- Update to 3.11.1:
- python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server lo This is done by changing the http.server BaseHTTPRequestHandler .log_message method to replace control characters with a \xHH hex escape before printin - Avoid publishing list of active per-interpreter audit hooks via the gc module - The IDNA codec decoder used on DNS hostnames by socket or asyncio related name resolution functions no longer involves a quadratic algorithm. This prevents a potential CPU denial of service if an out-of-spec excessive length hostname involving bidirectional characters were decoded. Some protocols such as urllib http 3xx redirects potentially allow for an attacker to supply such a name (CVE-2022-45061). - Update bundled libexpat to 2.5.0 - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. Issue reported and initial fix by Caleb Shortt. Patch by Victor Stinner. - Fix a crash when an object which does not have a dictionary frees its instance values. - Fix a bug in the tokenizer that could cause infinite recursion when showing syntax warnings that happen in the first line of the source. Patch by Pablo Galindo - Fix an issue that could cause frames to be visible to Python code as they are being torn down, possibly leading to memory corruption or hard crashes of the interpreter. - Fix a reference bug in _imp.create_builtin() after the OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=40
This commit is contained in:
parent
03d1be1616
commit
6c436c7abc
@ -1,54 +0,0 @@
|
||||
From 5775f51691d7d64fb676586e008b41261ce64ac2 Mon Sep 17 00:00:00 2001
|
||||
From: "Matt.Wang" <mattwang44@gmail.com>
|
||||
Date: Wed, 19 Oct 2022 14:49:08 +0800
|
||||
Subject: [PATCH 1/2] fix(doc-tools): use sphinx.locale._ as gettext() for
|
||||
backward-compatibility in pyspecific.py
|
||||
|
||||
[why] spinix 5.3 changed locale.translators from a defaultdict(gettext.NullTranslations) to a dict, which leads to failure of pyspecific.py. Use sphinx.locale._ as gettext to fix the issue.
|
||||
---
|
||||
Doc/tools/extensions/pyspecific.py | 8 ++++----
|
||||
Misc/NEWS.d/next/Documentation/2022-10-19-07-15-52.gh-issue-98366.UskMXF.rst | 1 +
|
||||
2 files changed, 5 insertions(+), 4 deletions(-)
|
||||
|
||||
--- a/Doc/tools/extensions/pyspecific.py
|
||||
+++ b/Doc/tools/extensions/pyspecific.py
|
||||
@@ -26,7 +26,7 @@ try:
|
||||
from sphinx.errors import NoUri
|
||||
except ImportError:
|
||||
from sphinx.environment import NoUri
|
||||
-from sphinx.locale import translators
|
||||
+from sphinx.locale import _ as sphinx_gettext
|
||||
from sphinx.util import status_iterator, logging
|
||||
from sphinx.util.nodes import split_explicit_title
|
||||
from sphinx.writers.text import TextWriter, TextTranslator
|
||||
@@ -109,7 +109,7 @@ class ImplementationDetail(Directive):
|
||||
def run(self):
|
||||
self.assert_has_content()
|
||||
pnode = nodes.compound(classes=['impl-detail'])
|
||||
- label = translators['sphinx'].gettext(self.label_text)
|
||||
+ label = sphinx_gettext(self.label_text)
|
||||
content = self.content
|
||||
add_text = nodes.strong(label, label)
|
||||
self.state.nested_parse(content, self.content_offset, pnode)
|
||||
@@ -257,7 +257,7 @@ class AuditEvent(Directive):
|
||||
else:
|
||||
args = []
|
||||
|
||||
- label = translators['sphinx'].gettext(self._label[min(2, len(args))])
|
||||
+ label = sphinx_gettext(self._label[min(2, len(args))])
|
||||
text = label.format(name="``{}``".format(name),
|
||||
args=", ".join("``{}``".format(a) for a in args if a))
|
||||
|
||||
@@ -436,7 +436,7 @@ class DeprecatedRemoved(Directive):
|
||||
else:
|
||||
label = self._removed_label
|
||||
|
||||
- label = translators['sphinx'].gettext(label)
|
||||
+ label = sphinx_gettext(label)
|
||||
text = label.format(deprecated=self.arguments[0], removed=self.arguments[1])
|
||||
if len(self.arguments) == 3:
|
||||
inodes, messages = self.state.inline_text(self.arguments[2],
|
||||
--- /dev/null
|
||||
+++ b/Misc/NEWS.d/next/Documentation/2022-10-19-07-15-52.gh-issue-98366.UskMXF.rst
|
||||
@@ -0,0 +1 @@
|
||||
+Use sphinx.locale._ as the gettext function in pyspecific.py.
|
@ -1,86 +0,0 @@
|
||||
From 3a692f2234d2ddb65db33d2516fff357a139c724 Mon Sep 17 00:00:00 2001
|
||||
From: "Gregory P. Smith" <greg@krypto.org>
|
||||
Date: Mon, 7 Nov 2022 16:54:41 -0800
|
||||
Subject: [PATCH 1/3] gh-98433: Fix quadratic time idna decoding. (GH-99092)
|
||||
|
||||
There was an unnecessary quadratic loop in idna decoding. This restores
|
||||
the behavior to linear.
