From 6c436c7abc6bfd5a2a032593b10a1b8a9af63e3032ef3fac5253592ad6ce43ef Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 8 Dec 2022 15:05:06 +0000 Subject: [PATCH] - Update to 3.11.1: - python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server lo This is done by changing the http.server BaseHTTPRequestHandler .log_message method to replace control characters with a \xHH hex escape before printin - Avoid publishing list of active per-interpreter audit hooks via the gc module - The IDNA codec decoder used on DNS hostnames by socket or asyncio related name resolution functions no longer involves a quadratic algorithm. This prevents a potential CPU denial of service if an out-of-spec excessive length hostname involving bidirectional characters were decoded. Some protocols such as urllib http 3xx redirects potentially allow for an attacker to supply such a name (CVE-2022-45061). - Update bundled libexpat to 2.5.0 - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. Issue reported and initial fix by Caleb Shortt. Patch by Victor Stinner. - Fix a crash when an object which does not have a dictionary frees its instance values. - Fix a bug in the tokenizer that could cause infinite recursion when showing syntax warnings that happen in the first line of the source. Patch by Pablo Galindo - Fix an issue that could cause frames to be visible to Python code as they are being torn down, possibly leading to memory corruption or hard crashes of the interpreter. - Fix a reference bug in _imp.create_builtin() after the OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=40 --- ...nx.locale._-as-gettext-in-pyspecific.patch | 54 --- CVE-2022-45061-DoS-by-IDNA-decode.patch | 86 ----- Python-3.11.0.tar.xz | 3 - Python-3.11.0.tar.xz.asc | 16 - Python-3.11.1.tar.xz | 3 + Python-3.11.1.tar.xz.asc | 16 + bpo-31046_ensurepip_honours_prefix.patch | 12 +- fix_configure_rst.patch | 2 +- python-3.3.0b1-fix_date_time_compiler.patch | 2 +- python311.changes | 360 ++++++++++++++++++ python311.spec | 12 +- subprocess-raise-timeout.patch | 2 +- 12 files changed, 390 insertions(+), 178 deletions(-) delete mode 100644 98437-sphinx.locale._-as-gettext-in-pyspecific.patch delete mode 100644 CVE-2022-45061-DoS-by-IDNA-decode.patch delete mode 100644 Python-3.11.0.tar.xz delete mode 100644 Python-3.11.0.tar.xz.asc create mode 100644 Python-3.11.1.tar.xz create mode 100644 Python-3.11.1.tar.xz.asc diff --git a/98437-sphinx.locale._-as-gettext-in-pyspecific.patch b/98437-sphinx.locale._-as-gettext-in-pyspecific.patch deleted file mode 100644 index 773e87f..0000000 --- a/98437-sphinx.locale._-as-gettext-in-pyspecific.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 5775f51691d7d64fb676586e008b41261ce64ac2 Mon Sep 17 00:00:00 2001 -From: "Matt.Wang" -Date: Wed, 19 Oct 2022 14:49:08 +0800 -Subject: [PATCH 1/2] fix(doc-tools): use sphinx.locale._ as gettext() for - backward-compatibility in pyspecific.py - -[why] spinix 5.3 changed locale.translators from a defaultdict(gettext.NullTranslations) to a dict, which leads to failure of pyspecific.py. Use sphinx.locale._ as gettext to fix the issue. ---- - Doc/tools/extensions/pyspecific.py | 8 ++++---- - Misc/NEWS.d/next/Documentation/2022-10-19-07-15-52.gh-issue-98366.UskMXF.rst | 1 + - 2 files changed, 5 insertions(+), 4 deletions(-) - ---- a/Doc/tools/extensions/pyspecific.py -+++ b/Doc/tools/extensions/pyspecific.py -@@ -26,7 +26,7 @@ try: - from sphinx.errors import NoUri - except ImportError: - from sphinx.environment import NoUri --from sphinx.locale import translators -+from sphinx.locale import _ as sphinx_gettext - from sphinx.util import status_iterator, logging - from sphinx.util.nodes import split_explicit_title - from sphinx.writers.text import TextWriter, TextTranslator -@@ -109,7 +109,7 @@ class ImplementationDetail(Directive): - def run(self): - self.assert_has_content() - pnode = nodes.compound(classes=['impl-detail']) -- label = translators['sphinx'].gettext(self.label_text) -+ label = sphinx_gettext(self.label_text) - content = self.content - add_text = nodes.strong(label, label) - self.state.nested_parse(content, self.content_offset, pnode) -@@ -257,7 +257,7 @@ class AuditEvent(Directive): - else: - args = [] - -- label = translators['sphinx'].gettext(self._label[min(2, len(args))]) -+ label = sphinx_gettext(self._label[min(2, len(args))]) - text = label.format(name="``{}``".format(name), - args=", ".join("``{}``".format(a) for a in args if a)) - -@@ -436,7 +436,7 @@ class DeprecatedRemoved(Directive): - else: - label = self._removed_label - -- label = translators['sphinx'].gettext(label) -+ label = sphinx_gettext(label) - text = label.format(deprecated=self.arguments[0], removed=self.arguments[1]) - if len(self.arguments) == 3: - inodes, messages = self.state.inline_text(self.arguments[2], ---- /dev/null -+++ b/Misc/NEWS.d/next/Documentation/2022-10-19-07-15-52.gh-issue-98366.UskMXF.rst -@@ -0,0 +1 @@ -+Use sphinx.locale._ as the gettext function in pyspecific.py. diff --git a/CVE-2022-45061-DoS-by-IDNA-decode.patch b/CVE-2022-45061-DoS-by-IDNA-decode.patch deleted file mode 100644 index 05c1559..0000000 --- a/CVE-2022-45061-DoS-by-IDNA-decode.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 3a692f2234d2ddb65db33d2516fff357a139c724 Mon Sep 17 00:00:00 2001 -From: "Gregory P. Smith" -Date: Mon, 7 Nov 2022 16:54:41 -0800 -Subject: [PATCH 1/3] gh-98433: Fix quadratic time idna decoding. (GH-99092) - -There was an unnecessary quadratic loop in idna decoding. This restores -the behavior to linear. - -This also adds an early length check in IDNA decoding to outright reject -huge inputs early on given the ultimate result is defined to be 63 or fewer -characters. -(cherry picked from commit d315722564927c7202dd6e111dc79eaf14240b0d) - -Co-authored-by: Gregory P. Smith ---- - Lib/encodings/idna.py | 32 ++++------ - Lib/test/test_codecs.py | 6 + - Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst | 6 + - 3 files changed, 27 insertions(+), 17 deletions(-) - create mode 100644 Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst - ---- a/Lib/encodings/idna.py -+++ b/Lib/encodings/idna.py -@@ -39,23 +39,21 @@ def nameprep(label): - - # Check bidi - RandAL = [stringprep.in_table_d1(x) for x in label] -- for c in RandAL: -- if c: -- # There is a RandAL char in the string. Must perform further -- # tests: -- # 1) The characters in section 5.8 MUST be prohibited. -- # This is table C.8, which was already checked -- # 2) If a string contains any RandALCat character, the string -- # MUST NOT contain any LCat character. -- if any(stringprep.in_table_d2(x) for x in label): -- raise UnicodeError("Violation of BIDI requirement 2") -- -- # 3) If a string contains any RandALCat character, a -- # RandALCat character MUST be the first character of the -- # string, and a RandALCat character MUST be the last -- # character of the string. -- if not RandAL[0] or not RandAL[-1]: -- raise UnicodeError("Violation of BIDI requirement 3") -+ if any(RandAL): -+ # There is a RandAL char in the string. Must perform further -+ # tests: -+ # 1) The characters in section 5.8 MUST be prohibited. -+ # This is table C.8, which was already checked -+ # 2) If a string contains any RandALCat character, the string -+ # MUST NOT contain any LCat character. -+ if any(stringprep.in_table_d2(x) for x in label): -+ raise UnicodeError("Violation of BIDI requirement 2") -+ # 3) If a string contains any RandALCat character, a -+ # RandALCat character MUST be the first character of the -+ # string, and a RandALCat character MUST be the last -+ # character of the string. -+ if not RandAL[0] or not RandAL[-1]: -+ raise UnicodeError("Violation of BIDI requirement 3") - - return label - ---- a/Lib/test/test_codecs.py -+++ b/Lib/test/test_codecs.py -@@ -1552,6 +1552,12 @@ class IDNACodecTest(unittest.TestCase): - self.assertEqual("pyth\xf6n.org".encode("idna"), b"xn--pythn-mua.org") - self.assertEqual("pyth\xf6n.org.".encode("idna"), b"xn--pythn-mua.org.") - -+ def test_builtin_decode_length_limit(self): -+ with self.assertRaisesRegex(UnicodeError, "too long"): -+ (b"xn--016c"+b"a"*1100).decode("idna") -+ with self.assertRaisesRegex(UnicodeError, "too long"): -+ (b"xn--016c"+b"a"*70).decode("idna") -+ - def test_stream(self): - r = codecs.getreader("idna")(io.BytesIO(b"abc")) - r.read(3) ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst -@@ -0,0 +1,6 @@ -+The IDNA codec decoder used on DNS hostnames by :mod:`socket` or :mod:`asyncio` -+related name resolution functions no longer involves a quadratic algorithm. -+This prevents a potential CPU denial of service if an out-of-spec excessive -+length hostname involving bidirectional characters were decoded. Some protocols -+such as :mod:`urllib` http ``3xx`` redirects potentially allow for an attacker -+to supply such a name. diff --git a/Python-3.11.0.tar.xz b/Python-3.11.0.tar.xz deleted file mode 100644 index 26bc1fb..0000000 --- a/Python-3.11.