- Update to 3.10.7:

- Fix for CVE-2020-10735 (bsc#1203125) Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. - Other bug fixes: - Fixed a bug that caused _PyCode_GetExtra to return garbage for negative indexes. - Fix format string in _PyPegen_raise_error_known_location that can lead to memory corruption on some 64bit systems. The function was building a tuple with i (int) instead of n (Py_ssize_t) for Py_ssize_t arguments. - Fix misleading contents of error message when converting an all-whitespace string to float. - coroutine.throw() now properly initializes the frame.f_back when resuming a stack of coroutines. This allows e.g. traceback.print_stack() to work correctly when an exception (such as CancelledError) is thrown into a coroutine. - ast.parse() will no longer parse function definitions with positional-only params when passed feature_version less than (3, 8). - Correct conversion of numbers.Rational’s to float. - Fix a performance regression in logging TimedRotatingFileHandler. Only check for special files when the rollover time has passed. - Fix unused localName parameter in the Attr class in xml.dom.minidom. - Update bundled pip to 22.2.2. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=56
2022-09-11 08:41:57 +00:00 · 2022-09-11 08:41:57 +00:00 · 8e56b3482c
commit 8e56b3482c
parent 04cd0e8ee2
8 changed files with 79 additions and 27 deletions
--- a/Python-3.10.6.tar.xz
+++ b/Python-3.10.6.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f795ff87d11d4b0c7c33bc8851b0c28648d8a4583aa2100a98c22b4326b6d3f3
-size 19600672
--- a/Python-3.10.6.tar.xz.asc
+++ b/Python-3.10.6.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmLoOeYACgkQ/+h0BBaL
-2EeOCw/8DZ+RhttyrfzanYVN8lkWASoyG3BO9dcUpuKgq70kcfnMVySDMoKcluJM
-ACJGbJf7XvyiUaylbpiJsvgIbbdhprcJR0O/xCQqouBbjZEW/oOMJWTVOALlOAEG
-PutOdZpxFUltFu49g9fumvZxfouN+/GGYJy3RA13MDl/kL+UWMzaHh4U54+fuD/K
-iAxezTitzj/sRhgmpqoOPXN8wzalifAc5bJWRe2xcQQHFJQjOAbg3lA4tmiKGOuJ
-inbacNNkkkWj6cMirIcwZ+25wXiBmTFlEl/Q/yOeHxJkiVDxD6/MKKarV0LNRLZL
-eug4D+jp+XpCC48IvMQhZ7tUe3BlgUIyyUeq2hmiVkNzFHLNEG4Drihj/Zic3lt8
-LbcAOWEvR58qBoz6foPNahudBqlAL/jaKMDAOAd5X5oOUDXwWag4MjH5lJwb1S0D
-cctY9azwCCGss6iFyi/zD2RB7QXrF+NRbUcEoMIjJJ/w5mB3sAKMTEV3wbOyrDkG
-x4NQDfozZtvrVACJ9A6j4Vnh4CO4Gl/8dpV2ABcoIjE5IZgSyak/GhUaNIdBHkno
-LgEKGYY8Wp/rw7PgHlhxYYcn0I/Y2Ej6ki03weRrD6Lpt6AUKh2eQCgjFC1xBSUh
-2eM7eOOD8FD4h+urrTTmNAiTl7OFLtQfwhWzonrsCOJJF3Yqcho=
-=0eZA
-----END PGP SIGNATURE-----
--- a/Python-3.10.7.tar.xz
+++ b/Python-3.10.7.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6eed8415b7516fb2f260906db5d48dd4c06acc0cb24a7d6cc15296a604dcdc48
+size 19618696
--- a/Python-3.10.7.tar.xz.asc
+++ b/Python-3.10.7.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmMV9eMACgkQ/+h0BBaL
+2Ec6FQ//eXrKOb5NoocNPIs9o5Jcbk5jtWxnOp3mqjO8D/LBYc8gwovZMPd+903w
+In2QWtPSK22ZWdaR4DqizK9GjBRi+Y/ZEFfh3uiPM0I2/jGkr5BXizRZNdTo3GyB
+/OuPiBKBVqMgTSGrpO4M24yUekqGdPfzg614GroWSr/16UVVUQADE8DP+BJCTIbk
+v+t+AIYsALR0cUO+uqp2QbWf7N2aF+r08g59Vyb09+Nr2ZfjjINIbHQgRtHv7ZoI
+7BsWiGW3qIeY8XxYt1/kWv4yMqaTyABdmdEHeM0vCzeEUpurj5072isGvOpI92N4
+LZ6nK8GR4pBS+OfOB7bgzUTC+tQ48wPQwb9lZTuWfSXGYotVdTXs1zW6o1T+vply
+MrMZcsc6Y9o8fX3Mkkv4zT9S6JkXtq/MUTIZ27cZr492DzJNaKBG+NqF22FKR35M
+ojLK24YpGyw2PCIlUSiFfAqkGNu53U5rP3N71mh7Ao00nx8WhKj4YAci0tBkfHyw
+NYoX4tz7ybiR3zV5kyrmJv4G2x89cgosfHuEL2Lr+Irf3PV5vgjXHteAwu8Egdej
+myokqzWEwoqNtrK9JsSYE3bcWmrVU9R/siQnNJXKWj+AkHKG0jMsrIh6iRvQGDhp
+Q3Avu3ZQ/K9rreZ4Jk1DHX3BoDvRIFdEjBDAB+b6UUQEGE32nj8=
+=O8kG
+-----END PGP SIGNATURE-----
--- a/fix_configure_rst.patch
+++ b/fix_configure_rst.patch
@ -29,7 +29,7 @@
    Create a Python.framework rather than a traditional Unix install. Optional
 --- a/Misc/NEWS
 +++ b/Misc/NEWS
-@@ -2683,7 +2683,7 @@ C API
+@@ -2783,7 +2783,7 @@ C API
 -----
 
