SHA256
1
0
Commit Graph

51 Commits

Author SHA256 Message Date
ebe00d33da - Refresh CVE-2023-27043-email-parsing-errors.patch to
gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
- Thus we can remove Revert-gh105127-left-tests.patch, which is
  now useless.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=95
2023-12-19 15:40:30 +00:00
5fae7e4a44 Accepting request 1134054 from devel:languages:python:Factory
revert

OBS-URL: https://build.opensuse.org/request/show/1134054
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=94
2023-12-19 15:24:17 +00:00
727f4c9b01 Accepting request 1134053 from devel:languages:python:Factory
revert

OBS-URL: https://build.opensuse.org/request/show/1134053
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=93
2023-12-19 15:22:13 +00:00
cb3301d2cc - Refresh CVE-2023-27043-email-parsing-errors.patch to
gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
- Thus we can remove Revert-gh105127-left-tests.patch, which is
  now useless.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=91
2023-12-18 16:25:35 +00:00
a7b11641fe Accepting request 1133399 from home:dgarcia:branches:devel:languages:python:Factory
- Update patch fix_configure_rst.patch
- Update to 3.11.7:
  - Core and Builtins
    - gh-112625: Fixes a bug where a bytearray object could be cleared
      while iterating over an argument in the bytearray.join() method
      that could result in reading memory after it was freed.
    - gh-112388: Fix an error that was causing the parser to try to
      overwrite tokenizer errors. Patch by pablo Galindo
    - gh-112387: Fix error positions for decoded strings with
      backwards tokenize errors. Patch by Pablo Galindo
    - gh-112266: Change docstrings of __dict__ and __weakref__.
    - gh-109181: Speed up Traceback object creation by lazily compute
      the line number. Patch by Pablo Galindo
    - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004
      codecs read out of bounds
    - gh-111366: Fix an issue in the codeop that was causing
      SyntaxError exceptions raised in the presence of invalid syntax
      to not contain precise error messages. Patch by Pablo Galindo
    - gh-111380: Fix a bug that was causing SyntaxWarning to appear
      twice when parsing if invalid syntax is encountered later. Patch
      by Pablo galindo
    - gh-88116: Traceback location ranges involving wide unicode
      characters (like emoji and asian characters) now are properly
      highlighted. Patch by Batuhan Taskaya and Pablo Galindo.
    - gh-94438: Fix a regression that prevented jumping across is None
      and is not None when debugging. Patch by Savannah Ostrowski.
    - gh-110696: Fix incorrect error message for invalid argument
      unpacking. Patch by Pablo Galindo
    - gh-110237: Fix missing error checks for calls to PyList_Append
      in _PyEval_MatchClass.
    - gh-109216: Fix possible memory leak in BUILD_MAP.
  - Library
    - gh-112618: Fix a caching bug relating to typing.Annotated.
      Annotated[str, True] is no longer identical to Annotated[str,
      1].
    - gh-112509: Fix edge cases that could cause a key to be present
      in both the __required_keys__ and __optional_keys__ attributes
      of a typing.TypedDict. Patch by Jelle Zijlstra.
    - gh-94722: Fix bug where comparison between instances of DocTest
      fails if one of them has None as its lineno.
    - gh-112105: Make readline.set_completer_delims() work with
      libedit
    - gh-111942: Fix SystemError in the TextIOWrapper constructor with
      non-encodable “errors” argument in non-debug mode.
    - gh-109538: Issue warning message instead of having RuntimeError
      be displayed when event loop has already been closed at
      StreamWriter.__del__().
    - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when
      pass invalid arguments, e.g. non-string encoding.
    - gh-111804: Remove posix.fallocate() under WASI as the underlying
      posix_fallocate() is not available in WASI preview2.
    - gh-111841: Fix truncating arguments on an embedded null
      character in os.putenv() and os.unsetenv() on Windows.
    - gh-111541: Fix doctest for SyntaxError not-builtin subclasses.
    - gh-110894: Call loop exception handler for exceptions in
      client_connected_cb of asyncio.start_server() so that
      applications can handle it. Patch by Kumar Aditya.
    - gh-111531: Fix reference leaks in bind_class() and bind_all()
      methods of tkinter widgets.
    - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and
      io.IncrementalNewlineDecoder to io.__all__.
    - gh-68166: Remove mention of not supported “vsapi” element type
      in tkinter.ttk.Style.element_create(). Add tests for
      element_create() and other ttk.Style methods. Add examples for
      element_create() in the documentation.
    - gh-111251: Fix _blake2 not checking for errors when
      initializing.
    - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly
      for empty BytesIO.
    - gh-111187: Postpone removal version for
      locale.getdefaultlocale() to Python 3.15.
    - gh-111159: Fix doctest output comparison for exceptions with
      notes.
    - gh-110910: Fix invalid state handling in asyncio.TaskGroup and
      asyncio.Timeout. They now raise proper RuntimeError if they are
      improperly used and are left in consistent state after this.
    - gh-111092: Make turtledemo run without default root enabled.
    - gh-110590: Fix a bug in _sre.compile() where TypeError would be
      overwritten by OverflowError when the code argument was a list
      of non-ints.
    - gh-65052: Prevent pdb from crashing when trying to display
      undisplayable objects
    - gh-110519: Deprecation warning about non-integer number in
