SHA256
1
0
Commit Graph

39 Commits

Author SHA256 Message Date
ff02f0908c - (bsc#1210638, CVE-2023-27043) Add
CVE-2023-27043-email-parsing-errors.patch, which detects email
  address parsing errors and returns empty tuple to indicate the
  parsing error (old API).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=74
2023-07-12 15:19:06 +00:00
b8797f4452 - Update to Python 3.11.4:
- gh-103142: The version of OpenSSL used in Windows and
    Mac installers has been upgraded to 1.1.1u to address
    CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
    as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
    fixed previously in 1.1.1t (gh-101727).
  - gh-102153: urllib.parse.urlsplit() now strips leading C0
    control and space characters following the specification for
    URLs defined by WHATWG in response to CVE-2023-24329
    (bsc#1208471).
  - gh-99889: Fixed a security in flaw in uu.decode() that could
    allow for directory traversal based on the input if no
    out_file was specified.
  - gh-104049: Do not expose the local on-disk
    location in directory indexes produced by
    http.client.SimpleHTTPRequestHandler.
  - gh-103935: trace.__main__ now uses io.open_code() for files
    to be executed instead of raw open().
  - gh-102953: The extraction methods in tarfile, and
    shutil.unpack_archive(), have a new filter argument that
    allows limiting tar features than may be surprising or
    dangerous, such as creating files outside the destination
    directory. See Extraction filters for details (fixing
    CVE-2007-4559, bsc#1203750).
- Remove upstreamed patches:
  - CVE-2007-4559-filter-tarfile_extractall.patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=71
2023-06-28 19:51:47 +00:00
7a2425c221 - Remove obsolete_python_versioned macro again. This mechanism
has no business to be in Python 3.11, because we have abolished
  with it whole interpreter+setuptools+pip product. Python 3.11
  should not be replaced by later versions anymore.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=68
2023-06-26 13:04:00 +00:00
f503a46aa9 - Add skip_if_buildbot-extend.patch to avoid the bug altogether
(extending what skip_if_buildbot covers).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=62
2023-05-03 05:42:18 +00:00
e71e638e14 - Add skip-test_freeze_simple_script.patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=61
2023-05-02 23:12:23 +00:00
ea266df005 - Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=60
2023-05-02 21:29:28 +00:00
a48f5d0f80 - Why in the world we download from HTTP?
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=59
2023-04-30 18:13:43 +00:00
21d42b692c - Update to 3.11.3:
- Security
    - gh-101727: Updated the OpenSSL version used in Windows
      and macOS binary release builds to 1.1.1t to address
      CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the
      OpenSSL 2023-02-07 security advisory.
    - gh-101283: subprocess.Popen now uses a safer approach to
      find cmd.exe when launching with shell=True. Patch by Eryk
      Sun, based on a patch by Oleg Iarygin.
  - Core and Builtins
    - gh-101975: Fixed stacktop value on tracing entries to avoid
      corruption on garbage collection.
    - gh-102701: Fix overflow when creating very large dict.
    - gh-102416: Do not memoize incorrectly automatically
      generated loop rules in the parser. Patch by Pablo Galindo.
    - gh-102356: Fix a bug that caused a crash when deallocating
      deeply nested filter objects. Patch by Marta Gómez Macías.
    - gh-102397: Fix segfault from race condition in signal
      handling during garbage collection. Patch by Kumar Aditya.
    - gh-102281: Fix potential nullptr dereference and use of
      uninitialized memory in fileutils. Patch by Max Bachmann.
    - gh-102126: Fix deadlock at shutdown when clearing thread
      states if any finalizer tries to acquire the runtime head
      lock. Patch by Kumar Aditya.
    - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal
      module. Patch by Max Bachmann.
    - gh-101967: Fix possible segfault in
      positional_only_passed_as_keyword function, when new list
      created.
    - gh-101765: Fix SystemError / segmentation fault in iter

