- Update to 3.11.1:

- python -m http.server no longer allows terminal control
    characters sent within a garbage request to be printed
    to the stderr server lo This is done by changing the
    http.server BaseHTTPRequestHandler .log_message method to
    replace control characters with a \xHH hex escape before
    printin
  - Avoid publishing list of active per-interpreter audit hooks
    via the gc module
  - The IDNA codec decoder used on DNS hostnames by socket or
    asyncio related name resolution functions no longer involves
    a quadratic algorithm. This prevents a potential CPU denial
    of service if an out-of-spec excessive length hostname
    involving bidirectional characters were decoded. Some
    protocols such as urllib http 3xx redirects potentially allow
    for an attacker to supply such a name (CVE-2022-45061).
  - Update bundled libexpat to 2.5.0
  - Fix a shell code injection vulnerability in the
    get-remote-certificate.py example script. The script no
    longer uses a shell to run openssl commands. Issue reported
    and initial fix by Caleb Shortt. Patch by Victor Stinner.
  - Fix a crash when an object which does not have a dictionary
    frees its instance values.
  - Fix a bug in the tokenizer that could cause infinite
    recursion when showing syntax warnings that happen in the
    first line of the source. Patch by Pablo Galindo
  - Fix an issue that could cause frames to be visible to Python
    code as they are being torn down, possibly leading to memory
    corruption or hard crashes of the interpreter.
  - Fix a reference bug in _imp.create_builtin() after the

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=40

98437-sphinx.locale._-as-gettext-in-pyspecific.patch

@@ -1,54 +0,0 @@
-From 5775f51691d7d64fb676586e008b41261ce64ac2 Mon Sep 17 00:00:00 2001
-From: "Matt.Wang" <mattwang44@gmail.com>
-Date: Wed, 19 Oct 2022 14:49:08 +0800
-Subject: [PATCH 1/2] fix(doc-tools): use sphinx.locale._ as gettext() for
- backward-compatibility in pyspecific.py
-
-[why] spinix 5.3 changed locale.translators from a defaultdict(gettext.NullTranslations) to a dict, which leads to failure of pyspecific.py. Use sphinx.locale._ as gettext to fix the issue.
----
- Doc/tools/extensions/pyspecific.py                                           |    8 ++++----
- Misc/NEWS.d/next/Documentation/2022-10-19-07-15-52.gh-issue-98366.UskMXF.rst |    1 +
- 2 files changed, 5 insertions(+), 4 deletions(-)
-
---- a/Doc/tools/extensions/pyspecific.py
-+++ b/Doc/tools/extensions/pyspecific.py
-@@ -26,7 +26,7 @@ try:
-     from sphinx.errors import NoUri
- except ImportError:
-     from sphinx.environment import NoUri
--from sphinx.locale import translators
-+from sphinx.locale import _ as sphinx_gettext
- from sphinx.util import status_iterator, logging
- from sphinx.util.nodes import split_explicit_title
- from sphinx.writers.text import TextWriter, TextTranslator
-@@ -109,7 +109,7 @@ class ImplementationDetail(Directive):
-     def run(self):
-         self.assert_has_content()
-         pnode = nodes.compound(classes=['impl-detail'])
--        label = translators['sphinx'].gettext(self.label_text)
-+        label = sphinx_gettext(self.label_text)
-         content = self.content
-         add_text = nodes.strong(label, label)
-         self.state.nested_parse(content, self.content_offset, pnode)
-@@ -257,7 +257,7 @@ class AuditEvent(Directive):
-         else:
-             args = []
- 
--        label = translators['sphinx'].gettext(self._label[min(2, len(args))])
-+        label = sphinx_gettext(self._label[min(2, len(args))])
-         text = label.format(name="``{}``".format(name),
-                             args=", ".join("``{}``".format(a) for a in args if a))
- 
-@@ -436,7 +436,7 @@ class DeprecatedRemoved(Directive):
-         else:
-             label = self._removed_label
- 
--        label = translators['sphinx'].gettext(label)
-+        label = sphinx_gettext(label)
-         text = label.format(deprecated=self.arguments[0], removed=self.arguments[1])
-         if len(self.arguments) == 3:
-             inodes, messages = self.state.inline_text(self.arguments[2],
---- /dev/null
-+++ b/Misc/NEWS.d/next/Documentation/2022-10-19-07-15-52.gh-issue-98366.UskMXF.rst
-@@ -0,0 +1 @@
-+Use sphinx.locale._ as the gettext function in pyspecific.py.