      gettext now alwais refers to the line in the user code where
      gettext function or method is used. Previously it could refer to
      a line in gettext code.
    - gh-110378: contextmanager() and asynccontextmanager() context
      managers now close an invalid underlying generator object that
      yields more then one value.
    - gh-110365: Fix termios.tcsetattr() bug that was overwritting
      existing errors during parsing integers from term list.
    - gh-110196: Add __reduce__ method to IPv6Address in order to keep
      scope_id
    - gh-109747: Improve errors for unsupported look-behind patterns.
      Now re.error is raised instead of OverflowError or RuntimeError
      for too large width of look-behind pattern.
    - gh-109786: Fix possible reference leaks and crash when re-enter
      the __next__() method of itertools.pairwise.
    - gh-108791: Improved error handling in pdb command line
      interface, making it produce more concise error messages.
    - gh-73561: Omit the interface scope from an IPv6 address when
      used as Host header by http.client.
    - gh-86826: zipinfo now supports the full range of values in the
      TZ string determined by RFC 8536 and detects all invalid
      formats. Both Python and C implementations now raise exceptions
      of the same type on invalid data.
    - bpo-41422: Fixed memory leaks of pickle.Pickler and
      pickle.Unpickler involving cyclic references via the internal
      memo mapping.
    - bpo-40262: The ssl.SSLSocket.recv_into() method no longer
      requires the buffer argument to implement __len__ and supports
      buffers with arbitrary item size.
    - bpo-35191: Fix unexpected integer truncation in
      socket.setblocking() which caused it to interpret multiples of
      2**32 as False.
  - Documentation
    - gh-108826: dis module command-line interface is now mentioned in
      documentation.
  - Tests
    - gh-110367: Make regrtest --verbose3 option compatible with
      --huntrleaks -jN options. The ./python -m test -j1 -R 3:3
      --verbose3 command now works as expected. Patch by Victor
      Stinner.
    - gh-111309: distutils tests can now be run via unittest.
    - gh-111165: Remove no longer used functions run_unittest() and
      run_doctest() and class BasicTestRunner from the test.support
      module.
    - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment
      variable is defined: use the variable value as the random seed.
      Patch by Victor Stinner.
    - gh-110995: test_gdb: Fix detection of gdb built without Python
      scripting support. Patch by Victor Stinner.
    - gh-110918: Test case matching patterns specified by options
      --match, --ignore, --matchfile and --ignorefile are now tested
      in the order of specification, and the last match determines
      whether the test case be run or ignored.
    - gh-110647: Fix test_stress_modifying_handlers() of test_signal.
      Patch by Victor Stinner.
    - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make
      distclean” instead of “make clean” in the copied source
      directory to remove also the “python” program. Patch by Victor
      Stinner.
    - gh-110167: Fix a deadlock in test_socket when server fails with
      a timeout but the client is still running in its thread. Don’t
      hold a lock to call cleanup functions in doCleanups(). One of
      the cleanup function waits until the client completes, whereas
      the client could deadlock if it called addCleanup() in such
      situation. Patch by Victor Stinner.
    - gh-110388: Add tests for tty.
    - gh-81002: Add tests for termios.
    - gh-110267: Add tests for pickling and copying PyStructSequence
      objects. Patched by Xuehai Pan.
    - gh-109974: Fix race conditions in test_threading lock tests.
      Wait until a condition is met rather than using time.sleep()
      with a hardcoded number of seconds. Patch by Victor Stinner.
    - gh-109972: Split test_gdb.py file into a test_gdb package made
      of multiple tests, so tests can now be run in parallel. Patch by
      Victor Stinner.
    - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on
      Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt”
      command output to detect when gdb fails to retrieve the
      traceback. For example, skip a test if Backtrace stopped: frame
      did not save the PC is found. Patch by Victor Stinner.
    - gh-108927: Fixed order dependence in running tests in the same
      process when a test that has submodules (e.g. test_importlib)
      follows a test that imports its submodule (e.g.
      test_importlib.util) and precedes a test (e.g. test_unittest or
      test_compileall) that uses that submodule.
  - Build
    - gh-103053: “make check-clean-src” now also checks if the
      “python” program is found in the source directory: fail with an
      error if it does exist. Patch by Victor Stinner.
    - gh-109191: Fix compile error when building with recent versions
      of libedit.
  - IDLE
    - bpo-35668: Add docstrings to the IDLE debugger module. Fix two
      bugs: initialize Idb.botframe (should be in Bdb); in
      Idb.in_rpc_code, check whether prev_frame is None before trying
      to use it. Greatly expand test_debugger.
  - C API
    - gh-112438: Fix support of format units “es”, “et”, “es#”, and
      “et#” in nested tuples in PyArg_ParseTuple()-like functions.
    - gh-109521: PyImport_GetImporter() now sets RuntimeError if it
      fails to get sys.path_hooks or sys.path_importer_cache or they
      are not list and dict correspondingly. Previously it could
      return NULL without setting error in obscure cases, crash or
      raise SystemError if these attributes have wrong type.

