SHA256
1
0

Accepting request 1003848 from devel:languages:python:Factory

- Update to 3.11.0rc2:
  - Converting between int and str in bases other than 2
    (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base
    10 (decimal) now raises a ValueError if the number of digits
    in string form is above a limit to avoid potential denial of
    service attacks due to the algorithmic complexity. This is
    a mitigation for CVE-2020-10735.
    This new limit can be configured or disabled by environment
    variable, command line flag, or sys APIs. See the integer
    string conversion length limitation documentation. The
    default limit is 4300 digits in string form.
  - Fix case of undefined behavior in ceval.c
  - Do not expose KeyWrapper in _functools.
  - Ensure that tracing, sys.setrace(), is turned on
    immediately. In pre-release versions of 3.11, some tracing
    events might have been lost when turning on tracing in a
    __del__ method or interrupt.
  - Fix use after free in trace refs build mode. Patch by Kumar
    Aditya.
  - When loading a file with invalid UTF-8 inside a multi-line
    string, a correct SyntaxError is emitted.
  - Make sure that incomplete frames do not show up in
    tracemalloc traces.
  - Remove two cases of undefined behavior, by adding NULL
    checks.
  - Fix possible NULL pointer dereference in
    _PyThread_CurrentFrames. Patch by Kumar Aditya.
  - Fix AttributeError missing name and obj attributes in
    object.__getattribute__(). Patch by Philip Georgi.
  - Loading a file with invalid UTF-8 will now report the broken
    character at the correct location.
  - Fixed a bug that caused _PyCode_GetExtra to return garbage
    for negative indexes. Patch by Pablo Galindo
  - Fix a deadlock in PyGILState_Ensure() when allocating new
    thread state. Patch by Kumar Aditya.
  - PyType_Ready() now initializes ht_cached_keys and performs
    additional checks to ensure that type objects are properly
    configured. This avoids crashes in 3rd party packages that
    don’t use regular API to create new types.
  - Skip over incomplete frames in PyThreadState_GetFrame().
  - Fix format string in _PyPegen_raise_error_known_location that
    can lead to memory corruption on some 64bit systems. The
    function was building a tuple with i (int) instead of n
    (Py_ssize_t) for Py_ssize_t arguments.
  - Fix misleading contents of error message when converting an
    all-whitespace string to float.
  - ast.parse() will no longer parse function definitions with
    positional-only params when passed feature_version less than
    (3, 8). Patch by Shantanu Jain.
  - Fix incorrect error message in the io module.
  - Fix the faulthandler implementation of
    faulthandler.register(signal, chain=True) if the sigaction()
    function is not available: don’t call the previous signal
    handler if it’s NULL. Patch by Victor Stinner.
  - Correct conversion of numbers.Rational’s to float.
  - Fix TypeVarTuple.__typing_prepare_subst__. TypeError was not
    raised when using more than one TypeVarTuple, like [*T, *V]
    in type alias substitutions.
  - Fix asyncio.streams.StreamReaderProtocol to keep a strong
    reference to the created task, so that it’s not garbage
    collected
  - Fix a performance regression in logging
    TimedRotatingFileHandler. Only check for special files when
    the rollover time has passed.
  - Fix unused localName parameter in the Attr class in
    xml.dom.minidom.
  - Fix incorrect condition that causes sys.thread_info.name to
    be wrong on pthread platforms.
  - Remove an incompatible change from bpo-28080 that caused a
    regression that ignored the utf8 in ZipInfo.flag_bits. Patch
    by Pablo Galindo.
  - Fix asyncio.Runner to call asyncio.set_event_loop() only
    once to avoid calling attach_loop() multiple times on child
    watchers. Patch by Kumar Aditya.
  - Fix unittest.IsolatedAsyncioTestCase to set event loop before
    calling setup functions. Patch by Kumar Aditya.
  - When a task catches asyncio.CancelledError and raises some
    other error, the other error should generally not silently be
    suppressed.
  - Fail gracefully if EPERM or ENOSYS is raised when loading
    crypt methods. This may happen when trying to load MD5 on a
    Linux kernel with FIPS enabled.
  - Allow asyncio.StreamWriter.drain() to be awaited concurrently
    by multiple tasks. Patch by Kumar Aditya.
  - Fix ast.unparse() when ImportFrom.level is None
  - Improve discoverability of the higher level
    concurrent.futures module by providing clearer links from the
    lower level threading and multiprocessing modules.
  - What’s New 3.11 now has instructions for how to provide
    compiler and linker flags for Tcl/Tk and OpenSSL on RHEL 7
    and CentOS 7.
  - Mitigate the inherent race condition from using
    find_unused_port() in testSockName() by trying to find an
    unused port a few times before failing. Patch by Ross Burton.
  - Build and test with OpenSSL 1.1.1q
- Use support-expat-CVE-2022-25236-patched.patch from the current
  version of gh#python/cpython#93900 instead of the old
  support-expat-245.patch.
- Reapply fix_configure_rst.patch.

