From 9ffbba32c96a9af04714466a3cec161ed0808ab00fddbc6d8bc3d0b626083d35 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 19 Oct 2022 07:46:21 +0000 Subject: [PATCH 1/2] - Update to 3.10.8: - Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. (originally filed as CVE-2022-37460, later withdrawn) - Fix command line parsing: reject -X int_max_str_digits option with no value (invalid) when the PYTHONINTMAXSTRDIGITS environment variable is set to a valid limit. - When ValueError is raised if an integer is larger than the limit, mention the sys.set_int_max_str_digits() function in the error message. - The deprecated mailcap module now refuses to inject unsafe text (filenames, MIME types, parameters) into shell commands. Instead of using such text, it will warn and act as if a match was not found (or for test commands, as if the test failed). - os.sched_yield() now release the GIL while calling sched_yield(2). - Bugfix: PyFunction_GetAnnotations() should return a borrowed reference. It was returning a new reference. - Fixed a missing incref/decref pair in Exception.__setstate__(). - Fix overly-broad source position information for chained comparisons used as branching conditions. - Fix undefined behaviour in _testcapimodule.c. - At Python exit, sometimes a thread holding the GIL can wait forever for a thread (usually a daemon thread) which OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=61 --- CVE-2015-20107-mailcap-unsafe-filenames.patch | 104 ++-------------- Python-3.10.7.tar.xz | 3 - Python-3.10.7.tar.xz.asc | 16 --- Python-3.10.8.tar.xz | 3 + Python-3.10.8.tar.xz.asc | 16 +++ fix_configure_rst.patch | 2 +- python310.changes | 111 ++++++++++++++++++ python310.spec | 7 +- subprocess-raise-timeout.patch | 2 +- test-int-timing.patch | 78 ------------ 10 files changed, 145 insertions(+), 197 deletions(-) delete mode 100644 Python-3.10.7.tar.xz delete mode 100644 Python-3.10.7.tar.xz.asc create mode 100644 Python-3.10.8.tar.xz create mode 100644 Python-3.10.8.tar.xz.asc delete mode 100644 test-int-timing.patch diff --git a/CVE-2015-20107-mailcap-unsafe-filenames.patch b/CVE-2015-20107-mailcap-unsafe-filenames.patch index 5ab5999..117ef59 100644 --- a/CVE-2015-20107-mailcap-unsafe-filenames.patch +++ b/CVE-2015-20107-mailcap-unsafe-filenames.patch @@ -5,17 +5,16 @@ Subject: [PATCH 1/4] gh-68966: Make mailcap refuse to match unsafe filenames/types/params --- - Doc/library/mailcap.rst | 12 ++++ - Lib/mailcap.py | 26 +++++++++- - Lib/test/test_mailcap.py | 8 ++- - Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst | 4 + - 4 files changed, 46 insertions(+), 4 deletions(-) + Doc/library/mailcap.rst | 12 ++++++++++ + Lib/mailcap.py | 5 ++++ + Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst | 4 +++ + 3 files changed, 21 insertions(+) --- a/Doc/library/mailcap.rst +++ b/Doc/library/mailcap.rst -@@ -60,6 +60,18 @@ standard. However, mailcap files are su - use) to determine whether or not the mailcap line applies. :func:`findmatch` - will automatically check such conditions and skip the entry if the check fails. +@@ -27,6 +27,18 @@ The mailcap format is documented in :rfc + Mechanism For Multimedia Mail Format Information", but is not an internet + standard. However, mailcap files are supported on most Unix systems. + .. versionchanged:: 3.11 + @@ -30,21 +29,13 @@ Subject: [PATCH 1/4] gh-68966: Make mailcap refuse to match unsafe + ``findmatch`` will ignore all mailcap entries which use that value. + A :mod:`warning ` will be raised in either case. - .. function:: getcaps() + .. function:: findmatch(caps, MIMEtype, key='view', filename='/dev/null', plist=[]) --- a/Lib/mailcap.py +++ b/Lib/mailcap.py -@@ -2,6 +2,7 @@ - - import os - import warnings -+import re - - __all__ = ["getcaps","findmatch"] - -@@ -13,6 +14,11 @@ def lineno_sort_key(entry): - else: - return 1, 0 +@@ -19,6 +19,11 @@ _find_unsafe = re.compile(r'[^\xa1-\U001 + class UnsafeMailcapInput(Warning): + """Warning raised when refusing unsafe input""" +_find_unsafe = re.compile(r'[^\xa1-\U0010FFFF\w@+=:,./-]').search + @@ -54,79 +45,6 @@ Subject: [PATCH 1/4] gh-68966: Make mailcap refuse to match unsafe # Part 1: top-level interface. -@@ -165,15 +171,22 @@ def findmatch(caps, MIMEtype, key='view' - entry to use. - - """ -+ if _find_unsafe(filename): -+ msg = "Refusing to use mailcap with filename %r. Use a safe temporary filename." % (filename,) -+ warnings.warn(msg, UnsafeMailcapInput) -+ return None, None - entries = lookup(caps, MIMEtype, key) - # XXX This code should somehow check for the needsterminal flag. - for e in entries: - if 'test' in e: - test = subst(e['test'], filename, plist) -+ if test is None: -+ continue - if test and os.system(test) != 0: - continue - command = subst(e[key], MIMEtype, filename, plist) -- return command, e -+ if command is not None: -+ return command, e - return None, None - - def lookup(caps, MIMEtype, key=None): -@@ -206,6 +219,10 @@ def subst(field, MIMEtype, filename, pli - elif c == 's': - res = res + filename - elif c == 't': -+ if _find_unsafe(MIMEtype): -+ msg = "Refusing to substitute MIME type %r into a shell command." % (MIMEtype,) -+ warnings.warn(msg, UnsafeMailcapInput) -+ return None - res = res + MIMEtype - elif c == '{': - start = i -@@ -213,7 +230,12 @@ def subst(field, MIMEtype, filename, pli - i = i+1 - name = field[start:i] - i = i+1 -- res = res + findparam(name, plist) -+ param = findparam(name, plist) -+ if _find_unsafe(param): -+ msg = "Refusing to substitute parameter %r (%s) into a shell command" % (param, name) -+ warnings.warn(msg, UnsafeMailcapInput) -+ return None -+ res = res + param - # XXX To do: - # %n == number of parts if type is multipart/* - # %F == list of alternating type and filename for parts ---- a/Lib/test/test_mailcap.py -+++ b/Lib/test/test_mailcap.py -@@ -123,7 +123,8 @@ class HelperFunctionTest(unittest.TestCa - (["", "audio/*", "foo.txt"], ""), - (["echo foo", "audio/*", "foo.txt"], "echo foo"), - (["echo %s", "audio/*", "foo.txt"], "echo foo.txt"), -- (["echo %t", "audio/*", "foo.txt"], "echo audio/*"), -+ (["echo %t", "audio/*", "foo.txt"], None), -+ (["echo %t", "audio/wav", "foo.txt"], "echo audio/wav"), - (["echo \\%t", "audio/*", "foo.txt"], "echo %t"), - (["echo foo", "audio/*", "foo.txt", plist], "echo foo"), - (["echo %{total}", "audio/*", "foo.txt", plist], "echo 3") -@@ -207,7 +208,10 @@ class FindmatchTest(unittest.TestCase): - ('"An audio fragment"', audio_basic_entry)), - ([c, "audio/*"], - {"filename": fname}, -- ("/usr/local/bin/showaudio audio/*", audio_entry)), -+ (None, None)), -+ ([c, "audio/wav"], -+ {"filename": fname}, -+ ("/usr/local/bin/showaudio audio/wav", audio_entry)), - ([c, "message/external-body"], - {"plist": plist}, - ("showexternal /dev/null default john python.org /tmp foo bar", message_entry)) --- /dev/null +++ b/Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst @@ -0,0 +1,4 @@ diff --git a/Python-3.10.7.tar.xz b/Python-3.10.7.tar.xz deleted file mode 100644 index 8f494d2..0000000 --- a/Python-3.10.7.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6eed8415b7516fb2f260906db5d48dd4c06acc0cb24a7d6cc15296a604dcdc48 -size 19618696 diff --git a/Python-3.10.7.tar.xz.asc b/Python-3.10.7.tar.xz.asc deleted file mode 100644 index 1fc8949..0000000 --- a/Python-3.10.7.