OBS-URL: https://build.opensuse.org/request/show/1133399
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=89
2023-12-15 12:09:56 +00:00
dbc72d69e1 Accepting request 1126597 from home:dgarcia:branches:devel:languages:python:Factory
- Remove not needed patch 103213-fetch-CONFIG_ARGS.patch
- Refresh patches:
  - bpo-31046_ensurepip_honours_prefix.patch
  - fix_configure_rst.patch
- Update to 3.11.6:
  - Core and Builtins
    - gh-109351: Fix crash when compiling an invalid AST involving a
      named (walrus) expression.
    - gh-109207: Fix a SystemError in __repr__ of symtable entry
      object.
    - gh-109179: Fix bug where the C traceback display drops notes
      from SyntaxError.
    - gh-88943: Improve syntax error for non-ASCII character that
      follows a numerical literal. It now points on the invalid
      non-ASCII character, not on the valid numerical literal.
    - gh-108959: Fix caret placement for error locations for subscript
      and binary operations that involve non-semantic parentheses and
      spaces. Patch by Pablo Galindo
    - gh-108520: Fix
      multiprocessing.synchronize.SemLock.__setstate__() to properly
      initialize multiprocessing.synchronize.SemLock._is_fork_ctx.
      This fixes a regression when passing a SemLock accross nested
      processes.
    - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to
      multiprocessing.synchronize.SemLock._is_fork_ctx to avoid
      exposing it as public API.
  - Library
    - gh-110036: On Windows, multiprocessing Popen.terminate() now
      catchs PermissionError and get the process exit code. If the
      process is still running, raise again the PermissionError.