OBS-URL: https://build.opensuse.org/request/show/1003848
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python311?expand=0&rev=8
This commit is contained in:
Dominique Leuenberger 2022-09-15 20:59:58 +00:00 committed by Git OBS Bridge
commit 6f939f9b60
8 changed files with 157 additions and 54 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:53a5377c37a8a2c6da075b14eb9d63374579f7f3c718fa20f0a1fbb0e94a922b
size 19815524

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmLtMGcACgkQ/+h0BBaL
2Eeirw//ZSjlvrUAouGGLbWal2CnJ8qmR7eAuSQQpwftmj++JhiQfKfIoWH8WYn9
FTYVcVD/seXKGUK+ydj8ZDRoSA59sS+zVNnca/BaxPeqScZVbFTOB/o1tlE5g4h+
WxSCRXfYmkIqXag3ZOZ/A+EXjgfAl/DrYtYKAafjH2nF9R9j4+w8YZ/ENELQ8Fd5
thHyxNPDFeTK56ClR2QIZHdqCZHHNk1sO+FaB1Na/uZ5dD7snc+T7CjN1/Dlcs75
oye5HAU35FHxV5nzk8uieatwW0q6/BtFWE3g8LbxECPRbLCo6bBySj2TA2LuwroR
fhn+r093y6NIJBLPIYjpFl5HlDnxDyOvFvKrJ1hZI9DC9VHPyeYP9hzHYQ2yBMwx
SD3djAPVJnwESM25MdZ5oaYrQu8e13+zA2l6Hnk5tsIjPI6CelO/xyPdWeSzBQEg
SaJke+QakoLXKoBSJhkIskwhCX6m+vmoiZFFSpemr3k13e3jTObyDRilh8eGkQtN
EFNp2KPBn8NM7udBNI4zxGr6kviEt4R+8nfQ2VmdnlU2XIMW7pwMfoPmWI1yXpl2
JNo9o9EbeuawY7I/j+ryHV40b2wx9UA8DXHJg0iTiQT2IMvwPy18eiQJoVg4nJqH
tH6/zUw2yqFd9G7/uoYcGhk5PlalrZO7Ufeb/vUEUqvrISYu2QE=
=jjd6
-----END PGP SIGNATURE-----

3
Python-3.11.0rc2.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:25b35cc7d82c5ad34d867b179a1c1695d129be5ed14a21e46b6b7f2350a8b490
size 19828340

View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmMeOSQACgkQ/+h0BBaL
2EcrTA//USzDkebYcAJ1jcb1diiV9JJd7Znm4l7rwb/TKimY82gN1ev9R1/fkmOk
KaRhn5Ss23lm5IdwbJNL1dhrx9DdtsW3oBzaT+pchSVXu0qVokQ0XFVvWzEqwiit
2K6JOlcVyMV8QnBBJPAC+/HN1pjZGQESk/HoP7ESqQUytRkieddjO/cnJ/m36oMJ
YUVoHS1sQVrRHQU3C1RSZ+DF1sdCjzy1ZxfKMVz73gBjLRQ5MiWYIp7ryDtNMZ7F
Ws8m+5WXVhWE2hniMvCVDN25vHIan+9l4hjT01kLh7Ei/QJ6t2GrOtHagMDhFcS1
Lhq/7flMGpLjhpNNtzAXSPhMZDDxIpyIZu4XwxmQAXFkhCm6H2RBo6OrGWDaOT+V
6kfVCUky+v7oKHs19xm+UilNBIzd4DMNKP2Q9MYcqnR+aI/ggMG7k7KZ3gpPKrQI
x8u6PGFl9vUsRHiUxXYuIM+FO9LAYIFskpWy/CW7fZ29iAkeMjRzhcyS/A8exaae
YA+z4dqgnYLQqMUX3aK3kzAreKAncFkYdNmnv7YMUUSM5J5fvIN2bG/oJ2oti0sk
o1WhVr3ygizeqAOhw0bd2N84xqee+ky18fl+FkauyzEPh7vdI+OQWrBAuJF7YZKR
sHTSxdzPBjaXijLXriZIo1YRXc7N7jd05Cq8R95dzxC9BZjOOfI=
=KvNZ
-----END PGP SIGNATURE-----

