ab117b0c83
- New development of new major version, update to 3.15.0~a1: - Tools/Demos - gh-139330: SBOM generation tool didn’t cross-check the version and checksum values against the Modules/expat/refresh.sh script, leading to the values becoming out-of-date during routine updates. - gh-132006: XCframeworks now include privacy manifests to satisfy Apple App Store submission requirements. - gh-138171: A script for building an iOS XCframework was added. As part of this change, the top level iOS folder has been moved to be a subdirectory of the Apple folder. - gh-137873: The iOS test runner has been simplified, resolving some issues that have been observed using the runner in GitHub Actions and Azure Pipelines test environments. - gh-137484: Have Tools/wasm/wasi put the build Python into a directory named after the build triple instead of “build”. - gh-137025: The wasm_build.py script has been removed. Tools/wasm/emscripten and Tools/wasm/wasi should be used instead, as described in the Dev Guide. - gh-137248: Add a --logdir option to Tools/wasm/wasi for specifying where to write log files. - gh-137243: Have Tools/wasm/wasi detect a WASI SDK install in /opt when it was directly extracted from a release tarball. - gh-136251: Fixes and usability improvements for Tools/wasm/emscripten/web_example - gh-135968: Stubs for strip are now provided as part of an iOS install. - gh-135379: The cases generator no longer accepts type
Matej Cepl2025-10-24 21:59:31 +00:00
eb33aed2e2
Use sed to remove "--fail-on-warning" config from Makefile instead of the patch gh139257-Support-docutils-0.22.patch
Matej Cepl2025-10-16 16:26:47 +00:00
960b71b79d
- Summary – Release highlights Python 3.14 is the latest stable release of the Python programming language, with a mix of changes to the language, the implementation, and the standard library. The biggest changes include template string literals, deferred evaluation of annotations, and support for subinterpreters in the standard library. The library changes include significantly improved capabilities for introspection in asyncio, support for Zstandard via a new compression.zstd module, syntax highlighting in the REPL, as well as the usual deprecations and removals, and improvements in user-friendliness and correctness. - Interpreter improvements: - PEP 649 and PEP 749: Deferred evaluation of annotations - PEP 734: Multiple interpreters in the standard library - PEP 750: Template strings - PEP 758: Allow except and except* expressions without brackets - PEP 765: Control flow in finally blocks - PEP 768: Safe external debugger interface for CPython - A new type of interpreter - Free-threaded mode improvements - Improved error messages - Incremental garbage collection - Significant improvements in the standard library: - PEP 784: Zstandard support in the standard library - Asyncio introspection capabilities - Concurrent safe warnings control - Syntax highlighting in the default interactive shell, and color output in several standard library CLIs
Matej Cepl2025-10-08 09:45:59 +00:00
9e2d52efb7
Add gh139257-Support-docutils-0.22.patch to fix build with latest docutils (>=0.22) gh#python/cpython#139257
Matej Cepl2025-09-30 16:13:57 +00:00
92d12c8820
- Update to 3.14.0~rc3: - Tools/Demos - gh-137873: The iOS test runner has been simplified, resolving some issues that have been observed using the runner in GitHub Actions and Azure Pipelines test environments. - Security - gh-135661: Fix CDATA section parsing in html.parser.HTMLParser according to the HTML5 standard: ] ]> and ]] > no longer end the CDATA section. Add private method _set_support_cdata() which can be used to specify how to parse <[CDATA[ — as a CDATA section in foreign content (SVG or MathML) or as a bogus comment in the HTML namespace. - Library - gh-138998: Update bundled libexpat to 2.7.2 - gh-118803: Add back collections.abc.ByteString and typing.ByteString. Both had been removed in prior alpha, beta and release candidates for Python 3.14, but their removal has now been postponed to Python 3.17. - gh-137226: Fix typing.get_type_hints() calls on generic typing.TypedDict classes defined with string annotations. - gh-138804: Raise TypeError instead of AttributeError when an argument of incorrect type is passed to shlex.quote(). This restores the behavior of the function prior to 3.14. - gh-128636: Fix crash in PyREPL when os.environ is overwritten with an invalid value for mac - gh-138514: Raise ValueError when a multi-character string is passed to the echo_char parameter of getpass.getpass(). Patch by Benjamin Johnson.
Matej Cepl2025-09-18 16:54:41 +00:00
d262ae3380
- Add gh138131-exclude-pycache-from-digest.patch fixing reproducible build for python-nogil. (bsc#1244680, gh#python/cpython#138131)
Daniel Garcia2025-09-12 09:05:50 +00:00
a5973c7fdb
- Move compression folder to python-base where it should be. This module is used internally in gzip.py.