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a57dc82d77358617ba65b9841cee1e3b441f386c3789ddc0676eca077f2951c3 -size 19819768 diff --git a/Python-3.11.0.tar.xz.asc b/Python-3.11.0.tar.xz.asc deleted file mode 100644 index 0044430..0000000 --- a/Python-3.11.0.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmNW0BsACgkQ/+h0BBaL -2EfljQ//YbRPRLgFEqbUYDoA65Hy5+ztg2bD6UUAVHS29G7exX9hNqAuk2uQZnlF -3CIz7NjtJFb7a8Bxg6j/OjYnwTojZKeNR/wwZa7MRJlZv7YZGKdjYlt21eCQMbjN -SHlmZ/P1jTHifb/9x2l6XRqn8IXwvJq1NduNoiuNzSQ16oX3TwbLC+vFRBxFqv48 -E6qJlpplzQz0HxgWD+R3jHx2YQzD/Bc+kA+l4NIP2CWX5yK2R3Q63sFi8GmzP6gZ -auFNDGz5pGuwTsblr8Ps0LeqnPtX2UqzAIM5AK5kXW6yn0bn93EXNT0OGF+zzccV -8dit/0C1gqg6iPNRCijWpyIzXUF22Wn8+32E77Xfr+uSPW5e0yuA9VWoO5D2Bf/i -sna98iE3wLJHGgrn1quAdFjCEPSAr9rNaEyvqF9QEjuCoa5giqwk+HIjEiLwNYcy -5MsfFxj5OQT1wB1zWs08qij4wXO0bPylnIK1a6t8OlGF3M4FKX8PK0zK4HsKPcje -DiyjdM3ylrODWk2BjvxUp48gMvmibeSZydKKJDjflHr7MDaJPInZk24LQXw6ZrVH -g+E726C1q69sWSbZ2Wvc70CGcIfzeSFX0rQMGYvyJAQHTo4kixOjRJQpTxGw2VkE -aQrgQC/JGhV+mNWfK+/QiypF8povzlwaQwpoyOczvg83rAvNLAs= -=LZQi ------END PGP SIGNATURE----- diff --git a/Python-3.11.1.tar.xz b/Python-3.11.1.tar.xz new file mode 100644 index 0000000..f31c1c3 --- /dev/null +++ b/Python-3.11.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:85879192f2cffd56cb16c092905949ebf3e5e394b7f764723529637901dfb58f +size 19856648 diff --git a/Python-3.11.1.tar.xz.asc b/Python-3.11.1.tar.xz.asc new file mode 100644 index 0000000..638d0cf --- /dev/null +++ b/Python-3.11.1.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmOPlhsACgkQ/+h0BBaL +2EdY5w/+KKZY3ghMcjuxxF4o9CylFvhHGI7LP6FKZE5xnGtSZ2cXjcad+FwFMnFS +JE5fLpPD3xmkRoCIOwVKIos4l/chfAIE8gNlTBFOAwUYP0uVpA+SYNDOciT64Apj +32jELwHJJVgjG21Lubx35kOtmQa884hBB9T8RsovL35PhFvspSvTx8U+YfGKIZzG +liWwj/gBMMGd3p6pvz9UQsnqBLAfw50M6BDDQrQtoIDnw2R5s8oBqYa7uiRBzQch +dUGUm/gt9lBTI0fT3ZgCMD3Zu2et252nsbzMYgBuPSg6SlT63wHktzq1aewQ2lL2 +VcBBbIf4hpkL5QnPgzKuiHcU7tBeRngTaWhw0Nc8kfGuz56HsEJJyhaHtD5mlCx9 +0treI/NPAeA8KcrpnkufTpMCee7/R7CfH/dNp29yJlhbC+WYMbr6s600jJISf6zn +s0C40/MGLvVwIgT6HBkXkDL0Lii8vxc3w5smLiQ4xvQSHSS/fkP2qIDUhrX0eUlq +atacso0j7XAKYWBRHT70ZeXIN4UJuQ+dfK7xAC+bmyo9X9jcpUeozws8OvczYBRq +2qk4hCFFP/WgZ/MBiVoe2xmC6+ak2gH6xX6w2bB0/4Dc6KBMxWyUmRPuBVvx/cCp +AwXvH94gZl9wj/tmvOoZNqaMFG3tWuWo7+YzosWOBHAoUk8ILNM= +=ZuYB +-----END PGP SIGNATURE----- diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch index 5552c60..f6b2d3d 100644 --- a/bpo-31046_ensurepip_honours_prefix.patch +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -15,7 +15,7 @@ Co-Authored-By: Xavier de Gaye --- a/Doc/library/ensurepip.rst +++ b/Doc/library/ensurepip.rst -@@ -57,8 +57,9 @@ is at least as recent as the one availab +@@ -59,8 +59,9 @@ is at least as recent as the one availab By default, ``pip`` is installed into the current virtual environment (if one is active) or into the system site packages (if there is no active virtual environment). The installation location can be controlled @@ -26,7 +26,7 @@ Co-Authored-By: Xavier de Gaye * ``--root ``: Installs ``pip`` relative to the given root directory rather than the root of the currently active virtual environment (if any) or the default root for the current Python installation. -@@ -90,7 +91,7 @@ Module API +@@ -92,7 +93,7 @@ Module API Returns a string specifying the available version of pip that will be installed when bootstrapping an environment. @@ -35,7 +35,7 @@ Co-Authored-By: Xavier de Gaye altinstall=False, default_pip=False, \ verbosity=0) -@@ -100,6 +101,8 @@ Module API +@@ -102,6 +103,8 @@ Module API If *root* is ``None``, then installation uses the default install location for the current environment. @@ -44,7 +44,7 @@ Co-Authored-By: Xavier de Gaye *upgrade* indicates whether or not to upgrade an existing installation of an earlier version of ``pip`` to the available version. -@@ -120,6 +123,8 @@ Module API +@@ -122,6 +125,8 @@ Module API *verbosity* controls the level of output to :data:`sys.stdout` from the bootstrapping operation. @@ -139,7 +139,7 @@ Co-Authored-By: Xavier de Gaye --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -1751,7 +1751,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni +@@ -1756,7 +1756,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni install|*) ensurepip="" ;; \ esac; \ $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ @@ -148,7 +148,7 @@ Co-Authored-By: Xavier de Gaye fi altinstall: commoninstall -@@ -1761,7 +1761,7 @@ altinstall: commoninstall +@@ -1766,7 +1766,7 @@ altinstall: commoninstall install|*) ensurepip="--altinstall" ;; \ esac; \ $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch index ae6b9a3..6eb2649 100644 --- a/fix_configure_rst.patch +++ b/fix_configure_rst.patch @@ -29,7 +29,7 @@ Create a Python.framework rather than a traditional Unix install. Optional --- a/Misc/NEWS +++ b/Misc/NEWS -@@ -6768,7 +6768,7 @@ C API +@@ -7355,7 +7355,7 @@ C API - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-43795: The list in :ref:`stable-abi-list` now shows the public name diff --git a/python-3.3.0b1-fix_date_time_compiler.patch b/python-3.3.0b1-fix_date_time_compiler.patch index c336a7f..06aab09 100644 --- a/python-3.3.0b1-fix_date_time_compiler.patch +++ b/python-3.3.0b1-fix_date_time_compiler.patch @@ -4,7 +4,7 @@ --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -1234,11 +1234,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ +@@ -1235,11 +1235,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ $(DTRACE_OBJS) \ $(srcdir)/Modules/getbuildinfo.c $(CC) -c $(PY_CORE_CFLAGS) \ diff --git a/python311.changes b/python311.changes index 4a28793..5f828ea 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,363 @@ +------------------------------------------------------------------- +Thu Dec 8 14:59:50 UTC 2022 - Matej Cepl + +- Update to 3.11.1: + - python -m http.server no longer allows terminal control + characters sent within a garbage request to be printed + to the stderr server lo This is done by changing the + http.server BaseHTTPRequestHandler .log_message method to + replace control characters with a \xHH hex escape before + printin + - Avoid publishing list of active per-interpreter audit hooks + via the gc module + - The IDNA codec decoder used on DNS hostnames by socket or + asyncio related name resolution functions no longer involves + a quadratic algorithm. This prevents a potential CPU denial + of service if an out-of-spec excessive length hostname + involving bidirectional characters were decoded. Some + protocols such as urllib http 3xx redirects potentially allow + for an attacker to supply such a name (CVE-2022-45061). + - Update bundled libexpat to 2.5.0 + - Fix a shell code injection vulnerability in the + get-remote-certificate.py example script. The script no + longer uses a shell to run openssl commands. Issue reported + and initial fix by Caleb Shortt. Patch by Victor Stinner. + - Fix a crash when an object which does not have a dictionary + frees its instance values. + - Fix a bug in the tokenizer that could cause infinite + recursion when showing syntax warnings that happen in the + first line of the source. Patch by Pablo Galindo + - Fix an issue that could cause frames to be visible to Python + code as they are being torn down, possibly leading to memory + corruption or hard crashes of the interpreter. + - Fix a reference bug in _imp.create_builtin() after the + creation of the first sub-interpreter for modules builtins + and sys. Patch by Victor Stinner. + - Fixed a bug that was causing a buffer overflow if the + tokenizer copies a line missing the newline caracter from a + file that is as long as the available tokenizer buffer. Patch + by Pablo galindo + - Fix bug where an ExceptionGroup subclass can wrap a + BaseException. + - Fix zip path for venv created from a non-installed python on + POSIX platforms. + - Fix an issue that could potentially cause incorrect error + handling for some bytecode instructions. + - Fix an issue that prevented PyThreadState and + PyInterpreterState memory from being freed properly. + - Fix failure in except* with unhashable exceptions. + - Fix calculation of sys._base_executable when inside a POSIX + virtual environment using copies of the python binary when + the base installation does not provide the executable name + used by the venv. Calculation will fall back to alternative + names (“python”, “python.”). + - Update faulthandler to emit an error