Stowage/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-10-19 07:53:46 +00:00
Code Issues Projects Releases Packages Wiki Activity

Python 3.9.24

Browse source
This commit is contained in:
Łukasz Langa 2025-10-09 13:54:19 +02:00
parent f9728747f8
commit 91bdb00dfe
No known key found for this signature in database
GPG key ID: B26995E310250568
16 changed files with 156 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Include/patchlevel.h
View file

@ -18,12 +18,12 @@
/*--start constants--*/
#define PY_MAJOR_VERSION 3
#define PY_MINOR_VERSION 9
#define PY_MICRO_VERSION 23
#define PY_MICRO_VERSION 24
#define PY_RELEASE_LEVEL PY_RELEASE_LEVEL_FINAL
#define PY_RELEASE_SERIAL 0
/* Version as a string */
#define PY_VERSION "3.9.23+"
#define PY_VERSION "3.9.24"
/*--end constants--*/
/* Version as a single 4-byte hex number, e.g. 0x010502B2 == 1.5.2b2.

153
Misc/NEWS.d/3.9.24.rst Normal file
View file

@ -0,0 +1,153 @@
.. date: 2025-10-07-19-31-34
.. gh-issue: 139700
.. nonce: vNHU1O
.. release date: 2025-10-09
.. section: Security
Check consistency of the zip64 end of central directory record. Support
records with "zip64 extensible data" if there are no bytes prepended to the
ZIP file.
..
.. date: 2025-09-29-00-01-28
.. gh-issue: 139400
.. nonce: X2T-jO
.. section: Security
:mod:`xml.parsers.expat`: Make sure that parent Expat parsers are only
garbage-collected once they are no longer referenced by subparsers created
by :meth:`~xml.parsers.expat.xmlparser.ExternalEntityParserCreate`. Patch by
Sebastian Pipping.
..
.. date: 2025-07-28-10-35-59
.. gh-issue: 121227
.. nonce: Orp1wf
.. section: Security
Raise an :exc:`SSL.SSLError` if an empty *protocols* argument is passed to
:meth:`ssl.SSLContext.set_npn_protocols` to fix ``CVE-2024-5642``.
..
.. date: 2025-06-25-14-13-39
.. gh-issue: 135661
.. nonce: idjQ0B
.. section: Security
Fix parsing start and end tags in :class:`html.parser.HTMLParser` according
to the HTML5 standard.
* Whitespaces no longer accepted between ``</`` and the tag name.
E.g. ``</ script>`` does not end the script section.
* Vertical tabulation (``\v``) and non-ASCII whitespaces no longer recognized
as whitespaces. The only whitespaces are ``\t\n\r\f`` and space.
* Null character (U+0000) no longer ends the tag name.
* Attributes and slashes after the tag name in end tags are now ignored,
instead of terminating after the first ``>`` in quoted attribute value.
E.g. ``</script/foo=">"/>``.
* Multiple slashes and whitespaces between the last attribute and closing ``>``
are now ignored in both start and end tags. E.g. ``<a foo=bar/ //>``.
* Multiple ``=`` between attribute name and value are no longer collapsed.
E.g. ``<a foo==bar>`` produces attribute "foo" with value "=bar".
..
.. date: 2025-06-18-13-34-55
.. gh-issue: 135661
.. nonce: NZlpWf
.. section: Security
Fix CDATA section parsing in :class:`html.parser.HTMLParser` according to
the HTML5 standard: ``] ]>`` and ``]] >`` no longer end the CDATA section.
Add private method ``_set_support_cdata()`` which can be used to specify how
to parse ``<[CDATA[`` --- as a CDATA section in foreign content (SVG or
MathML) or as a bogus comment in the HTML namespace.
..
.. date: 2025-06-18-13-28-08
.. gh-issue: 102555
.. nonce: nADrzJ
.. section: Security
Fix comment parsing in :class:`html.parser.HTMLParser` according to the
HTML5 standard. ``--!>`` now ends the comment. ``-- >`` no longer ends the
comment. Support abnormally ended empty comments ``<-->`` and ``<--->``.
..
.. date: 2025-06-13-15-55-22
.. gh-issue: 135462
.. nonce: KBeJpc
.. section: Security
Fix quadratic complexity in processing specially crafted input in
:class:`html.parser.HTMLParser`. End-of-file errors are now handled
according to the HTML5 specs -- comments and declarations are automatically
closed, tags are ignored.
..
.. date: 2025-06-09-20-38-25
.. gh-issue: 118350
.. nonce: KgWCcP
.. section: Security
Fix support of escapable raw text mode (elements "textarea" and "title") in
:class:`html.parser.HTMLParser`.
..
.. date: 2023-02-13-21-41-34
.. gh-issue: 86155
.. nonce: ppIGSC
.. section: Security
:meth:`html.parser.HTMLParser.close` no longer loses data when the
``<script>`` tag is not closed. Patch by Waylan Limberg.
..
.. date: 2025-09-25-07-33-43
.. gh-issue: 139312
.. nonce: ygE8AC
.. section: Library
Upgrade bundled libexpat to 2.7.3
..
.. date: 2025-09-16-19-05-29
.. gh-issue: 138998
.. nonce: URl0Y_
.. section: Library
Update bundled libexpat to 2.7.2
..
.. date: 2025-07-23-00-35-29
.. gh-issue: 130577
.. nonce: c7EITy
.. section: Library
:mod:`tarfile` now validates archives to ensure member offsets are
non-negative. (Contributed by Alexander Enrique Urieles Nieto in
:gh:`130577`.)
..
.. date: 2025-06-11-17-47-19
.. gh-issue: 135374
.. nonce: eqRcTc
.. section: Library
Update the bundled copy of setuptools to 79.0.1.

