Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libpython3_9-1_0-3.9.24-1.2 RPM for armv6hl

From OpenSuSE Ports Tumbleweed for armv6hl

Name: libpython3_9-1_0 Distribution: openSUSE Tumbleweed
Version: 3.9.24 Vendor: openSUSE
Release: 1.2 Build date: Wed Oct 15 08:28:09 2025
Group: Unspecified Build host: reproducible
Size: 2916396 Source RPM: python39-core-3.9.24-1.2.src.rpm
Packager: http://bugs.opensuse.org
Url: https://www.python.org/
Summary: Python Interpreter shared library
Python is an interpreted, object-oriented programming language, and is
often compared to Tcl, Perl, Scheme, or Java.  You can find an overview
of Python in the documentation and tutorials included in the python-doc
(HTML) or python-doc-pdf (PDF) packages.

This package contains libpython3.2 shared library for embedding in
other applications.

Provides

Requires

License

Python-2.0

Changelog

* Wed Oct 15 2025 Daniel Garcia <daniel.garcia@suse.com>
  - Update to 3.9.24:
    - Security
    - gh-139700: Check consistency of the zip64 end of central
      directory record. Support records with “zip64 extensible data”
      if there are no bytes prepended to the ZIP file.
    - gh-139400: xml.parsers.expat: Make sure that parent Expat
      parsers are only garbage-collected once they are no longer
      referenced by subparsers created by
      ExternalEntityParserCreate(). Patch by Sebastian Pipping.
    - gh-121227: Raise an SSL.SSLError if an empty protocols argument
      is passed to ssl.SSLContext.set_npn_protocols() to fix
      CVE-2024-5642.
    - gh-135661: Fix parsing start and end tags in
      html.parser.HTMLParser according to the HTML5 standard.
    * Whitespaces no longer accepted between </ and the tag name.
      E.g. </ script> does not end the script section.
    * Vertical tabulation (\v) and non-ASCII whitespaces no longer
      recognized as whitespaces. The only whitespaces are \t\n\r\f
      and space.
    * Null character (U+0000) no longer ends the tag name.
    * Attributes and slashes after the tag name in end tags are now
      ignored, instead of terminating after the first > in quoted
      attribute value. E.g. </script/foo=">"/>.
    * Multiple slashes and whitespaces between the last attribute
      and closing > are now ignored in both start and end tags. E.g.
      <a foo=bar/ //>.
    * Multiple = between attribute name and value are no longer
      collapsed. E.g. <a foo==bar> produces attribute “foo” with
      value “=bar”.
    - gh-135661: Fix CDATA section parsing in html.parser.HTMLParser
      according to the HTML5 standard: ] ]> and ]] > no longer end the
      CDATA section. Add private method _set_support_cdata() which can
      be used to specify how to parse <[CDATA[ — as a CDATA section in
      foreign content (SVG or MathML) or as a bogus comment in the
      HTML namespace.
    - gh-102555: Fix comment parsing in html.parser.HTMLParser
      according to the HTML5 standard. --!> now ends the comment. -- >
      no longer ends the comment. Support abnormally ended empty
      comments <--> and <--->.
    - gh-135462: Fix quadratic complexity in processing specially
      crafted input in html.parser.HTMLParser. End-of-file errors are
      now handled according to the HTML5 specs – comments and
      declarations are automatically closed, tags are ignored.
    - gh-118350: Fix support of escapable raw text mode (elements
      “textarea” and “title”) in html.parser.HTMLParser.
    - gh-86155: html.parser.HTMLParser.close() no longer loses data
      when the <script> tag is not closed. Patch by Waylan Limberg.
    - Library
    - gh-139312: Upgrade bundled libexpat to 2.7.3
    - gh-138998: Update bundled libexpat to 2.7.2
    - gh-130577: tarfile now validates archives to ensure member
      offsets are non-negative. (Contributed by Alexander Enrique
      Urieles Nieto in gh-130577.)
    - gh-135374: Update the bundled copy of setuptools to 79.0.1.
  - Drop upstreamed patches:
    - CVE-2025-8194-tarfile-no-neg-offsets.patch
    - CVE-2025-6069-quad-complex-HTMLParser.patch
  - Refresh patch CVE-2024-5642-OpenSSL-API-buf-overread-NPN.patch
* Mon Sep 29 2025 Daniel Garcia <daniel.garcia@suse.com>
  - Add gh139257-Support-docutils-0.22.patch to fix build with latest
    docutils (>=0.22) gh#python/cpython#139257
* Fri Aug 01 2025 Matej Cepl <mcepl@cepl.eu>
  - Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now
    validates archives to ensure member offsets are non-negative
    (gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).
* Wed Jul 02 2025 Matej Cepl <mcepl@cepl.eu>
  - Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst
    case quadratic complexity when processing certain crafted
    malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705).
* Mon Jun 09 2025 Matej Cepl <mcepl@cepl.eu>
  - Update to 3.9.23:
    - Security
    - gh-135034: Fixes multiple issues that allowed tarfile
      extraction filters (filter="data" and filter="tar")
      to be bypassed using crafted symlinks and hard links.
      Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138
      (bsc#1244059), CVE-2025-4330 (bsc#1244060), and
      CVE-2025-4517 (bsc#1244032). Also addresses CVE-2025-4435
      (gh#135034, bsc#1244061).
    - gh-133767: Fix use-after-free in the “unicode-escape”
      decoder with a non-“strict” error handler (CVE-2025-4516,
      bsc#1243273).
    - gh-128840: Short-circuit the processing of long IPv6
      addresses early in ipaddress to prevent excessive memory
      consumption and a minor denial-of-service.
    - gh-80222: Fix bug in the folding of quoted strings
      when flattening an email message using a modern email
      policy. Previously when a quoted string was folded so
      that it spanned more than one line, the surrounding
      quotes and internal escapes would be omitted. This could
      theoretically be used to spoof header lines using a
      carefully constructed quoted string if the resulting
      rendered email was transmitted or re-parsed.
    - Library
    - gh-128840: Fix parsing long IPv6 addresses with embedded
      IPv4 address.
    - gh-134062: ipaddress: fix collisions in __hash__() for
      IPv4Network and IPv6Network objects.
    - gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output
      according to RFC 3596, §2.5. Patch by Bénédikt Tran.
    - bpo-43633: Improve the textual representation of
      IPv4-mapped IPv6 addresses (RFC 4291 Sections 2.2, 2.5.5.2)
      in ipaddress. Patch by Oleksandr Pavliuk.
    - bpo-25264: os.path.realpath() now accepts a strict
      keyword-only argument. When set to True, OSError is raised
      if a path doesn’t exist or a symlink loop is encountered.