Daniel Garcia2025-09-05 07:41:49 +00:00
5852b2800e
- Update to 3.14.0~rc2: - Library - gh-137426: Remove the code deprecation of importlib.abc.ResourceLoader. It is documented as deprecated, but left for backwards compatibility with other classes in importlib.abc. - gh-137282: Fix tab completion and dir() on concurrent.futures. - gh-137257: Bump the version of pip bundled in ensurepip to version 25.2 - gh-137226: Fix behavior of annotationlib.ForwardRef.evaluate() when the type_params parameter is passed and the name of a type param is also present in an enclosing scope. - gh-130522: Fix unraisable TypeError raised during interpreter shutdown in the threading module. - gh-137059: Fix handling of file URLs with a Windows drive letter in the URL authority by urllib.request.url2pathname(). This fixes a regression in earlier pre-releases of Python 3.14. - gh-130577: tarfile now validates archives to ensure member offsets are non-negative. (Contributed by Alexander Enrique Urieles Nieto in gh-130577; CVE-2025-8194, bsc#1247249). - gh-135228: When dataclasses replaces a class with a slotted dataclass, the original class can now be garbage collected again. Earlier changes in Python 3.14 caused this class to always remain in existence together with the replacement class synthesized by dataclasses. - Documentation - gh-136155: We are now checking for fatal errors in EPUB
Matej Cepl2025-08-15 14:16:06 +00:00
0073182b67
- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now validates archives to ensure member offsets are non-negative (gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).
Matej Cepl2025-08-01 20:11:08 +00:00
e49112fb09
- Update to 3.14.0~rc1: - Tools/Demos - gh-136251: Fixes and usability improvements for Tools/wasm/emscripten/web_example - Security - gh-135661: Fix parsing attributes with whitespaces around the = separator in html.parser.HTMLParser according to the HTML5 standard. - gh-118350: Fix support of escapable raw text mode (elements “textarea” and “title”) in html.parser.HTMLParser. - Library - gh-136170: Removed the unreleased zipfile.ZipFile.data_offset property added in 3.14.0a7 as it wasn’t fully clear which behavior it should have in some situations so the result was not always what a user might expect. - gh-124621: pyrepl now works in Emscripten. - gh-136874: Discard URL query and fragment in urllib.request.url2pathname(). - gh-130645: Enable color help by default in argparse. - gh-136549: Fix signature of threading.excepthook(). - gh-136523: Fix wave.Wave_write emitting an unraisable when open raises. - gh-52876: Add missing keepends (default True) parameter to codecs.StreamReaderWriter.readline() and codecs.StreamReaderWriter.readlines(). - gh-136470: Correct concurrent.futures.InterpreterPoolExecutor’s default thread name. - gh-136476: Fix a bug that was causing the
Matej Cepl2025-07-23 08:11:40 +00:00
60575468bf
- Update to 3.14.0~b4: - Tools/Demos - gh-135968: Stubs for strip are now provided as part of an iOS install. - gh-133600: Backport file reorganization for . Tools/wasm/wasi This should make backporting future code . changes easier. It also simplifies instructions around how. to do WASI builds in the devguide . - Tests - gh-135966: The iOS testbed now handles the app_packages folder as a site directory. - gh-135494: Fix regrtest to support excluding tests from --pgo tests. Patch by Victor Stinner. - Security - gh-136053: marshal: fix a possible crash when deserializing slice objects. - gh-135661: Fix parsing start and end tags in html.parser.HTMLParser according to the HTML5 standard. - Whitespaces no longer accepted between </ and the tag name. E.g. </ script> does not end the script section. - Vertical tabulation (\v) and non-ASCII whitespaces no longer recognized as whitespaces. The only whitespaces are \t\n\r\f and space. - Null character (U+0000) no longer ends the tag name. - Attributes and slashes after the tag name in end tags are now ignored, instead of terminating after the first > in quoted attribute value. E.g. </script/foo=">"/>. - Multiple slashes and whitespaces between the last attribute and closing > are now ignored in both start and end tags. E.g. <a foo=bar/ //>.
