Projetos/rpi-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
096589bd59f3f8e827754d43ad01dcdc406cc27f
rpi-buildroot/package/python3/python3.hash
Titouan Christophe fdfbad13ca package/python3: security bump to v3.12.12 
See the changelog:
https://docs.python.org/release/3.12.12/whatsnew/changelog.html#python-3-12-12

And the announcement:
https://www.python.org/downloads/release/python-31212/

This provides the following security fixes:
- gh-139312: Upgraded bundled libexpat to 2.7.3 to fix CVE-2025-59375

- gh-139700: Check consistency of the zip64 end of central directory record.
  Support records with “zip64 extensible data” if there are no bytes
  prepended to the ZIP file.

- gh-139400: xml.parsers.expat: Make sure that parent Expat parsers are only
  garbage-collected once they are no longer referenced by subparsers created
  by ExternalEntityParserCreate(). Patch by Sebastian Pipping.

- gh-135661: Fix parsing start and end tags in html.parser.HTMLParser
  according to the HTML5 standard.

- gh-135661: Fix CDATA section parsing in html.parser.HTMLParser according to
  the HTML5 standard: ] ]> and ]] > no longer end the CDATA section. Add
  private method _set_support_cdata() which can be used to specify how to
  parse <[CDATA[ — as a CDATA section in foreign content (SVG or MathML) or as
  a bogus comment in the HTML namespace.

- gh-102555: Fix comment parsing in html.parser.HTMLParser according to the
  HTML5 standard. --!> now ends the comment. -- > no longer ends the comment.
  Support abnormally ended empty comments <--> and <--->.

- gh-135462: Fix quadratic complexity in processing specially crafted input
  in html.parser.HTMLParser. End-of-file errors are now handled according
  to the HTML5 specs – comments and declarations are automatically closed,
  tags are ignored.

- gh-118350: Fix support of escapable raw text mode (elements “textarea” and
  “title”) in html.parser.HTMLParser.

- gh-86155: html.parser.HTMLParser.close() no longer loses data when the
  <script> tag is not closed. Patch by Waylan Limberg.

Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
(cherry picked from commit d16c812b7e)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
2025-10-30 08:55:54 +01:00

6 lines
320 B
Plaintext
Raw Blame History

# From https://www.python.org/downloads/release/python-31211/
md5 04feb01316c7bb1b448001adbc63dd23 Python-3.12.12.tar.xz
# Locally computed
sha256 fb85a13414b028c49ba18bbd523c2d055a30b56b18b92ce454ea2c51edc656c4 Python-3.12.12.tar.xz
sha256 3b2f81fe21d181c499c59a256c8e1968455d6689d269aa85373bfb6af41da3bf LICENSE
Reference in New Issue View Git Blame Copy Permalink