.get_ca_certs` now correctly lock access to the
certificate store, when the :class:`ssl.SSLContext` is shared across
multiple threads (bsc#1226447, CVE-2024-0397).
- gh-116741: Update bundled libexpat to 2.6.2
- Library
- gh-123270: Applied a more surgical fix for malformed payloads in
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=201
38 lines
1.4 KiB
Diff
38 lines
1.4 KiB
Diff
From ac2b8869724d7a57d9b5efbdce2f20423214e8bb Mon Sep 17 00:00:00 2001
|
|
From: "Bernhard M. Wiedemann" <bwiedemann@suse.de>
|
|
Date: Tue, 16 Jul 2024 21:39:33 +0200
|
|
Subject: [PATCH] Allow to override build date with SOURCE_DATE_EPOCH
|
|
|
|
to make builds reproducible.
|
|
See https://reproducible-builds.org/ for why this is good
|
|
and https://reproducible-builds.org/specs/source-date-epoch/
|
|
for the definition of this variable.
|
|
---
|
|
Doc/conf.py | 3 ++-
|
|
Doc/library/functions.rst | 2 +-
|
|
2 files changed, 3 insertions(+), 2 deletions(-)
|
|
|
|
--- a/Doc/conf.py
|
|
+++ b/Doc/conf.py
|
|
@@ -80,7 +80,8 @@ html_short_title = '%s Documentation' %
|
|
|
|
# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
|
|
# using the given strftime format.
|
|
-html_last_updated_fmt = '%b %d, %Y'
|
|
+html_time = int(os.environ.get('SOURCE_DATE_EPOCH', time.time()))
|
|
+html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime(html_time))
|
|
|
|
# Path to find HTML templates.
|
|
templates_path = ['tools/templates']
|
|
--- a/Doc/library/functions.rst
|
|
+++ b/Doc/library/functions.rst
|
|
@@ -1254,7 +1254,7 @@ are always available. They are listed h
|
|
(where :func:`open` is declared), :mod:`os`, :mod:`os.path`, :mod:`tempfile`,
|
|
and :mod:`shutil`.
|
|
|
|
- .. audit-event:: open file,mode,flags open
|
|
+ .. audit-event:: open path,mode,flags open
|
|
|
|
The ``mode`` and ``flags`` arguments may have been modified or inferred from
|
|
the original call.
|