Matej Cepl2025-07-09 05:57:00 +00:00
bb3da16d4f
- Use one core to build doc. This will make sphinx doc build reproducible. bsc#1243155
Matej Cepl2025-07-02 13:17:19 +00:00
9424e36edf
- Update to 3.14.0~b3: - Tests - gh-132815: Fix test__opcode: add JUMP_BACKWARD to specialization stats. - gh-135489: Show verbose output for failing tests during PGO profiling step with –enable-optimizations. - gh-135120: Add test.support.subTests(). - Security - gh-135462: Fix quadratic complexity in processing specially crafted input in html.parser.HTMLParser. End-of-file errors are now handled according to the HTML5 specs – comments and declarations are automatically closed, tags are ignored. - gh-135034: Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links. Addresses CVE 2024-12718, CVE 2025-4138, CVE 2025-4330, and CVE 2025-4517. - Library - gh-65697: configparser’s error message when attempting to write an invalid key is now more helpful. - gh-135497: Fix os.getlogin() failing for longer usernames on BSD-based platforms. - gh-135429: Fix the argument mismatch in _lsprof for PY_THROW event. - gh-135368: Fix unittest.mock.Mock generation on dataclasses.dataclass() objects. Now all special attributes are set as it was before gh-124429. - gh-133967: Do not normalize locale name ‘C.UTF-8’ to ‘en_US.UTF-8’. - gh-135321: Raise a correct exception for values greater
Matej Cepl2025-06-21 22:34:13 +00:00
92dfccd87c
- Update to 3.14.0~b2: - Tools/Demos - gh-134215: REPL import autocomplete only suggests private modules when explicitly specified. - Tests - gh-133744: Fix multiprocessing interrupt test. Add an event to synchronize the parent process with the child process: wait until the child process starts sleeping. Patch by Victor Stinner. - gh-133682: Fixed test case test.test_annotationlib.TestStringFormat.test_displays which ensures proper handling of complex data structures (lists, sets, dictionaries, and tuples) in string annotations. - gh-133639: Fix TestPyReplAutoindent.test_auto_indent_default() doesn’t run input_code. - Security - gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-“strict” error handler (CVE-2025-4516 bsc#1243273). - gh-128840: Short-circuit the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service. - Library - gh-132710: If possible, ensure that uuid.getnode() returns the same result even across different processes. Previously, the result was constant only within the same process. Patch by Bénédikt Tran. - gh-80334: multiprocessing.freeze_support() now checks for
Matej Cepl2025-05-29 11:50:01 +00:00
9fc70855cb
- Add CVE-2025-4516-DecodeError-handler.patch fixing CVE-2025-4516 (bsc#1243273) blocking DecodeError handling vulnerability, which could lead to DoS.
Matej Cepl2025-05-16 13:45:27 +00:00
c3d6bcb586
- Simplify python-3.3.0b1-fix_date_time_compiler.patch not to change getbuildinfo.c, normalizations are already done by gcc.
Matej Cepl2025-05-12 11:03:58 +00:00
6fabd20050
- Update to 3.14.0~b1: - Tools/Demos - gh-130453: Allow passing multiple keyword arguments with the same function name in pygettext. - gh-130195: Add warning messages when pygettext unimplemented -a/--extract-all option is called. - Tests - gh-133131: The iOS testbed will now select the most recently released “SE-class” device for testing if a device isn’t explicitly specified. - gh-91048: Add ability to externally inspect all pending asyncio tasks, even if no task is currently entered on the event loop. - gh-109981: The test helper that counts the list of open file descriptors now uses the optimised /dev/fd approach on all Apple platforms, not just macOS. This avoids crashes caused by guarded file descriptors. - gh-132678: Add --prioritize to -m test. This option allows the user to specify which selected tests should execute first, even if the order is otherwise randomized. This is particularly useful for tests that run the longest. - gh-131290: Tests in Lib/test can now be correctly executed as standalone scripts. - Security - gh-115322: The underlying extension modules behind readline:, subprocess, and ctypes now raise audit events on previously uncovered code paths that could lead to file system access related to C function calling and external binary execution. The ctypes.call_function audit hook has also been fixed to use an unsigned value for its function
Matej Cepl2025-05-09 08:51:17 +00:00
f66c91fdae
- Update to the fifth development version of 3.14.0: - Tools/Demos - gh-129248: The iOS test runner now strips the log prefix from each line output by the test suite. - gh-104400: Fix several bugs in extraction by switching to an AST parser in pygettext. - Tests - gh-129386: Add test.support.reset_code, which can be used to reset various bytecode-level optimizations and local instrumentation for a function. - gh-128474: Disable test_embed test cases that segfault on BOLT instrument binaries. The tests are only disabled when BOLT is enabled. - gh-128003: Add an option --parallel-threads=N to the regression test runner that runs individual tests in multiple threads in parallel in order to find concurrency bugs. Note that most of the test suite is not yet reviewed for thread-safety or annotated with @thread_unsafe when necessary. - Security - gh-105704: When using urllib.parse.urlsplit() and urllib.parse.urlparse() host parsing would not reject domain names containing square brackets ([ and ]). Square brackets are only valid for IPv6 and IPvFuture hosts according to RFC 3986 Section 3.2.2. - gh-126108: Fix a possible NULL pointer dereference in PySys_AddWarnOptionUnicode(). - gh-80222: Fix bug in the folding of quoted strings when flattening an email message using a modern email policy. Previously when a quoted string was folded so
