Next | Query returned 61 messages, browsing 1 to 10 | Previous

History of commit frequency

CVS Commit History:


   2024-03-20 16:39:02 by Adam Ciarcinski | Files touched by this commit (7) | Package updated
Log message:
python38 py38-html-docs: updated to 3.8.19

Python 3.8.19

Security

gh-115398: Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) \ 
by adding five new methods:

xml.etree.ElementTree.XMLParser.flush()
xml.etree.ElementTree.XMLPullParser.flush()
xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
xml.sax.expatreader.ExpatParser.flush()
gh-115399: Update bundled libexpat to 2.6.0
gh-113659: Skip .pth files with names starting with a dot or hidden file attribute.

Core and Builtins

gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds

Library

gh-115197: urllib.request no longer resolves the hostname before checking it \ 
against the system’s proxy bypass list on macOS and Windows.
gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.
gh-81194: Fix a crash in socket.if_indextoname() with specific value (UINT_MAX). \ 
Fix an integer overflow in socket.if_indextoname() on 64-bit non-Windows \ 
platforms.
gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now raises \ 
BadZipFile when try to read an entry that overlaps with other entry or central \ 
directory.
gh-107077: Seems that in some conditions, OpenSSL will return SSL_ERROR_SYSCALL \ 
instead of SSL_ERROR_SSL when a certification verification has failed, but the \ 
error parameters will still contain ERR_LIB_SSL and \ 
SSL_R_CERTIFICATE_VERIFY_FAILED. We are now detecting this situation and raising \ 
the appropiate ssl.SSLCertVerificationError. Patch by Pablo Galindo
gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, which now no longer \ 
dereferences symlinks when working around file system permission errors.

Documentation

gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML \ 
vulnerabilities”.

Tests

gh-108310: SSL tests for pre-handshake close were previously not enabled on \ 
Python 3.8 due to an incorrect backport. This is now fixed. Patch by Lumír \ 
Balhar.

Windows

gh-111239: Update Windows builds to use zlib v1.3.1.
gh-109991: Windows builds now use OpenSSL 1.1.1w. Note that OpenSSL 1.1 has \ 
reached its end of life and no future fixes will be made, and this version of \ 
Python is no longer receiving maintenance fixes and will not be updated to \ 
OpenSSL 3.0.
   2023-11-29 12:02:41 by Jonathan Perkin | Files touched by this commit (6)
Log message:
python: Exclude dependencies for build.

When python bl3 files are included with PYTHON_FOR_BUILD_ONLY=yes, their
DEPMETHOD is set to "build", in which case we do not want to include
indirect dependencies as they will then be tagged as "build" also.  Fixes
potential runtime issues exposed by indirect dependency checks.
   2023-11-10 17:55:32 by Nia Alarie | Files touched by this commit (6)
Log message:
Revert previous
   2023-11-10 13:13:22 by Nia Alarie | Files touched by this commit (5)
Log message:
python: Honour user's choice of readline implementation.
   2023-11-08 14:21:43 by Thomas Klausner | Files touched by this commit (2377)
Log message:
*: recursive bump for icu 74.1
   2023-10-27 10:02:30 by Thomas Klausner | Files touched by this commit (4)
Log message:
python*: needs wide curses
   2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298)
Log message:
*: bump for openssl 3
   2023-10-24 11:12:37 by Thomas Klausner | Files touched by this commit (6)
Log message:
python*: explicitly add --with-system-expat

To make sure expat module is linked against expat library.

Bump PKGREVISION.
   2023-10-23 10:50:36 by Thomas Klausner | Files touched by this commit (6)
Log message:
python*: add SUPERSEDES
   2023-10-23 08:36:01 by Thomas Klausner | Files touched by this commit (22)
Log message:
python*: include some standard modules in the base Python package

As proposed on tech-pkg

Bump PKGREVISION.

Next | Query returned 61 messages, browsing 1 to 10 | Previous