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=57
2023-04-27 22:09:02 +00:00
ccbbaff24e Revert
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=56
2023-03-27 15:07:38 +00:00
8fcb1e736e - Switch off obsoleting previous interpreters.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=55
2023-03-27 15:03:56 +00:00
9f02c1193d Take care of testclinic
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=53
2023-03-03 19:12:38 +00:00
1b24baf605 - Update to 3.11.2:
Bug fixes, no changes in API and no security bugs.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=52
2023-03-03 18:48:38 +00:00
9eb1b9b809 Fix the macro
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=51
2023-03-01 20:52:12 +00:00
339c66ef3e - Add python310 Obsoletes line to obsolete_python_versioned macro.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=50
2023-03-01 20:51:07 +00:00
1c719478cb - Add provides for readline and sqlite3 to the main Python
package.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=48
2023-02-21 13:49:09 +00:00
0a8a28caaa Accepting request 1061231 from home:kukuk:branches:devel:languages:python:Factory
- Disable NIS for new products, it's deprecated and gets removed

OBS-URL: https://build.opensuse.org/request/show/1061231
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=46
2023-01-27 13:46:48 +00:00
d7b979c1e0 Accepting request 1060635 from home:dirkmueller:Factory
- build GLIBC hwcaps optimized versions of the interpreter

OBS-URL: https://build.opensuse.org/request/show/1060635
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=44
2023-01-25 13:27:45 +00:00
b37cda8bf5 - Don't fail on Sphinx build warnings.
- For jsc#PED-1570, providing Python 3.11 for SLE-15-SP5.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=42
2023-01-19 10:07:22 +00:00
6c436c7abc - Update to 3.11.1:
- python -m http.server no longer allows terminal control
    characters sent within a garbage request to be printed
    to the stderr server lo This is done by changing the
    http.server BaseHTTPRequestHandler .log_message method to
    replace control characters with a \xHH hex escape before
    printin
  - Avoid publishing list of active per-interpreter audit hooks
    via the gc module
  - The IDNA codec decoder used on DNS hostnames by socket or
    asyncio related name resolution functions no longer involves
    a quadratic algorithm. This prevents a potential CPU denial
    of service if an out-of-spec excessive length hostname
    involving bidirectional characters were decoded. Some
    protocols such as urllib http 3xx redirects potentially allow
    for an attacker to supply such a name (CVE-2022-45061).
  - Update bundled libexpat to 2.5.0
  - Fix a shell code injection vulnerability in the
    get-remote-certificate.py example script. The script no
    longer uses a shell to run openssl commands. Issue reported
    and initial fix by Caleb Shortt. Patch by Victor Stinner.
  - Fix a crash when an object which does not have a dictionary
    frees its instance values.
  - Fix a bug in the tokenizer that could cause infinite
    recursion when showing syntax warnings that happen in the
    first line of the source. Patch by Pablo Galindo
  - Fix an issue that could cause frames to be visible to Python
    code as they are being torn down, possibly leading to memory
    corruption or hard crashes of the interpreter.
  - Fix a reference bug in _imp.create_builtin() after the

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=40
2022-12-08 15:05:06 +00:00
03d1be1616 - Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
  extremely long domain names.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=38
2022-11-09 18:37:56 +00:00
c6df50684c revert
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=37
2022-11-04 15:18:41 +00:00
ba06f07184 - Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid
CVE-2022-42919 (bsc#1204886) avoiding Linux specific local
  privilege escalation via the multiprocessing forkserver start
  method.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=36
2022-11-04 15:00:28 +00:00
403af99cf1 Accepting request 1031401 from home:mcepl:branches:devel:languages:python:Factory
- Update to 3.11.0 (overall changes from 3.10.*):
  - General changes
    - PEP 657 -- Include Fine-Grained Error Locations in
      Tracebacks
    - PEP 654 -- Exception Groups and except*
    - PEP 680 -- tomllib: Support for Parsing TOML in the
      Standard Library
    - gh-90908 -- Introduce task groups to asyncio
    - gh-34627 -- Atomic grouping ((?>...)) and possessive
      quantifiers (*+, ++, ?+, {m,n}+) are now supported in
      regular expressions.
    - The Faster CPython Project is already yielding some
      exciting results. Python 3.11 is up to 10-60% faster than
      Python 3.10. On average, we measured a 1.22x speedup on the
      standard benchmark suite. See Faster CPython for details.
  - Typing and typing language changes
    - PEP 673 -- Self Type
    - PEP 646 -- Variadic Generics
    - PEP 675 -- Arbitrary Literal String Type
    - PEP 655 -- Marking individual TypedDict items as required
      or potentially-missing
    - PEP 681 -- Data Class Transforms
- (just changes from 3.11.0rc2):
  - Fix multiplying a list by an integer (list *= int): detect
    the integer overflow when the new allocated length is close
    to the maximum size. Issue reported by Jordan Limor. Patch by
    Victor Stinner.
  - On Linux the multiprocessing module returns to using
    filesystem backed unix domain sockets for communication
    with the forkserver process instead of the Linux abstract