CVE-2022-45061-DoS-by-IDNA-decode.patch

@@ -1,86 +0,0 @@
-From 3a692f2234d2ddb65db33d2516fff357a139c724 Mon Sep 17 00:00:00 2001
-From: "Gregory P. Smith" <greg@krypto.org>
-Date: Mon, 7 Nov 2022 16:54:41 -0800
-Subject: [PATCH 1/3] gh-98433: Fix quadratic time idna decoding. (GH-99092)
-
-There was an unnecessary quadratic loop in idna decoding. This restores
-the behavior to linear.
-
-This also adds an early length check in IDNA decoding to outright reject
-huge inputs early on given the ultimate result is defined to be 63 or fewer
-characters.
-(cherry picked from commit d315722564927c7202dd6e111dc79eaf14240b0d)
-
-Co-authored-by: Gregory P. Smith <greg@krypto.org>
----
- Lib/encodings/idna.py                                                   |   32 ++++------
- Lib/test/test_codecs.py                                                 |    6 +
- Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst |    6 +
- 3 files changed, 27 insertions(+), 17 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst
-
---- a/Lib/encodings/idna.py
-+++ b/Lib/encodings/idna.py
-@@ -39,23 +39,21 @@ def nameprep(label):
- 
-     # Check bidi
-     RandAL = [stringprep.in_table_d1(x) for x in label]
--    for c in RandAL:
--        if c:
--            # There is a RandAL char in the string. Must perform further
--            # tests:
--            # 1) The characters in section 5.8 MUST be prohibited.
--            # This is table C.8, which was already checked
--            # 2) If a string contains any RandALCat character, the string
--            # MUST NOT contain any LCat character.
--            if any(stringprep.in_table_d2(x) for x in label):
--                raise UnicodeError("Violation of BIDI requirement 2")
--
--            # 3) If a string contains any RandALCat character, a
--            # RandALCat character MUST be the first character of the
--            # string, and a RandALCat character MUST be the last
--            # character of the string.
--            if not RandAL[0] or not RandAL[-1]:
--                raise UnicodeError("Violation of BIDI requirement 3")
-+    if any(RandAL):
-+        # There is a RandAL char in the string. Must perform further
-+        # tests:
-+        # 1) The characters in section 5.8 MUST be prohibited.
-+        # This is table C.8, which was already checked
-+        # 2) If a string contains any RandALCat character, the string
-+        # MUST NOT contain any LCat character.
-+        if any(stringprep.in_table_d2(x) for x in label):
-+            raise UnicodeError("Violation of BIDI requirement 2")
-+        # 3) If a string contains any RandALCat character, a
-+        # RandALCat character MUST be the first character of the
-+        # string, and a RandALCat character MUST be the last
-+        # character of the string.
-+        if not RandAL[0] or not RandAL[-1]:
-+            raise UnicodeError("Violation of BIDI requirement 3")
- 
-     return label
- 
---- a/Lib/test/test_codecs.py
-+++ b/Lib/test/test_codecs.py
-@@ -1552,6 +1552,12 @@ class IDNACodecTest(unittest.TestCase):
-         self.assertEqual("pyth\xf6n.org".encode("idna"), b"xn--pythn-mua.org")
-         self.assertEqual("pyth\xf6n.org.".encode("idna"), b"xn--pythn-mua.org.")
- 
-+    def test_builtin_decode_length_limit(self):
-+        with self.assertRaisesRegex(UnicodeError, "too long"):
-+            (b"xn--016c"+b"a"*1100).decode("idna")
-+        with self.assertRaisesRegex(UnicodeError, "too long"):
-+            (b"xn--016c"+b"a"*70).decode("idna")
-+
-     def test_stream(self):
-         r = codecs.getreader("idna")(io.BytesIO(b"abc"))
-         r.read(3)
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst
-@@ -0,0 +1,6 @@
-+The IDNA codec decoder used on DNS hostnames by :mod:`socket` or :mod:`asyncio`
-+related name resolution functions no longer involves a quadratic algorithm.
-+This prevents a potential CPU denial of service if an out-of-spec excessive
-+length hostname involving bidirectional characters were decoded. Some protocols
-+such as :mod:`urllib` http ``3xx`` redirects potentially allow for an attacker
-+to supply such a name.