|
||||
|
||||
This also adds an early length check in IDNA decoding to outright reject
|
||||
huge inputs early on given the ultimate result is defined to be 63 or fewer
|
||||
characters.
|
||||
(cherry picked from commit d315722564927c7202dd6e111dc79eaf14240b0d)
|
||||
|
||||
Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
||||
---
|
||||
Lib/encodings/idna.py | 32 ++++------
|
||||
Lib/test/test_codecs.py | 6 +
|
||||
Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst | 6 +
|
||||
3 files changed, 27 insertions(+), 17 deletions(-)
|
||||
create mode 100644 Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst
|
||||
|
||||
--- a/Lib/encodings/idna.py
|
||||
+++ b/Lib/encodings/idna.py
|
||||
@@ -39,23 +39,21 @@ def nameprep(label):
|
||||
|
||||
# Check bidi
|
||||
RandAL = [stringprep.in_table_d1(x) for x in label]
|
||||
- for c in RandAL:
|
||||
- if c:
|
||||
- # There is a RandAL char in the string. Must perform further
|
||||
- # tests:
|
||||
- # 1) The characters in section 5.8 MUST be prohibited.
|
||||
- # This is table C.8, which was already checked
|
||||
- # 2) If a string contains any RandALCat character, the string
|
||||
- # MUST NOT contain any LCat character.
|
||||
- if any(stringprep.in_table_d2(x) for x in label):
|
||||
- raise UnicodeError("Violation of BIDI requirement 2")
|
||||
-
|
||||
- # 3) If a string contains any RandALCat character, a
|
||||
- # RandALCat character MUST be the first character of the
|
||||
- # string, and a RandALCat character MUST be the last
|
||||
- # character of the string.
|
||||
- if not RandAL[0] or not RandAL[-1]:
|
||||
- raise UnicodeError("Violation of BIDI requirement 3")
|
||||
+ if any(RandAL):
|
||||
+ # There is a RandAL char in the string. Must perform further
|
||||
+ # tests:
|
||||
+ # 1) The characters in section 5.8 MUST be prohibited.
|
||||
+ # This is table C.8, which was already checked
|
||||
+ # 2) If a string contains any RandALCat character, the string
|
||||
+ # MUST NOT contain any LCat character.
|
||||
+ if any(stringprep.in_table_d2(x) for x in label):
|
||||
+ raise UnicodeError("Violation of BIDI requirement 2")
|
||||
+ # 3) If a string contains any RandALCat character, a
|
||||
+ # RandALCat character MUST be the first character of the
|
||||
+ # string, and a RandALCat character MUST be the last
|
||||
+ # character of the string.
|
||||
+ if not RandAL[0] or not RandAL[-1]:
|
||||
+ raise UnicodeError("Violation of BIDI requirement 3")
|
||||
|
||||
return label
|
||||
|
||||
--- a/Lib/test/test_codecs.py
|
||||
+++ b/Lib/test/test_codecs.py
|
||||
@@ -1552,6 +1552,12 @@ class IDNACodecTest(unittest.TestCase):
|
||||
self.assertEqual("pyth\xf6n.org".encode("idna"), b"xn--pythn-mua.org")
|
||||
self.assertEqual("pyth\xf6n.org.".encode("idna"), b"xn--pythn-mua.org.")
|
||||
|
||||
+ def test_builtin_decode_length_limit(self):
|
||||
+ with self.assertRaisesRegex(UnicodeError, "too long"):
|
||||
+ (b"xn--016c"+b"a"*1100).decode("idna")
|
||||
+ with self.assertRaisesRegex(UnicodeError, "too long"):
|
||||
+ (b"xn--016c"+b"a"*70).decode("idna")
|
||||
+
|
||||
def test_stream(self):
|
||||
r = codecs.getreader("idna")(io.BytesIO(b"abc"))
|
||||
r.read(3)
|
||||
--- /dev/null
|
||||
+++ b/Misc/NEWS.d/next/Security/2022-11-04-09-29-36.gh-issue-98433.l76c5G.rst
|
||||
@@ -0,0 +1,6 @@
|
||||
+The IDNA codec decoder used on DNS hostnames by :mod:`socket` or :mod:`asyncio`
|
||||
+related name resolution functions no longer involves a quadratic algorithm.
|
||||
+This prevents a potential CPU denial of service if an out-of-spec excessive
|
||||
+length hostname involving bidirectional characters were decoded. Some protocols
|
||||
+such as :mod:`urllib` http ``3xx`` redirects potentially allow for an attacker
|
||||
+to supply such a name.
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:a57dc82d77358617ba65b9841cee1e3b441f386c3789ddc0676eca077f2951c3
|
||||
size 19819768
|
@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmNW0BsACgkQ/+h0BBaL
|
||||
2EfljQ//YbRPRLgFEqbUYDoA65Hy5+ztg2bD6UUAVHS29G7exX9hNqAuk2uQZnlF
|
||||
3CIz7NjtJFb7a8Bxg6j/OjYnwTojZKeNR/wwZa7MRJlZv7YZGKdjYlt21eCQMbjN
|
||||
SHlmZ/P1jTHifb/9x2l6XRqn8IXwvJq1NduNoiuNzSQ16oX3TwbLC+vFRBxFqv48
|
||||
E6qJlpplzQz0HxgWD+R3jHx2YQzD/Bc+kA+l4NIP2CWX5yK2R3Q63sFi8GmzP6gZ
|
||||
auFNDGz5pGuwTsblr8Ps0LeqnPtX2UqzAIM5AK5kXW6yn0bn93EXNT0OGF+zzccV
|
||||
8dit/0C1gqg6iPNRCijWpyIzXUF22Wn8+32E77Xfr+uSPW5e0yuA9VWoO5D2Bf/i
|
||||
sna98iE3wLJHGgrn1quAdFjCEPSAr9rNaEyvqF9QEjuCoa5giqwk+HIjEiLwNYcy
|
||||
5MsfFxj5OQT1wB1zWs08qij4wXO0bPylnIK1a6t8OlGF3M4FKX8PK0zK4HsKPcje
|
||||
DiyjdM3ylrODWk2BjvxUp48gMvmibeSZydKKJDjflHr7MDaJPInZk24LQXw6ZrVH
|
||||
g+E726C1q69sWSbZ2Wvc70CGcIfzeSFX0rQMGYvyJAQHTo4kixOjRJQpTxGw2VkE
|
||||
aQrgQC/JGhV+mNWfK+/QiypF8povzlwaQwpoyOczvg83rAvNLAs=
|
||||
=LZQi
|
||||
-----END PGP SIGNATURE-----
|
3
Python-3.11.1.tar.xz
Normal file
3
Python-3.11.1.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:85879192f2cffd56cb16c092905949ebf3e5e394b7f764723529637901dfb58f
|
||||
size 19856648
|
16
Python-3.11.1.tar.xz.asc
Normal file
16
Python-3.11.1.tar.xz.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmOPlhsACgkQ/+h0BBaL
|
||||
2EdY5w/+KKZY3ghMcjuxxF4o9CylFvhHGI7LP6FKZE5xnGtSZ2cXjcad+FwFMnFS
|
||||
JE5fLpPD3xmkRoCIOwVKIos4l/chfAIE8gNlTBFOAwUYP0uVpA+SYNDOciT64Apj
|
||||
32jELwHJJVgjG21Lubx35kOtmQa884hBB9T8RsovL35PhFvspSvTx8U+YfGKIZzG
|
||||
liWwj/gBMMGd3p6pvz9UQsnqBLAfw50M6BDDQrQtoIDnw2R5s8oBqYa7uiRBzQch
|
||||
dUGUm/gt9lBTI0fT3ZgCMD3Zu2et252nsbzMYgBuPSg6SlT63wHktzq1aewQ2lL2
|
||||
VcBBbIf4hpkL5QnPgzKuiHcU7tBeRngTaWhw0Nc8kfGuz56HsEJJyhaHtD5mlCx9
|
||||
0treI/NPAeA8KcrpnkufTpMCee7/R7CfH/dNp29yJlhbC+WYMbr6s600jJISf6zn
|
||||
s0C40/MGLvVwIgT6HBkXkDL0Lii8vxc3w5smLiQ4xvQSHSS/fkP2qIDUhrX0eUlq
|
||||
atacso0j7XAKYWBRHT70ZeXIN4UJuQ+dfK7xAC+bmyo9X9jcpUeozws8OvczYBRq
|
||||
2qk4hCFFP/WgZ/MBiVoe2xmC6+ak2gH6xX6w2bB0/4Dc6KBMxWyUmRPuBVvx/cCp
|
||||
AwXvH94gZl9wj/tmvOoZNqaMFG3tWuWo7+YzosWOBHAoUk8ILNM=
|
||||
=ZuYB
|
||||
-----END PGP SIGNATURE-----
|
@ -15,7 +15,7 @@ Co-Authored-By: Xavier de Gaye <xdegaye@gmail.com>
|
||||
|
||||
--- a/Doc/library/ensurepip.rst
|
||||
+++ b/Doc/library/ensurepip.rst
|
||||
@@ -57,8 +57,9 @@ is at least as recent as the one availab
|
||||
@@ -59,8 +59,9 @@ is at least as recent as the one availab
|
||||
By default, ``pip`` is installed into the current virtual environment
|
||||
(if one is active) or into the system site packages (if there is no
|
||||
active virtual environment). The installation location can be controlled
|
||||
@ -26,7 +26,7 @@ Co-Authored-By: Xavier de Gaye <xdegaye@gmail.com>
|
||||
* ``--root <dir>``: Installs ``pip`` relative to the given root directory
|
||||
rather than the root of the currently active virtual environment (if any)
|
||||
or the default root for the current Python installation.
|
||||
@@ -90,7 +91,7 @@ Module API
|
||||
@@ -92,7 +93,7 @@ Module API
|
||||
Returns a string specifying the available version of pip that will be
|
||||
installed when bootstrapping an environment.
|
||||
|
||||
@ -35,7 +35,7 @@ Co-Authored-By: Xavier de Gaye <xdegaye@gmail.com>
|
||||
altinstall=False, default_pip=False, \
|
||||
verbosity=0)
|
||||
|
||||
@@ -100,6 +101,8 @@ Module API
|
||||
@@ -102,6 +103,8 @@ Module API
|
||||
If *root* is ``None``, then installation uses the default install location
|
||||
for the current environment.
