SHA256
1
0
Commit Graph

8 Commits

Author SHA256 Message Date
a7d54cb5c3 Accepting request 1145174 from home:dgarcia:branches:devel:languages:python:Factory
- Update to 3.11.8:
  - Security
    - gh-113659: Skip .pth files with names starting with a dot or
      hidden file attribute.
  - Core and Builtins
    - gh-114887: Changed socket type validation in
      create_datagram_endpoint() to accept all non-stream sockets.
      This fixes a regression in compatibility with raw sockets.
    - gh-114388: Fix a RuntimeWarning emitted when assign an
      integer-like value that is not an instance of int to an
      attribute that corresponds to a C struct member of type T_UINT
      and T_ULONG. Fix a double RuntimeWarning emitted when assign a
      negative integer value to an attribute that corresponds to a C
      struct member of type T_UINT.
    - gh-89811: Check for a valid tp_version_tag before performing
      bytecode specializations that rely on this value being usable.
    - gh-113602: Fix an error that was causing the parser to try to
      overwrite existing errors and crashing in the process. Patch by
      Pablo Galindo
    - gh-113566: Fix a 3.11-specific crash when the repr of a Future
      is requested after the module has already been
      garbage-collected.
    - gh-106905: Use per AST-parser state rather than global state to
      track recursion depth within the AST parser to prevent potential
      race condition due to simultaneous parsing.
    - The issue primarily showed up in 3.11 by multithreaded users of
      ast.parse(). In 3.12 a change to when garbage collection can be
      triggered prevented the race condition from occurring.
    - gh-112716: Fix SystemError in the import statement and in
      __reduce__() methods of builtin types when __builtins__ is not a
      dict.
    - gh-105967: Workaround a bug in Apple’s macOS platform zlib
      library where zlib.crc32() and binascii.crc32() could produce
      incorrect results on multi-gigabyte inputs. Including when using
      zipfile on zips containing large data.
    - gh-94606: Fix UnicodeEncodeError when
      email.message.get_payload() reads a message with a Unicode
      surrogate character and the message content is not well-formed
      for surrogateescape encoding. Patch by Sidney Markowitz.
  - Library
    - gh-114965: Update bundled pip to 24.0
    - gh-114959: tarfile no longer ignores errors when trying to
      extract a directory on top of a file.
    - gh-109475: Fix support of explicit option value “–” in argparse
      (e.g. --option=--).
    - gh-110190: Fix ctypes structs with array on Windows ARM64
      platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by
      Diego Russo
    - gh-113280: Fix a leak of open socket in rare cases when error
      occurred in ssl.SSLSocket creation.
    - gh-77749: email.policy.EmailPolicy.fold() now always encodes
      non-ASCII characters in headers if utf8 is false.
    - gh-114492: Make the result of termios.tcgetattr() reproducible
      on Alpine Linux. Previously it could leave a random garbage in
      some fields.
    - gh-75128: Ignore an OSError in
      asyncio.BaseEventLoop.create_server() when IPv6 is available but
      the interface cannot actually support it.
    - gh-114257: Dismiss the FileNotFound error in
      ctypes.util.find_library() and just return None on Linux.
    - gh-101438: Avoid reference cycle in ElementTree.iterparse. The
      iterator returned by ElementTree.iterparse may hold on to a file
      descriptor. The reference cycle prevented prompt clean-up of the
      file descriptor if the returned iterator was not exhausted.
    - gh-104522: OSError raised when run a subprocess now only has
      filename attribute set to cwd if the error was caused by a
      failed attempt to change the current directory.
    - gh-109534: Fix a reference leak in
      asyncio.selector_events.BaseSelectorEventLoop when SSL
      handshakes fail. Patch contributed by Jamie Phan.
    - gh-114077: Fix possible OverflowError in
      socket.socket.sendfile() when pass count larger than 2 GiB on
      32-bit platform.
    - gh-114014: Fixed a bug in fractions.Fraction where an invalid
      string using d in the decimals part creates a different error
      compared to other invalid letters/characters. Patch by Jeremiah
      Gabriel Pascual.
    - gh-113951: Fix the behavior of tag_unbind() methods of
      tkinter.Text and tkinter.Canvas classes with three arguments.
      Previously, widget.tag_unbind(tag, sequence, funcid) destroyed
      the current binding for sequence, leaving sequence unbound, and
      deleted the funcid command. Now it removes only funcid from the
      binding for sequence, keeping other commands, and deletes the
      funcid command. It leaves sequence unbound only if funcid was
      the last bound command.
    - gh-113877: Fix tkinter method winfo_pathname() on 64-bit
      Windows.
    - gh-113781: Silence unraisable AttributeError when warnings are
      emitted during Python finalization.