1
Misc/NEWS.d/next/Library/2025-06-11-17-47-19.gh-issue-135374.eqRcTc.rst
View file

@ -1 +0,0 @@
Update the bundled copy of setuptools to 79.0.1.

3
Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst
View file

@ -1,3 +0,0 @@
:mod:`tarfile` now validates archives to ensure member offsets are
non-negative. (Contributed by Alexander Enrique Urieles Nieto in
:gh:`130577`.)

1
Misc/NEWS.d/next/Library/2025-09-16-19-05-29.gh-issue-138998.URl0Y_.rst
View file

@ -1 +0,0 @@
Update bundled libexpat to 2.7.2

1
Misc/NEWS.d/next/Library/2025-09-25-07-33-43.gh-issue-139312.ygE8AC.rst
View file

@ -1 +0,0 @@
Upgrade bundled libexpat to 2.7.3

2
Misc/NEWS.d/next/Security/2023-02-13-21-41-34.gh-issue-86155.ppIGSC.rst
View file

@ -1,2 +0,0 @@
:meth:`html.parser.HTMLParser.close` no longer loses data when the
``<script>`` tag is not closed. Patch by Waylan Limberg.

2
Misc/NEWS.d/next/Security/2025-06-09-20-38-25.gh-issue-118350.KgWCcP.rst
View file

@ -1,2 +0,0 @@
Fix support of escapable raw text mode (elements "textarea" and "title")
in :class:`html.parser.HTMLParser`.

4
Misc/NEWS.d/next/Security/2025-06-13-15-55-22.gh-issue-135462.KBeJpc.rst
View file

@ -1,4 +0,0 @@
Fix quadratic complexity in processing specially crafted input in
:class:`html.parser.HTMLParser`. End-of-file errors are now handled according
to the HTML5 specs -- comments and declarations are automatically closed,
tags are ignored.

3
Misc/NEWS.d/next/Security/2025-06-18-13-28-08.gh-issue-102555.nADrzJ.rst
View file

@ -1,3 +0,0 @@
Fix comment parsing in :class:`html.parser.HTMLParser` according to the
HTML5 standard. ``--!>`` now ends the comment. ``-- >`` no longer ends the
comment. Support abnormally ended empty comments ``<-->`` and ``<--->``.

5
Misc/NEWS.d/next/Security/2025-06-18-13-34-55.gh-issue-135661.NZlpWf.rst
View file

@ -1,5 +0,0 @@
Fix CDATA section parsing in :class:`html.parser.HTMLParser` according to
the HTML5 standard: ``] ]>`` and ``]] >`` no longer end the CDATA section.
Add private method ``_set_support_cdata()`` which can be used to specify
how to parse ``<[CDATA[`` --- as a CDATA section in foreign content
(SVG or MathML) or as a bogus comment in the HTML namespace.

20
Misc/NEWS.d/next/Security/2025-06-25-14-13-39.gh-issue-135661.idjQ0B.rst
View file

@ -1,20 +0,0 @@
Fix parsing start and end tags in :class:`html.parser.HTMLParser`
according to the HTML5 standard.
* Whitespaces no longer accepted between ``</`` and the tag name.
E.g. ``</ script>`` does not end the script section.
* Vertical tabulation (``\v``) and non-ASCII whitespaces no longer recognized
as whitespaces. The only whitespaces are ``\t\n\r\f`` and space.
* Null character (U+0000) no longer ends the tag name.
* Attributes and slashes after the tag name in end tags are now ignored,
instead of terminating after the first ``>`` in quoted attribute value.
E.g. ``</script/foo=">"/>``.
* Multiple slashes and whitespaces between the last attribute and closing ``>``
are now ignored in both start and end tags. E.g. ``<a foo=bar/ //>``.
* Multiple ``=`` between attribute name and value are no longer collapsed.
E.g. ``<a foo==bar>`` produces attribute "foo" with value "=bar".

2
Misc/NEWS.d/next/Security/2025-07-28-10-35-59.gh-issue-121227.Orp1wf.rst
View file

@ -1,2 +0,0 @@
Raise an :exc:`SSL.SSLError` if an empty *protocols* argument is passed to
:meth:`ssl.SSLContext.set_npn_protocols` to fix ``CVE-2024-5642``.

4
Misc/NEWS.d/next/Security/2025-09-29-00-01-28.gh-issue-139400.X2T-jO.rst
View file

@ -1,4 +0,0 @@
:mod:`xml.parsers.expat`: Make sure that parent Expat parsers are only
garbage-collected once they are no longer referenced by subparsers created
by :meth:`~xml.parsers.expat.xmlparser.ExternalEntityParserCreate`.
Patch by Sebastian Pipping.

3
Misc/NEWS.d/next/Security/2025-10-07-19-31-34.gh-issue-139700.vNHU1O.rst
View file

@ -1,3 +0,0 @@
Check consistency of the zip64 end of central directory record. Support
records with "zip64 extensible data" if there are no bytes prepended to the
ZIP file.

2
README.rst
View file

@ -1,4 +1,4 @@
This is Python version 3.9.23
This is Python version 3.9.24
=============================
.. image:: https://travis-ci.org/python/cpython.svg?branch=3.9