|
||||
|
||||
@ -44,7 +44,7 @@ Co-Authored-By: Xavier de Gaye <xdegaye@gmail.com>
|
||||
*upgrade* indicates whether or not to upgrade an existing installation
|
||||
of an earlier version of ``pip`` to the available version.
|
||||
|
||||
@@ -120,6 +123,8 @@ Module API
|
||||
@@ -122,6 +125,8 @@ Module API
|
||||
*verbosity* controls the level of output to :data:`sys.stdout` from the
|
||||
bootstrapping operation.
|
||||
|
||||
@ -139,7 +139,7 @@ Co-Authored-By: Xavier de Gaye <xdegaye@gmail.com>
|
||||
|
||||
--- a/Makefile.pre.in
|
||||
+++ b/Makefile.pre.in
|
||||
@@ -1751,7 +1751,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni
|
||||
@@ -1756,7 +1756,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni
|
||||
install|*) ensurepip="" ;; \
|
||||
esac; \
|
||||
$(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \
|
||||
@ -148,7 +148,7 @@ Co-Authored-By: Xavier de Gaye <xdegaye@gmail.com>
|
||||
fi
|
||||
|
||||
altinstall: commoninstall
|
||||
@@ -1761,7 +1761,7 @@ altinstall: commoninstall
|
||||
@@ -1766,7 +1766,7 @@ altinstall: commoninstall
|
||||
install|*) ensurepip="--altinstall" ;; \
|
||||
esac; \
|
||||
$(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \
|
||||
|
@ -29,7 +29,7 @@
|
||||
Create a Python.framework rather than a traditional Unix install. Optional
|
||||
--- a/Misc/NEWS
|
||||
+++ b/Misc/NEWS
|
||||
@@ -6768,7 +6768,7 @@ C API
|
||||
@@ -7355,7 +7355,7 @@ C API
|
||||
- bpo-40939: Removed documentation for the removed ``PyParser_*`` C API.
|
||||
|
||||
- bpo-43795: The list in :ref:`stable-abi-list` now shows the public name
|
||||
|
@ -4,7 +4,7 @@
|
||||
|
||||
--- a/Makefile.pre.in
|
||||
+++ b/Makefile.pre.in
|
||||
@@ -1234,11 +1234,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \
|
||||
@@ -1235,11 +1235,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \
|
||||
$(DTRACE_OBJS) \
|
||||
$(srcdir)/Modules/getbuildinfo.c
|
||||
$(CC) -c $(PY_CORE_CFLAGS) \
|
||||
|
@ -1,3 +1,363 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 8 14:59:50 UTC 2022 - Matej Cepl <mcepl@suse.com>
|
||||
|
||||
- Update to 3.11.1:
|
||||
- python -m http.server no longer allows terminal control
|
||||
characters sent within a garbage request to be printed
|
||||
to the stderr server lo This is done by changing the
|
||||
http.server BaseHTTPRequestHandler .log_message method to
|
||||
replace control characters with a \xHH hex escape before
|
||||
printin
|
||||
- Avoid publishing list of active per-interpreter audit hooks
|
||||
via the gc module
|
||||
- The IDNA codec decoder used on DNS hostnames by socket or
|
||||
asyncio related name resolution functions no longer involves
|
||||
a quadratic algorithm. This prevents a potential CPU denial
|
||||
of service if an out-of-spec excessive length hostname
|
||||
involving bidirectional characters were decoded. Some
|
||||
protocols such as urllib http 3xx redirects potentially allow
|
||||
for an attacker to supply such a name (CVE-2022-45061).
|
||||
- Update bundled libexpat to 2.5.0
|
||||
- Fix a shell code injection vulnerability in the
|
||||
get-remote-certificate.py example script. The script no
|
||||
longer uses a shell to run openssl commands. Issue reported
|
||||
and initial fix by Caleb Shortt. Patch by Victor Stinner.
|
||||
- Fix a crash when an object which does not have a dictionary
|
||||
frees its instance values.
|
||||
- Fix a bug in the tokenizer that could cause infinite
|
||||
recursion when showing syntax warnings that happen in the
|
||||
first line of the source. Patch by Pablo Galindo
|
||||
- Fix an issue that could cause frames to be visible to Python
|
||||
code as they are being torn down, possibly leading to memory
|
||||
corruption or hard crashes of the interpreter.
|
||||
- Fix a reference bug in _imp.create_builtin() after the
|
||||
creation of the first sub-interpreter for modules builtins
|
||||
and sys. Patch by Victor Stinner.
|
||||
- Fixed a bug that was causing a buffer overflow if the
|
||||
tokenizer copies a line missing the newline caracter from a
|
||||
file that is as long as the available tokenizer buffer. Patch
|
||||
by Pablo galindo
|
||||
- Fix bug where an ExceptionGroup subclass can wrap a
|
||||
BaseException.
|
||||
- Fix zip path for venv created from a non-installed python on
|
||||
POSIX platforms.
|
||||
- Fix an issue that could potentially cause incorrect error
|
||||
handling for some bytecode instructions.
|
||||
- Fix an issue that prevented PyThreadState and
|
||||
PyInterpreterState memory from being freed properly.
|
||||
- Fix failure in except* with unhashable exceptions.