    - gh-113594: Fix UnicodeEncodeError in email when re-fold lines
      that contain unknown-8bit encoded part followed by
      non-unknown-8bit encoded part.
    - gh-113538: In asyncio.StreamReaderProtocol.connection_made(),
      there is callback that logs an error if the task wrapping the
      “connected callback” fails. This callback would itself fail if
      the task was cancelled. Prevent this by checking whether the
      task was cancelled first. If so, close the transport but don’t
      log an error.
    - gh-85567: Fix resource warnings for unclosed files in pickle and
      pickletools command line interfaces.
    - gh-101225: Increase the backlog for
      multiprocessing.connection.Listener objects created by
      multiprocessing.manager and multiprocessing.resource_sharer to
      significantly reduce the risk of getting a connection refused
      error when creating a multiprocessing.connection.Connection to
      them.
    - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends
      webbrowser.open audit event.
    - gh-113028: When a second reference to a string appears in the
      input to pickle, and the Python implementation is in use, we are
      guaranteed that a single copy gets pickled and a single object
      is shared when reloaded. Previously, in protocol 0, when a
      string contained certain characters (e.g. newline) it resulted
      in duplicate objects.
    - gh-113421: Fix multiprocessing logger for %(filename)s.
    - gh-113358: Fix rendering tracebacks for exceptions with a broken
      __getattr__.
    - gh-113214: Fix an AttributeError during asyncio SSL protocol
      aborts in SSL-over-SSL scenarios.
    - gh-113246: Update bundled pip to 23.3.2.
    - gh-113199: Make http.client.HTTPResponse.read1 and
      http.client.HTTPResponse.readline close IO after reading all
      data when content length is known. Patch by Illia Volochii.
    - gh-113188: Fix shutil.copymode() and shutil.copystat() on
      Windows. Previously they worked differenly if dst is a symbolic
      link: they modified the permission bits of dst itself rather
      than the file it points to if follow_symlinks is true or src is
      not a symbolic link, and did not modify the permission bits if
      follow_symlinks is false and src is a symbolic link.
    - gh-61648: Detect line numbers of properties in doctests.
    - gh-112559: signal.signal() and signal.getsignal() no longer call
      repr on callable handlers. asyncio.run() and
      asyncio.Runner.run() no longer call repr on the task results.
      Patch by Yilei Yang.
    - gh-110190: Fix ctypes structs with array on PPC64LE platform by
      setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo.
    - gh-79429: Ignore FileNotFoundError when remove a temporary
      directory in the multiprocessing finalizer.
    - gh-79325: Fix an infinite recursion error in
      tempfile.TemporaryDirectory() cleanup on Windows.
    - gh-110190: Fix ctypes structs with array on Arm platform by
      setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo.
    - gh-81194: Fix a crash in socket.if_indextoname() with specific
      value (UINT_MAX). Fix an integer overflow in
      socket.if_indextoname() on 64-bit non-Windows platforms.
    - gh-75666: Fix the behavior of tkinter widget’s unbind() method
      with two arguments. Previously, widget.unbind(sequence, funcid)
      destroyed the current binding for sequence, leaving sequence
      unbound, and deleted the funcid command. Now it removes only
      funcid from the binding for sequence, keeping other commands,
      and deletes the funcid command. It leaves sequence unbound only
      if funcid was the last bound command.
    - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in
      tkinter._test().
    - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now
      raises BadZipFile when try to read an entry that overlaps with
      other entry or central directory.
    - gh-38807: Fix race condition in trace. Instead of checking if a
      directory exists and creating it, directly call os.makedirs()
      with the kwarg exist_ok=True.
    - gh-75705: Set unixfrom envelope in mailbox.mbox and
      mailbox.MMDF.
    - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure
      when the system endianness is the opposite of the classes.
    - gh-104282: Fix null pointer dereference in
      lzma._decode_filter_properties() due to improper handling of BCJ
      filters with properties of zero length. Patch by Radislav
      Chugunov.
    - gh-102512: When os.fork() is called from a foreign thread (aka
      _DummyThread), the type of the thread in a child process is
      changed to _MainThread. Also changed its name and daemonic
      status, it can be now joined.
    - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup,
      which now no longer dereferences symlinks when working around
      file system permission errors.
    - bpo-43153: On Windows, tempfile.TemporaryDirectory previously
      masked a PermissionError with NotADirectoryError during
      directory cleanup. It now correctly raises PermissionError if
      errors are not ignored. Patch by Andrei Kulakov and Ken Jin.
    - bpo-35332: The shutil.rmtree() function now ignores errors when
      calling os.close() when ignore_errors is True, and os.close() no
      longer retried after error.
    - bpo-35928: io.TextIOWrapper now correctly handles the decoding
      buffer after read() and write().
    - bpo-26791: shutil.move() now moves a symlink into a directory
      when that directory is the target of the symlink. This provides
      the same behavior as the mv shell command. The previous behavior
      raised an exception. Patch by Jeffrey Kintscher.