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmMV9eMACgkQ/+h0BBaL -2Ec6FQ//eXrKOb5NoocNPIs9o5Jcbk5jtWxnOp3mqjO8D/LBYc8gwovZMPd+903w -In2QWtPSK22ZWdaR4DqizK9GjBRi+Y/ZEFfh3uiPM0I2/jGkr5BXizRZNdTo3GyB -/OuPiBKBVqMgTSGrpO4M24yUekqGdPfzg614GroWSr/16UVVUQADE8DP+BJCTIbk -v+t+AIYsALR0cUO+uqp2QbWf7N2aF+r08g59Vyb09+Nr2ZfjjINIbHQgRtHv7ZoI -7BsWiGW3qIeY8XxYt1/kWv4yMqaTyABdmdEHeM0vCzeEUpurj5072isGvOpI92N4 -LZ6nK8GR4pBS+OfOB7bgzUTC+tQ48wPQwb9lZTuWfSXGYotVdTXs1zW6o1T+vply -MrMZcsc6Y9o8fX3Mkkv4zT9S6JkXtq/MUTIZ27cZr492DzJNaKBG+NqF22FKR35M -ojLK24YpGyw2PCIlUSiFfAqkGNu53U5rP3N71mh7Ao00nx8WhKj4YAci0tBkfHyw -NYoX4tz7ybiR3zV5kyrmJv4G2x89cgosfHuEL2Lr+Irf3PV5vgjXHteAwu8Egdej -myokqzWEwoqNtrK9JsSYE3bcWmrVU9R/siQnNJXKWj+AkHKG0jMsrIh6iRvQGDhp -Q3Avu3ZQ/K9rreZ4Jk1DHX3BoDvRIFdEjBDAB+b6UUQEGE32nj8= -=O8kG ------END PGP SIGNATURE----- diff --git a/Python-3.10.8.tar.xz b/Python-3.10.8.tar.xz new file mode 100644 index 0000000..2f80eb5 --- /dev/null +++ b/Python-3.10.8.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6a30ecde59c47048013eb5a658c9b5dec277203d2793667f578df7671f7f03f3 +size 19619508 diff --git a/Python-3.10.8.tar.xz.asc b/Python-3.10.8.tar.xz.asc new file mode 100644 index 0000000..f4690b4 --- /dev/null +++ b/Python-3.10.8.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmNFVREACgkQ/+h0BBaL +2EfmBhAAlIlx22S5RL7ehPDOWlEj06uK87EKEfMXch2DMapEXsrBR2Z+Q3Kb0Le+ +T3vru6k9MUbDGI0pei+o5k621jvg8Gj+0rUKTydAd46Pt9ZoCPWuIdyWKaJBknLu +XsYs6Xiv6Ug7Q3JGy67j8ei6bFoqATyYEe45ljReVfug7VmisjMXHdiyZoAkAFMO +fDZvtfXRY/ZwLcCfK5SkaJqSRVfYowAh1lQqiXDnbfaX40BVCw78YKFsYN//PCpU +DrsE7JFapXQGvCJmcZ+WC8A/WMjyLoKI36w2WDcy8AFKsf49xQWPEWnUzXcJyF2n +zKGxn6kUEMdzelSWWWqMYlckL6Xf87E+CRTRS0MRX6OIrf+zJkeEoWRW8cGT/U8I +1o0hawm9O50nSIjMGzaXGKjWsHLSIeOA9ToLz19TzzO7VikNkXAx5gQcHQu3bJyT +SrMCw/VXJy+0BinBpSX/qZoptX2+6lFfArb/xOZGX2ZhU44+ecPrUHxB8xiw0qr8 +pw16k6nCkW3f0aZ0jrlsfNLsXr9G/ZRu+ugrcTTQ53rfXO0pQ5nxm0CJ5O9twDjw +DIKvuqnOHlSGEcFM4bNDvpqskDnXrK6oyqBvtVhsjdFAp8YHYoM0yALTBlS4v2Xt +Em1BPUXHps0M1AY59KrXe0OpwibJjKhvWoogAS5bqe/mYInBE/Y= +=2vcv +-----END PGP SIGNATURE----- diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch index 9d62100..c91498d 100644 --- a/fix_configure_rst.patch +++ b/fix_configure_rst.patch @@ -29,7 +29,7 @@ Create a Python.framework rather than a traditional Unix install. Optional --- a/Misc/NEWS +++ b/Misc/NEWS -@@ -2783,7 +2783,7 @@ C API +@@ -2979,7 +2979,7 @@ C API ----- - bpo-43795: The list in :ref:`stable-abi-list` now shows the public name diff --git a/python310.changes b/python310.changes index 529a368..2dbb8ec 100644 --- a/python310.changes +++ b/python310.changes @@ -1,3 +1,114 @@ +------------------------------------------------------------------- +Wed Oct 19 07:12:23 UTC 2022 - Matej Cepl + +- Update to 3.10.8: + - Fix multiplying a list by an integer (list *= int): detect + the integer overflow when the new allocated length is close + to the maximum size. + - Fix a shell code injection vulnerability in the + get-remote-certificate.py example script. The script no + longer uses a shell to run openssl commands. (originally + filed as CVE-2022-37460, later withdrawn) + - Fix command line parsing: reject -X int_max_str_digits option + with no value (invalid) when the PYTHONINTMAXSTRDIGITS + environment variable is set to a valid limit. + - When ValueError is raised if an integer is larger than the + limit, mention the sys.set_int_max_str_digits() function in + the error message. + - The deprecated mailcap module now refuses to inject unsafe + text (filenames, MIME types, parameters) into shell + commands. Instead of using such text, it will warn and act + as if a match was not found (or for test commands, as if the + test failed). + - os.sched_yield() now release the GIL while calling + sched_yield(2). + - Bugfix: PyFunction_GetAnnotations() should return a borrowed + reference. It was returning a new reference. + - Fixed a missing incref/decref pair in + Exception.