Python-3.11.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a57dc82d77358617ba65b9841cee1e3b441f386c3789ddc0676eca077f2951c3
-size 19819768

Python-3.11.0.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmNW0BsACgkQ/+h0BBaL
-2EfljQ//YbRPRLgFEqbUYDoA65Hy5+ztg2bD6UUAVHS29G7exX9hNqAuk2uQZnlF
-3CIz7NjtJFb7a8Bxg6j/OjYnwTojZKeNR/wwZa7MRJlZv7YZGKdjYlt21eCQMbjN
-SHlmZ/P1jTHifb/9x2l6XRqn8IXwvJq1NduNoiuNzSQ16oX3TwbLC+vFRBxFqv48
-E6qJlpplzQz0HxgWD+R3jHx2YQzD/Bc+kA+l4NIP2CWX5yK2R3Q63sFi8GmzP6gZ
-auFNDGz5pGuwTsblr8Ps0LeqnPtX2UqzAIM5AK5kXW6yn0bn93EXNT0OGF+zzccV
-8dit/0C1gqg6iPNRCijWpyIzXUF22Wn8+32E77Xfr+uSPW5e0yuA9VWoO5D2Bf/i
-sna98iE3wLJHGgrn1quAdFjCEPSAr9rNaEyvqF9QEjuCoa5giqwk+HIjEiLwNYcy
-5MsfFxj5OQT1wB1zWs08qij4wXO0bPylnIK1a6t8OlGF3M4FKX8PK0zK4HsKPcje
-DiyjdM3ylrODWk2BjvxUp48gMvmibeSZydKKJDjflHr7MDaJPInZk24LQXw6ZrVH
-g+E726C1q69sWSbZ2Wvc70CGcIfzeSFX0rQMGYvyJAQHTo4kixOjRJQpTxGw2VkE
-aQrgQC/JGhV+mNWfK+/QiypF8povzlwaQwpoyOczvg83rAvNLAs=
-=LZQi
------END PGP SIGNATURE-----

Python-3.11.1.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:85879192f2cffd56cb16c092905949ebf3e5e394b7f764723529637901dfb58f
+size 19856648

Python-3.11.1.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmOPlhsACgkQ/+h0BBaL
+2EdY5w/+KKZY3ghMcjuxxF4o9CylFvhHGI7LP6FKZE5xnGtSZ2cXjcad+FwFMnFS
+JE5fLpPD3xmkRoCIOwVKIos4l/chfAIE8gNlTBFOAwUYP0uVpA+SYNDOciT64Apj
+32jELwHJJVgjG21Lubx35kOtmQa884hBB9T8RsovL35PhFvspSvTx8U+YfGKIZzG
+liWwj/gBMMGd3p6pvz9UQsnqBLAfw50M6BDDQrQtoIDnw2R5s8oBqYa7uiRBzQch
+dUGUm/gt9lBTI0fT3ZgCMD3Zu2et252nsbzMYgBuPSg6SlT63wHktzq1aewQ2lL2
+VcBBbIf4hpkL5QnPgzKuiHcU7tBeRngTaWhw0Nc8kfGuz56HsEJJyhaHtD5mlCx9
+0treI/NPAeA8KcrpnkufTpMCee7/R7CfH/dNp29yJlhbC+WYMbr6s600jJISf6zn
+s0C40/MGLvVwIgT6HBkXkDL0Lii8vxc3w5smLiQ4xvQSHSS/fkP2qIDUhrX0eUlq
+atacso0j7XAKYWBRHT70ZeXIN4UJuQ+dfK7xAC+bmyo9X9jcpUeozws8OvczYBRq
+2qk4hCFFP/WgZ/MBiVoe2xmC6+ak2gH6xX6w2bB0/4Dc6KBMxWyUmRPuBVvx/cCp
+AwXvH94gZl9wj/tmvOoZNqaMFG3tWuWo7+YzosWOBHAoUk8ILNM=
+=ZuYB
+-----END PGP SIGNATURE-----

bpo-31046_ensurepip_honours_prefix.patch

@@ -15,7 +15,7 @@ Co-Authored-By: Xavier de Gaye <xdegaye@gmail.com>
 
 --- a/Doc/library/ensurepip.rst
 +++ b/Doc/library/ensurepip.rst
-@@ -57,8 +57,9 @@ is at least as recent as the one availab
+@@ -59,8 +59,9 @@ is at least as recent as the one availab
  By default, ``pip`` is installed into the current virtual environment
  (if one is active) or into the system site packages (if there is no
  active virtual environment). The installation location can be controlled
@@ -26,7 +26,7 @@ Co-Authored-By: Xavier de Gaye <xdegaye@gmail.com>
  * ``--root <dir>``: Installs ``pip`` relative to the given root directory
    rather than the root of the currently active virtual environment (if any)
    or the default root for the current Python installation.
-@@ -90,7 +91,7 @@ Module API
+@@ -92,7 +93,7 @@ Module API
     Returns a string specifying the available version of pip that will be
     installed when bootstrapping an environment.
  