OBS-URL: https://build.opensuse.org/request/show/1126597
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=87
2023-11-15 12:57:57 +00:00
558337c773 characters without truncating the path (bsc#1214693,
CVE-2023-41105).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=85
2023-09-15 11:19:47 +00:00
55316ef9e1 - Update to 3.11.5 (bsc#1214692):
- Security
    - gh-108310: Fixed an issue where instances of ssl.SSLSocket were
      vulnerable to a bypass of the TLS handshake and included
      protections (like certificate verification) and treating sent
      unencrypted data as if it were post-handshake TLS encrypted data.
      Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
      Gregory P. Smith.
  - Core and Builtins
    - gh-104432: Fix potential unaligned memory access on C APIs
      involving returned sequences of char * pointers within the grp
      and socket modules. These were revealed using a
      -fsaniziter=alignment build on ARM macOS. Patch by Christopher
      Chavez.
    - gh-77377: Ensure that multiprocessing synchronization objects
      created in a fork context are not sent to a different process
      created in a spawn context. This changes a segfault into an
      actionable RuntimeError in the parent process.
    - gh-106092: Fix a segmentation fault caused by a use-after-free
      bug in frame_dealloc when the trashcan delays the deallocation
      of a PyFrameObject.
    - gh-106719: No longer suppress arbitrary errors in the
      __annotations__ getter and setter in the type and module types.
    - gh-106723: Propagate frozen_modules to multiprocessing spawned
      process interpreters.
    - gh-105979: Fix crash in _imp.get_frozen_object() due to improper
      exception handling.
    - gh-105840: Fix possible crashes when specializing function calls
      with too many __defaults__.
    - gh-105588: Fix an issue that could result in crashes when

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=83
2023-09-06 07:58:19 +00:00
f665ac48fe Accepting request 1103305 from home:dirkmueller:Factory
- restrict PEP668 to ALP/Tumbleweed

OBS-URL: https://build.opensuse.org/request/show/1103305
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=81
2023-08-10 13:22:02 +00:00
6abedd0987 Accepting request 1102676 from home:dirkmueller:Factory
- add externally_managed.in to label this build as PEP-668 managed

OBS-URL: https://build.opensuse.org/request/show/1102676
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=80
2023-08-07 14:46:39 +00:00
eb7790f0a7 - IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED!
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=78
2023-08-03 15:27:34 +00:00
41e7e28995 - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941)
partially reverting CVE-2023-27043-email-parsing-errors.patch,
  because of the regression in gh#python/cpython#106669.
- (bsc#1210638, CVE-2023-27043) Add
  CVE-2023-27043-email-parsing-errors.patch, which detects email
  address parsing errors and returns empty tuple to indicate the
  parsing error (old API). (The patch is faulty,
  gh#python/cpython#106669, but upstream decided not to just
  revert it).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=77
2023-08-03 14:58:20 +00:00
55fcbed4eb Accepting request 1098691 from devel:languages:python:Factory
Revert faulty fix for CVE-2023-27043 (gh#python/cpython#106669)

OBS-URL: https://build.opensuse.org/request/show/1098691
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=75
2023-07-14 14:06:49 +00:00
ff02f0908c - (bsc#1210638, CVE-2023-27043) Add
CVE-2023-27043-email-parsing-errors.patch, which detects email
  address parsing errors and returns empty tuple to indicate the
  parsing error (old API).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=74
2023-07-12 15:19:06 +00:00
b8797f4452 - Update to Python 3.11.4:
- gh-103142: The version of OpenSSL used in Windows and
    Mac installers has been upgraded to 1.1.1u to address
    CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
    as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
    fixed previously in 1.1.1t (gh-101727).
  - gh-102153: urllib.parse.urlsplit() now strips leading C0
    control and space characters following the specification for
    URLs defined by WHATWG in response to CVE-2023-24329
    (bsc#1208471).
  - gh-99889: Fixed a security in flaw in uu.decode() that could
    allow for directory traversal based on the input if no
    out_file was specified.
  - gh-104049: Do not expose the local on-disk
    location in directory indexes produced by
    http.client.SimpleHTTPRequestHandler.
  - gh-103935: trace.__main__ now uses io.open_code() for files
    to be executed instead of raw open().
  - gh-102953: The extraction methods in tarfile, and
    shutil.unpack_archive(), have a new filter argument that
    allows limiting tar features than may be surprising or
    dangerous, such as creating files outside the destination
    directory. See Extraction filters for details (fixing
    CVE-2007-4559, bsc#1203750).
- Remove upstreamed patches:
  - CVE-2007-4559-filter-tarfile_extractall.patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=71
2023-06-28 19:51:47 +00:00
6bf0620e58 Fix changes
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=69
2023-06-27 13:24:40 +00:00
7a2425c221 - Remove obsolete_python_versioned macro again. This mechanism
has no business to be in Python 3.11, because we have abolished
  with it whole interpreter+setuptools+pip product. Python 3.11
  should not be replaced by later versions anymore.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=68
2023-06-26 13:04:00 +00:00
d34496b956 Add missing Jira references to the changelog.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=66
2023-06-05 12:53:40 +00:00
39157872a5 - Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
bsc#1203750 (CVE-2007-4559) and implementing "PEP 706 – Filter
  for tarfile.extractall".

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=64
2023-05-03 10:14:51 +00:00
f503a46aa9 - Add skip_if_buildbot-extend.patch to avoid the bug altogether
(extending what skip_if_buildbot covers).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=62
2023-05-03 05:42:18 +00:00
e71e638e14 - Add skip-test_freeze_simple_script.patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=61
2023-05-02 23:12:23 +00:00
ea266df005 - Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=60
2023-05-02 21:29:28 +00:00
a48f5d0f80 - Why in the world we download from HTTP?
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=59
2023-04-30 18:13:43 +00:00
21d42b692c - Update to 3.11.3:
- Security
    - gh-101727: Updated the OpenSSL version used in Windows
      and macOS binary release builds to 1.1.1t to address
      CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the
      OpenSSL 2023-02-07 security advisory.
    - gh-101283: subprocess.Popen now uses a safer approach to
      find cmd.exe when launching with shell=True. Patch by Eryk
      Sun, based on a patch by Oleg Iarygin.
  - Core and Builtins
    - gh-101975: Fixed stacktop value on tracing entries to avoid
      corruption on garbage collection.
    - gh-102701: Fix overflow when creating very large dict.
    - gh-102416: Do not memoize incorrectly automatically
      generated loop rules in the parser. Patch by Pablo Galindo.
    - gh-102356: Fix a bug that caused a crash when deallocating
      deeply nested filter objects. Patch by Marta Gómez Macías.
    - gh-102397: Fix segfault from race condition in signal
      handling during garbage collection. Patch by Kumar Aditya.
    - gh-102281: Fix potential nullptr dereference and use of
      uninitialized memory in fileutils. Patch by Max Bachmann.
    - gh-102126: Fix deadlock at shutdown when clearing thread
      states if any finalizer tries to acquire the runtime head
      lock. Patch by Kumar Aditya.
    - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal
      module. Patch by Max Bachmann.
    - gh-101967: Fix possible segfault in
      positional_only_passed_as_keyword function, when new list
      created.
    - gh-101765: Fix SystemError / segmentation fault in iter