message with the proper + unexpected signal number. Patch by Dong-hee Na. + - Fix location of SyntaxError for a try block with both except + and except*. + - Fix the error reporting positions of specialized traceback + anchors when the source line contains Unicode characters. + - Fix subscription of type aliases containing bare generic + types or types like TypeVar: for example tuple[A, T][int] and + tuple[TypeVar, T][int], where A is a generic type, and T is a + type variable. + - Lower the recursion depth for marshal on WASI to support + wasmtime 2.0/main. + - Fix multiple crashes in debug mode when str subclasses are + used instead of str itself. + - Fix an issue where member descriptors (such as those for + __slots__) could behave incorrectly or crash instead of + raising a TypeError when accessed via an instance of an + invalid type. + - Suppress ImportError for invalid query for help() + command. Patch by Dong-hee Na. + - Fix detection of MAC addresses for uuid on certain OSs. Patch + by Chaim Sanders + - Print exception class name instead of its string + representation when raising errors from ctypes calls. + - os.sched_yield() now release the GIL while calling + sched_yield(2). Patch by Dong-hee Na. + - Fix an issue that could delay the specialization of PRECALL + instructions. + - Bugfix: PyFunction_GetAnnotations() should return a borrowed + reference. It was returning a new reference. + - Ensure that all Python frame objects are backed by “complete” + frames. + - Fixed a missing incref/decref pair in + Exception.__setstate__(). Patch by Ofey Chan. + - Fix the Python path configuration used to initialized + sys.path at Python startup. Paths are no longer encoded + to UTF-8/strict to avoid encoding errors if it contains + surrogate characters (bytes paths are decoded with the + surrogateescape error handler). Patch by Victor Stinner. + - Fix overly-broad source position information for chained + comparisons used as branching conditions. + - At Python exit, sometimes a thread holding the GIL can + wait forever for a thread (usually a daemon thread) which + requested to drop the GIL, whereas the thread already + exited. To fix the race condition, the thread which requested + the GIL drop now resets its request before exiting. Issue + discovered and analyzed by Mingliang ZHAO. Patch by Victor + Stinner. + - Fix a possible assertion failure, fatal error, or SystemError + if a line tracing event raises an exception while opcode + tracing is enabled. + - Fix undefined behaviour in C code of null pointer arithmetic. + - Make sure that all frame objects created are created from + valid interpreter frames. Prevents the possibility of invalid + frames in backtraces and signal handlers. + - Disable incorrect pickling of the C implemented classmethod + descriptors. + - On WASI ENOTCAPABLE is now mapped to PermissionError. The + errno modules exposes the new error number. getpath.py now + ignores PermissionError when it cannot open landmark files + pybuilddir.txt and pyenv.cfg. + - Allow pdb to locate source for frozen modules in the standard + library. + - Raise ValueError instead of SystemError when methods of + uninitialized io.IncrementalNewlineDecoder objects are + called. Patch by Oren Milman. + - Fix a possible assertion failure in io.FileIO when the opener + returns an invalid file descriptor. + - Also escape s in the http.server + BaseHTTPRequestHandler.log_message so that it is technically + possible to parse the line and reconstruct what the original + data was. Without this a xHH is ambiguious as to if it is a + hex replacement we put in or the characters r”x” came through + in the original request line. + - asyncio.get_event_loop() now only emits a deprecation warning + when a new event loop was created implicitly. It no longer + emits a deprecation warning if the current event loop was + set. + - Fix bug when calling trace.CoverageResults with valid infile. + - Fix a bug in handling class cleanups in + unittest.TestCase. Now addClassCleanup() uses separate lists + for different TestCase subclasses, and doClassCleanups() only + cleans up the particular class. + - Release the GIL when calling termios APIs to avoid blocking + threads. + - Fix ast.increment_lineno() to also cover ast.TypeIgnore when + changing line numbers. + - Fix bug in urllib.parse.urlparse() that