@@ -35,7 +35,7 @@ Co-Authored-By: Xavier de Gaye <xdegaye@gmail.com>
                          altinstall=False, default_pip=False, \
                          verbosity=0)
  
-@@ -100,6 +101,8 @@ Module API
+@@ -102,6 +103,8 @@ Module API
     If *root* is ``None``, then installation uses the default install location
     for the current environment.
  
@@ -44,7 +44,7 @@ Co-Authored-By: Xavier de Gaye <xdegaye@gmail.com>
     *upgrade* indicates whether or not to upgrade an existing installation
     of an earlier version of ``pip`` to the available version.
  
-@@ -120,6 +123,8 @@ Module API
+@@ -122,6 +125,8 @@ Module API
     *verbosity* controls the level of output to :data:`sys.stdout` from the
     bootstrapping operation.
  
@@ -139,7 +139,7 @@ Co-Authored-By: Xavier de Gaye <xdegaye@gmail.com>
  
 --- a/Makefile.pre.in
 +++ b/Makefile.pre.in
-@@ -1751,7 +1751,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni
+@@ -1756,7 +1756,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni
  			install|*) ensurepip="" ;; \
  		esac; \
  		$(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \
@@ -148,7 +148,7 @@ Co-Authored-By: Xavier de Gaye <xdegaye@gmail.com>
  	fi
  
  altinstall: commoninstall
-@@ -1761,7 +1761,7 @@ altinstall: commoninstall
+@@ -1766,7 +1766,7 @@ altinstall: commoninstall
  			install|*) ensurepip="--altinstall" ;; \
  		esac; \
  		$(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \

fix_configure_rst.patch

@@ -29,7 +29,7 @@
     Create a Python.framework rather than a traditional Unix install. Optional
 --- a/Misc/NEWS
 +++ b/Misc/NEWS
-@@ -6768,7 +6768,7 @@ C API
+@@ -7355,7 +7355,7 @@ C API
  - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API.
  
  - bpo-43795: The list in :ref:`stable-abi-list` now shows the public name

python-3.3.0b1-fix_date_time_compiler.patch

@@ -4,7 +4,7 @@
 
 --- a/Makefile.pre.in
 +++ b/Makefile.pre.in
-@@ -1234,11 +1234,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \
+@@ -1235,11 +1235,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \
  		$(DTRACE_OBJS) \
  		$(srcdir)/Modules/getbuildinfo.c
  	$(CC) -c $(PY_CORE_CFLAGS) \