  - Remove upstreamed patches:
    - CVE-2025-4516-DecodeError-handler.patch
* Thu May 22 2025 Matej Cepl <mcepl@cepl.eu>
  - Add CVE-2025-4516-DecodeError-handler.patch fixing
    CVE-2025-4516 (bsc#1243273) blocking DecodeError handling
    vulnerability, which could lead to DoS.
* Sat May 10 2025 Matej Cepl <mcepl@cepl.eu>
  - Remove python-3.3.0b1-test-posix_fadvise.patch (not needed
    since kernel 3.6-rc1)
* Wed Apr 09 2025 Matej Cepl <mcepl@cepl.eu>
  - Update to 3.9.22:
    - gh-131809: Update bundled libexpat to 2.7.1
    - gh-131261: Upgrade to libexpat 2.7.0
    - gh-105704: When using urllib.parse.urlsplit() and
      urllib.parse.urlparse() host parsing would not reject domain
      names containing square brackets ([ and ]). Square brackets
      are only valid for IPv6 and IPvFuture hosts according to RFC
      3986 Section 3.2.2 (bsc#1236705, CVE-2025-0938,
      gh#python/cpython#105704).
    - gh-121284: Fix bug in the folding of rfc2047 encoded-words
      when flattening an email message using a modern email
      policy. Previously when an encoded-word was too long for
      a line, it would be decoded, split across lines, and
      re-encoded. But commas and other special characters in the
      original text could be left unencoded and unquoted. This
      could theoretically be used to spoof header lines using a
      carefully constructed encoded-word if the resulting rendered
      email was transmitted or re-parsed.
    - gh-119511: Fix a potential denial of service in the imaplib
      module. When connecting to a malicious server, it could
      cause an arbitrary amount of memory to be allocated. On many
      systems this is harmless as unused virtual memory is only
      a mapping, but if this hit a virtual address size limit
      it could lead to a MemoryError or other process crash. On
      unusual systems or builds where all allocated memory is
      touched and backed by actual ram or storage it could’ve
      consumed resources doing so until similarly crashing.
    - gh-121277: Writers of CPython’s documentation can now use
      next as the version for the versionchanged, versionadded,
      deprecated directives.
  - Remote upstreamed patch:
    - CVE-2025-0938-sq-brackets-domain-names.patch
* Mon Mar 10 2025 Bernhard Wiedemann <bwiedemann@suse.com>
  - Skip PGO with %want_reproducible_builds (bsc#1239210)
* Tue Feb 04 2025 Matej Cepl <mcepl@cepl.eu>
  - Add CVE-2025-0938-sq-brackets-domain-names.patch which
    disallows square brackets ([ and ]) in domain names for parsed
    URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704)
* Wed Dec 04 2024 Matej Cepl <mcepl@cepl.eu>
  - Update to 3.9.21:
    - Tests
    - gh-125041: Re-enable skipped tests for zlib on the
      s390x architecture: only skip checks of the compressed
      bytes, which can be different between zlib’s software
      implementation and the hardware-accelerated implementation.
    - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS
      mode. Use a longer key: FIPS mode requires at least of at
      least 112 bits. The previous key was only 32 bits. Patch by
      Victor Stinner.
    - gh-100454: Fix SSL tests CI for OpenSSL 3.1+
    - Security
    - gh-126623: Upgrade libexpat to 2.6.4
    - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to
      consistently use the mapped IPv4 address value for deciding
      properties. Properties which have their behavior fixed are
      is_multicast, is_reserved, is_link_local, is_global, and
      is_unspecified (bsc#1233307, CVE-2024-11168).
    - Library
    - gh-124651: Properly quote template strings in venv
      activation scripts (bsc#1232241, CVE-2024-9287).
    - gh-103848: Add checks to ensure that [ bracketed ] hosts
      found by urllib.parse.urlsplit() are of IPv6 or IPvFuture
      format.
    - Documentation
    - gh-95588: Clarified the conflicting advice given in the ast
      documentation about ast.literal_eval() being “safe” for use
      on untrusted input while at the same time warning that it
      can crash the process. The latter statement is true and is
      deemed unfixable without a large amount of work unsuitable
      for a bugfix. So we keep the warning and no longer claim
      that literal_eval is safe.
  - Remove upstreamed patches:
    - CVE-2024-11168-validation-IPv6-addrs.patch
    - CVE-2024-9287-venv_path_unquoted.patch
* Thu Nov 14 2024 Matej Cepl <mcepl@cepl.eu>
  - Remove -IVendor/ from python-config boo#1231795
* Wed Nov 13 2024 Matej Cepl <mcepl@cepl.eu>
  - Add CVE-2024-11168-validation-IPv6-addrs.patch
    fixing bsc#1233307 (CVE-2024-11168,
    gh#python/cpython#103848): Improper validation of IPv6 and
    IPvFuture addresses.
* Fri Nov 01 2024 Matej Cepl <mcepl@cepl.eu>
  - Update CVE-2024-9287-venv_path_unquoted.patch according to the
    upstream PR gh#python/cpython!126301.
* Thu Oct 24 2024 Matej Cepl <mcepl@cepl.eu>
  - Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
    path names provided when creating a virtual environment
    (bsc#1232241, CVE-2024-9287)
* Wed Oct 02 2024 Matej Cepl <mcepl@cepl.eu>
  - Drop .pyc files from docdir for reproducible builds
    (bsc#1230906).
* Fri Sep 20 2024 Matej Cepl <mcepl@cepl.eu>
  - Add sphinx-802.patch to overcome working both with the most
    recent and older Sphinx versions.
* Mon Sep 09 2024 Matej Cepl <mcepl@cepl.eu>
  - Update to 3.9.20:
    - Tests
    - gh-112769: The tests now correctly compare zlib version when
      :const:`zlib.ZLIB_RUNTIME_VERSION` contains non-integer suffixes. For
      example zlib-ng defines the version as ``1.3.0.zlib-ng``.
    - gh-117187: Fix XML tests for vanilla Expat <2.6.0.
    - Security
    - gh-123678: Upgrade libexpat to 2.6.3
    - gh-121957: Fixed missing audit events around interactive use of Python,
      now also properly firing for ``python -i``, as well as for ``python -m
      asyncio``. The event in question is ``cpython.run_stdin``.
    - gh-122133: Authenticate the socket connection for the
      ``socket.socketpair()`` fallback on platforms where ``AF_UNIX`` is not
      available like Windows.
      Patch by Gregory P. Smith <greg@krypto.org> and Seth Larson
      <seth@python.org>. Reported by Ellie <el@horse64.org>
    - gh-121285: Remove backtracking from tarfile header parsing for
      ``hdrcharset``, PAX, and GNU sparse headers
      (bsc#1230227, CVE-2024-6232).
    - gh-118486: :func:`os.mkdir` on Windows now accepts *mode* of ``0o700`` to
      restrict the new directory to the current user. This fixes CVE-2024-4030
      affecting :func:`tempfile.mkdtemp` in scenarios where the base temporary
      directory is more permissive than the default.
    - gh-114572: :meth:`ssl.SSLContext.cert_store_stats` and
      :meth:`ssl.SSLContext.get_ca_certs` now correctly lock access to the
      certificate store, when the :class:`ssl.SSLContext` is shared across
      multiple threads (bsc#1226447, CVE-2024-0397).
    - gh-116741: Update bundled libexpat to 2.6.2
    - Library
    - gh-123270: Applied a more surgical fix for malformed payloads in
      :class:`zipfile.Path` causing infinite loops (gh-122905) without breaking
      contents using legitimate characters (bsc#1229704, CVE-2024-8088).
    - gh-123067: Fix quadratic complexity in parsing ``"``-quoted cookie values
      with backslashes by :mod:`http.cookies` (bsc#1229596, CVE-2024-7592).
    - gh-121650: :mod:`email` headers with embedded newlines are now quoted on
      output. The :mod:`~email.generator` will now refuse to serialize (write)
      headers that are unsafely folded or delimited; see
      :attr:`~email.policy.Policy.verify_generated_headers`. (Contributed by Bas
      Bloemsaat and Petr Viktorin in :gh:`121650`; CVE-2024-6923, bsc#1228780).
    - gh-113171: Fixed various false positives and false negatives in
    * :attr:`ipaddress.IPv4Address.is_private` (see these docs for details)
    * :attr:`ipaddress.IPv4Address.is_global`
    * :attr:`ipaddress.IPv6Address.is_private`
    * :attr:`ipaddress.IPv6Address.is_global`
      Also in the corresponding :class:`ipaddress.IPv4Network` and
      :class:`ipaddress.IPv6Network` attributes
      Fixes bsc#1226448 (CVE-2024-4032).
    - gh-102988: :func:`email.utils.getaddresses` and
      :func:`email.utils.parseaddr` now return ``('', '')`` 2-tuples in more
      situations where invalid email addresses are encountered instead of
      potentially inaccurate values. Add optional *strict* parameter to these
      two functions: use ``strict=False`` to get the old behavior, accept
      malformed inputs. ``getattr(email.utils, 'supports_strict_parsing',
      False)`` can be use to check if the *strict* paramater is available. Patch
      by Thomas Dwyer and Victor Stinner to improve the CVE-2023-27043 fix
      (bsc#1210638).
    - gh-67693: Fix :func:`urllib.parse.urlunparse` and
      :func:`urllib.parse.urlunsplit` for URIs with path starting with multiple
      slashes and no authority. Based on patch by Ashwin Ramaswami.
    - Core and Builtins
    - gh-112275: A deadlock involving ``pystate.c``'s ``HEAD_LOCK`` in
      ``posixmodule.c`` at fork is now fixed. Patch by ChuBoning based on
      previous Python 3.12 fix by Victor Stinner.
  - Remove upstreamed patches:
    - CVE-2023-27043-email-parsing-errors.patch
    - CVE-2024-6232-cookies-quad-complex.patch
    - CVE-2024-4032-private-IP-addrs.patch
    - CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch
    - CVE-2024-8088-inf-loop-zipfile_Path.patch
    - CVE-2024-6923-email-hdr-inject.patch
* Thu Sep 05 2024 Matej Cepl <mcepl@cepl.eu>
  - Add CVE-2024-6232-cookies-quad-complex.patch to avoid quadratic
    complexity in parsing tarfile headers (bsc#1230227, CVE-2024-6232).
* Thu Sep 05 2024 Matej Cepl <mcepl@cepl.eu>
  - Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with
    patched libexpat below 2.6.0 that doesn't update the version number,
    just in SLE.
  - Remove old-libexpat.patch, of course.
* Mon Sep 02 2024 Matej Cepl <mcepl@cepl.eu>
  - Add gh120226-fix-sendfile-test-kernel-610.patch to avoid
    failing test_sendfile_close_peer_in_the_middle_of_receiving
    tests on Linux >= 6.10 (GH-120227).
* Wed Aug 28 2024 Matej Cepl <mcepl@cepl.eu>
  - Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent
    malformed payload to cause infinite loops in zipfile.Path
    (bsc#1229704, CVE-2024-8088).
* Wed Aug 07 2024 Matej Cepl <mcepl@suse.com>
  - Add CVE-2024-6923-email-hdr-inject.patch to prevent email
    header injection due to unquoted newlines (bsc#1228780,
    CVE-2024-6923).
  - Adding bso1227999-reproducible-builds.patch fixing bsc#1227999
    adding reproducibility patches from gh#python/cpython!121872
    and gh#python/cpython!121883.
  - Add CVE-2024-5642-OpenSSL-API-buf-overread-NPN.patch removing
    support for anything but OpenSSL 1.1.1 or newer (bsc#1227233,
    CVE-2024-5642).
  - %{profileopt} variable is set according to the variable
    %{do_profiling} (bsc#1227999)
* Mon Jul 22 2024 Matej Cepl <mcepl@cepl.eu>
  - Remove %suse_update_desktop_file macro as it is not useful any
    more.
* Mon Jul 15 2024 Matej Cepl <mcepl@cepl.eu>
  - Stop using %%defattr, it seems to be breaking proper executable
    attributes on /usr/bin/ scripts (bsc#1227378).
* Wed Jun 26 2024 Matej Cepl <mcepl@cepl.eu>
  - Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448
    (CVE-2024-4032) rearranging definition of private v global IP
    addresses.
* Fri Jun 21 2024 Matej Cepl <mcepl@cepl.eu>
  - Add CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch
    fixing bsc#1226447 (CVE-2024-0397) by removing memory race
    condition in ssl.SSLContext certificate store methods.
* Sun Mar 24 2024 Matej Cepl <mcepl@cepl.eu>
  - Add old-libexpat.patch making the test suite work with
    libexpat < 2.6.0 (gh#python/cpython#117187).
* Thu Mar 21 2024 Matej Cepl <mcepl@cepl.eu>
  - Update to 3.9.19:
    - Security
    - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
      (CVE-2023-52425, bsc#1219559) by adding five new methods:
      xml.etree.ElementTree.XMLParser.flush()
      xml.etree.ElementTree.XMLPullParser.flush()
      xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
      xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
      xml.sax.expatreader.ExpatParser.flush()
    - gh-115399: Update bundled libexpat to 2.6.0
    - gh-113659: Skip .pth files with names starting with a dot
      or hidden file attribute.
    - Core and Builtins
    - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004
      codecs read out of bounds
    - Library
    - gh-115197: urllib.request no longer resolves the hostname
      before checking it against the system’s proxy bypass list
      on macOS and Windows.
    - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.
    - gh-81194: Fix a crash in socket.if_indextoname() with
      specific value (UINT_MAX). Fix an integer overflow in
      socket.if_indextoname() on 64-bit non-Windows platforms.
    - gh-109858: Protect zipfile from “quoted-overlap”
      zipbomb. It now raises BadZipFile when try to read an
      entry that overlaps with other entry or central directory
      (CVE-2024-0450, bsc#1221854).
    - gh-107077: Seems that in some conditions, OpenSSL will
      return SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL
      when a certification verification has failed, but
      the error parameters will still contain ERR_LIB_SSL
      and SSL_R_CERTIFICATE_VERIFY_FAILED. We are now
      detecting this situation and raising the appropiate
      ssl.SSLCertVerificationError. Patch by Pablo Galindo
    - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup,
      which now no longer dereferences symlinks when working
      around file system permission errors (CVE-2023-6597,
      bsc#1219666).
    - Documentation
    - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under
      “XML vulnerabilities”.
    - Tools/Demos
    - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11
      and multissltests to use 1.1.1w and 3.0.11.
  - Remove upstreamed patches:
    - CVE-2023-6597-TempDir-cleaning-symlink.patch
    - libexpat260.patch
  - Refreshed patches:
    - F00251-change-user-install-location.patch
    - python-3.3.0b1-localpath.patch
* Wed Mar 06 2024 Pedro Monreal <pmonreal@suse.com>
  - Use the system-wide crypto-policies [bsc#1211301]
    * Use the system default cipher list instead of hardcoded values
    * Add the --with-ssl-default-suites=openssl configure option
* Wed Feb 28 2024 Matej Cepl <mcepl@suse.com>
  - Update SPEC file to build on SLE-15-SP5 (jsc#PED-7886).
* Fri Feb 23 2024 Matej Cepl <mcepl@suse.com>
  - (bsc#1219666, CVE-2023-6597) Add
    CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from
    gh#python/cpython!99930) fixing symlink bug in cleanup of
    tempfile.TemporaryDirectory.
  - Repurpose skip-failing-tests.patch to increase timeout for
    test.test_asyncio.test_tasks.TimeoutTests.test_timeout_time,
    which fails on slow machines in IBS (s390x).
* Tue Feb 20 2024 Matej Cepl <mcepl@cepl.eu>
  - Remove double definition of /usr/bin/idle%%{version} in
    %%files.
* Thu Feb 15 2024 Daniel Garcia <daniel.garcia@suse.com>
  - Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
    with Expat 2.6.0, gh#python/cpython#115289
* Mon Dec 18 2023 Matej Cepl <mcepl@cepl.eu>
  - Refresh CVE-2023-27043-email-parsing-errors.patch to
    gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
  - Thus we can remove Revert-gh105127-left-tests.patch, which is
    now useless.
* Wed Sep 06 2023 Daniel Garcia <daniel.garcia@suse.com>
  - Update to 3.9.18 (bsc#1214692):
    - (bsc#1215454, gh-108310) Fixed an issue where instances
      of ssl.SSLSocket were vulnerable to a bypass of the TLS
      handshake and included protections (like certificate
      verification) and treating sent unencrypted data as if it
      were post-handshake TLS encrypted data.  Security issue
      reported as CVE-2023-40217 by Aapo Oksman. Patch by Gregory
      P. Smith.
    - gh-107845: tarfile.data_filter() now takes the location of
      symlinks into account when determining their target, so it will no
      longer reject some valid tarballs with
      LinkOutsideDestinationError.
    - gh-107565: Update multissltests and GitHub CI workflows to use
      OpenSSL 1.1.1v, 3.0.10, and 3.1.2.
  - Refresh all patches:
    - 98437-sphinx.locale._-as-gettext-in-pyspecific.patch
    - 99366-patch.dict-can-decorate-async.patch
    - Revert-gh105127-left-tests.patch
    - bpo-31046_ensurepip_honours_prefix.patch
    - decimal.patch
    - distutils-reproducible-compile.patch
    - gh-78214-marshal_stabilize_FLAG_REF.patch
    - python-3.3.0b1-localpath.patch
    - python-3.3.0b1-test-posix_fadvise.patch
    - python3-imp-returntype.patch
    - subprocess-raise-timeout.patch
    - support-expat-CVE-2022-25236-patched.patch
    - downport-Sphinx-features.patch
* Thu Aug 03 2023 Matej Cepl <mcepl@suse.com>
  - IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED!
  - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941)
    partially reverting CVE-2023-27043-email-parsing-errors.patch,
    because of the regression in gh#python/cpython#106669.
  - (bsc#1210638, CVE-2023-27043) Add
    CVE-2023-27043-email-parsing-errors.patch, which detects email
    address parsing errors and returns empty tuple to indicate the
    parsing error (old API). (The patch is faulty,
    gh#python/cpython#106669, but upstream decided not to just
    revert it).
* Sat Jul 29 2023 Matej Cepl <mcepl@suse.com>
  - Add bpo-37596-make-set-marshalling.patch making marshalling of
    `set` and `frozenset` deterministic (bsc#1211765).
* Wed Jul 19 2023 Matej Cepl <mcepl@suse.com>
  - Add gh-78214-marshal_stabilize_FLAG_REF.patch to marshal.c for
    stabilizing FLAG_REF usage (required for reproduceability;
    bsc#1213463).
* Fri Jul 14 2023 Matej Cepl <mcepl@suse.com>
  - Revert faulty fix for CVE-2023-27043 (gh#python/cpython#106669)
* Fri Jun 30 2023 Matej Cepl <mcepl@suse.com>
  - Add downport-Sphinx-features.patch to make documentation
    buildable even on SLE-15.
* Wed Jun 28 2023 Matej Cepl <mcepl@suse.com>
  - Update to 3.9.17 (bsc#1212015):
    - gh-103142: The version of OpenSSL used in Windows and
      Mac installers has been upgraded to 1.1.1u to address
      CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
      as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
      fixed previously in 1.1.1t (gh-101727).
    - gh-102153: urllib.parse.urlsplit() now strips leading C0
      control and space characters following the specification for
      URLs defined by WHATWG in response to CVE-2023-24329
      (bsc#1208471).
    - gh-99889: Fixed a security in flaw in uu.decode() that could
      allow for directory traversal based on the input if no
      out_file was specified.
    - gh-104049: Do not expose the local on-disk
      location in directory indexes produced by
      http.client.SimpleHTTPRequestHandler.
    - gh-103935: trace.__main__ now uses io.open_code() for files
      to be executed instead of raw open().
