<p>如果你读到{a1},就像皮埃尔提到的那样</p>
<blockquote>
<p>This is a security-fix source-only release</p>
</blockquote>
<p>据我所知,这意味着<em>唯一的更改是python源文件</em>。这意味着拥有一个实际的安装程序没有任何好处,因为只有<code>.py</code>(可能)文件中有更改。在</p>
<p>它还规定:</p>
<blockquote>
<p>The list of fixed security related issues can be found in the <a href="https://hg.python.org/cpython/raw-file/v3.3.6/Misc/NEWS" rel="nofollow">NEWS file</a>.</p>
</blockquote>
<p>如果你懒得点击这个链接,下面是相关部分:</p>
<pre><code>Core and Builtins
-
- Issue #22518: Fixed integer overflow issues in "backslashreplace",
"xmlcharrefreplace", and "surrogatepass" error handlers.
- Issue #22520: Fix overflow checking when generating the repr of a unicode
object.
- Issue #22519: Fix overflow checking in PyBytes_Repr.
- Issue #22518: Fix integer overflow issues in latin-1 encoding.
Library
-
- Issue #22517: When a io.BufferedRWPair object is deallocated, clear its
weakrefs.
- Issue #22419: Limit the length of incoming HTTP request in wsgiref server to
65536 bytes and send a 414 error code for higher lengths. Patch contributed
by Devin Cook.
- Lax cookie parsing in http.cookies could be a security issue when combined
with non-standard cookie handling in some Web browsers. Reported by
Sergey Bobrov.
- Issue #21766: Prevent a security hole in CGIHTTPServer by URL unquoting paths
before checking for a CGI script at that path.
- Fix arbitrary memory access in JSONDecoder.raw_decode with a negative second
parameter. Bug reported by Guido Vranken.
- Issue #20633: Replace relative import by absolute import.
- Issue #21082: In os.makedirs, do not set the process-wide umask. Note this
changes behavior of makedirs when exist_ok=True.
- Issue #20875: Prevent possible gzip "'read' is not defined" NameError.
Patch by Claudiu Popa.
- Issue #11599: When an external command (e.g. compiler) fails, distutils now
prints out the whole command line (instead of just the command name) if the
environment variable DISTUTILS_DEBUG is set.
- Issue #4931: distutils should not produce unhelpful "error: None" messages
anymore. distutils.util.grok_environment_error is kept but doc-deprecated.
- Issue #20283: RE pattern methods now accept the string keyword parameters
as documented. The pattern and source keyword parameters are left as
deprecated aliases.
- Issue #21323: Fix http.server to again handle scripts in CGI subdirectories,
broken by the fix for security issue #19435. Patch by Zach Byrne.
Tests
-
- Issue #17752: Fix distutils tests when run from the installed location.
- Issue #20946: Correct alignment assumptions of some ctypes tests.
- Issue #20939: Fix test_geturl failure in test_urllibnet due to
new redirect of http://www.python.org/ to https://www.python.org.
</code></pre>
<p>你得自己决定——你关心那些问题吗?如果是这样的话,您应该能够只提取tarball并在python源代码上进行复制-可能只需合并<code>lib</code>目录。如果你真的很认真,你会在适当的目录上运行一个diff来识别文件及其实际的更改。在</p>