causes URL schemes + that begin with a digit, a plus sign, or a minus sign to be + parsed incorrectly. + - Check the number of arguments in substitution in user + generics containing a TypeVarTuple and one or more TypeVar. + - Fix substitution of ParamSpec followed by TypeVarTuple in + generic aliases. + - Fix substitution of TypeVarTuple and ParamSpec together in + user generics. + - Fixed bug where inspect.signature() reported incorrect + arguments for decorated methods. + - Fix SystemError in ctypes when exception was not set during + __initsubclass__. + - Remove older version of + _SSLProtocolTransport.get_write_buffer_limits in + asyncio.sslproto + - fix negative numbers failing in verify() + - Fix statistics.NormalDist pickle with 0 and 1 protocols. + - enum.auto() is now correctly activated when combined with + other assignment values. E.g. ONE = auto(), 'some text' will + now evaluate as (1, 'some text'). + - Update the bundled copy of pip to version 22.3.1. + - Clean up refleak on failed module initialisation in _zoneinfo + - Clean up refleaks on failed module initialisation in in + _pickle + - Clean up refleak on failed module initialisation in _io. + - Fix memory leak in math.dist() when both points don’t have + the same dimension. Patch by Kumar Aditya. + - [3.11] Applied changes from importlib_metadata 4.11.4 + through 4.13, including compatibility and robustness + fixes for Distribution objects without _normalized_name, + disallowing invalid inputs to Distribution.from_name, and + refined behaviors in PathDistribution._name_from_stem and + PathDistribution._normalized_name. + - Fix argument typechecks in _overlapped.WSAConnect() and + _overlapped.Overlapped.WSASendTo() functions. + - Prevent crashing in traceback when retrieving the byte-offset + for some source files that contain certain unicode + characters. + - Fix internal error in the re module which in very rare + circumstances prevented compilation of a regular expression + containing a conditional expression without the “else” + branch. + - Fix asyncio.StreamWriter.drain() to call + protocol.connection_lost callback only once on Windows. + - Add a mutex to unittest.mock.NonCallableMock to protect + concurrent access to mock attributes. + - Fix hang on Windows in subprocess.wait_closed() in asyncio + with ProactorEventLoop. Patch by Kumar Aditya. + - Fix infinite loop in unittest when a self-referencing chained + exception is raised + - tkinter.Text.count() raises now an exception for options + starting with “-” instead of silently ignoring them. + - On uname_result, restored expectation that _fields and + _asdict would include all six properties including processor. + - A createSocket() method was added to SysLogHandler. + - Fix bug in urllib.parse.urlparse() that causes certain port + numbers containing whitespace, underscores, plus and minus + signs, or non-ASCII digits to be incorrectly accepted. + - Allow venv to pass along PYTHON* variables to ensurepip and + pip when they do not impact path resolution + - On macOS, fix a crash in syslog.syslog() in multi-threaded + applications. On macOS, the libc syslog() function is not + thread-safe, so syslog.syslog() no longer releases the GIL to + call it. Patch by Victor Stinner. + - Allow BUILTINS to be a valid field name for frozen + dataclasses. + - Wrap network errors consistently in urllib FTP support, so + the test suite doesn’t fail when a network is available but + the public internet is not reachable. + - Make sure patch.dict() can be applied on async functions. + - Earlier in 3.11 we deprecated + asyncio.Task.cancel("message"). We realized we were too + harsh, and have undeprecated it. + - Change deprecate warning message in unittest from It is + deprecated to return a value!