Revisions of python39
Matej Cepl (mcepl)
committed
(revision 161)
- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) partially reverting CVE-2023-27043-email-parsing-errors.patch, because of the regression in gh#python/cpython#106669. - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API). (The patch is faulty, gh#python/cpython#106669, but upstream decided not to just revert it).
buildservice-autocommit
accepted
request 1101338
from
Matej Cepl (mcepl)
(revision 160)
Matej Cepl (mcepl)
(revision 160)
baserev update by copy to link target
Matej Cepl (mcepl)
committed
(revision 158)
- Add bpo-37596-make-set-marshalling.patch making marshalling of `set` and `frozenset` deterministic (bsc#1211765).
buildservice-autocommit
accepted
request 1100886
from
Matej Cepl (mcepl)
(revision 157)
Matej Cepl (mcepl)
(revision 157)
baserev update by copy to link target
Matej Cepl (mcepl)
committed
(revision 156)
- Add gh-78214-marshal_stabilize_FLAG_REF.patch to marshal.c for stabilizing FLAG_REF usage (required for reproduceability; bsc#1213463).
Matej Cepl (mcepl)
committed
(revision 155)
- Revert faulty fix for CVE-2023-27043 (gh#python/cpython#106669)
Matej Cepl (mcepl)
committed
(revision 153)
- (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API).
buildservice-autocommit
accepted
request 1096213
from
Matej Cepl (mcepl)
(revision 152)
Matej Cepl (mcepl)
(revision 152)
baserev update by copy to link target
Matej Cepl (mcepl)
committed
(revision 151)
- Add downport-Sphinx-features.patch to make documentation buildable even on SLE-15.
Matej Cepl (mcepl)
committed
(revision 149)
- Patch skip-test_pyobject_freed_is_freed.patch should be used for SLE-15-SP4 as well.
Matej Cepl (mcepl)
committed
(revision 147)
- Update to 3.9.17:
- gh-103142: The version of OpenSSL used in Windows and
Mac installers has been upgraded to 1.1.1u to address
CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
fixed previously in 1.1.1t (gh-101727).
- gh-102153: urllib.parse.urlsplit() now strips leading C0
control and space characters following the specification for
URLs defined by WHATWG in response to CVE-2023-24329
(bsc#1208471).
- gh-99889: Fixed a security in flaw in uu.decode() that could
allow for directory traversal based on the input if no
out_file was specified.
- gh-104049: Do not expose the local on-disk
location in directory indexes produced by
http.client.SimpleHTTPRequestHandler.
- gh-101283: subprocess.Popen now uses a safer approach to find
cmd.exe when launching with shell=True.
- gh-103935: trace.__main__ now uses io.open_code() for files
to be executed instead of raw open().
- gh-102953: The extraction methods in tarfile, and
shutil.unpack_archive(), have a new filter argument that
allows limiting tar features than may be surprising or
dangerous, such as creating files outside the destination
directory. See Extraction filters for details (fixing
CVE-2007-4559, bsc#1203750).
- gh-102126: Fixed a deadlock at shutdown when clearing thread
states if any finalizer tries to acquire the runtime head
lock.
- gh-100892: Fixed a crash due to a race while iterating over
buildservice-autocommit
accepted
request 1087859
from
Factory Maintainer (factory-maintainer)
(revision 145)
Factory Maintainer (factory-maintainer)
(revision 145)
baserev update by copy to link target
Matej Cepl (mcepl)
accepted
request 1085253
from
Matej Cepl (mcepl)
(revision 142)
- Add 99366-patch.dict-can-decorate-async.patch fixing gh#python/cpython#98086 (backport from Python 3.10 patch in gh#python/cpython!99366), fixing bsc#1211158.
Displaying revisions 21 - 40 of 181