    - gh-102953: The extraction methods in tarfile, and
      shutil.unpack_archive(), have a new filter argument that
      allows limiting tar features than may be surprising or
      dangerous, such as creating files outside the destination
      directory. See Extraction filters for details (fixing
      CVE-2007-4559, bsc#1203750).
    - gh-102126: Fixed a deadlock at shutdown when clearing thread
      states if any finalizer tries to acquire the runtime head
      lock.
    - gh-100892: Fixed a crash due to a race while iterating over
      thread states in clearing threading.local.
  - Remove upstreamed patches:
    - CVE-2023-24329-blank-URL-bypass.patch
    - CVE-2007-4559-filter-tarfile_extractall.patch
* Sat May 06 2023 Matej Cepl <mcepl@suse.com>
  - Add 99366-patch.dict-can-decorate-async.patch fixing
    gh#python/cpython#98086 (backport from Python 3.10 patch in
    gh#python/cpython!99366), fixing bsc#1211158.
* Wed May 03 2023 Matej Cepl <mcepl@suse.com>
  - Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
    CVE-2007-4559 (bsc#1203750) by adding the filter for
    tarfile.extractall (PEP 706).
* Tue Apr 18 2023 Steve Kowalik <steven.kowalik@suse.com>
  - Use python3 modules to build the documentation.
* Wed Mar 01 2023 Matej Cepl <mcepl@suse.com>
  - Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
    bsc#1208471) blocklists bypass via the urllib.parse component
    when supplying a URL that starts with blank characters
* Tue Feb 21 2023 Matej Cepl <mcepl@suse.com>
  - Add provides for readline and sqlite3 to the main Python
    package.
* Fri Jan 27 2023 Thorsten Kukuk <kukuk@suse.com>
  - Disable NIS for new products, it's deprecated and gets removed
* Fri Jan 13 2023 Martin Liška <mliska@suse.cz>
  - Suppress warnings for Sphinx 6.0+.
* Thu Dec 08 2022 Matej Cepl <mcepl@suse.com>
  - Update to 3.9.16:
    - python -m http.server no longer allows terminal control
      characters sent within a garbage request to be printed to the
      stderr server log.
      This is done by changing the http.server
      BaseHTTPRequestHandler .log_message method to replace control
      characters with a \xHH hex escape before printing.
    - Avoid publishing list of active per-interpreter audit hooks
      via the gc module
    - The IDNA codec decoder used on DNS hostnames by socket or
      asyncio related name resolution functions no longer involves
      a quadratic algorithm. This prevents a potential CPU denial
      of service if an out-of-spec excessive length hostname
      involving bidirectional characters were decoded. Some
      protocols such as urllib http 3xx redirects potentially allow
      for an attacker to supply such a name (CVE-2015-20107).
    - Update bundled libexpat to 2.5.0
    - Port XKCP’s fix for the buffer overflows in SHA-3
      (CVE-2022-37454).
    - On Linux the multiprocessing module returns to using
      filesystem backed unix domain sockets for communication with
      the forkserver process instead of the Linux abstract socket
      namespace. Only code that chooses to use the “forkserver”
      start method is affected.
      Abstract sockets have no permissions and could allow any
      user on the system in the same network namespace (often
      the whole system) to inject code into the multiprocessing
      forkserver process. This was a potential privilege
      escalation. Filesystem based socket permissions restrict this
      to the forkserver process user as was the default in Python
      3.8 and earlier.
      This prevents Linux CVE-2022-42919.
    - The deprecated mailcap module now refuses to inject unsafe
      text (filenames, MIME types, parameters) into shell
      commands. Instead of using such text, it will warn and act
      as if a match was not found (or for test commands, as if the
      test failed).
  - Removed upstreamed patches:
    - CVE-2015-20107-mailcap-unsafe-filenames.patch
    - CVE-2022-42919-loc-priv-mulitproc-forksrv.patch
    - CVE-2022-45061-DoS-by-IDNA-decode.patch
* Wed Nov 09 2022 Matej Cepl <mcepl@suse.com>
  - Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
    CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
    extremely long domain names.
* Thu Nov 03 2022 Matej Cepl <mcepl@suse.com>
  - Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid
    CVE-2022-42919 (bsc#1204886) avoiding Linux specific local
    privilege escalation via the multiprocessing forkserver start
    method.
* Fri Oct 21 2022 Matej Cepl <mcepl@suse.com>
  - Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to
    allow building of documentation with the latest Sphinx 5.3.0
    (gh#python/cpython#98366).
* Wed Oct 19 2022 Matej Cepl <mcepl@suse.com>
  - Update to 3.9.15:
    - Fix multiplying a list by an integer (list *= int): detect
      the integer overflow when the new allocated length is close
      to the maximum size.
    - Fix a shell code injection vulnerability in the
      get-remote-certificate.py example script. The script no
      longer uses a shell to run openssl commands. (originally
      filed as CVE-2022-37460, later withdrawn)
    - Fix command line parsing: reject -X int_max_str_digits option
      with no value (invalid) when the PYTHONINTMAXSTRDIGITS
      environment variable is set to a valid limit.
    - When ValueError is raised if an integer is larger than the
      limit, mention the sys.set_int_max_str_digits() function in
      the error message.
    - Update bundled libexpat to 2.4.9
* Sun Sep 11 2022 Matej Cepl <mcepl@suse.com>
  - Update to 3.9.14:
    - (CVE-2020-10735, bsc#1203125). Converting between int
      and str in bases other than 2 (binary), 4, 8 (octal), 16
      (hexadecimal), or 32 such as base 10 (decimal) now raises a
      ValueError if the number of digits in string form is above a
      limit to avoid potential denial of service attacks due to the
      algorithmic complexity.
      This new limit can be configured or disabled by environment
      variable, command line flag, or sys APIs. See the integer
      string conversion length limitation documentation. The
      default limit is 4300 digits in string form.
    - Also other bug fixes:
    - http.server: Fix an open redirection vulnerability in the
      HTTP server when an URI path starts with //. Vulnerability
      discovered, and initial fix proposed, by Hamza Avvan.
    - Fix contextvars HAMT implementation to handle iteration
      over deep trees. The bug was discovered and fixed by Eli
      Libman. See MagicStack/immutables#84 for more details.
    - Fix binding of unix socket to empty address on Linux to use
      an available address from the abstract namespace, instead
      of “0”.
    - Suppress writing an XML declaration in open files
      in ElementTree.write() with encoding='unicode' and
      xml_declaration=None.
    - Fix the formatting for await x and not x in the operator
      precedence table when using the help() system.
    - Fix ensurepip environment isolation for subprocess running
      pip.
    - Fix problem with test_ssl test_get_ciphers on systems that
      require perfect forward secrecy (PFS) ciphers.
    - test_ssl is now checking for supported TLS version and
      protocols in more tests.
  - Removed upstreamed patches:
    - CVE-2021-28861-double-slash-path.patch
  - Realign patches:
    - bpo-31046_ensurepip_honours_prefix.patch
    - sphinx-update-removed-function.patch
* Thu Sep 01 2022 Steve Kowalik <steven.kowalik@suse.com>
  - Add patch CVE-2021-28861-double-slash-path.patch:
    * http.server: Fix an open redirection vulnerability in the HTTP server
      when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
* Thu Jul 21 2022 Matej Cepl <mcepl@suse.com>
  - Switch from %primary_interpreter to prjconf-defined
    %primary_python (gh#openSUSE/python-rpm-macros#127).
* Thu Jun 09 2022 Matej Cepl <mcepl@suse.com>
  - Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
    CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
    command injection in the mailcap module.
  - Fix building of documentation and the universal configuration of the
    %primary_interpreter.
  - (bsc#1196784, CVE-2022-25236) Rename patch:
    support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch
    and update the patch to detect expat >= 2.4.4 instead of >= 2.4.5
    as it was fully patched against CVE-2022-25236.
* Fri May 20 2022 Matej Cepl <mcepl@suse.com>
  - Update to 3.9.13:
    - Core and Builtins
    - gh-92311: Fixed a bug where setting frame.f_lineno to jump
      over a list comprehension could misbehave or crash.
    - gh-92112: Fix crash triggered by an evil custom mro() on
      a metaclass.
    - gh-92036: Fix a crash in subinterpreters related to the
      garbage collector. When a subinterpreter is deleted,
      untrack all objects tracked by its GC. To prevent a crash
      in deallocator functions expecting objects to be tracked by
      the GC, leak a strong reference to these objects on
      purpose, so they are never deleted and their deallocator
      functions are not called. Patch by Victor Stinner.
    - gh-91421: Fix a potential integer overflow in
      _Py_DecodeUTF8Ex.
    - bpo-46775: Some Windows system error codes(>= 10000) are
      now mapped into the correct errno and may now raise
      a subclass of OSError. Patch by Dong-hee Na.
    - bpo-46962: Classes and functions that unconditionally
      declared their docstrings ignoring the
    - -without-doc-strings compilation flag no longer do so.
    - The classes affected are pickle.PickleBuffer,
      testcapi.RecursingInfinitelyError, and types.GenericAlias.
    - The functions affected are 24 methods in ctypes.
    - Patch by Oleg Iarygin.
    - bpo-36819: Fix crashes in built-in encoders with error
      handlers that return position less or equal than the
      starting position of non-encodable characters.
    - Library
    - gh-91581: utcfromtimestamp() no longer attempts to resolve
      fold in the pure Python implementation, since the fold is
      never 1 in UTC. In addition to being slightly faster in the
      common case, this also prevents some errors when the
      timestamp is close to datetime.min. Patch by Paul Ganssle.
    - gh-92530: Fix an issue that occurred after interrupting
      threading.Condition.notify().
    - gh-92049: Forbid pickling constants re._constants.SUCCESS
      etc. Previously, pickling did not fail, but the result
      could not be unpickled.
    - bpo-47029: Always close the read end of the pipe used by
      multiprocessing.Queue after the last write of buffered data
      to the write end of the pipe to avoid BrokenPipeError at
      garbage collection and at multiprocessing.Queue.close()
      calls. Patch by Géry Ogam.
    - gh-91910: Add missing f prefix to f-strings in error
      messages from the multiprocessing and asyncio modules.
    - gh-91810: ElementTree method write() and function
      tostring() now use the text file’s encoding (“UTF-8” if not
      available) instead of locale encoding in XML declaration
      when encoding="unicode" is specified.
    - gh-91832: Add required attribute to argparse.Action repr
      output.
    - gh-91734: Fix OSS audio support on Solaris.
    - gh-91700: Compilation of regular expression containing
      a conditional expression (?(group)...) now raises an
      appropriate re.error if the group number refers to not
      defined group. Previously an internal RuntimeError was
      raised.
    - gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown
      the per test event loop executor before returning from its
      run method so that a not yet stopped or garbage collected
      executor state does not persist beyond the test.
    - gh-90568: Parsing \N escapes of Unicode Named Character
      Sequences in a regular expression raises now re.error
      instead of TypeError.
    - gh-91595: Fix the comparison of character and integer
      inside Tools.gdb.libpython.write_repr(). Patch by Yu Liu.
    - gh-90622: Worker processes for
      concurrent.futures.ProcessPoolExecutor are no longer
      spawned on demand (a feature added in 3.9) when the
      multiprocessing context start method is "fork" as that can
      lead to deadlocks in the child processes due to a fork
      happening while threads are running.
    - gh-91575: Update case-insensitive matching in the re module
      to the latest Unicode version.
    - gh-91581: Remove an unhandled error case in the
      C implementation of calls to datetime.fromtimestamp with no
      time zone (i.e. getting a local time from an epoch
      timestamp). This should have no user-facing effect other
      than giving a possibly more accurate error message when
      called with timestamps that fall on 10000-01-01 in the
      local time. Patch by Paul Ganssle.
    - bpo-34480: Fix a bug where _markupbase raised an
      UnboundLocalError when an invalid keyword was found in
      marked section. Patch by Marek Suscak.
    - bpo-27929: Fix asyncio.loop.sock_connect() to only resolve
      names for socket.AF_INET or socket.AF_INET6 families.
      Resolution may not make sense for other families, like
      socket.AF_BLUETOOTH and socket.AF_UNIX.
    - bpo-43323: Fix errors in the email module if the charset
      itself contains undecodable/unencodable characters.
    - bpo-46787: Fix concurrent.futures.ProcessPoolExecutor
      exception memory leak
    - bpo-46415: Fix ipaddress.ip_{address,interface,network}
      raising TypeError instead of ValueError if given invalid
      tuple as address parameter.
    - bpo-44911: IsolatedAsyncioTestCase will no longer throw an
      exception while cancelling leaked tasks. Patch by Bar
      Harel.
    - bpo-44493: Add missing terminated NUL in sockaddr_un’s
      length
    - This was potentially observable when using non-abstract
      AF_UNIX datagram sockets to processes written in another
      programming language.
    - bpo-42627: Fix incorrect parsing of Windows registry proxy
      settings
    - bpo-36073: Raise ProgrammingError instead of segfaulting on
      recursive usage of cursors in sqlite3 converters. Patch by
      Sergey Fedoseev.
    - Documentation
    - gh-91888: Add a new gh role to the documentation to link to
      GitHub issues.
    - gh-91783: Document security issues concerning the use of
      the function shutil.unpack_archive()
    - gh-91547: Remove “Undocumented modules” page.
    - bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of
      shutil.copytree().
    - bpo-38668: Update the introduction to documentation for
      os.path to remove warnings that became irrelevant after the
      implementations of PEP 383 and PEP 529.
    - bpo-47138: Pin Jinja to a version compatible with Sphinx
      version 2.4.4.
    - bpo-46962: All docstrings in code snippets are now wrapped
      into PyDoc_STR() to follow the guideline of PEP 7’s
      Documentation Strings paragraph. Patch by Oleg Iarygin.
    - bpo-26792: Improve the docstrings of runpy.run_module() and
      runpy.run_path(). Original patch by Andrew Brezovsky.
    - bpo-45790: Adjust inaccurate phrasing in Defining Extension
      Types: Tutorial about the ob_base field and the macros used
      to access its contents.
    - bpo-42340: Document that in some circumstances
      KeyboardInterrupt may cause the code to enter an
      inconsistent state. Provided a sample workaround to avoid
      it if needed.
    - bpo-41233: Link the errnos referenced in
      Doc/library/exceptions.rst to their respective section in
      Doc/library/errno.rst, and vice versa. Previously this was
      only done for EINTR and InterruptedError. Patch by Yan
      “yyyyyyyan” Orestes.
    - bpo-38056: Overhaul the Error Handlers documentation in
      codecs.
    - bpo-13553: Document tkinter.Tk args.
    - Tests
    - gh-91607: Fix test_concurrent_futures to test the correct
      multiprocessing start method context in several cases where
      the test logic mixed this up.
    - bpo-47205: Skip test for sched_getaffinity() and
      sched_setaffinity() error case on FreeBSD.
    - bpo-29890: Add tests for ipaddress.IPv4Interface and
      ipaddress.IPv6Interface construction with tuple arguments.
      Original patch and tests by louisom.
    - Build
    - bpo-47103: Windows PGInstrument builds now copy a required
      DLL into the output directory, making it easier to run the
      profile stage of a PGO build.
    - Windows
    - bpo-47194: Update zlib to v1.2.12 to resolve
      CVE-2018-25032.
    - bpo-46785: Fix race condition between os.stat() and
      unlinking a file on Windows, by using errors codes returned
      by FindFirstFileW() when appropriate in win32_xstat_impl.
    - bpo-40859: Update Windows build to use xz-5.2.5
    - Tools/Demos
    - gh-91583: Fix regression in the code generated by Argument
      Clinic for functions with the defining_class parameter.
  - Add patch support-expat-245.patch:
    * Support Expat >= 2.4.4 (jsc#SLE-21253, CVE-2022-25236)
* Sat Mar 26 2022 Matej Cepl <mcepl@suse.com>
  - Update to 3.9.12:
    - bpo-46968: Check for the existence of the “sys/auxv.h” header
      in faulthandler to avoid compilation problems in systems
      where this header doesn’t exist. Patch by Pablo Galindo
    - bpo-47101: hashlib.algorithms_available now lists only
      algorithms that are provided by activated crypto providers on
      OpenSSL 3.0. Legacy algorithms are not listed unless the
      legacy provider has been loaded into the default OSSL
      context.
    - bpo-23691: Protect the re.finditer() iterator from
      re-entering.
    - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to
      avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception
      when reading a ZipFile from multiple threads.
    - bpo-38256: Fix binascii.crc32() when it is compiled to use
      zlib’c crc32 to work properly on inputs 4+GiB in length
      instead of returning the wrong result. The workaround prior
      to this was to always feed the function data in increments
      smaller than 4GiB or to just call the zlib module function.
    - bpo-39394: A warning about inline flags not at the start of
      the regular expression now contains the position of the flag.
    - bpo-47061: Deprecate the various modules listed by PEP 594:
    - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt,
      imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd,
      sndhdr, spwd, sunau, telnetlib, uu, xdrlib
    - bpo-2604: Fix bug where doctests using globals would fail
      when run multiple times.
    - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order.
    - bpo-47022: The asynchat, asyncore and smtpd modules have been
      deprecated since at least Python 3.6. Their documentation has
      now been updated to note they will removed in Python 3.12
      (PEP 594).
    - bpo-46421: Fix a unittest issue where if the command was
      invoked as python -m unittest and the filename(s) began with
      a dot (.), a ValueError is returned.
    - bpo-40296: Fix supporting generic aliases in pydoc.
    - bpo-14156: argparse.FileType now supports an argument of ‘-’
      in binary mode, returning the .buffer attribute of
      sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and
      ‘a’ are treated equivalently to ‘w’ when argument is ‘-’.
      Patch contributed by Josh Rosenberg
  - Update to 3.9.11:
    - bpo-46852: Rename the private undocumented
      float.__set_format__() method to float.__setformat__() to fix
      a typo introduced in Python 3.7. The method is only used by
      test_float. Patch by Victor Stinner.
    - bpo-46794: Bump up the libexpat version into 2.4.6
    - bpo-46762: Fix an assert failure in debug builds when a ‘<’,
      ‘>’, or ‘=’ is the last character in an f-string that’s
      missing a closing right brace.
    - bpo-46732: Correct the docstring for the __bool__() method.
      Patch by Jelle Zijlstra.
    - bpo-40479: Add a missing call to va_end() in
      Modules/_hashopenssl.c.
    - bpo-46615: When iterating over sets internally in
      setobject.c, acquire strong references to the resulting items
      from the set. This prevents crashes in corner-cases of
      various set operations where the set gets mutated.
    - bpo-43721: Fix docstrings of getter, setter, and deleter to
      clarify that they create a new copy of the property.
    - bpo-46503: Fix an assert when parsing some invalid N escape
      sequences in f-strings.
    - bpo-46417: Fix a race condition on setting a type __bases__
      attribute: the internal function add_subclass() now gets the
      PyTypeObject.tp_subclasses member after calling
      PyWeakref_NewRef() which can trigger a garbage collection
      which can indirectly modify PyTypeObject.tp_subclasses. Patch
      by Victor Stinner.
    - bpo-46383: Fix invalid signature of _zoneinfo’s module_free
      function to resolve a crash on wasm32-emscripten platform.
    - bpo-43253: Fix a crash when closing transports where the
      underlying socket handle is already invalid on the Proactor
      event loop.
    - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3,
      including bugfix for EntryPoint.extras, which was returning
      match objects and not the extras strings.
    - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip
      22.0.4, bnc#1186819, CVE-2021-3572)
    - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically
      determine size of signal handler stack size CPython allocates
      using getauxval(AT_MINSIGSTKSZ). This changes allows for
      Python extension’s request to Linux kernel to use AMX_TILE
      instruction set on Sapphire Rapids Xeon processor to succeed,
      unblocking use of the ISA in frameworks.
    - bpo-46955: Expose asyncio.base_events.Server as
      asyncio.Server. Patch by Stefan Zabka.
    - bpo-46932: Update bundled libexpat to 2.4.7
    - bpo-25707: Fixed a file leak in
      xml.etree.ElementTree.iterparse() when the iterator is not
      exhausted. Patch by Jacob Walls.
    - bpo-44886: Inherit asyncio proactor datagram transport from
      asyncio.DatagramTransport.
    - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect()
      for selector-based event loops. Patch by Thomas Grainger.
    - bpo-46811: Make test suite support Expat >=2.4.5
    - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to
      transport-based APIs.
    - bpo-46784: Fix libexpat symbols collisions with user
      dynamically loaded or statically linked libexpat in embedded
      Python.
    - bpo-39327: shutil.rmtree() can now work with VirtualBox
      shared folders when running from the guest operating-system.
    - bpo-46756: Fix a bug in
      urllib.request.HTTPPasswordMgr.find_user_password() and
      urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated()
      which allowed to bypass authorization. For example, access to
      URI example.org/foobar was allowed if the user was authorized
      for URI example.org/foo.
    - bpo-45863: When the tarfile module creates a pax format
      archive, it will put an integer representation of timestamps
      in the ustar header (if possible) for the benefit of older
      unarchivers, in addition to the existing full-precision
      timestamps in the pax extended header.
    - bpo-46672: Fix NameError in asyncio.gather() when initial
      type check fails.
    - bpo-45948: Fixed a discrepancy in the C implementation of the
      xml.etree.ElementTree module. Now, instantiating an
      xml.etree.ElementTree.XMLParser with a target=None keyword
      provides a default xml.etree.ElementTree.TreeBuilder target
      as the Python implementation does.
    - bpo-46591: Make the IDLE doc URL on the About IDLE dialog
      clickable.
    - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4
    - bpo-46487: Add the get_write_buffer_limits method to
      asyncio.transports.WriteTransport and to the SSL transport.
    - bpo-46539: In typing.get_type_hints(), support evaluating
      stringified ClassVar and Final annotations inside Annotated.
      Patch by Gregory Beauregard.
    - bpo-46491: Allow typing.Annotated to wrap typing.Final and
      typing.ClassVar. Patch by Gregory Beauregard.
    - bpo-46436: Fix command-line option -d/--directory in module
      http.server which is ignored when combined with command-line
      option --cgi. Patch by Géry Ogam.
    - bpo-41403: Make mock.patch() raise a TypeError with
      a relevant error message on invalid arg. Previously it
      allowed a cryptic AttributeError to escape.
    - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid
      potential REDoS by limiting ambiguity in consecutive
      whitespace.
    - bpo-46469: asyncio generic classes now return
      types.GenericAlias in __class_getitem__ instead of the same
      class.
    - bpo-46434: pdb now gracefully handles help when __doc__ is
      missing, for example when run with pregenerated optimized
      .pyc files.
    - bpo-46333: The __eq__() and __hash__() methods of
      typing.ForwardRef now honor the module parameter of
      typing.ForwardRef. Forward references from different modules
      are now differentiated.
    - bpo-43118: Fix a bug in inspect.signature() that was causing
      it to fail on some subclasses of classes with
      a __text_signature__ referencing module globals. Patch by
      Weipeng Hong.
    - bpo-21987: Fix an issue with tarfile.TarFile.getmember()
      getting a directory name with a trailing slash.
    - bpo-20392: Fix inconsistency with uppercase file extensions
      in MimeTypes.guess_type(). Patch by Kumar Aditya.
    - bpo-46080: Fix exception in argparse help text generation if
      a argparse.BooleanOptionalAction argument’s default is
      argparse.SUPPRESS and it has help specified. Patch by Felix
      Fontein.
    - bpo-44439: Fix .write() method of a member file in ZipFile,
      when the input data is an object that supports the buffer
      protocol, the file length may be wrong.
    - bpo-45703: When a namespace package is imported before
      another module from the same namespace is created/installed
      in a different sys.path location while the program is
      running, calling the importlib.invalidate_caches() function
      will now also guarantee the new module is noticed.
    - bpo-24959: Fix bug where unittest sometimes drops frames from
      tracebacks of exceptions raised in tests.
    - bpo-46463: Fixes escape4chm.py script used when building the
      CHM documentation file
    - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is
      built with undefined behavior sanitizer (UBSAN): disable
      UBSAN on the faulthandler_sigfpe() function. Patch by Victor
      Stinner.
    - bpo-46708: Prevent default asyncio event loop policy
      modification warning after test_asyncio execution.
    - bpo-46616: Ensures test_importlib.test_windows cleans up
      registry keys after completion.
    - bpo-44359: test_ftplib now silently ignores socket errors to
      prevent logging unhandled threading exceptions. Patch by
      Victor Stinner.
    - bpo-46542: Fix a Python crash in test_lib2to3 when using
      Python built in debug mode: limit the recursion limit. Patch
      by Victor Stinner.
    - bpo-46576: test_peg_generator now disables compiler
      optimization when testing compilation of its own C extensions
      to significantly speed up the testing on non-debug builds of
      CPython.
    - bpo-46542: Fix test_json tests checking for RecursionError:
      modify these tests to use support.infinite_recursion(). Patch
      by Victor Stinner.
    - bpo-13886: Skip test_builtin PTY tests on non-ASCII
      characters if the readline module is loaded. The readline
      module changes input() behavior, but test_builtin is not
      intented to test the readline module. Patch by Victor
      Stinner.
    - bpo-38472: Fix GCC detection in setup.py when
      cross-compiling. The C compiler is now run with LC_ALL=C.
      Previously, the detection failed with a German locale.
    - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro
      and pyconfig.h no longer defines reserved symbol
      __CHAR_UNSIGNED__.
    - bpo-45925: Update Windows installer to use SQLite 3.37.2.
    - bpo-45296: Clarify close, quit, and exit in IDLE. In the File
      menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current
      one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows).
      In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there
      are no other windows, this also exits IDLE.
    - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch
      by Alex Waygood and Terry Jan Reedy.
  - Removed upstreamed patches:
    - support-expat-245.patch
* Tue Feb 22 2022 Steve Kowalik <steven.kowalik@suse.com>
  - Add patch support-expat-245.patch:
    * Support Expat >= 2.4.5
* Wed Jan 19 2022 Matej Cepl <mcepl@suse.com>
  - Update to 3.9.10:
    Bugfix-only release

Files

/usr/lib/libpython3.9.so.1.0


Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Oct 23 22:58:29 2025