=None to It is deprecated to + return a value that is not None from a test case + - Fixes AttributeError when subprocess.check_output() is used + with argument input=None and either of the arguments encoding + or errors are used. + - Fix is_private properties in the ipaddress module. Previously + non-private networks (0.0.0.0/0) would return True from this + method; now they correctly return False. + - Avoid spurious tracebacks from asyncio when default executor + cleanup is delayed until after the event loop is closed (e.g. + as the result of a keyboard interrupt). + - Avoid a crash in the C version of + asyncio.Future.remove_done_callback() when an evil argument + is passed. + - Remove tokenize.NL check from tabnanny. + - Fix generation of the default name of + tkinter.Checkbutton. Previously, checkbuttons in different + parent widgets could have the same short name and share + the same state if arguments “name” and “variable” are not + specified. Now they are globally unique. + - Update bundled libexpat to 2.4.9 + - Fix race condition in asyncio where process_exited() called + before the pipe_data_received() leading to inconsistent + output. Patch by Kumar Aditya. + - Fixed check in multiprocessing.resource_tracker that + guarantees that the length of a write to a pipe is not + greater than PIPE_BUF. + - Corrected type annotation for dataclass attribute + pstats.FunctionProfile.ncalls to be str. + - Fix repr of Any subclasses. + - Work around missing socket functions in socket’s __repr__. + - In inspect, fix overeager replacement of “typing.” in + formatting annotations. + - Fix handling of bytes path-like objects in os.ismount(). + - Fix handling compiler warnings (SyntaxWarning and + DeprecationWarning) in codeop.compile_command() when checking + for incomplete input. Previously it emitted warnings and + raised a SyntaxError. Now it always returns None for + incomplete input without emitting any warnings. + - To avoid apparent memory leaks when asyncio.open_connection() + raises, break reference cycles generated by local exception + and future instances (which has exception instance as its + member var). Patch by Dong Uk, Kang. + - Fixed flickering of the turtle window when the tracer is + turned off. Patch by Shin-myoung-serp. + - Fix asyncio subprocess transport to kill process cleanly + when process is blocked and avoid RuntimeError when loop is + closed. Patch by Kumar Aditya. + - Prevent error when activating venv in nested fish instances. + - TarFile.next() now returns None when called on an empty + tarfile. + - Document the optional callback parameter of WeakMethod. Patch + by Géry Ogam. + - Restrict use of sockets instead of pipes for stdin of + subprocesses created by asyncio to AIX platform only. + - shutil.copytree() now applies the ignore_dangling_symlinks + argument recursively. + - Fix IndexError in argparse.ArgumentParser when a store_true + action is given an explicit argument. + - Document that calling variadic functions with ctypes requires + special care on macOS/arm64 (and possibly other platforms). + - Remove extra row + - Clarified the conflicting advice given in the ast + documentation about ast.literal_eval() being “safe” for use + on untrusted input while at the same time warning that it + can crash the process. The latter statement is true and is + deemed unfixable without a large amount of work unsuitable + for a bugfix. So we keep the warning and no longer claim that + literal_eval is safe. + - Restructured the documentation for the os.wait* family of + functions, and improved the docs for os.waitid() with more + explanation of the possible argument constants. + - Skip test_normalization() of test_unicodedata if it + fails to download NormalizationTest.txt file from + pythontest.net. Patch by Victor Stinner. + - Correct test_marsh on (32 bit) x86: test_deterministic sets + was failing. + - Optional big memory tests in test_sqlite3 now catch the + correct sqlite.DataError exception type in case of too large + strings and/or blobs passed. + - Fix a bug in the typing tests where a test relying + on CPython-specific implementation details was not + decorated with @cpython_only and was not skipped on other + implementations. + - Add tests for star-unpacking with PEP 646, and some other + miscellaneous PEP 646 tests. + - Added explicit coverage of Py_Initialize (and hence + Py_InitializeEx) back to the embedding tests (all other + embedding tests migrated to Py_InitializeFromConfig in Python + 3.11) + - Some C API tests were moved into the new Lib/test/test_capi/ + directory. + - Fix -Wimplicit-int, -Wstrict-prototypes, and + -Wimplicit-function-declaration compiler warnings in + configure checks. + - Fix a compilation issue with GCC 12 on macOS. + - Fix -Wimplicit-int compiler warning in configure check for + PTHREAD_SCOPE_SYSTEM. + - Fix a possible fd leak in Programs/_freeze_module.c + introduced