__setstate__(). + - Fix overly-broad source position information for chained + comparisons used as branching conditions. + - Fix undefined behaviour in _testcapimodule.c. + - At Python exit, sometimes a thread holding the GIL can + wait forever for a thread (usually a daemon thread) which + requested to drop the GIL, whereas the thread already + exited. To fix the race condition, the thread which requested + the GIL drop now resets its request before exiting. + - Fix a possible assertion failure, fatal error, or SystemError + if a line tracing event raises an exception while opcode + tracing is enabled. + - Fix undefined behaviour in C code of null pointer arithmetic. + - Do not expose KeyWrapper in _functools. + - When loading a file with invalid UTF-8 inside a multi-line + string, a correct SyntaxError is emitted. + - Disable incorrect pickling of the C implemented classmethod + descriptors. + - Fix AttributeError missing name and obj attributes in . + object.__getattribute__() bpo-42316: Document some places . + where an assignment expression needs parentheses . + - Wrap network errors consistently in urllib FTP support, so + the test suite doesn’t fail when a network is available but + the public internet is not reachable. + - Fixes AttributeError when subprocess.check_output() is used + with argument input=None and either of the arguments encoding + or errors are used. + - Avoid spurious tracebacks from asyncio when default executor + cleanup is delayed until after the event loop is closed (e.g. + as the result of a keyboard interrupt). + - Avoid a crash in the C version of + asyncio.Future.remove_done_callback() when an evil argument + is passed. + - Remove tokenize.NL check from tabnanny. + - Make Semaphore run faster. + - Fix generation of the default name of + tkinter.Checkbutton. Previously, checkbuttons in different + parent widgets could have the same short name and share + the same state if arguments “name” and “variable” are not + specified. Now they are globally unique. + - Update bundled libexpat to 2.4.9 + - Fix race condition in asyncio where process_exited() called + before the pipe_data_received() leading to inconsistent + output. + - Fixed check in multiprocessing.resource_tracker that + guarantees that the length of a write to a pipe is not + greater than PIPE_BUF. + - Corrected type annotation for dataclass attribute + pstats.FunctionProfile.ncalls to be str. + - Fix the faulthandler implementation of + faulthandler.register(signal, chain=True) if the sigaction() + function is not available: don’t call the previous signal + handler if it’s NULL. + - In inspect, fix overeager replacement of “typing.” in + formatting annotations. + - Fix asyncio.streams.StreamReaderProtocol to keep a strong + reference to the created task, so that it’s not garbage + collected + - Fix handling compiler warnings (SyntaxWarning and + DeprecationWarning) in codeop.compile_command() when checking + for incomplete input. Previously it emitted warnings and + raised a SyntaxError. Now it always returns None for + incomplete input without emitting any warnings. + - Fixed flickering of the turtle window when the tracer is + turned off. + - Allow asyncio.StreamWriter.drain() to be awaited concurrently + by multiple tasks. + - Fix broken asyncio.Semaphore when acquire is