Accepting request 1031406 from devel:languages:python:Factory

OBS-URL: https://build.opensuse.org/request/show/1031406
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python310?expand=0&rev=23

98437-sphinx.locale._-as-gettext-in-pyspecific.patch

@@ -0,0 +1,54 @@
+From 5775f51691d7d64fb676586e008b41261ce64ac2 Mon Sep 17 00:00:00 2001
+From: "Matt.Wang" <mattwang44@gmail.com>
+Date: Wed, 19 Oct 2022 14:49:08 +0800
+Subject: [PATCH 1/2] fix(doc-tools): use sphinx.locale._ as gettext() for
+ backward-compatibility in pyspecific.py
+
+[why] spinix 5.3 changed locale.translators from a defaultdict(gettext.NullTranslations) to a dict, which leads to failure of pyspecific.py. Use sphinx.locale._ as gettext to fix the issue.
+---
+ Doc/tools/extensions/pyspecific.py                                           |    8 ++++----
+ Misc/NEWS.d/next/Documentation/2022-10-19-07-15-52.gh-issue-98366.UskMXF.rst |    1 +
+ 2 files changed, 5 insertions(+), 4 deletions(-)
+
+--- a/Doc/tools/extensions/pyspecific.py
++++ b/Doc/tools/extensions/pyspecific.py
+@@ -26,7 +26,7 @@ try:
+     from sphinx.errors import NoUri
+ except ImportError:
+     from sphinx.environment import NoUri
+-from sphinx.locale import translators
++from sphinx.locale import _ as sphinx_gettext
+ from sphinx.util import status_iterator, logging
+ from sphinx.util.nodes import split_explicit_title
+ from sphinx.writers.text import TextWriter, TextTranslator
+@@ -109,7 +109,7 @@ class ImplementationDetail(Directive):
+     def run(self):
+         self.assert_has_content()
+         pnode = nodes.compound(classes=['impl-detail'])
+-        label = translators['sphinx'].gettext(self.label_text)
++        label = sphinx_gettext(self.label_text)
+         content = self.content
+         add_text = nodes.strong(label, label)
+         self.state.nested_parse(content, self.content_offset, pnode)
+@@ -203,7 +203,7 @@ class AuditEvent(Directive):
+         else:
+             args = []
+ 
+-        label = translators['sphinx'].gettext(self._label[min(2, len(args))])
++        label = sphinx_gettext(self._label[min(2, len(args))])
+         text = label.format(name="``{}``".format(name),
+                             args=", ".join("``{}``".format(a) for a in args if a))
+ 
+@@ -382,7 +382,7 @@ class DeprecatedRemoved(Directive):
+         else:
+             label = self._removed_label
+ 
+-        label = translators['sphinx'].gettext(label)
++        label = sphinx_gettext(label)
+         text = label.format(deprecated=self.arguments[0], removed=self.arguments[1])
+         if len(self.arguments) == 3:
+             inodes, messages = self.state.inline_text(self.arguments[2],
+--- /dev/null
++++ b/Misc/NEWS.d/next/Documentation/2022-10-19-07-15-52.gh-issue-98366.UskMXF.rst
+@@ -0,0 +1 @@
++Use sphinx.locale._ as the gettext function in pyspecific.py.

CVE-2015-20107-mailcap-unsafe-filenames.patch

@@ -5,17 +5,16 @@ Subject: [PATCH 1/4] gh-68966: Make mailcap refuse to match unsafe
  filenames/types/params
 
 ---
- Doc/library/mailcap.rst                                                 |   12 ++++
+ Doc/library/mailcap.rst                                                 |   12 ++++++++++
- Lib/mailcap.py                                                          |   26 +++++++++-
+ Lib/mailcap.py                                                          |    5 ++++
- Lib/test/test_mailcap.py                                                |    8 ++-
+ Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst |    4 +++
- Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst |    4 +
+ 3 files changed, 21 insertions(+)
- 4 files changed, 46 insertions(+), 4 deletions(-)
 
 --- a/Doc/library/mailcap.rst
 +++ b/Doc/library/mailcap.rst
-@@ -60,6 +60,18 @@ standard.  However, mailcap files are su
+@@ -27,6 +27,18 @@ The mailcap format is documented in :rfc
-    use) to determine whether or not the mailcap line applies.  :func:`findmatch`
+ Mechanism For Multimedia Mail Format Information", but is not an internet
-    will automatically check such conditions and skip the entry if the check fails.
+ standard.  However, mailcap files are supported on most Unix systems.
  
