• Files Changed
• Browse Source

- Update to 3.9.4:
  - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500
    as it changed the PyThreadState struct size and broke the 3.9.x ABI
    in the 3.9.3 release (visible on 32-bit platforms using binaries
    compiled using an earlier version of Python 3.9.x headers).
  - bpo#26053: Fixed bug where the pdb interactive run command echoed
    the args from the shell command line, even if those have been
    overridden at the pdb prompt.
  - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile
    feature of the pydoc module which could be abused to read
    arbitrary files on the disk (directory traversal
    vulnerability). Moreover, even source code of Python modules
    can contain sensitive data like passwords. Vulnerability
    reported by David Schwörer.
  - bpo#43285: ftplib no longer trusts the IP address value
    returned from the server in response to the PASV command by
    default. This prevents a malicious FTP server from using the
    response to probe IPv4 address and port combinations on the
    client network. Code that requires the former vulnerable
    behavior may set a trust_server_pasv_ipv4_address attribute
    on their ftplib.FTP instances to True to re-enable it.
  - bpo#43439: Add audit hooks for gc.get_objects(),
    gc.get_referrers() and gc.get_referents(). Patch by Pablo
    Galindo.
  - bpo#43660: Fix crash that happens when replacing sys.stderr
    with a callable that can remove the object while an exception
    is being printed. Patch by Pablo Galindo.
  - bpo#43555: Report the column offset for SyntaxError for
    invalid line continuation characters. Patch by Pablo Galindo.
  - bpo#43517: Fix misdetection of circular imports when using

• Files Changed
• Browse Source

Fix changes file (bso -> bsc abbreviation).

• Files Changed
• Browse Source

- Update to 3.9.2:
  - bpo#42938 (bsc#1181126): Avoid static buffers when computing
    the repr of ctypes.c_double and ctypes.c_longdouble
    values. This issue was assigned CVE-2021-3177.
  - bpo#42967 (bso#1182379): Fix web cache poisoning
    vulnerability by defaulting the query args separator to &,
    and allowing the user to choose a custom separator. This
    issue was assigned CVE-2021-23336.
- Upstreamed patches were removed:
  - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
  - bsc1167501-invalid-alignment.patch
  - skip_random_failing_tests.patch
  - CVE-2019-5010-null-defer-x509-cert-DOS.patch

• Files Changed
• Browse Source

Automatic submission by obs-autosubmit

• Files Changed
• Browse Source

- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
  bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
  _ctypes/callproc.c, which may lead to remote code execution.

• Files Changed
• Browse Source

- (bsc#1180125) We really don't Require python-rpm-macros package.
  Unnecessary dependency.
- Make python39-doc building again
- Add no-skipif-doctests.patch, because SLE-15 version of Sphinx
  doesn't know about skipif directive in doctests.

• Files Changed
• Browse Source

- Update sphinx-update-removed-function.patch patch to the latest
  version in python36.
- Last try before this results in an editwar:
  * remove importlib_resources and importlib-metadata 
    provides/obsoletes
  * import importlib_resources is not the same as
    import importlib.resources, same for metadata
  * The backport packages from PyPI needed for older flavors are
    specified as such for setuptools or in pyproject.toml. If a
    package requires them they typically add them with a python
    version qualifier and the packages have their own version
    numbers.

• Files Changed
• Browse Source

- Add patch sphinx-update-removed-function.patch to no longer call
  a now removed function and to make documentation build independent of
  the Sphinx version (bsc#1179630, gh#python/cpython#13236).

• Files Changed
• Browse Source

- Don't require packages which break build on SLE-15 although we really
  don't need them (python3-python-docs-theme and
  python3-sphinxcontrib-qthelp).

• Files Changed
• Browse Source

Automatic submission by obs-autosubmit

• Files Changed
• Browse Source

- Buildrequire timezone only for general flavor. It's used in this
  flavor for the test suite.

• Files Changed
• Browse Source

- Update to 3.9.0rc1:
  * Core and Builtins
      - bpo-38156: Handle interrupts that come after EOF
        correctly in PyOS_StdioReadline.
  * Library
      - bpo-41497: Fix potential UnicodeDecodeError in dis
        module.
      - bpo-41490: Update ensurepip to install pip 20.2.1 and
        setuptools 49.2.1.
      - bpo-41467: On Windows, fix asyncio recv_into() return
        value when the socket/pipe is closed (BrokenPipeError):
        return 0 rather than an empty byte string (b'').
      - bpo-41425: Make tkinter doc example runnable.
      - bpo-41384: Raise TclError instead of TypeError when an
        unknown option is passed to tkinter.OptionMenu.
      - bpo-38731: Fix NameError in command-line interface of
        py_compile.
      - bpo-41317: Use add_done_callback() in
        asyncio.loop.sock_accept() to unsubscribe reader early on
        cancellation.
      - bpo-41364: Reduce import overhead of uuid.
      - bpo-41341: Recursive evaluation of typing.ForwardRef in
        get_type_hints.
      - bpo-41182: selector: use DefaultSelector based upon
        implementation
      - bpo-40726: Handle cases where the end_lineno is None on
        ast.increment_lineno().
  * Documentation
      - bpo-41045: Add documentation for debug feature of
        f-strings.
      - bpo-41314: Changed the release when from __future__
        import annotations becomes the default from 4.0 to 3.10
        (following a change in PEP 563).
  * Windows
      - bpo-41492: Fixes the description that appears in UAC
        prompts.
      - bpo-40948: Improve post-install message to direct people
        to the “py” command.
      - bpo-41412: The installer will now fail to install on
        Windows 7 and Windows 8. Further, the UCRT dependency is
        now always downloaded on demand.
      - bpo-40741: Update Windows release to include SQLite
        3.32.3.
  * IDLE
      - bpo-41468: Improve IDLE run crash error message (which
        users should never see).
      - bpo-41373: Save files loaded with no line ending, as when
        blank, or different line endings, by setting its line
        ending to the system default. Fix regression in 3.8.4 and
        3.9.0b4.
- Synchronize formatting and fixes with python38.

• Files Changed
• Browse Source

• Files Changed
• Browse Source

Automatic submission by obs-autosubmit

• Files Changed
• Browse Source

Packaging is still Alpha, the tarball is still beta, so this is considered technical preview for testing.

• Browse Source