cancelled. + - Fix ast.unparse() when ImportFrom.level is None + - Improve performance of urllib.request.getproxies_environment + when there are many environment variables + - Fix ! in c domain ref target syntax via a conf.py patch, so + it works as intended to disable ref target resolution. + - Clarified the conflicting advice given in the ast + documentation about ast.literal_eval() being “safe” for use + on untrusted input while at the same time warning that it + can crash the process. The latter statement is true and is + deemed unfixable without a large amount of work unsuitable + for a bugfix. So we keep the warning and no longer claim that + literal_eval is safe. + - Update tutorial introduction output to use 3.10+ SyntaxError + invalid range. +- Remove upstreamed test-int-timing.patch. + ------------------------------------------------------------------- Sun Sep 18 08:48:51 UTC 2022 - Andreas Schwab diff --git a/python310.spec b/python310.spec index 72d1ce2..8b89fac 100644 --- a/python310.spec +++ b/python310.spec @@ -67,7 +67,7 @@ Obsoletes: python39%{?1:-%{1}} %define tarversion %{version} %endif # We don't process beta signs well -%define folderversion 3.10.7 +%define folderversion %{tarversion} %define tarname Python-%{tarversion} %define sitedir %{_libdir}/python%{python_version} # three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 @@ -103,7 +103,7 @@ Obsoletes: python39%{?1:-%{1}} %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.10.7 +Version: 3.10.8 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 @@ -169,8 +169,6 @@ Patch36: support-expat-CVE-2022-25236-patched.patch # PATCH-FIX-UPSTREAM CVE-2015-20107-mailcap-unsafe-filenames.patch bsc#1198511 mcepl@suse.com # avoid the command injection in the mailcap module. Patch37: CVE-2015-20107-mailcap-unsafe-filenames.patch -# PATCH-FIX-UPSTREAM gh-96710: Make the test timing more lenient for the int/str DoS regression test. (#96717) -Patch38: test-int-timing.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -440,7 +438,6 @@ other applications. %patch35 -p1 %patch36 -p1 %patch37 -p1 -%patch38 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac diff --git a/subprocess-raise-timeout.patch b/subprocess-raise-timeout.patch index cb39e1a..ef80b3b 100644 --- a/subprocess-raise-timeout.patch +++ b/subprocess-raise-timeout.patch @@ -4,7 +4,7 @@ --- a/Lib/test/test_subprocess.py +++ b/Lib/test/test_subprocess.py -@@ -261,7 +261,8 @@ class ProcessTestCase(BaseTestCase): +@@ -267,7 +267,8 @@ class ProcessTestCase(BaseTestCase): "time.sleep(3600)"], # Some heavily loaded buildbots (sparc Debian 3.x) require # this much time to start and print. diff --git a/test-int-timing.patch b/test-int-timing.patch deleted file mode 100644 index 4f7ef27..0000000 --- a/test-int-timing.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 11e3548fd1d3445ccde971d613633b58d73c3016 Mon Sep 17 00:00:00 2001 -From: "Gregory P. Smith" -Date: Fri, 9 Sep 2022 12:51:34 -0700 -Subject: [PATCH] gh-96710: Make the test timing more lenient for the int/str - DoS regression test. (#96717) - -A regression would still absolutely fail and even a flaky pass isn't -harmful as it'd fail most of the time across our N system test runs. - -Windows has a low resolution timer and CI systems are prone to odd -timing so this just gives more leeway to avoid flakiness. ---- - Lib/test/test_int.py | 14 ++++++++------ - 1 file changed, 8 insertions(+), 6 deletions(-) - -diff --git a/Lib/test/test_int.py b/Lib/test/test_int.py -index 800c0b006c..c972b8afb4 100644 ---- a/Lib/test/test_int.py -+++ b/Lib/test/test_int.py -@@ -650,7 +650,8 @@ def