View File

@ -29,7 +29,7 @@
Create a Python.framework rather than a traditional Unix install. Optional Create a Python.framework rather than a traditional Unix install. Optional
--- a/Misc/NEWS --- a/Misc/NEWS
+++ b/Misc/NEWS +++ b/Misc/NEWS
@@ -6464,7 +6464,7 @@ C API @@ -6636,7 +6636,7 @@ C API
- bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API.
- bpo-43795: The list in :ref:`stable-abi-list` now shows the public name - bpo-43795: The list in :ref:`stable-abi-list` now shows the public name

View File

@ -1,3 +1,106 @@
-------------------------------------------------------------------
Thu Sep 15 08:43:07 UTC 2022 - Matej Cepl <mcepl@suse.com>
- Update to 3.11.0rc2:
- Converting between int and str in bases other than 2
(binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base
10 (decimal) now raises a ValueError if the number of digits
in string form is above a limit to avoid potential denial of
service attacks due to the algorithmic complexity. This is
a mitigation for CVE-2020-10735.
This new limit can be configured or disabled by environment
variable, command line flag, or sys APIs. See the integer
string conversion length limitation documentation. The
default limit is 4300 digits in string form.
- Fix case of undefined behavior in ceval.c
- Do not expose KeyWrapper in _functools.
- Ensure that tracing, sys.setrace(), is turned on
immediately. In pre-release versions of 3.11, some tracing
events might have been lost when turning on tracing in a
__del__ method or interrupt.
- Fix use after free in trace refs build mode. Patch by Kumar
Aditya.
- When loading a file with invalid UTF-8 inside a multi-line
string, a correct SyntaxError is emitted.
- Make sure that incomplete frames do not show up in
tracemalloc traces.
- Remove two cases of undefined behavior, by adding NULL
checks.
- Fix possible NULL pointer dereference in
_PyThread_CurrentFrames. Patch by Kumar Aditya.
- Fix AttributeError missing name and obj attributes in
object.__getattribute__(). Patch by Philip Georgi.
- Loading a file with invalid UTF-8 will now report the broken
character at the correct location.
- Fixed a bug that caused _PyCode_GetExtra to return garbage
for negative indexes. Patch by Pablo Galindo
- Fix a deadlock in PyGILState_Ensure() when allocating new
thread state. Patch by Kumar Aditya.
- PyType_Ready() now initializes ht_cached_keys and performs
additional checks to ensure that type objects are properly
configured. This avoids crashes in 3rd party packages that
dont use regular API to create new types.
- Skip over incomplete frames in PyThreadState_GetFrame().
- Fix format string in _PyPegen_raise_error_known_location that
can lead to memory corruption on some 64bit systems. The
function was building a tuple with i (int) instead of n
(Py_ssize_t) for Py_ssize_t arguments.
- Fix misleading contents of error message when converting an
all-whitespace string to float.
- ast.parse() will no longer parse function definitions with
positional-only params when passed feature_version less than
(3, 8). Patch by Shantanu Jain.
- Fix incorrect error message in the io module.
- Fix the faulthandler implementation of
faulthandler.register(signal, chain=True) if the sigaction()
function is not available: dont call the previous signal
handler if its NULL. Patch by Victor Stinner.
- Correct conversion of numbers.Rationals to float.
- Fix TypeVarTuple.__typing_prepare_subst__. TypeError was not
raised when using more than one TypeVarTuple, like [*T, *V]
in type alias substitutions.
- Fix asyncio.streams.StreamReaderProtocol to keep a strong
reference to the created task, so that its not garbage
collected
- Fix a performance regression in logging
TimedRotatingFileHandler. Only check for special files when
the rollover time has passed.
- Fix unused localName parameter in the Attr class in
xml.dom.minidom.
- Fix incorrect condition that causes sys.thread_info.name to
be wrong on pthread platforms.
- Remove an incompatible change from bpo-28080 that caused a
regression that ignored the utf8 in ZipInfo.flag_bits. Patch
by Pablo Galindo.
- Fix asyncio.Runner to call asyncio.set_event_loop() only
once to avoid calling attach_loop() multiple times on child
watchers. Patch by Kumar Aditya.
- Fix unittest.IsolatedAsyncioTestCase to set event loop before
calling setup functions. Patch by Kumar Aditya.
- When a task catches asyncio.CancelledError and raises some
other error, the other error should generally not silently be
suppressed.
- Fail gracefully if EPERM or ENOSYS is raised when loading
crypt methods. This may happen when trying to load MD5 on a
Linux kernel with FIPS enabled.
- Allow asyncio.StreamWriter.drain() to be awaited concurrently
by multiple tasks. Patch by Kumar Aditya.
- Fix ast.unparse() when ImportFrom.level is None
- Improve discoverability of the higher level
concurrent.futures module by providing clearer links from the
lower level threading and multiprocessing modules.
- Whats New 3.11 now has instructions for how to provide
compiler and linker flags for Tcl/Tk and OpenSSL on RHEL 7
and CentOS 7.
- Mitigate the inherent race condition from using
find_unused_port() in testSockName() by trying to find an
unused port a few times before failing. Patch by Ross Burton.
- Build and test with OpenSSL 1.1.1q
- Use support-expat-CVE-2022-25236-patched.patch from the current
version of gh#python/cpython#93900 instead of the old
support-expat-245.patch.
- Reapply fix_configure_rst.patch.
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Sep 5 08:43:49 UTC 2022 - Andreas Schwab <schwab@suse.de> Mon Sep 5 08:43:49 UTC 2022 - Andreas Schwab <schwab@suse.de>