 - bpo-43795: The list in :ref:`stable-abi-list` now shows the public name
--- a/python310.changes
+++ b/python310.changes
@ -1,3 +1,55 @@
+-------------------------------------------------------------------
+Sun Sep 11 08:32:53 UTC 2022 - Matej Cepl <mcepl@suse.com>
+
+- Update to 3.10.7:
+  - Fix for CVE-2020-10735 (bsc#1203125) Converting between int
+    and str in bases other than 2 (binary), 4, 8 (octal), 16
+    (hexadecimal), or 32 such as base 10 (decimal) now raises
+    a ValueError if the number of digits in string form is above
+    a limit to avoid potential denial of service attacks due to
+    the algorithmic complexity.
+  - Other bug fixes:
+    - Fixed a bug that caused _PyCode_GetExtra to return garbage
+      for negative indexes.
+    - Fix format string in _PyPegen_raise_error_known_location
+      that can lead to memory corruption on some 64bit systems.
+      The function was building a tuple with i (int) instead of
+      n (Py_ssize_t) for Py_ssize_t arguments.
+    - Fix misleading contents of error message when converting an
+      all-whitespace string to float.
+    - coroutine.throw() now properly initializes the frame.f_back
+      when resuming a stack of coroutines. This allows e.g.
+      traceback.print_stack() to work correctly when an exception
+      (such as CancelledError) is thrown into a coroutine.
+    - ast.parse() will no longer parse function definitions with
+      positional-only params when passed feature_version less
+      than (3, 8).
+    - Correct conversion of numbers.Rational’s to float.
+    - Fix a performance regression in logging
+      TimedRotatingFileHandler. Only check for special files when
+      the rollover time has passed.
+    - Fix unused localName parameter in the Attr class in
+      xml.dom.minidom.
+    - Update bundled pip to 22.2.2.
+    - Fail gracefully if EPERM or ENOSYS is raised when loading
+      crypt methods. This may happen when trying to load MD5 on
+      a Linux kernel with FIPS enabled.
+    - Improve discoverability of the higher level
+      concurrent.futures module by providing clearer links from
+      the lower level threading and multiprocessing modules.
+    - Update the default RFC base URL from deprecated
+      tools.ietf.org to datatracker.ietf.org
+    - Fix stylesheet not working in Windows CHM htmlhelp docs.
+    - The documentation now lists which members of C structs are
+      part of the Limited API/Stable ABI.
+    - Mitigate the inherent race condition from using
+      find_unused_port() in testSockName() by trying to find an
+      unused port a few times before failing.
+    - Build and test with OpenSSL 1.1.1q
+    - Document handling of extensions in Save As dialogs.
+    - Include prompts when saving Shell (interactive input and
+      output).
+
 -------------------------------------------------------------------
 Wed Aug 17 11:08:56 UTC 2022 - Dirk Müller <dmueller@suse.com>

--- a/python310.spec
+++ b/python310.spec
@ -67,7 +67,7 @@ Obsoletes:      python39%{?1:-%{1}}
 %define tarversion %{version}
 %endif
 # We don't process beta signs well
-%define         folderversion 3.10.6
+%define         folderversion 3.10.7
 %define         tarname    Python-%{tarversion}
 %define         sitedir         %{_libdir}/python%{python_version}
 # three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149
@ -103,7 +103,7 @@ Obsoletes:      python39%{?1:-%{1}}
 %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
 %bcond_without profileopt
 Name:           %{python_pkg_name}%{psuffix}
-Version:        3.10.6
+Version:        3.10.7
 Release:        0
 Summary:        Python 3 Interpreter
 License:        Python-2.0
--- a/support-expat-CVE-2022-25236-patched.patch
+++ b/support-expat-CVE-2022-25236-patched.patch
@ -23,8 +23,8 @@ Also, test_minidom.py: Support Expat >=2.4.5

 Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
 ---
- Lib/test/test_minidom.py |   25 ++++++++++---------------
- 1 file changed, 10 insertions(+), 15 deletions(-)
+ Lib/test/test_minidom.py |   23 +++++++++--------------
+ 1 file changed, 9 insertions(+), 14 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst

 --- a/Lib/test/test_minidom.py
@ -36,8 +36,8 @@ Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
 -import pyexpat
 import xml.dom.minidom
 
- from xml.dom.minidom import parse, Node, Document, parseString
-@@ -1149,13 +1148,11 @@ class MinidomTest(unittest.TestCase):
+ from xml.dom.minidom import parse, Attr, Node, Document, parseString
+@@ -1163,13 +1162,11 @@ class MinidomTest(unittest.TestCase):
 
         # Verify that character decoding errors raise exceptions instead
         # of crashing
@ -56,7 +56,7 @@ Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
                 b'<fran\xe7ais>Comment \xe7a va ? Tr\xe8s bien ?</fran\xe7ais>')
 
         doc.unlink()
-@@ -1617,12 +1614,10 @@ class MinidomTest(unittest.TestCase):
+@@ -1631,12 +1628,10 @@ class MinidomTest(unittest.TestCase):
         self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE)
 
     def testExceptionOnSpacesInXMLNSValue(self):