    - bpo-36959: Fix some error messages for invalid ISO format string
      combinations in strptime() that referred to directives not
      contained in the format string. Patch by Gordon P. Hemsley.
    - bpo-18060: Fixed a class inheritance issue that can cause
      segfaults when deriving two or more levels of subclasses from a
      base class of Structure or Union.
  - Documentation
    - gh-110746: Improved markup for valid options/values for methods
      ttk.treeview.column and ttk.treeview.heading, and for Layouts.
    - gh-95649: Document that the asyncio module contains code taken
      from v0.16.0 of the uvloop project, as well as the required MIT
      licensing information.
  - Tests
    - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS,
      where system tar can include more information in the archive
      than shutil.make_archive.
    - gh-112769: The tests now correctly compare zlib version when
      zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For
      example zlib-ng defines the version as 1.3.0.zlib-ng.
    - gh-105089: Fix
      test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write
      test in AIX by doing a bitwise AND of 0xFFFF on mode , so that
      it will be in sync with zinfo.external_attr
    - bpo-40648: Test modes that file can get with chmod() on Windows.
  - Build
    - gh-101778: Fix build error when there’s a dangling symlink in
      the directory containing ffi.h.
    - gh-112305: Fixed the check-clean-src step performed on out of
      tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h
      files and recommend appropriate source tree cleanup steps to get
      a working build again.
    - bpo-11102: The os.major(), os.makedev(), and os.minor()
      functions are now available on HP-UX v3.
    - bpo-36351: Do not set ipv6type when cross-compiling.
  - IDLE
    - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and
      ‘object’.
    - gh-72284: Improve the lists of features, editor key bindings,
      and shell key bingings in the IDLE doc.
    - gh-113903: Fix rare failure of test.test_idle, in
      test_configdialog.
    - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and
      3.12.1.
    - gh-113269: Fix test_editor hang on macOS Catalina.
    - gh-112898: Fix processing unsaved files when quitting IDLE on
      macOS.
    - gh-103820: Revise IDLE bindings so that events from mouse button
      4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not
      mistaken for scrolling.
    - bpo-13586: Enter the selected text when opening the “Replace”
      dialog.
  - Tools/Demos
    - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and
      multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1.
    - gh-115015: Fix a bug in Argument Clinic that generated incorrect
      code for methods with no parameters that use the METH_METHOD |
      METH_FASTCALL | METH_KEYWORDS calling convention. Only the
      positional parameter count was checked; any keyword argument
      passed would be silently accepted.
- Refresh all patches:
  - CVE-2023-27043-email-parsing-errors.patch
  - F00251-change-user-install-location.patch
  - bpo-31046_ensurepip_honours_prefix.patch
  - distutils-reproducible-compile.patch
  - fix_configure_rst.patch
  - python-3.3.0b1-fix_date_time_compiler.patch
  - python-3.3.0b1-localpath.patch
  - python-3.3.0b1-test-posix_fadvise.patch
  - skip_if_buildbot-extend.patch
  - subprocess-raise-timeout.patch
  - support-expat-CVE-2022-25236-patched.patch

OBS-URL: https://build.opensuse.org/request/show/1145174
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=99
2024-02-08 12:49:59 +00:00
dbc72d69e1 Accepting request 1126597 from home:dgarcia:branches:devel:languages:python:Factory
- Remove not needed patch 103213-fetch-CONFIG_ARGS.patch
- Refresh patches:
  - bpo-31046_ensurepip_honours_prefix.patch
  - fix_configure_rst.patch
- Update to 3.11.6:
  - Core and Builtins
    - gh-109351: Fix crash when compiling an invalid AST involving a
      named (walrus) expression.
    - gh-109207: Fix a SystemError in __repr__ of symtable entry
      object.
    - gh-109179: Fix bug where the C traceback display drops notes
      from SyntaxError.
    - gh-88943: Improve syntax error for non-ASCII character that
      follows a numerical literal. It now points on the invalid
      non-ASCII character, not on the valid numerical literal.
    - gh-108959: Fix caret placement for error locations for subscript
      and binary operations that involve non-semantic parentheses and
      spaces. Patch by Pablo Galindo
    - gh-108520: Fix
      multiprocessing.synchronize.SemLock.__setstate__() to properly
      initialize multiprocessing.synchronize.SemLock._is_fork_ctx.
      This fixes a regression when passing a SemLock accross nested
      processes.
    - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to
      multiprocessing.synchronize.SemLock._is_fork_ctx to avoid
      exposing it as public API.
  - Library
    - gh-110036: On Windows, multiprocessing Popen.terminate() now
      catchs PermissionError and get the process exit code. If the
      process is still running, raise again the PermissionError.

