Sync from SUSE:ALP:Source:Standard:1.0 python311 revision f31ae414ccef9af37ecc85f23e571418

2025-03-19 11:25:16 +01:00
parent 8472e59a77
commit 3b5fab8182
24 changed files with 1218 additions and 2341 deletions
--- a/python311.spec
+++ b/python311.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package python311
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -36,6 +36,20 @@
 %bcond_without general
 %endif

+%if 0%{?do_profiling} && !0%{?want_reproducible_builds}
+%bcond_without profileopt
+%else
+%bcond_with profileopt
+%endif
+
+# Only for Tumbleweed
+# https://en.opensuse.org/openSUSE:Python:Externally_managed
+%if 0%{?suse_version} > 1600
+%bcond_without externally_managed
+%else
+%bcond_with externally_managed
+%endif
+
 %define         python_pkg_name python311
 %if "%{python_pkg_name}" == "%{primary_python}"
 %define primary_interpreter 1
@@ -92,15 +106,14 @@
 # pyexpat.cpython-35m-armv7-linux-gnueabihf
 # _md5.cpython-38m-x86_64-linux-gnu.so
 %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
-%bcond_without profileopt
 Name:           %{python_pkg_name}%{psuffix}
-Version:        3.11.8
+Version:        3.11.11
 Release:        0
 Summary:        Python 3 Interpreter
 License:        Python-2.0
 URL:            https://www.python.org/
 Source0:        https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz
-Source1:        https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.asc
+Source1:        https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.sigstore
 Source2:        baselibs.conf
 Source3:        README.SUSE
 Source4:        externally_managed.in
@@ -127,7 +140,7 @@ Source99:       python.keyring
 Source100:      PACKAGING-NOTES
 # PATCH-FEATURE-UPSTREAM F00251-change-user-install-location.patch bsc#[0-9]+ mcepl@suse.com
 # Fix installation in /usr/local (boo#1071941), originally from Fedora
-# https://src.fedoraproject.org/rpms/python3/blob/master/f/00251-change-user-install-location.patch
+# https://src.fedoraproject.org/rpms/python3.12/blob/rawhide/f/00251-change-user-install-location.patch
 # Set values of prefix and exec_prefix in distutils install command
 # to /usr/local if executable is /usr/bin/python* and RPM build
 # is not detected to make pip and distutils install into separate location
@@ -158,42 +171,26 @@ Patch11:        fix_configure_rst.patch
 # PATCH-FIX-UPSTREAM skip_if_buildbot-extend.patch gh#python/cpython#103053 mcepl@suse.com
 # Skip test_freeze_simple_script
 Patch13:        skip_if_buildbot-extend.patch
-# PATCH-FIX-UPSTREAM CVE-2023-27043-email-parsing-errors.patch bsc#1210638 mcepl@suse.com
-# Detect email address parsing errors and return empty tuple to
-# indicate the parsing error (old API)
-Patch14:        CVE-2023-27043-email-parsing-errors.patch
-# PATCH-FIX-UPSTREAM CVE-2023-6597-TempDir-cleaning-symlink.patch bsc#1219666 mcepl@suse.com
-# tempfile.TemporaryDirectory: fix symlink bug in cleanup (from gh#python/cpython!99930)
-Patch15:        CVE-2023-6597-TempDir-cleaning-symlink.patch
 # PATCH-FIX-UPSTREAM bsc1221260-test_asyncio-ResourceWarning.patch bsc#1221260 mcepl@suse.com
 # prevent ResourceWarning in test_asyncio tests
-Patch16:        bsc1221260-test_asyncio-ResourceWarning.patch
+Patch15:        bsc1221260-test_asyncio-ResourceWarning.patch
 # PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-backport.patch
 # This problem on libexpat is patched on SLE without version
 # update, this patch changes the tests to match the libexpat provided
 # by SUSE
-Patch17:        CVE-2023-52425-libexpat-2.6.0-backport.patch
-# PATCH-FIX-UPSTREAM CVE-2024-4032-private-IP-addrs.patch bsc#1226448 mcepl@suse.com
-# rearrange definition of private v global IP addresses
-Patch18:        CVE-2024-4032-private-IP-addrs.patch
-# PATCH-FIX-UPSTREAM CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch bsc#1221854 mcepl@suse.com
-# detecting the vulnerability of the "quoted-overlap" zipbomb
-Patch19:        CVE-2024-0450-zipfile-avoid-quoted-overlap-zipbomb.patch
-# PATCH-FIX-UPSTREAM CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch bsc#1226447 mcepl@suse.com
-# removes memory race condition in ssl.SSLContext certificate store methods
-Patch20:        CVE-2024-0397-memrace_ssl.SSLContext_cert_store.patch
-# PATCH-FIX-UPSTREAM CVE-2024-6923-email-hdr-inject.patch bsc#1228780 mcepl@suse.com
-# prevent email header injection, patch from gh#python/cpython!122608
-Patch21:        CVE-2024-6923-email-hdr-inject.patch
-# PATCH-FIX-UPSTREAM CVE-2024-8088-zipfile-Path-sanitization.patch bsc#1229704 mcepl@suse.com
-# sanitizing names in zipfile.Path 
-Patch22:        CVE-2024-8088-zipfile-Path-sanitization.patch
-# PATCH-FIX-UPSTREAM CVE-2024-6232-ReDOS-backtrack-tarfile.patch bsc#1230227 mcepl@suse.com
-# removing backtracking when parsing tarfile headers
-Patch23:        CVE-2024-6232-ReDOS-backtrack-tarfile.patch
-# PATCH-FIX-UPSTREAM CVE-2024-7592-quad-complex-cookies.patch bsc#1229596 mcepl@suse.com
-# fixing quadratic complexity in parsing "-quoted cookie values with backslashes 
-Patch24:        CVE-2024-7592-quad-complex-cookies.patch
+Patch16:        CVE-2023-52425-libexpat-2.6.0-backport.patch
+Patch17:        CVE-2023-52425-remove-reparse_deferral-tests.patch
+# PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 mcepl@suse.com
+# reproducibility patches
+Patch19:        bso1227999-reproducible-builds.patch
+# PATCH-FIX-UPSTREAM gh120226-fix-sendfile-test-kernel-610.patch gh#python/cpython#120226 mcepl@suse.com
+# Fix test_sendfile_close_peer_in_the_middle_of_receiving on Linux >= 6.10 (GH-120227)
+Patch22:        gh120226-fix-sendfile-test-kernel-610.patch
+# PATCH-FIX-UPSTREAM Add platform triplets for 64-bit LoongArch gh#python/cpython#30939 glaubitz@suse.com
+Patch24:        add-loongarch64-support.patch
+# PATCH-FIX-UPSTREAM CVE-2025-0938-sq-brackets-domain-names.patch bsc#1236705 mcepl@suse.com
+# functions `urllib.parse.urlsplit` and `urlparse` accept domain names including square brackets
+Patch25:        CVE-2025-0938-sq-brackets-domain-names.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  fdupes
@@ -235,7 +232,6 @@ BuildRequires:  gettext
 BuildRequires:  readline-devel
 BuildRequires:  sqlite-devel
 BuildRequires:  timezone
-BuildRequires:  update-desktop-files
 BuildRequires:  pkgconfig(ncurses)
 BuildRequires:  pkgconfig(tk)
 BuildRequires:  pkgconfig(x11)
@@ -436,13 +432,29 @@ other applications.