python311.changes

@@ -1,3 +1,363 @@
+-------------------------------------------------------------------
+Thu Dec  8 14:59:50 UTC 2022 - Matej Cepl <mcepl@suse.com>
+
+- Update to 3.11.1:
+  - python -m http.server no longer allows terminal control
+    characters sent within a garbage request to be printed
+    to the stderr server lo This is done by changing the
+    http.server BaseHTTPRequestHandler .log_message method to
+    replace control characters with a \xHH hex escape before
+    printin
+  - Avoid publishing list of active per-interpreter audit hooks
+    via the gc module
+  - The IDNA codec decoder used on DNS hostnames by socket or
+    asyncio related name resolution functions no longer involves
+    a quadratic algorithm. This prevents a potential CPU denial
+    of service if an out-of-spec excessive length hostname
+    involving bidirectional characters were decoded. Some
+    protocols such as urllib http 3xx redirects potentially allow
+    for an attacker to supply such a name (CVE-2022-45061).
+  - Update bundled libexpat to 2.5.0
+  - Fix a shell code injection vulnerability in the
+    get-remote-certificate.py example script. The script no
+    longer uses a shell to run openssl commands. Issue reported
+    and initial fix by Caleb Shortt. Patch by Victor Stinner.
+  - Fix a crash when an object which does not have a dictionary
+    frees its instance values.
+  - Fix a bug in the tokenizer that could cause infinite
+    recursion when showing syntax warnings that happen in the
+    first line of the source. Patch by Pablo Galindo
+  - Fix an issue that could cause frames to be visible to Python
+    code as they are being torn down, possibly leading to memory
+    corruption or hard crashes of the interpreter.
+  - Fix a reference bug in _imp.create_builtin() after the
+    creation of the first sub-interpreter for modules builtins
+    and sys. Patch by Victor Stinner.
+  - Fixed a bug that was causing a buffer overflow if the
+    tokenizer copies a line missing the newline caracter from a
+    file that is as long as the available tokenizer buffer. Patch
+    by Pablo galindo
+  - Fix bug where an ExceptionGroup subclass can wrap a
+    BaseException.
+  - Fix zip path for venv created from a non-installed python on
+    POSIX platforms.
+  - Fix an issue that could potentially cause incorrect error
+    handling for some bytecode instructions.
+  - Fix an issue that prevented PyThreadState and
+    PyInterpreterState memory from being freed properly.
+  - Fix failure in except* with unhashable exceptions.
+  - Fix calculation of sys._base_executable when inside a POSIX
+    virtual environment using copies of the python binary when
+    the base installation does not provide the executable name
+    used by the venv. Calculation will fall back to alternative
+    names (“python<MAJOR>”, “python<MAJOR>.<MINOR>”).
+  - Update faulthandler to emit an error message with the proper
+    unexpected signal number. Patch by Dong-hee Na.
+  - Fix location of SyntaxError for a try block with both except
+    and except*.
+  - Fix the error reporting positions of specialized traceback
+    anchors when the source line contains Unicode characters.
+  - Fix subscription of type aliases containing bare generic
+    types or types like TypeVar: for example tuple[A, T][int] and
+    tuple[TypeVar, T][int], where A is a generic type, and T is a
+    type variable.
+  - Lower the recursion depth for marshal on WASI to support
+    wasmtime 2.0/main.
+  - Fix multiple crashes in debug mode when str subclasses are
+    used instead of str itself.
+  - Fix an issue where member descriptors (such as those for
+    __slots__) could behave incorrectly or crash instead of
+    raising a TypeError when accessed via an instance of an
+    invalid type.
+  - Suppress ImportError for invalid query for help()
+    command. Patch by Dong-hee Na.
+  - Fix detection of MAC addresses for uuid on certain OSs. Patch
+    by Chaim Sanders
+  - Print exception class name instead of its string
+    representation when raising errors from ctypes calls.
+  - os.sched_yield() now release the GIL while calling
+    sched_yield(2). Patch by Dong-hee Na.
+  - Fix an issue that could delay the specialization of PRECALL
+    instructions.
+  - Bugfix: PyFunction_GetAnnotations() should return a borrowed
+    reference. It was returning a new reference.
+  - Ensure that all Python frame objects are backed by “complete”
+    frames.
+  - Fixed a missing incref/decref pair in
+    Exception.__setstate__(). Patch by Ofey Chan.
+  - Fix the Python path configuration used to initialized
+    sys.path at Python startup. Paths are no longer encoded
+    to UTF-8/strict to avoid encoding errors if it contains
+    surrogate characters (bytes paths are decoded with the
+    surrogateescape error handler). Patch by Victor Stinner.
+  - Fix overly-broad source position information for chained
+    comparisons used as branching conditions.
+  - At Python exit, sometimes a thread holding the GIL can
+    wait forever for a thread (usually a daemon thread) which
+    requested to drop the GIL, whereas the thread already
+    exited. To fix the race condition, the thread which requested
+    the GIL drop now resets its request before exiting. Issue
+    discovered and analyzed by Mingliang ZHAO. Patch by Victor
+    Stinner.
+  - Fix a possible assertion failure, fatal error, or SystemError
+    if a line tracing event raises an exception while opcode
+    tracing is enabled.
+  - Fix undefined behaviour in C code of null pointer arithmetic.
+  - Make sure that all frame objects created are created from
+    valid interpreter frames. Prevents the possibility of invalid
+    frames in backtraces and signal handlers.
+  - Disable incorrect pickling of the C implemented classmethod
+    descriptors.
+  - On WASI ENOTCAPABLE is now mapped to PermissionError. The
+    errno modules exposes the new error number. getpath.py now
+    ignores PermissionError when it cannot open landmark files
+    pybuilddir.txt and pyenv.cfg.
+  - Allow pdb to locate source for frozen modules in the standard
+    library.
+  - Raise ValueError instead of SystemError when methods of
+    uninitialized io.IncrementalNewlineDecoder objects are
+    called. Patch by Oren Milman.