in Python 3.11. + - Fix build with PYTHON_FOR_REGEN=python3.8. + - Specify the full path to the source location for make + docclean (needed for cross-builds). + - Don’t use vendored libmpdec headers if --with-system-libmpdec + is passed to configure. Don’t use vendored libexpat headers + if --with-system-expat is passed to !configure. + - Fix the build process of clang compiler for _bootstrap_python + if LTO optimization is applied. Patch by Matthias Görgens and + Dong-hee Na. + - wasm32-emscripten builds for browsers now include + concurrent.futures for asyncio and unittest.mock. + - wasm32-emscripten platform no longer builds resource module, + getresuid(), getresgid(), and their setters. The APIs are + stubs and not functional. + - Updated pegen regeneration script on Windows to find and + use Python 3.9 or higher. Prior to this, pegen regeneration + already required 3.9 or higher, but the script may have used + lower versions of Python. + - Fix a bug in the previous bugfix that caused IDLE to + not start when run with 3.10.8, 3.12.0a1, and at least + Microsoft Python 3.10.2288.0 installed without the Lib/test + package. 3.11.0 was never affected. + - The wasm_build.py script now pre-builds Emscripten ports, + checks for broken EMSDK versions, and warns about pkg-config + env vars. + - The new tool Tools/wasm/wasm_builder.py automates configure, + compile, and test steps for building CPython on WebAssembly + platforms. + - Fix handling of module docstrings in Tools/i18n/pygettext.py. + - PyBUF_* constants were marked as part of Limited API + of Python 3.11+. These were available in 3.11.0 with + Py_LIMITED_API defined for 3.11, and are necessary to use the + buffer API. + - Fix use-after-free in Py_SetPythonHome(NULL), + Py_SetProgramName(NULL) and _Py_SetProgramFullPath(NULL) + function calls. Issue reported by Benedikt Reinartz. Patch by + Victor Stinner. + - Py_InitializeEx now correctly calls PyConfig_Clear after + initializing the interpreter (the omission didn’t cause a + memory leak only because none of the dynamically allocated + config fields are populated by the wrapper function) +- Removed upstreamed patches: + - 98437-sphinx.locale._-as-gettext-in-pyspecific.patch + - CVE-2022-45061-DoS-by-IDNA-decode.patch + ------------------------------------------------------------------- Wed Nov 9 18:31:23 UTC 2022 - Matej Cepl diff --git a/python311.spec b/python311.spec index eb9f333..dc1248f 100644 --- a/python311.spec +++ b/python311.spec @@ -67,7 +67,7 @@ Obsoletes: python39%{?1:-%{1}} %define tarversion %{version} %endif # We don't process beta signs well -%define folderversion 3.11.0 +%define folderversion %{tarversion} %define tarname Python-%{tarversion} %define sitedir %{_libdir}/python%{python_version} # three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 @@ -103,7 +103,7 @@ Obsoletes: python39%{?1:-%{1}} %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.11.0 +Version: 3.11.1 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 @@ -166,12 +166,6 @@ Patch35: fix_configure_rst.patch # PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253 mcepl@suse.com # Makes Python resilient to changes of API of libexpat Patch36: support-expat-CVE-2022-25236-patched.patch -# PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch gh#python/cpython#98366 mcepl@suse.com -# this patch makes things totally awesome -Patch37: 98437-sphinx.locale._-as-gettext-in-pyspecific.patch -# PATCH-FIX-UPSTREAM CVE-2022-45061-DoS-by-IDNA-decode.patch bsc#1205244 mcepl@suse.com -# Avoid DoS by decoding IDNA for too long domain names -Patch38: CVE-2022-45061-DoS-by-IDNA-decode.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -438,8 +432,6 @@ other applications. %endif %patch35 -p1 %patch36 -p1 -%patch37 -p1 -%patch38 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac diff --git a/subprocess-raise-timeout.patch b/subprocess-raise-timeout.patch index a455335..5f0fcb5 100644 --- a/subprocess-raise-timeout.patch +++ b/subprocess-raise-timeout.patch @@ -4,7 +4,7 @@ --- a/Lib/test/test_subprocess.py +++ b/Lib/test/test_subprocess.py -@@ -272,7 +272,8 @@ class ProcessTestCase(BaseTestCase): +@@ -278,7 +278,8 @@ class ProcessTestCase(BaseTestCase): "time.sleep(3600)"], # Some heavily loaded buildbots (sparc Debian 3.x) require # this much time to start and print.