 %prep
 %setup -q -n %{tarname}
-%autopatch -p1 -M 08
+
+%patch -p1 -P 02
+%patch -p1 -P 03
+%patch -p1 -P 04
+%patch -p1 -P 05
+%patch -p1 -P 06
+%patch -p1 -P 07
+%patch -p1 -P 08

 %if 0%{?suse_version} <= 1500
 %patch -P 09 -p1
 %endif

-%autopatch -p1 -m 10
+%patch -p1 -P 10
+%patch -p1 -P 11
+%patch -p1 -P 13
+%patch -p1 -P 15
+%patch -p1 -P 16
+%patch -p1 -P 17
+%patch -p1 -P 19
+%patch -p1 -P 22
+%patch -p1 -P 24
+%patch -p1 -P 25

 # drop Autoconf version requirement
 sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
@@ -684,7 +696,6 @@ done
 cp %{SOURCE19} idle%{python_version}.desktop
 sed -i -e 's:idle3:idle%{python_version}:g' idle%{python_version}.desktop
 install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_version}.desktop
-%suse_update_desktop_file idle%{python_version}

 cp %{SOURCE20} idle%{python_version}.appdata.xml
 sed -i -e 's:idle3.desktop:idle%{python_version}.desktop:g' idle%{python_version}.appdata.xml
@@ -726,7 +737,7 @@ rm %{buildroot}%{_libdir}/libpython3.so
 rm %{buildroot}%{_libdir}/pkgconfig/{python3,python3-embed}.pc
 %endif

-%if %{suse_version} > 1550
+%if %{with externally_managed}
 # PEP-0668 mark this as a distro maintained python
 sed -e 's,__PYTHONPREFIX__,%{python_pkg_name},' -e 's,__PYTHON__,python%{python_version},' < %{SOURCE4} > %{buildroot}%{sitedir}/EXTERNALLY-MANAGED
 %endif
@@ -767,6 +778,9 @@ install -m 755 -D Tools/gdb/libpython.py %{buildroot}%{_datadir}/gdb/auto-load/%
 # install devel files to /config
 #cp Makefile Makefile.pre.in Makefile.pre $RPM_BUILD_ROOT%%{sitedir}/config-%%{python_abi}/

+# Remove -IVendor/ from python-config boo#1231795
+sed -i 's/-IVendor\///' %{buildroot}%{_bindir}/python%{python_abi}-config
+
 # RPM macros
 %if %{primary_interpreter}
 mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d/
@@ -795,6 +809,11 @@ LD_LIBRARY_PATH=. ./python -O -c "from py_compile import compile; compile('$FAIL
 echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-import-failed-hooks.pth
 %endif

+# For the purposes of reproducibility, it is necessary to eliminate any *.pyc files inside documentation dirs
+if [ -d %{buildroot}%{_defaultdocdir} ] ; then
+find %{buildroot}%{_defaultdocdir} -type f -name \*.pyc -ls -exec rm -vf '{}' \;
+fi
+
 %if %{with general}
 %files -n %{python_pkg_name}-tk
 %{sitedir}/tkinter
@@ -914,7 +933,7 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo
 %{_mandir}/man1/python3.1%{?ext_man}
 %endif
 %{_mandir}/man1/python%{python_version}.1%{?ext_man}
-%if 0%{?suse_version} > 1550
+%if %{with externally_managed}
 # PEP-0668
 %{sitedir}/EXTERNALLY-MANAGED
 %endif