OBS-URL: https://build.opensuse.org/request/show/1126597
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=87
2023-11-15 12:57:57 +00:00
6c436c7abc - Update to 3.11.1:
- python -m http.server no longer allows terminal control
    characters sent within a garbage request to be printed
    to the stderr server lo This is done by changing the
    http.server BaseHTTPRequestHandler .log_message method to
    replace control characters with a \xHH hex escape before
    printin
  - Avoid publishing list of active per-interpreter audit hooks
    via the gc module
  - The IDNA codec decoder used on DNS hostnames by socket or
    asyncio related name resolution functions no longer involves
    a quadratic algorithm. This prevents a potential CPU denial
    of service if an out-of-spec excessive length hostname
    involving bidirectional characters were decoded. Some
    protocols such as urllib http 3xx redirects potentially allow
    for an attacker to supply such a name (CVE-2022-45061).
  - Update bundled libexpat to 2.5.0
  - Fix a shell code injection vulnerability in the
    get-remote-certificate.py example script. The script no
    longer uses a shell to run openssl commands. Issue reported
    and initial fix by Caleb Shortt. Patch by Victor Stinner.
  - Fix a crash when an object which does not have a dictionary
    frees its instance values.
  - Fix a bug in the tokenizer that could cause infinite
    recursion when showing syntax warnings that happen in the
    first line of the source. Patch by Pablo Galindo
  - Fix an issue that could cause frames to be visible to Python
    code as they are being torn down, possibly leading to memory
    corruption or hard crashes of the interpreter.
  - Fix a reference bug in _imp.create_builtin() after the

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=40
2022-12-08 15:05:06 +00:00
93d3c08eeb - Update to 3.11.0rc1:
- Core and Builtins
    - Update code object hashing and equality to consider all
      debugging and exception handling tables. This fixes an
      issue where certain non-identical code objects could be
      “deduplicated” during compilation.
    - _PyPegen_Parser_New now properly detects token memory
      allocation errors. Patch by Honglin Zhu.
    - Run Python code in tracer/profiler function at full
      speed. Fixes slowdown in earlier versions of 3.11.
    - Emit a warning in debug mode if an object does not call
      PyObject_GC_UnTrack() before deallocation. Patch by Pablo
      Galindo.
    - Prevented crashes in the AST constructor when
      compiling some absurdly long expressions like
      "+0"*1000000. RecursionError is now raised instead. Patch
      by Pablo Galindo
    - ast.AST node positions are now validated when provided to
      compile() and other related functions. If invalid positions
      are detected, a ValueError will be raised.
    - Fix error detection in some builtin functions when keyword
      argument name is an instance of a str subclass with
      overloaded __eq__ and __hash__. Previously it could cause
      SystemError or other undesired behavior.
  - Library
    - Update bundled pip to 22.2.2.
    - Fix asyncio.TaskGroup to propagate exception when
      asyncio.CancelledError was replaced with another exception
      by a context manger. Patch by Kumar Aditya and Guido van
      Rossum.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=27
2022-08-20 14:25:45 +00:00
6af5b9f2b3 - Update to 3.11.0b4:
- Fixes many bugs and adds following more significant changes
- Security
  - gh-68966: The deprecated mailcap module now refuses to inject
    Coreunsafe text (filenames, MIME types, parameters) into
    shell Corecommands. Instead of using such text, it will
    warn and act Coreas if a match was not found (or for test
    commands, as if the Coretest failed). and Builtins
  - gh-93516: Lazily create a table mapping bytecode offsets to
    line numbers to speed up calculation of line numbers when
    tracing.
  - gh-93461: importlib.invalidate_caches() now drops entries
    from sys.path_importer_cache with a relative path as
    name. This solves a caching issue when a process changes its
    current working directory.
  - FileFinder no longer inserts a dot in the path, e.g.
    /egg/./spam is now /egg/spam.
Library
  - gh-93896: Fix asyncio.run() and
    unittest.IsolatedAsyncioTestCase to always the set event loop
    as it was done in Python 3.10 and earlier. Patch by Kumar
    Aditya.
  - gh-94101: Manual instantiation of ssl.SSLSession objects is
    no longer allowed as it lead to misconfigured instances that
    crashed the interpreter when attributes where accessed on
    them.
  - gh-83658: Make multiprocessing.Pool raise an exception if
    maxtasksperchild is not None or a positive int.
  - gh-61162: Clarify sqlite3 behavior when Using the connection
    as a context manager.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=20
2022-07-14 16:01:58 +00:00
f224cc3c2d - Update to 3.11.0b2:
- many small updates

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=17
2022-05-31 20:57:46 +00:00
5e1455c810 Readjust patches.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=6
2022-05-10 11:17:42 +00:00
4861b77003 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=2 2022-05-09 15:04:49 +00:00