|
||||
- Fix calculation of sys._base_executable when inside a POSIX
|
||||
virtual environment using copies of the python binary when
|
||||
the base installation does not provide the executable name
|
||||
used by the venv. Calculation will fall back to alternative
|
||||
names (“python<MAJOR>”, “python<MAJOR>.<MINOR>”).
|
||||
- Update faulthandler to emit an error message with the proper
|
||||
unexpected signal number. Patch by Dong-hee Na.
|
||||
- Fix location of SyntaxError for a try block with both except
|
||||
and except*.
|
||||
- Fix the error reporting positions of specialized traceback
|
||||
anchors when the source line contains Unicode characters.
|
||||
- Fix subscription of type aliases containing bare generic
|
||||
types or types like TypeVar: for example tuple[A, T][int] and
|
||||
tuple[TypeVar, T][int], where A is a generic type, and T is a
|
||||
type variable.
|
||||
- Lower the recursion depth for marshal on WASI to support
|
||||
wasmtime 2.0/main.
|
||||
- Fix multiple crashes in debug mode when str subclasses are
|
||||
used instead of str itself.
|
||||
- Fix an issue where member descriptors (such as those for
|
||||
__slots__) could behave incorrectly or crash instead of
|
||||
raising a TypeError when accessed via an instance of an
|
||||
invalid type.
|
||||
- Suppress ImportError for invalid query for help()
|
||||
command. Patch by Dong-hee Na.
|
||||
- Fix detection of MAC addresses for uuid on certain OSs. Patch
|
||||
by Chaim Sanders
|
||||
- Print exception class name instead of its string
|
||||
representation when raising errors from ctypes calls.
|
||||
- os.sched_yield() now release the GIL while calling
|
||||
sched_yield(2). Patch by Dong-hee Na.
|
||||
- Fix an issue that could delay the specialization of PRECALL
|
||||
instructions.
|
||||
- Bugfix: PyFunction_GetAnnotations() should return a borrowed
|
||||
reference. It was returning a new reference.
|
||||
- Ensure that all Python frame objects are backed by “complete”
|
||||
frames.
|
||||
- Fixed a missing incref/decref pair in
|
||||
Exception.__setstate__(). Patch by Ofey Chan.
|
||||
- Fix the Python path configuration used to initialized
|
||||
sys.path at Python startup. Paths are no longer encoded
|
||||
to UTF-8/strict to avoid encoding errors if it contains
|
||||
surrogate characters (bytes paths are decoded with the
|
||||
surrogateescape error handler). Patch by Victor Stinner.
|
||||
- Fix overly-broad source position information for chained
|
||||
comparisons used as branching conditions.
|
||||
- At Python exit, sometimes a thread holding the GIL can
|
||||
wait forever for a thread (usually a daemon thread) which
|
||||
requested to drop the GIL, whereas the thread already
|
||||
exited. To fix the race condition, the thread which requested
|
||||
the GIL drop now resets its request before exiting. Issue
|
||||
discovered and analyzed by Mingliang ZHAO. Patch by Victor
|
||||
Stinner.
|
||||
- Fix a possible assertion failure, fatal error, or SystemError
|
||||
if a line tracing event raises an exception while opcode
|
||||
tracing is enabled.
|
||||
- Fix undefined behaviour in C code of null pointer arithmetic.
|
||||
- Make sure that all frame objects created are created from
|
||||
valid interpreter frames. Prevents the possibility of invalid
|
||||
frames in backtraces and signal handlers.
|
||||
- Disable incorrect pickling of the C implemented classmethod
|
||||
descriptors.
|
||||
- On WASI ENOTCAPABLE is now mapped to PermissionError. The
|
||||
errno modules exposes the new error number. getpath.py now
|
||||
ignores PermissionError when it cannot open landmark files
|
||||
pybuilddir.txt and pyenv.cfg.
|
||||
- Allow pdb to locate source for frozen modules in the standard
|
||||
library.
|
||||
- Raise ValueError instead of SystemError when methods of
|
||||
uninitialized io.IncrementalNewlineDecoder objects are
|
||||
called. Patch by Oren Milman.
|
||||
- Fix a possible assertion failure in io.FileIO when the opener
|
||||
returns an invalid file descriptor.
|
||||
- Also escape s in the http.server
|
||||
BaseHTTPRequestHandler.log_message so that it is technically
|
||||
possible to parse the line and reconstruct what the original
|
||||
data was. Without this a xHH is ambiguious as to if it is a
|
||||
hex replacement we put in or the characters r”x” came through
|
||||
in the original request line.
|
||||
- asyncio.get_event_loop() now only emits a deprecation warning
|
||||
when a new event loop was created implicitly. It no longer
|
||||
emits a deprecation warning if the current event loop was
|
||||
set.
|
||||
- Fix bug when calling trace.CoverageResults with valid infile.
|
||||
- Fix a bug in handling class cleanups in
|
||||
unittest.TestCase. Now addClassCleanup() uses separate lists
|
||||
for different TestCase subclasses, and doClassCleanups() only
|
||||
cleans up the particular class.
|
||||
- Release the GIL when calling termios APIs to avoid blocking
|
||||
threads.
|
||||
- Fix ast.increment_lineno() to also cover ast.TypeIgnore when
|
||||
changing line numbers.