+  - Fix a possible assertion failure in io.FileIO when the opener
+    returns an invalid file descriptor.
+  - Also escape s in the http.server
+    BaseHTTPRequestHandler.log_message so that it is technically
+    possible to parse the line and reconstruct what the original
+    data was. Without this a xHH is ambiguious as to if it is a
+    hex replacement we put in or the characters r”x” came through
+    in the original request line.
+  - asyncio.get_event_loop() now only emits a deprecation warning
+    when a new event loop was created implicitly. It no longer
+    emits a deprecation warning if the current event loop was
+    set.
+  - Fix bug when calling trace.CoverageResults with valid infile.
+  - Fix a bug in handling class cleanups in
+    unittest.TestCase. Now addClassCleanup() uses separate lists
+    for different TestCase subclasses, and doClassCleanups() only
+    cleans up the particular class.
+  - Release the GIL when calling termios APIs to avoid blocking
+    threads.
+  - Fix ast.increment_lineno() to also cover ast.TypeIgnore when
+    changing line numbers.
+  - Fix bug in urllib.parse.urlparse() that causes URL schemes
+    that begin with a digit, a plus sign, or a minus sign to be
+    parsed incorrectly.
+  - Check the number of arguments in substitution in user
+    generics containing a TypeVarTuple and one or more TypeVar.
+  - Fix substitution of ParamSpec followed by TypeVarTuple in
+    generic aliases.
+  - Fix substitution of TypeVarTuple and ParamSpec together in
+    user generics.
+  - Fixed bug where inspect.signature() reported incorrect
+    arguments for decorated methods.
+  - Fix SystemError in ctypes when exception was not set during
+    __initsubclass__.
+  - Remove older version of
+    _SSLProtocolTransport.get_write_buffer_limits in
+    asyncio.sslproto
+  - fix negative numbers failing in verify()
+  - Fix statistics.NormalDist pickle with 0 and 1 protocols.
+  - enum.auto() is now correctly activated when combined with
+    other assignment values. E.g. ONE = auto(), 'some text' will
+    now evaluate as (1, 'some text').
+  - Update the bundled copy of pip to version 22.3.1.
+  - Clean up refleak on failed module initialisation in _zoneinfo
+  - Clean up refleaks on failed module initialisation in in
+    _pickle
+  - Clean up refleak on failed module initialisation in _io.
+  - Fix memory leak in math.dist() when both points don’t have
+    the same dimension. Patch by Kumar Aditya.
+  - [3.11] Applied changes from importlib_metadata 4.11.4
+    through 4.13, including compatibility and robustness
+    fixes for Distribution objects without _normalized_name,
+    disallowing invalid inputs to Distribution.from_name, and
+    refined behaviors in PathDistribution._name_from_stem and
+    PathDistribution._normalized_name.
+  - Fix argument typechecks in _overlapped.WSAConnect() and
+    _overlapped.Overlapped.WSASendTo() functions.
+  - Prevent crashing in traceback when retrieving the byte-offset
+    for some source files that contain certain unicode
+    characters.
+  - Fix internal error in the re module which in very rare
+    circumstances prevented compilation of a regular expression
+    containing a conditional expression without the “else”
+    branch.
+  - Fix asyncio.StreamWriter.drain() to call
+    protocol.connection_lost callback only once on Windows.
+  - Add a mutex to unittest.mock.NonCallableMock to protect
+    concurrent access to mock attributes.
+  - Fix hang on Windows in subprocess.wait_closed() in asyncio
+    with ProactorEventLoop. Patch by Kumar Aditya.
+  - Fix infinite loop in unittest when a self-referencing chained
+    exception is raised
+  - tkinter.Text.count() raises now an exception for options
+    starting with “-” instead of silently ignoring them.
+  - On uname_result, restored expectation that _fields and
+    _asdict would include all six properties including processor.
+  - A createSocket() method was added to SysLogHandler.
+  - Fix bug in urllib.parse.urlparse() that causes certain port
+    numbers containing whitespace, underscores, plus and minus
+    signs, or non-ASCII digits to be incorrectly accepted.
+  - Allow venv to pass along PYTHON* variables to ensurepip and
+    pip when they do not impact path resolution
+  - On macOS, fix a crash in syslog.syslog() in multi-threaded
+    applications. On macOS, the libc syslog() function is not
+    thread-safe, so syslog.syslog() no longer releases the GIL to
+    call it. Patch by Victor Stinner.
+  - Allow BUILTINS to be a valid field name for frozen
+    dataclasses.
+  - Wrap network errors consistently in urllib FTP support, so
+    the test suite doesn’t fail when a network is available but
+    the public internet is not reachable.
+  - Make sure patch.dict() can be applied on async functions.
+  - Earlier in 3.11 we deprecated
+    asyncio.Task.cancel("message"). We realized we were too
+    harsh, and have undeprecated it.
+  - Change deprecate warning message in unittest from It is
+    deprecated to return a value!=None to It is deprecated to
+    return a value that is not None from a test case
+  - Fixes AttributeError when subprocess.check_output() is used
+    with argument input=None and either of the arguments encoding
+    or errors are used.
+  - Fix is_private properties in the ipaddress module. Previously
+    non-private networks (0.0.0.0/0) would return True from this
+    method; now they correctly return False.
+  - Avoid spurious tracebacks from asyncio when default executor
+    cleanup is delayed until after the event loop is closed (e.g.
+    as the result of a keyboard interrupt).
+  - Avoid a crash in the C version of
+    asyncio.Future.remove_done_callback() when an evil argument
+    is passed.
+  - Remove tokenize.NL check from tabnanny.
+  - Fix generation of the default name of
+    tkinter.Checkbutton. Previously, checkbuttons in different
+    parent widgets could have the same short name and share
+    the same state if arguments “name” and “variable” are not
+    specified. Now they are globally unique.
+  - Update bundled libexpat to 2.4.9
+  - Fix race condition in asyncio where process_exited() called
+    before the pipe_data_received() leading to inconsistent
+    output. Patch by Kumar Aditya.
+  - Fixed check in multiprocessing.resource_tracker that