Matej Cepl2025-02-12 21:26:50 +00:00
aa15e53b7d
- Update to the fourth development version of 3.14.0: - Tools/Demos - gh-128152: Fix a bug where Argument Clinic’s C pre-processor parser tried to parse pre-processor directives inside C comments. Patch by Erlend Aasland. - Tests - gh-128690: Temporarily do not use test_embed in PGO profile builds until the problem with test_init_pyvenv_cfg failing in some configurations is resolved. - Library - gh-128731: Fix ResourceWarning in urllib.robotparser.RobotFileParser.read(). - gh-71339: Add new assertion methods for unittest: assertHasAttr(), assertNotHasAttr(), assertIsSubclass(), assertNotIsSubclass() assertStartsWith(), assertNotStartsWith(), assertEndsWith() and assertNotEndsWith(). - gh-118761: Improve import time of pickle by 25% by removing an unnecessary regular expression. As such, re is no more implicitly available as pickle.re. Patch by Bénédikt Tran. - gh-128661: Fixes typing.evaluate_forward_ref() not showing deprecation when type_params arg is not passed. - gh-128562: Fix possible conflicts in generated tkinter widget names if the widget class name ends with a digit. - gh-128559: Improved import time of asyncio. - gh-128552: Fix cyclic garbage introduced by asyncio.loop.create_task() and asyncio.TaskGroup.create_task() holding a reference to the created task if it is eager. - gh-128340: Add internal thread safe handle to be used
Matej Cepl2025-01-17 23:07:33 +00:00
7d042942a8
- Update to the third development version of 3.14.0: - Tools/Demos - gh-126700: Add support for multi-argument gettext functions in pygettext.py. - Tests - gh-127906: Test the limited C API in test_cppext. Patch by Victor Stinner. - gh-127637: Add tests for the dis command-line interface. Patch by Bénédikt Tran. - gh-126925: iOS test results are now streamed during test execution, and the deprecated xcresulttool is no longer used. - gh-127076: Disable strace based system call tests when LD_PRELOAD is set. - gh-127076: Filter out memory-related mmap, munmap, and mprotect calls from file-related ones when testing io behavior using strace. - Security - gh-127655: Fixed the asyncio.selector_events._SelectorSocketTransport transport not pausing writes for the protocol when the buffer reaches the high water mark when using asyncio.WriteTransport.writelines(). - Library - gh-126907: Fix crash when using atexit concurrently on the free-threaded build. - gh-127870: Detect recursive calls in ctypes _as_parameter_ handling. Patch by Victor Stinner. - gh-127732: The platform module now correctly detects Windows Server 2025.
Matej Cepl2024-12-18 00:35:19 +00:00
9643647555
- Update to the second development version of 3.14.0a2. - Tools/Demos - gh-126807: Fix extraction warnings in pygettext.py caused by mistaking function definitions for function calls. - gh-126167: The iOS testbed was modified so that it can be used by third-party projects for testing purposes. - Tests - gh-126909: Fix test_os extended attribute tests to work on filesystems with 1 KiB xattr size limit. - gh-125730: Change make test to not run GUI tests by default. Use make ci to run tests with GUI tests instead. - gh-124295: Add translation tests to the argparse module. - Security - gh-126623: Upgrade libexpat to 2.6.4 - Library - gh-85957: Add missing MIME types for images with RFCs: emf, fits, g3fax, jp2, jpm, jpx, t38, tiff-fx and wmf. Patch by Hugo van Kemenade. - gh-126920: Fix the prefix and exec_prefix keys from sysconfig.get_config_vars() incorrectly having the same value as sys.base_prefix and sys.base_exec_prefix, respectively, inside virtual environments. They now accurately reflect sys.prefix and sys.exec_prefix. - gh-67877: Fix memory leaks when regular expression matching terminates abruptly, either because of a signal or because memory allocation fails. - gh-125063: marshal now supports slice objects. The marshal format version was increased to 5. - gh-126789: Fixed the values of sysconfig.get_config_vars(), sysconfig.get_paths(), and their siblings when the site
Matej Cepl2024-11-19 22:16:13 +00:00
f00129141b
Accepting request 1311757 from devel:languages:python:Factory
Ana Guerrero2025-10-17 15:25:42 +00:00
40b021884e
- Use sed to remove "--fail-on-warning" config from Makefile instead of the patch gh139257-Support-docutils-0.22.patch
Matej Cepl2025-10-16 16:26:47 +00:00
31eec57a82
- Fix python314:doc package build with docutils 0.22. Remove the "SPHINXERRORHANDLING = --fail-on-warning" from Doc/Makefile using the gh139257-Support-docutils-0.22.patch.
Markéta Machová2025-10-09 13:52:03 +00:00
089998e4e3
- Summary – Release highlights Python 3.14 is the latest stable release of the Python programming language, with a mix of changes to the language, the implementation, and the standard library. The biggest changes include template string literals, deferred evaluation of annotations, and support for subinterpreters in the standard library. The library changes include significantly improved capabilities for introspection in asyncio, support for Zstandard via a new compression.zstd module, syntax highlighting in the REPL, as well as the usual deprecations and removals, and improvements in user-friendliness and correctness. - Interpreter improvements: - PEP 649 and PEP 749: Deferred evaluation of annotations - PEP 734: Multiple interpreters in the standard library - PEP 750: Template strings - PEP 758: Allow except and except* expressions without brackets - PEP 765: Control flow in finally blocks - PEP 768: Safe external debugger interface for CPython - A new type of interpreter - Free-threaded mode improvements - Improved error messages - Incremental garbage collection - Significant improvements in the standard library: - PEP 784: Zstandard support in the standard library - Asyncio introspection capabilities - Concurrent safe warnings control - Syntax highlighting in the default interactive shell, and color output in several standard library CLIs
Matej Cepl2025-10-08 09:45:59 +00:00
c12cd8a8d5
Accepting request 1308302 from devel:languages:python:Factory
Ana Guerrero2025-10-01 16:56:23 +00:00
2167d48983
- Add _zstd to the built package and libzstd as BuildRequries, boo#1250659
Daniel Garcia2025-10-01 05:35:58 +00:00
e3c6affe53
- Add gh139257-Support-docutils-0.22.patch to fix build with latest docutils (>=0.22) gh#python/cpython#139257
Matej Cepl2025-09-30 16:13:57 +00:00
0b453a908d
Accepting request 1305881 from devel:languages:python:Factory
Ana Guerrero2025-09-19 13:33:50 +00:00
71efb9a76a
- Update to 3.14.0~rc3: - Tools/Demos - gh-137873: The iOS test runner has been simplified, resolving some issues that have been observed using the runner in GitHub Actions and Azure Pipelines test environments. - Security - gh-135661: Fix CDATA section parsing in html.parser.HTMLParser according to the HTML5 standard: ] ]> and ]] > no longer end the CDATA section. Add private method _set_support_cdata() which can be used to specify how to parse <[CDATA[ — as a CDATA section in foreign content (SVG or MathML) or as a bogus comment in the HTML namespace. - Library - gh-138998: Update bundled libexpat to 2.7.2 - gh-118803: Add back collections.abc.ByteString and typing.ByteString. Both had been removed in prior alpha, beta and release candidates for Python 3.14, but their removal has now been postponed to Python 3.17. - gh-137226: Fix typing.get_type_hints() calls on generic typing.TypedDict classes defined with string annotations. - gh-138804: Raise TypeError instead of AttributeError when an argument of incorrect type is passed to shlex.quote(). This restores the behavior of the function prior to 3.14. - gh-128636: Fix crash in PyREPL when os.environ is overwritten with an invalid value for mac - gh-138514: Raise ValueError when a multi-character string is passed to the echo_char parameter of getpass.getpass(). Patch by Benjamin Johnson.
Matej Cepl2025-09-18 16:54:41 +00:00
22a9dbadd9
Accepting request 1304274 from devel:languages:python:Factory
Ana Guerrero2025-09-12 19:10:34 +00:00
8469df561b
- Add gh138131-exclude-pycache-from-digest.patch fixing reproducible build for python-nogil. (bsc#1244680, gh#python/cpython#138131)
Daniel Garcia2025-09-12 09:05:50 +00:00
0e0c411d7a
Accepting request 1303308 from devel:languages:python:Factory
Ana Guerrero2025-09-09 18:30:35 +00:00
b408fd2b7e
Accepting request 1302884 from devel:languages:python:Factory
Ana Guerrero2025-09-05 19:43:54 +00:00
d87025b273
- Move compression folder to python-base where it should be. This module is used internally in gzip.py.
Daniel Garcia2025-09-05 07:41:49 +00:00
4bde241d1c
- Update to 3.14.0~rc2: - Library - gh-137426: Remove the code deprecation of importlib.abc.ResourceLoader. It is documented as deprecated, but left for backwards compatibility with other classes in importlib.abc. - gh-137282: Fix tab completion and dir() on concurrent.futures. - gh-137257: Bump the version of pip bundled in ensurepip to version 25.2 - gh-137226: Fix behavior of annotationlib.ForwardRef.evaluate() when the type_params parameter is passed and the name of a type param is also present in an enclosing scope. - gh-130522: Fix unraisable TypeError raised during interpreter shutdown in the threading module. - gh-137059: Fix handling of file URLs with a Windows drive letter in the URL authority by urllib.request.url2pathname(). This fixes a regression in earlier pre-releases of Python 3.14. - gh-130577: tarfile now validates archives to ensure member offsets are non-negative. (Contributed by Alexander Enrique Urieles Nieto in gh-130577; CVE-2025-8194, bsc#1247249). - gh-135228: When dataclasses replaces a class with a slotted dataclass, the original class can now be garbage collected again. Earlier changes in Python 3.14 caused this class to always remain in existence together with the replacement class synthesized by dataclasses. - Documentation - gh-136155: We are now checking for fatal errors in EPUB
Matej Cepl2025-08-15 14:16:06 +00:00
de83be387e
- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now validates archives to ensure member offsets are non-negative (gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).
Matej Cepl2025-08-01 20:11:08 +00:00
c92a103129
Accepting request 1295248 from devel:languages:python:Factory
Ana Guerrero2025-07-23 14:35:49 +00:00
ce17a8111c
- Update to 3.14.0~rc1: - Tools/Demos - gh-136251: Fixes and usability improvements for Tools/wasm/emscripten/web_example - Security - gh-135661: Fix parsing attributes with whitespaces around the = separator in html.parser.HTMLParser according to the HTML5 standard. - gh-118350: Fix support of escapable raw text mode (elements “textarea” and “title”) in html.parser.HTMLParser. - Library - gh-136170: Removed the unreleased zipfile.ZipFile.data_offset property added in 3.14.0a7 as it wasn’t fully clear which behavior it should have in some situations so the result was not always what a user might expect. - gh-124621: pyrepl now works in Emscripten. - gh-136874: Discard URL query and fragment in urllib.request.url2pathname(). - gh-130645: Enable color help by default in argparse. - gh-136549: Fix signature of threading.excepthook(). - gh-136523: Fix wave.Wave_write emitting an unraisable when open raises. - gh-52876: Add missing keepends (default True) parameter to codecs.StreamReaderWriter.readline() and codecs.StreamReaderWriter.readlines(). - gh-136470: Correct concurrent.futures.InterpreterPoolExecutor’s default thread name. - gh-136476: Fix a bug that was causing the
Matej Cepl2025-07-23 08:11:40 +00:00
d75ee26429
Accepting request 1294540 from devel:languages:python:Factory
Ana Guerrero2025-07-21 18:00:24 +00:00
6b2ca0649e
Accepting request 1291400 from devel:languages:python:Factory
Ana Guerrero2025-07-09 15:28:24 +00:00
0d138f00f9
- Update to 3.14.0~b4: - Tools/Demos - gh-135968: Stubs for strip are now provided as part of an iOS install. - gh-133600: Backport file reorganization for . Tools/wasm/wasi This should make backporting future code . changes easier. It also simplifies instructions around how. to do WASI builds in the devguide . - Tests - gh-135966: The iOS testbed now handles the app_packages folder as a site directory. - gh-135494: Fix regrtest to support excluding tests from --pgo tests. Patch by Victor Stinner. - Security - gh-136053: marshal: fix a possible crash when deserializing slice objects. - gh-135661: Fix parsing start and end tags in html.parser.HTMLParser according to the HTML5 standard. - Whitespaces no longer accepted between </ and the tag name. E.g. </ script> does not end the script section. - Vertical tabulation (\v) and non-ASCII whitespaces no longer recognized as whitespaces. The only whitespaces are \t\n\r\f and space. - Null character (U+0000) no longer ends the tag name. - Attributes and slashes after the tag name in end tags are now ignored, instead of terminating after the first > in quoted attribute value. E.g. </script/foo=">"/>. - Multiple slashes and whitespaces between the last attribute and closing > are now ignored in both start and end tags. E.g. <a foo=bar/ //>.
Matej Cepl2025-07-09 05:57:00 +00:00
0c9c9afe8c
Accepting request 1289981 from devel:languages:python:Factory
Ana Guerrero2025-07-02 16:17:30 +00:00
53b782d3a6
- Add bsc1243155-sphinx-non-determinism.patch (bsc#1243155) to generate ids for audit_events using docname (reproducible builds).