OBS-URL: https://build.opensuse.org/request/show/1031401
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=34
2022-10-26 21:24:53 +00:00
d8ac67fc2d - Update to 3.11.0rc2:
- Converting between int and str in bases other than 2
    (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base
    10 (decimal) now raises a ValueError if the number of digits
    in string form is above a limit to avoid potential denial of
    service attacks due to the algorithmic complexity. This is
    a mitigation for CVE-2020-10735.
    This new limit can be configured or disabled by environment
    variable, command line flag, or sys APIs. See the integer
    string conversion length limitation documentation. The
    default limit is 4300 digits in string form.
  - Fix case of undefined behavior in ceval.c
  - Do not expose KeyWrapper in _functools.
  - Ensure that tracing, sys.setrace(), is turned on
    immediately. In pre-release versions of 3.11, some tracing
    events might have been lost when turning on tracing in a
    __del__ method or interrupt.
  - Fix use after free in trace refs build mode. Patch by Kumar
    Aditya.
  - When loading a file with invalid UTF-8 inside a multi-line
    string, a correct SyntaxError is emitted.
  - Make sure that incomplete frames do not show up in
    tracemalloc traces.
  - Remove two cases of undefined behavior, by adding NULL
    checks.
  - Fix possible NULL pointer dereference in
    _PyThread_CurrentFrames. Patch by Kumar Aditya.
  - Fix AttributeError missing name and obj attributes in
    object.__getattribute__(). Patch by Philip Georgi.
  - Loading a file with invalid UTF-8 will now report the broken

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=32
2022-09-15 09:14:50 +00:00
d9d021447f Accepting request 1001307 from openSUSE:Factory:RISCV
- Increase testsuite timeout for test_freeze_simple_script

OBS-URL: https://build.opensuse.org/request/show/1001307
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=30
2022-09-06 12:03:43 +00:00
93d3c08eeb - Update to 3.11.0rc1:
- Core and Builtins
    - Update code object hashing and equality to consider all
      debugging and exception handling tables. This fixes an
      issue where certain non-identical code objects could be
      “deduplicated” during compilation.
    - _PyPegen_Parser_New now properly detects token memory
      allocation errors. Patch by Honglin Zhu.
    - Run Python code in tracer/profiler function at full
      speed. Fixes slowdown in earlier versions of 3.11.
    - Emit a warning in debug mode if an object does not call
      PyObject_GC_UnTrack() before deallocation. Patch by Pablo
      Galindo.
    - Prevented crashes in the AST constructor when
      compiling some absurdly long expressions like
      "+0"*1000000. RecursionError is now raised instead. Patch
      by Pablo Galindo
    - ast.AST node positions are now validated when provided to
      compile() and other related functions. If invalid positions
      are detected, a ValueError will be raised.
    - Fix error detection in some builtin functions when keyword
      argument name is an instance of a str subclass with
      overloaded __eq__ and __hash__. Previously it could cause
      SystemError or other undesired behavior.
  - Library
    - Update bundled pip to 22.2.2.
    - Fix asyncio.TaskGroup to propagate exception when
      asyncio.CancelledError was replaced with another exception
      by a context manger. Patch by Kumar Aditya and Guido van
      Rossum.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=27
2022-08-20 14:25:45 +00:00
a867744a23 - Update to 3.11.0b5:
- Core and Builtins
    - gh-93351: ast.AST node positions are now validated when
      provided to compile() and other related functions. If
      invalid positions are detected, a ValueError will be
      raised.
    - gh-94438: Fix an issue that caused extended opcode
      arguments and some conditional pops to be ignored when
      calculating valid jump targets for assignments to the
      f_lineno attribute of frame objects. In some cases, this
      could cause inconsistent internal state, resulting in a
      hard crash of the interpreter.
    - gh-95060: Undocumented PyCode_Addr2Location function now
      properly returns when addrq argument is less than zero.
    - gh-95113: Replace all EXTENDED_ARG_QUICK instructions
      with basic EXTENDED_ARG instructions in unquickened
      code. Consumers of non-adaptive bytecode should be able to
      handle extended arguments the same way they were handled in
      CPython 3.10 and older.
    - gh-91409: Fix incorrect source location info caused by
      certain optimizations in the bytecode compiler.
    - gh-94036: Fix incorrect source location info for some
      multi-line attribute accesses and method calls.
    - gh-94739: Allow jumping within, out of, and across
      exception handlers in the debugger.
    - gh-94949: ast.parse() will no longer parse parenthesized
      context managers when passed feature_version less than (3,
      9). Patch by Shantanu Jain.
    - gh-94947: ast.parse() will no longer parse assignment
      expressions when passed feature_version less than (3,