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=57
2023-04-27 22:09:02 +00:00
ccbbaff24e Revert
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=56
2023-03-27 15:07:38 +00:00
8fcb1e736e - Switch off obsoleting previous interpreters.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=55
2023-03-27 15:03:56 +00:00
1b24baf605 - Update to 3.11.2:
Bug fixes, no changes in API and no security bugs.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=52
2023-03-03 18:48:38 +00:00
339c66ef3e - Add python310 Obsoletes line to obsolete_python_versioned macro.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=50
2023-03-01 20:51:07 +00:00
1c719478cb - Add provides for readline and sqlite3 to the main Python
package.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=48
2023-02-21 13:49:09 +00:00
0a8a28caaa Accepting request 1061231 from home:kukuk:branches:devel:languages:python:Factory
- Disable NIS for new products, it's deprecated and gets removed

OBS-URL: https://build.opensuse.org/request/show/1061231
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=46
2023-01-27 13:46:48 +00:00
d7b979c1e0 Accepting request 1060635 from home:dirkmueller:Factory
- build GLIBC hwcaps optimized versions of the interpreter

OBS-URL: https://build.opensuse.org/request/show/1060635
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=44
2023-01-25 13:27:45 +00:00
b37cda8bf5 - Don't fail on Sphinx build warnings.
- For jsc#PED-1570, providing Python 3.11 for SLE-15-SP5.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=42
2023-01-19 10:07:22 +00:00
6c436c7abc - Update to 3.11.1:
- python -m http.server no longer allows terminal control
    characters sent within a garbage request to be printed
    to the stderr server lo This is done by changing the
    http.server BaseHTTPRequestHandler .log_message method to
    replace control characters with a \xHH hex escape before
    printin
  - Avoid publishing list of active per-interpreter audit hooks
    via the gc module
  - The IDNA codec decoder used on DNS hostnames by socket or
    asyncio related name resolution functions no longer involves
    a quadratic algorithm. This prevents a potential CPU denial
    of service if an out-of-spec excessive length hostname
    involving bidirectional characters were decoded. Some
    protocols such as urllib http 3xx redirects potentially allow
    for an attacker to supply such a name (CVE-2022-45061).
  - Update bundled libexpat to 2.5.0
  - Fix a shell code injection vulnerability in the
    get-remote-certificate.py example script. The script no
    longer uses a shell to run openssl commands. Issue reported
    and initial fix by Caleb Shortt. Patch by Victor Stinner.
  - Fix a crash when an object which does not have a dictionary
    frees its instance values.
  - Fix a bug in the tokenizer that could cause infinite
    recursion when showing syntax warnings that happen in the
    first line of the source. Patch by Pablo Galindo
  - Fix an issue that could cause frames to be visible to Python
    code as they are being torn down, possibly leading to memory
    corruption or hard crashes of the interpreter.
  - Fix a reference bug in _imp.create_builtin() after the

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=40
2022-12-08 15:05:06 +00:00
03d1be1616 - Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
  extremely long domain names.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=38
2022-11-09 18:37:56 +00:00
c6df50684c revert
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=37
2022-11-04 15:18:41 +00:00
ba06f07184 - Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid
CVE-2022-42919 (bsc#1204886) avoiding Linux specific local
  privilege escalation via the multiprocessing forkserver start
  method.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=36
2022-11-04 15:00:28 +00:00
403af99cf1 Accepting request 1031401 from home:mcepl:branches:devel:languages:python:Factory
- Update to 3.11.0 (overall changes from 3.10.*):
  - General changes
    - PEP 657 -- Include Fine-Grained Error Locations in
      Tracebacks
    - PEP 654 -- Exception Groups and except*
    - PEP 680 -- tomllib: Support for Parsing TOML in the
      Standard Library
    - gh-90908 -- Introduce task groups to asyncio
    - gh-34627 -- Atomic grouping ((?>...)) and possessive
      quantifiers (*+, ++, ?+, {m,n}+) are now supported in
      regular expressions.
    - The Faster CPython Project is already yielding some
      exciting results. Python 3.11 is up to 10-60% faster than
      Python 3.10. On average, we measured a 1.22x speedup on the
      standard benchmark suite. See Faster CPython for details.
  - Typing and typing language changes
    - PEP 673 -- Self Type
    - PEP 646 -- Variadic Generics
    - PEP 675 -- Arbitrary Literal String Type
    - PEP 655 -- Marking individual TypedDict items as required
      or potentially-missing
    - PEP 681 -- Data Class Transforms
- (just changes from 3.11.0rc2):
  - Fix multiplying a list by an integer (list *= int): detect
    the integer overflow when the new allocated length is close
    to the maximum size. Issue reported by Jordan Limor. Patch by
    Victor Stinner.
  - On Linux the multiprocessing module returns to using
    filesystem backed unix domain sockets for communication
    with the forkserver process instead of the Linux abstract