|
||||
- Fix bug in urllib.parse.urlparse() that causes URL schemes
|
||||
that begin with a digit, a plus sign, or a minus sign to be
|
||||
parsed incorrectly.
|
||||
- Check the number of arguments in substitution in user
|
||||
generics containing a TypeVarTuple and one or more TypeVar.
|
||||
- Fix substitution of ParamSpec followed by TypeVarTuple in
|
||||
generic aliases.
|
||||
- Fix substitution of TypeVarTuple and ParamSpec together in
|
||||
user generics.
|
||||
- Fixed bug where inspect.signature() reported incorrect
|
||||
arguments for decorated methods.
|
||||
- Fix SystemError in ctypes when exception was not set during
|
||||
__initsubclass__.
|
||||
- Remove older version of
|
||||
_SSLProtocolTransport.get_write_buffer_limits in
|
||||
asyncio.sslproto
|
||||
- fix negative numbers failing in verify()
|
||||
- Fix statistics.NormalDist pickle with 0 and 1 protocols.
|
||||
- enum.auto() is now correctly activated when combined with
|
||||
other assignment values. E.g. ONE = auto(), 'some text' will
|
||||
now evaluate as (1, 'some text').
|
||||
- Update the bundled copy of pip to version 22.3.1.
|
||||
- Clean up refleak on failed module initialisation in _zoneinfo
|
||||
- Clean up refleaks on failed module initialisation in in
|
||||
_pickle
|
||||
- Clean up refleak on failed module initialisation in _io.
|
||||
- Fix memory leak in math.dist() when both points don’t have
|
||||
the same dimension. Patch by Kumar Aditya.
|
||||
- [3.11] Applied changes from importlib_metadata 4.11.4
|
||||
through 4.13, including compatibility and robustness
|
||||
fixes for Distribution objects without _normalized_name,
|
||||
disallowing invalid inputs to Distribution.from_name, and
|
||||
refined behaviors in PathDistribution._name_from_stem and
|
||||
PathDistribution._normalized_name.
|
||||
- Fix argument typechecks in _overlapped.WSAConnect() and
|
||||
_overlapped.Overlapped.WSASendTo() functions.
|
||||
- Prevent crashing in traceback when retrieving the byte-offset
|
||||
for some source files that contain certain unicode
|
||||
characters.
|
||||
- Fix internal error in the re module which in very rare
|
||||
circumstances prevented compilation of a regular expression
|
||||
containing a conditional expression without the “else”
|
||||
branch.
|
||||
- Fix asyncio.StreamWriter.drain() to call
|
||||
protocol.connection_lost callback only once on Windows.
|
||||
- Add a mutex to unittest.mock.NonCallableMock to protect
|
||||
concurrent access to mock attributes.
|
||||
- Fix hang on Windows in subprocess.wait_closed() in asyncio
|
||||
with ProactorEventLoop. Patch by Kumar Aditya.
|
||||
- Fix infinite loop in unittest when a self-referencing chained
|
||||
exception is raised
|
||||
- tkinter.Text.count() raises now an exception for options
|
||||
starting with “-” instead of silently ignoring them.
|
||||
- On uname_result, restored expectation that _fields and
|
||||
_asdict would include all six properties including processor.
|
||||
- A createSocket() method was added to SysLogHandler.
|
||||
- Fix bug in urllib.parse.urlparse() that causes certain port
|
||||
numbers containing whitespace, underscores, plus and minus
|
||||
signs, or non-ASCII digits to be incorrectly accepted.
|
||||
- Allow venv to pass along PYTHON* variables to ensurepip and
|
||||
pip when they do not impact path resolution
|
||||
- On macOS, fix a crash in syslog.syslog() in multi-threaded
|
||||
applications. On macOS, the libc syslog() function is not
|
||||
thread-safe, so syslog.syslog() no longer releases the GIL to
|
||||
call it. Patch by Victor Stinner.
|
||||
- Allow BUILTINS to be a valid field name for frozen
|
||||
dataclasses.
|
||||
- Wrap network errors consistently in urllib FTP support, so
|
||||
the test suite doesn’t fail when a network is available but
|
||||
the public internet is not reachable.
|
||||
- Make sure patch.dict() can be applied on async functions.
|
||||
- Earlier in 3.11 we deprecated
|
||||
asyncio.Task.cancel("message"). We realized we were too
|
||||
harsh, and have undeprecated it.
|
||||
- Change deprecate warning message in unittest from It is
|
||||
deprecated to return a value!=None to It is deprecated to
|
||||
return a value that is not None from a test case
|
||||
- Fixes AttributeError when subprocess.check_output() is used
|
||||
with argument input=None and either of the arguments encoding
|
||||
or errors are used.
|
||||
- Fix is_private properties in the ipaddress module. Previously
|
||||
non-private networks (0.0.0.0/0) would return True from this
|
||||
method; now they correctly return False.
|
||||
- Avoid spurious tracebacks from asyncio when default executor
|
||||
cleanup is delayed until after the event loop is closed (e.g.
|
||||
as the result of a keyboard interrupt).
|
||||
- Avoid a crash in the C version of
|
||||
asyncio.Future.remove_done_callback() when an evil argument
|
||||
is passed.
|
||||
- Remove tokenize.NL check from tabnanny.