View File

@ -103,7 +103,7 @@ Obsoletes: python39%{?1:-%{1}}
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
%bcond_without profileopt %bcond_without profileopt
Name: %{python_pkg_name}%{psuffix} Name: %{python_pkg_name}%{psuffix}
Version: 3.11.0rc1 Version: 3.11.0rc2
Release: 0 Release: 0
Summary: Python 3 Interpreter Summary: Python 3 Interpreter
License: Python-2.0 License: Python-2.0
@ -163,9 +163,9 @@ Patch34: skip-test_pyobject_freed_is_freed.patch
# PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com # PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com
# remove duplicate link targets and make documentation with old Sphinx in SLE # remove duplicate link targets and make documentation with old Sphinx in SLE
Patch35: fix_configure_rst.patch Patch35: fix_configure_rst.patch
# PATCH-FIX-UPSTREAM support-expat-245.patch jsc#SLE-21253 mcepl@suse.com # PATCH-FIX-UPSTREAM support-expat-CVE-2022-25236-patched.patch jsc#SLE-21253 mcepl@suse.com
# Makes Python resilient to changes of API of libexpat # Makes Python resilient to changes of API of libexpat
Patch36: support-expat-245.patch Patch36: support-expat-CVE-2022-25236-patched.patch
BuildRequires: autoconf-archive BuildRequires: autoconf-archive
BuildRequires: automake BuildRequires: automake
BuildRequires: fdupes BuildRequires: fdupes