 +   .. versionchanged:: 3.11
 +
@@ -30,21 +29,13 @@ Subject: [PATCH 1/4] gh-68966: Make mailcap refuse to match unsafe
 +      ``findmatch`` will ignore all mailcap entries which use that value.
 +      A :mod:`warning <warnings>` will be raised in either case.
  
- .. function:: getcaps()
+ .. function:: findmatch(caps, MIMEtype, key='view', filename='/dev/null', plist=[])
  
 --- a/Lib/mailcap.py
 +++ b/Lib/mailcap.py
-@@ -2,6 +2,7 @@
+@@ -19,6 +19,11 @@ _find_unsafe = re.compile(r'[^\xa1-\U001
- 
+ class UnsafeMailcapInput(Warning):
- import os
+     """Warning raised when refusing unsafe input"""
- import warnings
-+import re
- 
- __all__ = ["getcaps","findmatch"]
- 
-@@ -13,6 +14,11 @@ def lineno_sort_key(entry):
-     else:
-         return 1, 0
  
 +_find_unsafe = re.compile(r'[^\xa1-\U0010FFFF\w@+=:,./-]').search
 +
@@ -54,79 +45,6 @@ Subject: [PATCH 1/4] gh-68966: Make mailcap refuse to match unsafe
  
  # Part 1: top-level interface.
  
-@@ -165,15 +171,22 @@ def findmatch(caps, MIMEtype, key='view'
-     entry to use.
- 
-     """
-+    if _find_unsafe(filename):
-+        msg = "Refusing to use mailcap with filename %r. Use a safe temporary filename." % (filename,)
-+        warnings.warn(msg, UnsafeMailcapInput)
-+        return None, None
-     entries = lookup(caps, MIMEtype, key)
-     # XXX This code should somehow check for the needsterminal flag.
-     for e in entries:
-         if 'test' in e:
-             test = subst(e['test'], filename, plist)
-+            if test is None:
-+                continue
-             if test and os.system(test) != 0:
-                 continue
-         command = subst(e[key], MIMEtype, filename, plist)
--        return command, e
-+        if command is not None:
-+            return command, e
-     return None, None
- 
- def lookup(caps, MIMEtype, key=None):
-@@ -206,6 +219,10 @@ def subst(field, MIMEtype, filename, pli
-             elif c == 's':
-                 res = res + filename
-             elif c == 't':
-+                if _find_unsafe(MIMEtype):
-+                    msg = "Refusing to substitute MIME type %r into a shell command." % (MIMEtype,)
-+                    warnings.warn(msg, UnsafeMailcapInput)
-+                    return None
-                 res = res + MIMEtype
-             elif c == '{':
-                 start = i
-@@ -213,7 +230,12 @@ def subst(field, MIMEtype, filename, pli
-                     i = i+1
-                 name = field[start:i]
-                 i = i+1
--                res = res + findparam(name, plist)
-+                param = findparam(name, plist)
-+                if _find_unsafe(param):
-+                    msg = "Refusing to substitute parameter %r (%s) into a shell command" % (param, name)
-+                    warnings.warn(msg, UnsafeMailcapInput)
-+                    return None
-+                res = res + param
-             # XXX To do:
-             # %n == number of parts if type is multipart/*
-             # %F == list of alternating type and filename for parts
---- a/Lib/test/test_mailcap.py
-+++ b/Lib/test/test_mailcap.py
-@@ -123,7 +123,8 @@ class HelperFunctionTest(unittest.TestCa
-             (["", "audio/*", "foo.txt"], ""),
-             (["echo foo", "audio/*", "foo.txt"], "echo foo"),
-             (["echo %s", "audio/*", "foo.txt"], "echo foo.txt"),
--            (["echo %t", "audio/*", "foo.txt"], "echo audio/*"),
-+            (["echo %t", "audio/*", "foo.txt"], None),
-+            (["echo %t", "audio/wav", "foo.txt"], "echo audio/wav"),
-             (["echo \\%t", "audio/*", "foo.txt"], "echo %t"),
-             (["echo foo", "audio/*", "foo.txt", plist], "echo foo"),
-             (["echo %{total}", "audio/*", "foo.txt", plist], "echo 3")
-@@ -207,7 +208,10 @@ class FindmatchTest(unittest.TestCase):
-              ('"An audio fragment"', audio_basic_entry)),
-             ([c, "audio/*"],
-              {"filename": fname},
--             ("/usr/local/bin/showaudio audio/*", audio_entry)),
-+             (None, None)),
-+            ([c, "audio/wav"],
-+             {"filename": fname},
-+             ("/usr/local/bin/showaudio audio/wav", audio_entry)),
-             ([c, "message/external-body"],
-              {"plist": plist},
-              ("showexternal /dev/null default john python.org     /tmp foo bar", message_entry))
 --- /dev/null
 +++ b/Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst
 @@ -0,0 +1,4 @@