test_denial_of_service_prevented_int_to_str(self): - self.assertEqual(len(huge_decimal), digits) - # Ensuring that we chose a slow enough conversion to measure. - # It takes 0.1 seconds on a Zen based cloud VM in an opt build. -- if seconds_to_convert < 0.005: -+ # Some OSes have a low res 1/64s timer, skip if hard to measure. -+ if seconds_to_convert < 1/64: - raise unittest.SkipTest('"slow" conversion took only ' - f'{seconds_to_convert} seconds.') - -@@ -662,7 +663,7 @@ def test_denial_of_service_prevented_int_to_str(self): - str(huge_int) - seconds_to_fail_huge = get_time() - start - self.assertIn('conversion', str(err.exception)) -- self.assertLess(seconds_to_fail_huge, seconds_to_convert/8) -+ self.assertLessEqual(seconds_to_fail_huge, seconds_to_convert/2) - - # Now we test that a conversion that would take 30x as long also fails - # in a similarly fast fashion. -@@ -673,7 +674,7 @@ def test_denial_of_service_prevented_int_to_str(self): - str(extra_huge_int) - seconds_to_fail_extra_huge = get_time() - start - self.assertIn('conversion', str(err.exception)) -- self.assertLess(seconds_to_fail_extra_huge, seconds_to_convert/8) -+ self.assertLess(seconds_to_fail_extra_huge, seconds_to_convert/2) - - def test_denial_of_service_prevented_str_to_int(self): - """Regression test: ensure we fail before performing O(N**2) work.""" -@@ -691,7 +692,8 @@ def test_denial_of_service_prevented_str_to_int(self): - seconds_to_convert = get_time() - start - # Ensuring that we chose a slow enough conversion to measure. - # It takes 0.1 seconds on a Zen based cloud VM in an opt build. -- if seconds_to_convert < 0.005: -+ # Some OSes have a low res 1/64s timer, skip if hard to measure. -+ if seconds_to_convert < 1/64: - raise unittest.SkipTest('"slow" conversion took only ' - f'{seconds_to_convert} seconds.') - -@@ -701,7 +703,7 @@ def test_denial_of_service_prevented_str_to_int(self): - int(huge) - seconds_to_fail_huge = get_time() - start - self.assertIn('conversion', str(err.exception)) -- self.assertLess(seconds_to_fail_huge, seconds_to_convert/8) -+ self.assertLessEqual(seconds_to_fail_huge, seconds_to_convert/2) - - # Now we test that a conversion that would take 30x as long also fails - # in a similarly fast fashion. -@@ -712,7 +714,7 @@ def test_denial_of_service_prevented_str_to_int(self): - int(extra_huge) - seconds_to_fail_extra_huge = get_time() - start - self.assertIn('conversion', str(err.exception)) -- self.assertLess(seconds_to_fail_extra_huge, seconds_to_convert/8) -+ self.assertLessEqual(seconds_to_fail_extra_huge, seconds_to_convert/2) - - def test_power_of_two_bases_unlimited(self): - """The limit does not apply to power of 2 bases.""" --- -2.37.3 - From 87c3616141912afcf814376cc6db43b8b507048b0e402e78dfd41077e342bd10 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 26 Oct 2022 21:24:55 +0000 Subject: [PATCH 2/2] Accepting request 1031400 from home:mcepl:branches:devel:languages:python:Factory - Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to allow building of documentation with the latest Sphinx 5.3.0 (gh#python/cpython#98366). OBS-URL: https://build.opensuse.org/request/show/1031400 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=62 --- ...nx.locale._-as-gettext-in-pyspecific.patch | 54 +++++++++++++++++++ python310.changes | 7 +++ python310.spec | 4 ++ 3 files changed, 65 insertions(+) create mode 100644 98437-sphinx.locale._-as-gettext-in-pyspecific.patch diff --git a/98437-sphinx.locale._-as-gettext-in-pyspecific.patch b/98437-sphinx.locale._-as-gettext-in-pyspecific.patch new file mode 100644 index 0000000..680c2c1 --- /dev/null +++ b/98437-sphinx.locale._-as-gettext-in-pyspecific.patch @@ -0,0 +1,54 @@ +From 5775f51691d7d64fb676586e008b41261ce64ac2 Mon Sep 17 00:00:00 2001 +From: "Matt.Wang" +Date: Wed, 19 Oct 2022 14:49:08 +0800 +Subject: [PATCH 1/2] fix(doc-tools): use sphinx.locale._ as gettext() for + backward-compatibility in pyspecific.py + +[why] spinix 5.3 changed locale.translators from a defaultdict(gettext.NullTranslations) to a dict, which leads to failure of pyspecific.py. Use sphinx.locale._ as gettext to fix the issue. +--- + Doc/tools/extensions/pyspecific.py | 8 ++++---- + Misc/NEWS.d/next/Documentation/2022-10-19-07-15-52.gh-issue-98366.UskMXF.rst | 1 + + 2 files changed, 5 insertions(+), 4 deletions(-) + +--- a/Doc/tools/extensions/pyspecific.py ++++ b/Doc/tools/extensions/pyspecific.py +@@ -26,7 +26,7 @@ try: + from sphinx.errors import NoUri + except ImportError: + from sphinx.environment import NoUri +-from sphinx.locale import translators ++from sphinx.locale import _ as sphinx_gettext + from sphinx.util import status_iterator, logging + from sphinx.util.nodes import split_explicit_title + from sphinx.writers.text import TextWriter, TextTranslator +@@ -109,7 +109,7 @@ class ImplementationDetail(Directive): + def run(self): + self.assert_has_content() + pnode = nodes.compound(classes=['impl-detail']) +- label = translators['sphinx'].gettext(self.label_text) ++ label = sphinx_gettext(self.label_text) + content = self.content + add_text = nodes.strong(label, label) + self.state.nested_parse(content, self.content_offset, pnode) +@@ -203,7 +203,7 @@ class AuditEvent(Directive): + else: + args = [] + +- label = translators['sphinx'].gettext(self._label[min(2, len(args))]) ++ label = sphinx_gettext(self._label[min(2, len(args))]) + text = label.format(name="``{}``".format(name), + args=", ".join("``{}``".format(a) for a in args if a)) + +@@ -382,7 +382,7 @@ class DeprecatedRemoved(Directive): + else: + label = self._removed_label + +- label = translators['sphinx'].gettext(label) ++ label = sphinx_gettext(label) + text = label.format(deprecated=self.arguments[0], removed=self.arguments[1]) + if len(self.arguments) == 3: + inodes, messages = self.state.inline_text(self.arguments[2], +--- /dev/null ++++ b/Misc/NEWS.d/next/Documentation/2022-10-19-07-15-52.gh-issue-98366.UskMXF.rst +@@ -0,0 +1 @@ ++Use sphinx.locale._ as the gettext function in pyspecific.py. diff --git a/python310.changes b/python310.changes index 2dbb8ec..e4e73e5 100644 --- a/python310.changes +++ b/python310.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Oct 21 10:14:03 UTC 2022 - Matej Cepl + +- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to + allow building of documentation with the latest Sphinx 5.3.0 + (gh#python/cpython#98366). + ------------------------------------------------------------------- Wed Oct 19 07:12:23 UTC 2022 - Matej Cepl diff --git a/python310.spec b/python310.spec index 8b89fac..49516b7 100644 --- a/python310.spec +++ b/python310.spec @@ -169,6 +169,9 @@ Patch36: support-expat-CVE-2022-25236-patched.patch # PATCH-FIX-UPSTREAM CVE-2015-20107-mailcap-unsafe-filenames.patch bsc#1198511 mcepl@suse.com # avoid the command injection in the mailcap module. Patch37: CVE-2015-20107-mailcap-unsafe-filenames.patch +# PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch gh#python/cpython#98366 mcepl@suse.com +# this patch makes things totally awesome +Patch38: 98437-sphinx.locale._-as-gettext-in-pyspecific.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -438,6 +441,7 @@ other applications. %patch35 -p1 %patch36 -p1 %patch37 -p1 +%patch38 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac