Overview
Request 1199512 superseded
- Update to 3.12.6:
- Tests
- gh-101525: Skip test_gdb if the binary is relocated by
BOLT. Patch by Donghee Na.
- Security
- gh-123678: Upgrade libexpat to 2.6.3
- gh-121285: Remove backtracking from tarfile header parsing
for hdrcharset, PAX, and GNU sparse headers (bsc#1230227,
CVE-2024-6232).
- Library
- gh-123270: Applied a more surgical fix for malformed
payloads in zipfile.Path causing infinite loops (gh-122905)
without breaking contents using legitimate characters
(bsc#1229704, CVE-2024-8088).
- gh-123213: xml.etree.ElementTree.Element.extend() and
Element assignment no longer hide the internal exception if
an erronous generator is passed. Patch by Bar Harel.
- gh-85110: Preserve relative path in URL without netloc in
urllib.parse.urlunsplit() and urllib.parse.urlunparse().
- gh-123067: Fix quadratic complexity in parsing "-quoted
cookie values with backslashes by http.cookies
(bsc#1229596, CVE-2024-7592)
- gh-122903: zipfile.Path.glob now correctly matches
directories instead of silently omitting them.
- gh-122905: zipfile.Path objects now sanitize names from the
zipfile.
- gh-122695: Fixed double-free when using gc.get_referents()
with a freed asyncio.Future iterator.
- gh-116263: logging.handlers.RotatingFileHandler no longer
rolls over empty log files.
- Created by mcepl
- In state superseded
- Superseded by 1200888
- Open review for openSUSE:Factory:Staging:A
Request History
mcepl created request
- Update to 3.12.6:
- Tests
- gh-101525: Skip test_gdb if the binary is relocated by
BOLT. Patch by Donghee Na.
- Security
- gh-123678: Upgrade libexpat to 2.6.3
- gh-121285: Remove backtracking from tarfile header parsing
for hdrcharset, PAX, and GNU sparse headers (bsc#1230227,
CVE-2024-6232).
- Library
- gh-123270: Applied a more surgical fix for malformed
payloads in zipfile.Path causing infinite loops (gh-122905)
without breaking contents using legitimate characters
(bsc#1229704, CVE-2024-8088).
- gh-123213: xml.etree.ElementTree.Element.extend() and
Element assignment no longer hide the internal exception if
an erronous generator is passed. Patch by Bar Harel.
- gh-85110: Preserve relative path in URL without netloc in
urllib.parse.urlunsplit() and urllib.parse.urlunparse().
- gh-123067: Fix quadratic complexity in parsing "-quoted
cookie values with backslashes by http.cookies
(bsc#1229596, CVE-2024-7592)
- gh-122903: zipfile.Path.glob now correctly matches
directories instead of silently omitting them.
- gh-122905: zipfile.Path objects now sanitize names from the
zipfile.
- gh-122695: Fixed double-free when using gc.get_referents()
with a freed asyncio.Future iterator.
- gh-116263: logging.handlers.RotatingFileHandler no longer
rolls over empty log files.
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
anag+factory set openSUSE:Factory:Staging:M as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:M"
anag+factory accepted review
Picked "openSUSE:Factory:Staging:M"
dimstar accepted review
anag+factory added factory-staging as a reviewer
Being evaluated by group "factory-staging"
anag+factory accepted review
Unstaged from project "openSUSE:Factory:Staging:M"
anag+factory set openSUSE:Factory:Staging:A as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:A"
anag+factory accepted review
Picked "openSUSE:Factory:Staging:A"
https://github.com/python-poetry/poetry/issues/9678
sr#1199731