|
||||
- Fix generation of the default name of
|
||||
tkinter.Checkbutton. Previously, checkbuttons in different
|
||||
parent widgets could have the same short name and share
|
||||
the same state if arguments “name” and “variable” are not
|
||||
specified. Now they are globally unique.
|
||||
- Update bundled libexpat to 2.4.9
|
||||
- Fix race condition in asyncio where process_exited() called
|
||||
before the pipe_data_received() leading to inconsistent
|
||||
output. Patch by Kumar Aditya.
|
||||
- Fixed check in multiprocessing.resource_tracker that
|
||||
guarantees that the length of a write to a pipe is not
|
||||
greater than PIPE_BUF.
|
||||
- Corrected type annotation for dataclass attribute
|
||||
pstats.FunctionProfile.ncalls to be str.
|
||||
- Fix repr of Any subclasses.
|
||||
- Work around missing socket functions in socket’s __repr__.
|
||||
- In inspect, fix overeager replacement of “typing.” in
|
||||
formatting annotations.
|
||||
- Fix handling of bytes path-like objects in os.ismount().
|
||||
- Fix handling compiler warnings (SyntaxWarning and
|
||||
DeprecationWarning) in codeop.compile_command() when checking
|
||||
for incomplete input. Previously it emitted warnings and
|
||||
raised a SyntaxError. Now it always returns None for
|
||||
incomplete input without emitting any warnings.
|
||||
- To avoid apparent memory leaks when asyncio.open_connection()
|
||||
raises, break reference cycles generated by local exception
|
||||
and future instances (which has exception instance as its
|
||||
member var). Patch by Dong Uk, Kang.
|
||||
- Fixed flickering of the turtle window when the tracer is
|
||||
turned off. Patch by Shin-myoung-serp.
|
||||
- Fix asyncio subprocess transport to kill process cleanly
|
||||
when process is blocked and avoid RuntimeError when loop is
|
||||
closed. Patch by Kumar Aditya.
|
||||
- Prevent error when activating venv in nested fish instances.
|
||||
- TarFile.next() now returns None when called on an empty
|
||||
tarfile.
|
||||
- Document the optional callback parameter of WeakMethod. Patch
|
||||
by Géry Ogam.
|
||||
- Restrict use of sockets instead of pipes for stdin of
|
||||
subprocesses created by asyncio to AIX platform only.
|
||||
- shutil.copytree() now applies the ignore_dangling_symlinks
|
||||
argument recursively.
|
||||
- Fix IndexError in argparse.ArgumentParser when a store_true
|
||||
action is given an explicit argument.
|
||||
- Document that calling variadic functions with ctypes requires
|
||||
special care on macOS/arm64 (and possibly other platforms).
|
||||
- Remove extra row
|
||||
- Clarified the conflicting advice given in the ast
|
||||
documentation about ast.literal_eval() being “safe” for use
|
||||
on untrusted input while at the same time warning that it
|
||||
can crash the process. The latter statement is true and is
|
||||
deemed unfixable without a large amount of work unsuitable
|
||||
for a bugfix. So we keep the warning and no longer claim that
|
||||
literal_eval is safe.
|
||||
- Restructured the documentation for the os.wait* family of
|
||||
functions, and improved the docs for os.waitid() with more
|
||||
explanation of the possible argument constants.
|
||||
- Skip test_normalization() of test_unicodedata if it
|
||||
fails to download NormalizationTest.txt file from
|
||||
pythontest.net. Patch by Victor Stinner.
|
||||
- Correct test_marsh on (32 bit) x86: test_deterministic sets
|
||||
was failing.
|
||||
- Optional big memory tests in test_sqlite3 now catch the
|
||||
correct sqlite.DataError exception type in case of too large
|
||||
strings and/or blobs passed.
|
||||
- Fix a bug in the typing tests where a test relying
|
||||
on CPython-specific implementation details was not
|
||||
decorated with @cpython_only and was not skipped on other
|
||||
implementations.
|
||||
- Add tests for star-unpacking with PEP 646, and some other
|
||||
miscellaneous PEP 646 tests.
|
||||
- Added explicit coverage of Py_Initialize (and hence
|
||||
Py_InitializeEx) back to the embedding tests (all other
|
||||
embedding tests migrated to Py_InitializeFromConfig in Python
|
||||
3.11)
|
||||
- Some C API tests were moved into the new Lib/test/test_capi/
|
||||
directory.
|
||||
- Fix -Wimplicit-int, -Wstrict-prototypes, and
|
||||
-Wimplicit-function-declaration compiler warnings in
|
||||
configure checks.
|
||||
- Fix a compilation issue with GCC 12 on macOS.
|
||||
- Fix -Wimplicit-int compiler warning in configure check for
|
||||
PTHREAD_SCOPE_SYSTEM.
|
||||
- Fix a possible fd leak in Programs/_freeze_module.c
|
||||
introduced in Python 3.11.
|
||||
- Fix build with PYTHON_FOR_REGEN=python3.8.
|
||||
- Specify the full path to the source location for make
|
||||
docclean (needed for cross-builds).
|
||||
- Don’t use vendored libmpdec headers if --with-system-libmpdec
|
||||
is passed to configure. Don’t use vendored libexpat headers
|
||||
if --with-system-expat is passed to !configure.