OBS-URL: https://build.opensuse.org/request/show/1031401
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=34
2022-10-26 21:24:53 +00:00
d8ac67fc2d - Update to 3.11.0rc2:
- Converting between int and str in bases other than 2
    (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base
    10 (decimal) now raises a ValueError if the number of digits
    in string form is above a limit to avoid potential denial of
    service attacks due to the algorithmic complexity. This is
    a mitigation for CVE-2020-10735.
    This new limit can be configured or disabled by environment
    variable, command line flag, or sys APIs. See the integer
    string conversion length limitation documentation. The
    default limit is 4300 digits in string form.
  - Fix case of undefined behavior in ceval.c
  - Do not expose KeyWrapper in _functools.
  - Ensure that tracing, sys.setrace(), is turned on
    immediately. In pre-release versions of 3.11, some tracing
    events might have been lost when turning on tracing in a
    __del__ method or interrupt.
  - Fix use after free in trace refs build mode. Patch by Kumar
    Aditya.
  - When loading a file with invalid UTF-8 inside a multi-line
    string, a correct SyntaxError is emitted.
  - Make sure that incomplete frames do not show up in
    tracemalloc traces.
  - Remove two cases of undefined behavior, by adding NULL
    checks.
  - Fix possible NULL pointer dereference in
    _PyThread_CurrentFrames. Patch by Kumar Aditya.
  - Fix AttributeError missing name and obj attributes in
    object.__getattribute__(). Patch by Philip Georgi.
  - Loading a file with invalid UTF-8 will now report the broken

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=32
2022-09-15 09:14:50 +00:00
d9d021447f Accepting request 1001307 from openSUSE:Factory:RISCV
- Increase testsuite timeout for test_freeze_simple_script

OBS-URL: https://build.opensuse.org/request/show/1001307
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=30
2022-09-06 12:03:43 +00:00
3931fb9f09 - fix import_failed.map to refer to the python 3.11 package versions
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=28
2022-08-20 21:31:49 +00:00
93d3c08eeb - Update to 3.11.0rc1:
- Core and Builtins
    - Update code object hashing and equality to consider all
      debugging and exception handling tables. This fixes an
      issue where certain non-identical code objects could be
      “deduplicated” during compilation.
    - _PyPegen_Parser_New now properly detects token memory
      allocation errors. Patch by Honglin Zhu.
    - Run Python code in tracer/profiler function at full
      speed. Fixes slowdown in earlier versions of 3.11.
    - Emit a warning in debug mode if an object does not call
      PyObject_GC_UnTrack() before deallocation. Patch by Pablo
      Galindo.
    - Prevented crashes in the AST constructor when
      compiling some absurdly long expressions like
      "+0"*1000000. RecursionError is now raised instead. Patch
      by Pablo Galindo
    - ast.AST node positions are now validated when provided to
      compile() and other related functions. If invalid positions
      are detected, a ValueError will be raised.
    - Fix error detection in some builtin functions when keyword
      argument name is an instance of a str subclass with
      overloaded __eq__ and __hash__. Previously it could cause
      SystemError or other undesired behavior.
  - Library
    - Update bundled pip to 22.2.2.
    - Fix asyncio.TaskGroup to propagate exception when
      asyncio.CancelledError was replaced with another exception
      by a context manger. Patch by Kumar Aditya and Guido van
      Rossum.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=27
2022-08-20 14:25:45 +00:00
a867744a23 - Update to 3.11.0b5:
- Core and Builtins
    - gh-93351: ast.AST node positions are now validated when
      provided to compile() and other related functions. If
      invalid positions are detected, a ValueError will be
      raised.
    - gh-94438: Fix an issue that caused extended opcode
      arguments and some conditional pops to be ignored when
      calculating valid jump targets for assignments to the
      f_lineno attribute of frame objects. In some cases, this
      could cause inconsistent internal state, resulting in a
      hard crash of the interpreter.
    - gh-95060: Undocumented PyCode_Addr2Location function now
      properly returns when addrq argument is less than zero.
    - gh-95113: Replace all EXTENDED_ARG_QUICK instructions
      with basic EXTENDED_ARG instructions in unquickened
      code. Consumers of non-adaptive bytecode should be able to
      handle extended arguments the same way they were handled in
      CPython 3.10 and older.
    - gh-91409: Fix incorrect source location info caused by
      certain optimizations in the bytecode compiler.
    - gh-94036: Fix incorrect source location info for some
      multi-line attribute accesses and method calls.
    - gh-94739: Allow jumping within, out of, and across
      exception handlers in the debugger.
    - gh-94949: ast.parse() will no longer parse parenthesized
      context managers when passed feature_version less than (3,
      9). Patch by Shantanu Jain.
    - gh-94947: ast.parse() will no longer parse assignment
      expressions when passed feature_version less than (3,