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=25
2022-07-26 10:43:57 +00:00
ebc3127ec8 Restore %primary_interpreter
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=23
2022-07-21 15:15:28 +00:00
3978a4fb6f - Switch from %primary_interpreter to prjconf-defined
%primary_python (gh#openSUSE/python-rpm-macros#127).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=22
2022-07-21 14:25:26 +00:00
6af5b9f2b3 - Update to 3.11.0b4:
- Fixes many bugs and adds following more significant changes
- Security
  - gh-68966: The deprecated mailcap module now refuses to inject
    Coreunsafe text (filenames, MIME types, parameters) into
    shell Corecommands. Instead of using such text, it will
    warn and act Coreas if a match was not found (or for test
    commands, as if the Coretest failed). and Builtins
  - gh-93516: Lazily create a table mapping bytecode offsets to
    line numbers to speed up calculation of line numbers when
    tracing.
  - gh-93461: importlib.invalidate_caches() now drops entries
    from sys.path_importer_cache with a relative path as
    name. This solves a caching issue when a process changes its
    current working directory.
  - FileFinder no longer inserts a dot in the path, e.g.
    /egg/./spam is now /egg/spam.
Library
  - gh-93896: Fix asyncio.run() and
    unittest.IsolatedAsyncioTestCase to always the set event loop
    as it was done in Python 3.10 and earlier. Patch by Kumar
    Aditya.
  - gh-94101: Manual instantiation of ssl.SSLSession objects is
    no longer allowed as it lead to misconfigured instances that
    crashed the interpreter when attributes where accessed on
    them.
  - gh-83658: Make multiprocessing.Pool raise an exception if
    maxtasksperchild is not None or a positive int.
  - gh-61162: Clarify sqlite3 behavior when Using the connection
    as a context manager.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=20
2022-07-14 16:01:58 +00:00
f224cc3c2d - Update to 3.11.0b2:
- many small updates

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=17
2022-05-31 20:57:46 +00:00
eff536f20e We require more recent Sphinx
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=15
2022-05-18 09:35:06 +00:00
9c0a8f3c4c - Add patch support-expat-245.patch:
* Support Expat >= 2.4.4 (jsc#SLE-21253)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=14
2022-05-17 22:11:07 +00:00
bf95b5f221 - Fix building with system-expat (gh#python/cpython#92875). Nope,
it didn't work, worked around it.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=13
2022-05-17 18:43:45 +00:00
634ab7609b Fix building with system-expat (gh#python/cpython#92875).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=11
2022-05-17 17:43:33 +00:00
2b3a992a89 Fix SPEC
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=9
2022-05-10 19:14:07 +00:00
42e2453f80 Fix missing item in %%files.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=8
2022-05-10 17:19:41 +00:00
1c968d4121 - Refresh bluez-devel-vendor.tar.xz
- Fix files and handling of new modules.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=7
2022-05-10 16:49:16 +00:00
887681833e Rename files to comply with the name of the package
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=5
2022-05-09 15:17:36 +00:00