+    guarantees that the length of a write to a pipe is not
+    greater than PIPE_BUF.
+  - Corrected type annotation for dataclass attribute
+    pstats.FunctionProfile.ncalls to be str.
+  - Fix repr of Any subclasses.
+  - Work around missing socket functions in socket’s __repr__.
+  - In inspect, fix overeager replacement of “typing.” in
+    formatting annotations.
+  - Fix handling of bytes path-like objects in os.ismount().
+  - Fix handling compiler warnings (SyntaxWarning and
+    DeprecationWarning) in codeop.compile_command() when checking
+    for incomplete input. Previously it emitted warnings and
+    raised a SyntaxError. Now it always returns None for
+    incomplete input without emitting any warnings.
+  - To avoid apparent memory leaks when asyncio.open_connection()
+    raises, break reference cycles generated by local exception
+    and future instances (which has exception instance as its
+    member var). Patch by Dong Uk, Kang.
+  - Fixed flickering of the turtle window when the tracer is
+    turned off. Patch by Shin-myoung-serp.
+  - Fix asyncio subprocess transport to kill process cleanly
+    when process is blocked and avoid RuntimeError when loop is
+    closed. Patch by Kumar Aditya.
+  - Prevent error when activating venv in nested fish instances.
+  - TarFile.next() now returns None when called on an empty
+    tarfile.
+  - Document the optional callback parameter of WeakMethod. Patch
+    by Géry Ogam.
+  - Restrict use of sockets instead of pipes for stdin of
+    subprocesses created by asyncio to AIX platform only.
+  - shutil.copytree() now applies the ignore_dangling_symlinks
+    argument recursively.
+  - Fix IndexError in argparse.ArgumentParser when a store_true
+    action is given an explicit argument.
+  - Document that calling variadic functions with ctypes requires
+    special care on macOS/arm64 (and possibly other platforms).
+  - Remove extra row
+  - Clarified the conflicting advice given in the ast
+    documentation about ast.literal_eval() being “safe” for use
+    on untrusted input while at the same time warning that it
+    can crash the process. The latter statement is true and is
+    deemed unfixable without a large amount of work unsuitable
+    for a bugfix. So we keep the warning and no longer claim that
+    literal_eval is safe.
+  - Restructured the documentation for the os.wait* family of
+    functions, and improved the docs for os.waitid() with more
+    explanation of the possible argument constants.
+  - Skip test_normalization() of test_unicodedata if it
+    fails to download NormalizationTest.txt file from
+    pythontest.net. Patch by Victor Stinner.
+  - Correct test_marsh on (32 bit) x86: test_deterministic sets
+    was failing.
+  - Optional big memory tests in test_sqlite3 now catch the
+    correct sqlite.DataError exception type in case of too large
+    strings and/or blobs passed.
+  - Fix a bug in the typing tests where a test relying
+    on CPython-specific implementation details was not
+    decorated with @cpython_only and was not skipped on other
+    implementations.
+  - Add tests for star-unpacking with PEP 646, and some other
+    miscellaneous PEP 646 tests.
+  - Added explicit coverage of Py_Initialize (and hence
+    Py_InitializeEx) back to the embedding tests (all other
+    embedding tests migrated to Py_InitializeFromConfig in Python
+    3.11)
+  - Some C API tests were moved into the new Lib/test/test_capi/
+    directory.
+  - Fix -Wimplicit-int, -Wstrict-prototypes, and
+    -Wimplicit-function-declaration compiler warnings in
+    configure checks.
+  - Fix a compilation issue with GCC 12 on macOS.
+  - Fix -Wimplicit-int compiler warning in configure check for
+    PTHREAD_SCOPE_SYSTEM.
+  - Fix a possible fd leak in Programs/_freeze_module.c
+    introduced in Python 3.11.
+  - Fix build with PYTHON_FOR_REGEN=python3.8.
+  - Specify the full path to the source location for make
+    docclean (needed for cross-builds).
+  - Don’t use vendored libmpdec headers if --with-system-libmpdec
+    is passed to configure. Don’t use vendored libexpat headers
+    if --with-system-expat is passed to !configure.
+  - Fix the build process of clang compiler for _bootstrap_python
+    if LTO optimization is applied. Patch by Matthias Görgens and
+    Dong-hee Na.
+  - wasm32-emscripten builds for browsers now include
+    concurrent.futures for asyncio and unittest.mock.
+  - wasm32-emscripten platform no longer builds resource module,
+    getresuid(), getresgid(), and their setters. The APIs are
+    stubs and not functional.
+  - Updated pegen regeneration script on Windows to find and
+    use Python 3.9 or higher. Prior to this, pegen regeneration
+    already required 3.9 or higher, but the script may have used
+    lower versions of Python.
+  - Fix a bug in the previous bugfix that caused IDLE to
+    not start when run with 3.10.8, 3.12.0a1, and at least
+    Microsoft Python 3.10.2288.0 installed without the Lib/test
+    package. 3.11.0 was never affected.
+  - The wasm_build.py script now pre-builds Emscripten ports,
+    checks for broken EMSDK versions, and warns about pkg-config
+    env vars.
+  - The new tool Tools/wasm/wasm_builder.py automates configure,
+    compile, and test steps for building CPython on WebAssembly
+    platforms.
+  - Fix handling of module docstrings in Tools/i18n/pygettext.py.
+  - PyBUF_* constants were marked as part of Limited API
+    of Python 3.11+. These were available in 3.11.0 with
+    Py_LIMITED_API defined for 3.11, and are necessary to use the
+    buffer API.
+  - Fix use-after-free in Py_SetPythonHome(NULL),
+    Py_SetProgramName(NULL) and _Py_SetProgramFullPath(NULL)
+    function calls. Issue reported by Benedikt Reinartz. Patch by
+    Victor Stinner.
+  - Py_InitializeEx now correctly calls PyConfig_Clear after
+    initializing the interpreter (the omission didn’t cause a
+    memory leak only because none of the dynamically allocated
+    config fields are populated by the wrapper function)
+- Removed upstreamed patches:
+  - 98437-sphinx.locale._-as-gettext-in-pyspecific.patch
+  - CVE-2022-45061-DoS-by-IDNA-decode.patch
+
 -------------------------------------------------------------------
 Wed Nov  9 18:31:23 UTC 2022 - Matej Cepl <mcepl@suse.com>
 