View File

@ -1,9 +1,9 @@
From d4f5bb912e67299b59b814b89a5afd9a8821a14e Mon Sep 17 00:00:00 2001 From 7da97f61816f3cadaa6788804b22a2434b40e8c5 Mon Sep 17 00:00:00 2001
From: "Miss Islington (bot)" From: "Miss Islington (bot)"
<31488909+miss-islington@users.noreply.github.com> <31488909+miss-islington@users.noreply.github.com>
Date: Mon, 21 Feb 2022 11:03:08 -0800 Date: Mon, 21 Feb 2022 08:16:09 -0800
Subject: [PATCH] bpo-46811: Make test suite support Expat >=2.4.5 (GH-31453) Subject: [PATCH] bpo-46811: Make test suite support Expat >=2.4.5 (GH-31453)
(GH-31471) (GH-31472)
Curly brackets were never allowed in namespace URIs Curly brackets were never allowed in namespace URIs
according to RFC 3986, and so-called namespace-validating according to RFC 3986, and so-called namespace-validating
@ -23,53 +23,53 @@ Also, test_minidom.py: Support Expat >=2.4.5
Co-authored-by: Sebastian Pipping <sebastian@pipping.org> Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
--- ---
Lib/test/test_minidom.py | 13 ++++------ Lib/test/test_minidom.py | 23 +++++++++--------------
Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst | 1 1 file changed, 9 insertions(+), 14 deletions(-)
2 files changed, 7 insertions(+), 7 deletions(-)
create mode 100644 Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst create mode 100644 Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst
--- a/Lib/test/test_minidom.py --- a/Lib/test/test_minidom.py
+++ b/Lib/test/test_minidom.py +++ b/Lib/test/test_minidom.py
@@ -6,12 +6,11 @@ import io @@ -6,7 +6,6 @@ import io
from test import support from test import support
import unittest import unittest
-import pyexpat -import pyexpat
+import xml.parsers.expat
import xml.dom.minidom import xml.dom.minidom
from xml.dom.minidom import parse, Node, Document, parseString from xml.dom.minidom import parse, Attr, Node, Document, parseString
from xml.dom.minidom import getDOMImplementation @@ -1163,13 +1162,11 @@ class MinidomTest(unittest.TestCase):
-from xml.parsers.expat import ExpatError
tstfile = support.findfile("test.xml", subdir="xmltestdata")
@@ -1149,10 +1148,10 @@ class MinidomTest(unittest.TestCase):
# Verify that character decoding errors raise exceptions instead # Verify that character decoding errors raise exceptions instead
# of crashing # of crashing
- if pyexpat.version_info >= (2, 4, 5): - if pyexpat.version_info >= (2, 4, 5):
- self.assertRaises(ExpatError, parseString, - self.assertRaises(ExpatError, parseString,
+ if xml.parsers.expat.version_info >= (2, 4, 4): - b'<fran\xe7ais></fran\xe7ais>')
+ self.assertRaises(xml.parsers.expat.ExpatError, parseString,
b'<fran\xe7ais></fran\xe7ais>')
- self.assertRaises(ExpatError, parseString, - self.assertRaises(ExpatError, parseString,
+ self.assertRaises(xml.parsers.expat.ExpatError, parseString, - b'<franais>Comment \xe7a va ? Tr\xe8s bien ?</franais>')
b'<franais>Comment \xe7a va ? Tr\xe8s bien ?</franais>') - else:
else: - self.assertRaises(UnicodeDecodeError, parseString,
self.assertRaises(UnicodeDecodeError, parseString, + # It doesnt make any sense to insist on the exact text of the
@@ -1617,8 +1616,8 @@ class MinidomTest(unittest.TestCase): + # error message, or even the exact Exception … it is enough that
+ # the error has been discovered.
+ with self.assertRaises((UnicodeDecodeError, ExpatError)):
+ parseString(
b'<fran\xe7ais>Comment \xe7a va ? Tr\xe8s bien ?</fran\xe7ais>')
doc.unlink()
@@ -1631,12 +1628,10 @@ class MinidomTest(unittest.TestCase):
self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE)
def testExceptionOnSpacesInXMLNSValue(self): def testExceptionOnSpacesInXMLNSValue(self):
- if pyexpat.version_info >= (2, 4, 5): - if pyexpat.version_info >= (2, 4, 5):
- context = self.assertRaisesRegex(ExpatError, 'syntax error') - context = self.assertRaisesRegex(ExpatError, 'syntax error')
+ if xml.parsers.expat.version_info >= (2, 4, 4): - else:
+ context = self.assertRaisesRegex(xml.parsers.expat.ExpatError, 'syntax error') - context = self.assertRaisesRegex(ValueError, 'Unsupported syntax')
else: -
context = self.assertRaisesRegex(ValueError, 'Unsupported syntax') - with context:
+ # It doesnt make any sense to insist on the exact text of the
+ # error message, or even the exact Exception … it is enough that
+ # the error has been discovered.
+ with self.assertRaises((ExpatError, ValueError)):
parseString('<element xmlns:abc="http:abc.com/de f g/hi/j k"><abc:foo /></element>')
--- /dev/null def testDocRemoveChild(self):
+++ b/Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst
@@ -0,0 +1 @@
+Make test suite support Expat >=2.4.5