Matej Cepl2025-07-02 13:18:20 +00:00
35294a40a4
- Use one core to build doc. This will make sphinx doc build reproducible. bsc#1243155
Matej Cepl2025-07-02 13:17:19 +00:00
66dec9ba75
Accepting request 1288600 from devel:languages:python:Factory
Ana Guerrero2025-06-26 09:38:10 +00:00
940abe7147
Also addreses bsc#1244705, CVE-2025-6069 and CVE-2025-4435 (gh#135034, bsc#1244061).
Matej Cepl2025-06-25 19:57:48 +00:00
9a13683c02
Accepting request 1287713 from devel:languages:python:Factory
Ana Guerrero2025-06-23 13:04:26 +00:00
324e027d67
- Update to 3.14.0~b3: - Tests - gh-132815: Fix test__opcode: add JUMP_BACKWARD to specialization stats. - gh-135489: Show verbose output for failing tests during PGO profiling step with –enable-optimizations. - gh-135120: Add test.support.subTests(). - Security - gh-135462: Fix quadratic complexity in processing specially crafted input in html.parser.HTMLParser. End-of-file errors are now handled according to the HTML5 specs – comments and declarations are automatically closed, tags are ignored. - gh-135034: Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links. Addresses CVE 2024-12718, CVE 2025-4138, CVE 2025-4330, and CVE 2025-4517. - Library - gh-65697: configparser’s error message when attempting to write an invalid key is now more helpful. - gh-135497: Fix os.getlogin() failing for longer usernames on BSD-based platforms. - gh-135429: Fix the argument mismatch in _lsprof for PY_THROW event. - gh-135368: Fix unittest.mock.Mock generation on dataclasses.dataclass() objects. Now all special attributes are set as it was before gh-124429. - gh-133967: Do not normalize locale name ‘C.UTF-8’ to ‘en_US.UTF-8’. - gh-135321: Raise a correct exception for values greater
Matej Cepl2025-06-21 22:34:13 +00:00
79e939b48a
- Update to 3.14.0~b2: - Tools/Demos - gh-134215: REPL import autocomplete only suggests private modules when explicitly specified. - Tests - gh-133744: Fix multiprocessing interrupt test. Add an event to synchronize the parent process with the child process: wait until the child process starts sleeping. Patch by Victor Stinner. - gh-133682: Fixed test case test.test_annotationlib.TestStringFormat.test_displays which ensures proper handling of complex data structures (lists, sets, dictionaries, and tuples) in string annotations. - gh-133639: Fix TestPyReplAutoindent.test_auto_indent_default() doesn’t run input_code. - Security - gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-“strict” error handler (CVE-2025-4516 bsc#1243273). - gh-128840: Short-circuit the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service. - Library - gh-132710: If possible, ensure that uuid.getnode() returns the same result even across different processes. Previously, the result was constant only within the same process. Patch by Bénédikt Tran. - gh-80334: multiprocessing.freeze_support() now checks for
Matej Cepl2025-05-29 11:50:01 +00:00
7e8729c910
Accepting request 1278108 from devel:languages:python:Factory
Ana Guerrero2025-05-20 07:36:12 +00:00
70a5881572
- Add CVE-2025-4516-DecodeError-handler.patch fixing CVE-2025-4516 (bsc#1243273) blocking DecodeError handling vulnerability, which could lead to DoS.
Matej Cepl2025-05-16 13:45:27 +00:00
041db29d48
Accepting request 1277634 from devel:languages:python:Factory
Ana Guerrero2025-05-15 15:01:52 +00:00
5397122a9a
- Skip test_multiprocessing_spawn, test_remote_pdb, test_sys in qemu linux-user emulation
Matej Cepl2025-05-15 08:34:57 +00:00
8f9bb7c680
Accepting request 1276737 from devel:languages:python:Factory
Ana Guerrero2025-05-12 14:51:31 +00:00
d5f7289dc9
- Simplify python-3.3.0b1-fix_date_time_compiler.patch not to change getbuildinfo.c, normalizations are already done by gcc.
Matej Cepl2025-05-12 11:03:58 +00:00
ffa51c1d70
- rename _testexternalinspection to _remotedebugging (gh#python/cpython!133284)
Matej Cepl2025-05-11 22:23:36 +00:00
bd8190196b
- Remove python-3.3.0b1-test-posix_fadvise.patch (not needed since kernel 3.6-rc1) - _contextvars is not a dynamic module any more (gh#python/cpython#128384)
Matej Cepl2025-05-11 22:07:32 +00:00
ce7b31e84c
- Remove python-3.3.0b1-test-posix_fadvise.patch (not needed since kernel 3.6-rc1)
Matej Cepl2025-05-10 11:43:49 +00:00
2dd8922f18
- Disabled GIL and experimental JIT cannot be combined.