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=25
2022-07-26 10:43:57 +00:00
3978a4fb6f - Switch from %primary_interpreter to prjconf-defined
%primary_python (gh#openSUSE/python-rpm-macros#127).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=22
2022-07-21 14:25:26 +00:00
6af5b9f2b3 - Update to 3.11.0b4:
- Fixes many bugs and adds following more significant changes
- Security
  - gh-68966: The deprecated mailcap module now refuses to inject
    Coreunsafe text (filenames, MIME types, parameters) into
    shell Corecommands. Instead of using such text, it will
    warn and act Coreas if a match was not found (or for test
    commands, as if the Coretest failed). and Builtins
  - gh-93516: Lazily create a table mapping bytecode offsets to
    line numbers to speed up calculation of line numbers when
    tracing.
  - gh-93461: importlib.invalidate_caches() now drops entries
    from sys.path_importer_cache with a relative path as
    name. This solves a caching issue when a process changes its
    current working directory.
  - FileFinder no longer inserts a dot in the path, e.g.
    /egg/./spam is now /egg/spam.
Library
  - gh-93896: Fix asyncio.run() and
    unittest.IsolatedAsyncioTestCase to always the set event loop
    as it was done in Python 3.10 and earlier. Patch by Kumar
    Aditya.
  - gh-94101: Manual instantiation of ssl.SSLSession objects is
    no longer allowed as it lead to misconfigured instances that
    crashed the interpreter when attributes where accessed on
    them.
  - gh-83658: Make multiprocessing.Pool raise an exception if
    maxtasksperchild is not None or a positive int.
  - gh-61162: Clarify sqlite3 behavior when Using the connection
    as a context manager.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=20
2022-07-14 16:01:58 +00:00
b3dd13aabb Fix changelog
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=18
2022-06-06 06:24:48 +00:00
f224cc3c2d - Update to 3.11.0b2:
- many small updates

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=17
2022-05-31 20:57:46 +00:00
9c0a8f3c4c - Add patch support-expat-245.patch:
* Support Expat >= 2.4.4 (jsc#SLE-21253)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=14
2022-05-17 22:11:07 +00:00
bf95b5f221 - Fix building with system-expat (gh#python/cpython#92875). Nope,
it didn't work, worked around it.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=13
2022-05-17 18:43:45 +00:00
6534561f49 Fix changelog
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=12
2022-05-17 17:43:59 +00:00
1c968d4121 - Refresh bluez-devel-vendor.tar.xz
- Fix files and handling of new modules.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=7
2022-05-10 16:49:16 +00:00