python311.spec

@@ -67,7 +67,7 @@ Obsoletes:      python39%{?1:-%{1}}
 %define tarversion %{version}
 %endif
 # We don't process beta signs well
-%define         folderversion 3.11.0
+%define         folderversion %{tarversion}
 %define         tarname    Python-%{tarversion}
 %define         sitedir         %{_libdir}/python%{python_version}
 # three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149
@@ -103,7 +103,7 @@ Obsoletes:      python39%{?1:-%{1}}
 %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
 %bcond_without profileopt
 Name:           %{python_pkg_name}%{psuffix}
-Version:        3.11.0
+Version:        3.11.1
 Release:        0
 Summary:        Python 3 Interpreter
 License:        Python-2.0
@@ -166,12 +166,6 @@ Patch35:        fix_configure_rst.patch
 # PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253 mcepl@suse.com
 # Makes Python resilient to changes of API of libexpat
 Patch36:        support-expat-CVE-2022-25236-patched.patch
-# PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch gh#python/cpython#98366 mcepl@suse.com
-# this patch makes things totally awesome
-Patch37:        98437-sphinx.locale._-as-gettext-in-pyspecific.patch
-# PATCH-FIX-UPSTREAM CVE-2022-45061-DoS-by-IDNA-decode.patch bsc#1205244 mcepl@suse.com
-# Avoid DoS by decoding IDNA for too long domain names
-Patch38:        CVE-2022-45061-DoS-by-IDNA-decode.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  fdupes
@@ -438,8 +432,6 @@ other applications.
 %endif
 %patch35 -p1
 %patch36 -p1
-%patch37 -p1
-%patch38 -p1
 
 # drop Autoconf version requirement
 sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac

subprocess-raise-timeout.patch

@@ -4,7 +4,7 @@
 
 --- a/Lib/test/test_subprocess.py
 +++ b/Lib/test/test_subprocess.py
-@@ -272,7 +272,8 @@ class ProcessTestCase(BaseTestCase):
+@@ -278,7 +278,8 @@ class ProcessTestCase(BaseTestCase):
                       "time.sleep(3600)"],
                      # Some heavily loaded buildbots (sparc Debian 3.x) require
                      # this much time to start and print.