Matej Cepl2025-05-10 09:46:32 +00:00
0b9e0525eb
- Update to 3.14.0~b1: - Tools/Demos - gh-130453: Allow passing multiple keyword arguments with the same function name in pygettext. - gh-130195: Add warning messages when pygettext unimplemented -a/--extract-all option is called. - Tests - gh-133131: The iOS testbed will now select the most recently released “SE-class” device for testing if a device isn’t explicitly specified. - gh-91048: Add ability to externally inspect all pending asyncio tasks, even if no task is currently entered on the event loop. - gh-109981: The test helper that counts the list of open file descriptors now uses the optimised /dev/fd approach on all Apple platforms, not just macOS. This avoids crashes caused by guarded file descriptors. - gh-132678: Add --prioritize to -m test. This option allows the user to specify which selected tests should execute first, even if the order is otherwise randomized. This is particularly useful for tests that run the longest. - gh-131290: Tests in Lib/test can now be correctly executed as standalone scripts. - Security - gh-115322: The underlying extension modules behind readline:, subprocess, and ctypes now raise audit events on previously uncovered code paths that could lead to file system access related to C function calling and external binary execution. The ctypes.call_function audit hook has also been fixed to use an unsigned value for its function
Matej Cepl2025-05-09 08:51:17 +00:00
3ed435649a
- Update to 3.14.0~a7: - Tools/Demos - gh-132121: Always escape non-printable Unicode characters in pygettext. - gh-131852: msgfmt no longer adds the POT-Creation-Date to generated .mo files for consistency with GNU msgfmt. - Tests - gh-131277: Allow to unset one or more environment variables at once via EnvironmentVarGuard.unset(). Patch by Bénédikt Tran. - gh-131050: test_ssl.test_dh_params is skipped if the underlying TLS library does not support finite-field ephemeral Diffie-Hellman. - Security - gh-131809: Update bundled libexpat to 2.7.1 - gh-131261: Upgrade to libexpat 2.7.0 - gh-121284: Fix bug in the folding of rfc2047 encoded-words when flattening an email message using a modern email policy. Previously when an encoded-word was too long for a line, it would be decoded, split across lines, and re-encoded. But commas and other special characters in the original text could be left unencoded and unquoted. This could theoretically be used to spoof header lines using a carefully constructed encoded-word if the resulting rendered email was transmitted or re-parsed. - Library - gh-132174: Fix function name in error message of _interpreters.run_string. - gh-132171: Fix crash of _interpreters.run_string on string subclasses.
Matej Cepl2025-04-12 21:58:51 +00:00
f52da509da
Accepting request 1251945 from devel:languages:python:Factory
Ana Guerrero2025-03-11 19:44:48 +00:00
b459adb683
Fix bug reference in the changelog
Matej Cepl2025-03-11 06:16:57 +00:00
67f03bbbc0
Accepting request 1251861 from home:bmwiedemann:branches:devel:languages:python:Factory
Matej Cepl2025-03-10 18:10:57 +00:00
35eb81a93f
Accepting request 1245486 from devel:languages:python:Factory
Ana Guerrero2025-02-13 17:39:01 +00:00
aa6f469fcc
according to RFC 3986 Section 3.2.2. (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704).
Matej Cepl2025-02-12 21:33:08 +00:00
d5816cb839
- Update to the fifth development version of 3.14.0: - Tools/Demos - gh-129248: The iOS test runner now strips the log prefix from each line output by the test suite. - gh-104400: Fix several bugs in extraction by switching to an AST parser in pygettext. - Tests - gh-129386: Add test.support.reset_code, which can be used to reset various bytecode-level optimizations and local instrumentation for a function. - gh-128474: Disable test_embed test cases that segfault on BOLT instrument binaries. The tests are only disabled when BOLT is enabled. - gh-128003: Add an option --parallel-threads=N to the regression test runner that runs individual tests in multiple threads in parallel in order to find concurrency bugs. Note that most of the test suite is not yet reviewed for thread-safety or annotated with @thread_unsafe when necessary. - Security - gh-105704: When using urllib.parse.urlsplit() and urllib.parse.urlparse() host parsing would not reject domain names containing square brackets ([ and ]). Square brackets are only valid for IPv6 and IPvFuture hosts according to RFC 3986 Section 3.2.2. - gh-126108: Fix a possible NULL pointer dereference in PySys_AddWarnOptionUnicode(). - gh-80222: Fix bug in the folding of quoted strings when flattening an email message using a modern email policy. Previously when a quoted string was folded so
Matej Cepl2025-02-12 21:26:50 +00:00
Daniel Garcia Moreno
Matěj Cepl
main
Dirk Mueller
Ana Guerrero
Dominique Leuenberger
Markéta Machová