|
||||
- Fix the build process of clang compiler for _bootstrap_python
|
||||
if LTO optimization is applied. Patch by Matthias Görgens and
|
||||
Dong-hee Na.
|
||||
- wasm32-emscripten builds for browsers now include
|
||||
concurrent.futures for asyncio and unittest.mock.
|
||||
- wasm32-emscripten platform no longer builds resource module,
|
||||
getresuid(), getresgid(), and their setters. The APIs are
|
||||
stubs and not functional.
|
||||
- Updated pegen regeneration script on Windows to find and
|
||||
use Python 3.9 or higher. Prior to this, pegen regeneration
|
||||
already required 3.9 or higher, but the script may have used
|
||||
lower versions of Python.
|
||||
- Fix a bug in the previous bugfix that caused IDLE to
|
||||
not start when run with 3.10.8, 3.12.0a1, and at least
|
||||
Microsoft Python 3.10.2288.0 installed without the Lib/test
|
||||
package. 3.11.0 was never affected.
|
||||
- The wasm_build.py script now pre-builds Emscripten ports,
|
||||
checks for broken EMSDK versions, and warns about pkg-config
|
||||
env vars.
|
||||
- The new tool Tools/wasm/wasm_builder.py automates configure,
|
||||
compile, and test steps for building CPython on WebAssembly
|
||||
platforms.
|
||||
- Fix handling of module docstrings in Tools/i18n/pygettext.py.
|
||||
- PyBUF_* constants were marked as part of Limited API
|
||||
of Python 3.11+. These were available in 3.11.0 with
|
||||
Py_LIMITED_API defined for 3.11, and are necessary to use the
|
||||
buffer API.
|
||||
- Fix use-after-free in Py_SetPythonHome(NULL),
|
||||
Py_SetProgramName(NULL) and _Py_SetProgramFullPath(NULL)
|
||||
function calls. Issue reported by Benedikt Reinartz. Patch by
|
||||
Victor Stinner.
|
||||
- Py_InitializeEx now correctly calls PyConfig_Clear after
|
||||
initializing the interpreter (the omission didn’t cause a
|
||||
memory leak only because none of the dynamically allocated
|
||||
config fields are populated by the wrapper function)
|
||||
- Removed upstreamed patches:
|
||||
- 98437-sphinx.locale._-as-gettext-in-pyspecific.patch
|
||||
- CVE-2022-45061-DoS-by-IDNA-decode.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 9 18:31:23 UTC 2022 - Matej Cepl <mcepl@suse.com>
|
||||
|
||||
|
@ -67,7 +67,7 @@ Obsoletes: python39%{?1:-%{1}}
|
||||
%define tarversion %{version}
|
||||
%endif
|
||||
# We don't process beta signs well
|
||||
%define folderversion 3.11.0
|
||||
%define folderversion %{tarversion}
|
||||
%define tarname Python-%{tarversion}
|
||||
%define sitedir %{_libdir}/python%{python_version}
|
||||
# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149
|
||||
@ -103,7 +103,7 @@ Obsoletes: python39%{?1:-%{1}}
|
||||
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
|
||||
%bcond_without profileopt
|
||||
Name: %{python_pkg_name}%{psuffix}
|
||||
Version: 3.11.0
|
||||
Version: 3.11.1
|
||||
Release: 0
|
||||
Summary: Python 3 Interpreter
|
||||
License: Python-2.0
|
||||
@ -166,12 +166,6 @@ Patch35: fix_configure_rst.patch
|
||||
# PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253 mcepl@suse.com
|
||||
# Makes Python resilient to changes of API of libexpat
|
||||
Patch36: support-expat-CVE-2022-25236-patched.patch
|
||||
# PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch gh#python/cpython#98366 mcepl@suse.com
|
||||
# this patch makes things totally awesome
|
||||
Patch37: 98437-sphinx.locale._-as-gettext-in-pyspecific.patch
|
||||
# PATCH-FIX-UPSTREAM CVE-2022-45061-DoS-by-IDNA-decode.patch bsc#1205244 mcepl@suse.com
|
||||
# Avoid DoS by decoding IDNA for too long domain names
|
||||
Patch38: CVE-2022-45061-DoS-by-IDNA-decode.patch
|
||||
BuildRequires: autoconf-archive
|
||||
BuildRequires: automake
|
||||
BuildRequires: fdupes
|
||||
@ -438,8 +432,6 @@ other applications.
|
||||
%endif
|
||||
%patch35 -p1
|
||||
%patch36 -p1
|
||||
%patch37 -p1
|
||||
%patch38 -p1
|
||||
|
||||
# drop Autoconf version requirement
|
||||
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac
|
||||
|
@ -4,7 +4,7 @@
|
||||
|
||||
--- a/Lib/test/test_subprocess.py
|
||||
+++ b/Lib/test/test_subprocess.py
|
||||
@@ -272,7 +272,8 @@ class ProcessTestCase(BaseTestCase):
|
||||
@@ -278,7 +278,8 @@ class ProcessTestCase(BaseTestCase):
|
||||
"time.sleep(3600)"],
|
||||
# Some heavily loaded buildbots (sparc Debian 3.x) require
|
||||
# this much time to start and print.
|
||||
|
Loading…
Reference in New Issue
Block a user