- Remove not needed patch 103213-fetch-CONFIG_ARGS.patch
- Refresh patches:
- bpo-31046_ensurepip_honours_prefix.patch
- fix_configure_rst.patch
- Update to 3.11.6:
- Core and Builtins
- gh-109351: Fix crash when compiling an invalid AST involving a
named (walrus) expression.
- gh-109207: Fix a SystemError in __repr__ of symtable entry
object.
- gh-109179: Fix bug where the C traceback display drops notes
from SyntaxError.
- gh-88943: Improve syntax error for non-ASCII character that
follows a numerical literal. It now points on the invalid
non-ASCII character, not on the valid numerical literal.
- gh-108959: Fix caret placement for error locations for subscript
and binary operations that involve non-semantic parentheses and
spaces. Patch by Pablo Galindo
- gh-108520: Fix
multiprocessing.synchronize.SemLock.__setstate__() to properly
initialize multiprocessing.synchronize.SemLock._is_fork_ctx.
This fixes a regression when passing a SemLock accross nested
processes.
- Rename multiprocessing.synchronize.SemLock.is_fork_ctx to
multiprocessing.synchronize.SemLock._is_fork_ctx to avoid
exposing it as public API.
- Library
- gh-110036: On Windows, multiprocessing Popen.terminate() now
catchs PermissionError and get the process exit code. If the
process is still running, raise again the PermissionError.
OBS-URL: https://build.opensuse.org/request/show/1126597
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=87
- python -m http.server no longer allows terminal control
characters sent within a garbage request to be printed
to the stderr server lo This is done by changing the
http.server BaseHTTPRequestHandler .log_message method to
replace control characters with a \xHH hex escape before
printin
- Avoid publishing list of active per-interpreter audit hooks
via the gc module
- The IDNA codec decoder used on DNS hostnames by socket or
asyncio related name resolution functions no longer involves
a quadratic algorithm. This prevents a potential CPU denial
of service if an out-of-spec excessive length hostname
involving bidirectional characters were decoded. Some
protocols such as urllib http 3xx redirects potentially allow
for an attacker to supply such a name (CVE-2022-45061).
- Update bundled libexpat to 2.5.0
- Fix a shell code injection vulnerability in the
get-remote-certificate.py example script. The script no
longer uses a shell to run openssl commands. Issue reported
and initial fix by Caleb Shortt. Patch by Victor Stinner.
- Fix a crash when an object which does not have a dictionary
frees its instance values.
- Fix a bug in the tokenizer that could cause infinite
recursion when showing syntax warnings that happen in the
first line of the source. Patch by Pablo Galindo
- Fix an issue that could cause frames to be visible to Python
code as they are being torn down, possibly leading to memory
corruption or hard crashes of the interpreter.
- Fix a reference bug in _imp.create_builtin() after the
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=40
- Core and Builtins
- Update code object hashing and equality to consider all
debugging and exception handling tables. This fixes an
issue where certain non-identical code objects could be
“deduplicated” during compilation.
- _PyPegen_Parser_New now properly detects token memory
allocation errors. Patch by Honglin Zhu.
- Run Python code in tracer/profiler function at full
speed. Fixes slowdown in earlier versions of 3.11.
- Emit a warning in debug mode if an object does not call
PyObject_GC_UnTrack() before deallocation. Patch by Pablo
Galindo.
- Prevented crashes in the AST constructor when
compiling some absurdly long expressions like
"+0"*1000000. RecursionError is now raised instead. Patch
by Pablo Galindo
- ast.AST node positions are now validated when provided to
compile() and other related functions. If invalid positions
are detected, a ValueError will be raised.
- Fix error detection in some builtin functions when keyword
argument name is an instance of a str subclass with
overloaded __eq__ and __hash__. Previously it could cause
SystemError or other undesired behavior.
- Library
- Update bundled pip to 22.2.2.
- Fix asyncio.TaskGroup to propagate exception when
asyncio.CancelledError was replaced with another exception
by a context manger. Patch by Kumar Aditya and Guido van
Rossum.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=27
- Fixes many bugs and adds following more significant changes
- Security
- gh-68966: The deprecated mailcap module now refuses to inject
Coreunsafe text (filenames, MIME types, parameters) into
shell Corecommands. Instead of using such text, it will
warn and act Coreas if a match was not found (or for test
commands, as if the Coretest failed). and Builtins
- gh-93516: Lazily create a table mapping bytecode offsets to
line numbers to speed up calculation of line numbers when
tracing.
- gh-93461: importlib.invalidate_caches() now drops entries
from sys.path_importer_cache with a relative path as
name. This solves a caching issue when a process changes its
current working directory.
- FileFinder no longer inserts a dot in the path, e.g.
/egg/./spam is now /egg/spam.
Library
- gh-93896: Fix asyncio.run() and
unittest.IsolatedAsyncioTestCase to always the set event loop
as it was done in Python 3.10 and earlier. Patch by Kumar
Aditya.
- gh-94101: Manual instantiation of ssl.SSLSession objects is
no longer allowed as it lead to misconfigured instances that
crashed the interpreter when attributes where accessed on
them.
- gh-83658: Make multiprocessing.Pool raise an exception if
maxtasksperchild is not None or a positive int.
- gh-61162: Clarify sqlite3 behavior when Using the connection
as a context manager.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=20