Python-3.10.7.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6eed8415b7516fb2f260906db5d48dd4c06acc0cb24a7d6cc15296a604dcdc48
-size 19618696

Python-3.10.7.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmMV9eMACgkQ/+h0BBaL
-2Ec6FQ//eXrKOb5NoocNPIs9o5Jcbk5jtWxnOp3mqjO8D/LBYc8gwovZMPd+903w
-In2QWtPSK22ZWdaR4DqizK9GjBRi+Y/ZEFfh3uiPM0I2/jGkr5BXizRZNdTo3GyB
-/OuPiBKBVqMgTSGrpO4M24yUekqGdPfzg614GroWSr/16UVVUQADE8DP+BJCTIbk
-v+t+AIYsALR0cUO+uqp2QbWf7N2aF+r08g59Vyb09+Nr2ZfjjINIbHQgRtHv7ZoI
-7BsWiGW3qIeY8XxYt1/kWv4yMqaTyABdmdEHeM0vCzeEUpurj5072isGvOpI92N4
-LZ6nK8GR4pBS+OfOB7bgzUTC+tQ48wPQwb9lZTuWfSXGYotVdTXs1zW6o1T+vply
-MrMZcsc6Y9o8fX3Mkkv4zT9S6JkXtq/MUTIZ27cZr492DzJNaKBG+NqF22FKR35M
-ojLK24YpGyw2PCIlUSiFfAqkGNu53U5rP3N71mh7Ao00nx8WhKj4YAci0tBkfHyw
-NYoX4tz7ybiR3zV5kyrmJv4G2x89cgosfHuEL2Lr+Irf3PV5vgjXHteAwu8Egdej
-myokqzWEwoqNtrK9JsSYE3bcWmrVU9R/siQnNJXKWj+AkHKG0jMsrIh6iRvQGDhp
-Q3Avu3ZQ/K9rreZ4Jk1DHX3BoDvRIFdEjBDAB+b6UUQEGE32nj8=
-=O8kG
------END PGP SIGNATURE-----

Python-3.10.8.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6a30ecde59c47048013eb5a658c9b5dec277203d2793667f578df7671f7f03f3
+size 19619508

Python-3.10.8.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmNFVREACgkQ/+h0BBaL
+2EfmBhAAlIlx22S5RL7ehPDOWlEj06uK87EKEfMXch2DMapEXsrBR2Z+Q3Kb0Le+
+T3vru6k9MUbDGI0pei+o5k621jvg8Gj+0rUKTydAd46Pt9ZoCPWuIdyWKaJBknLu
+XsYs6Xiv6Ug7Q3JGy67j8ei6bFoqATyYEe45ljReVfug7VmisjMXHdiyZoAkAFMO
+fDZvtfXRY/ZwLcCfK5SkaJqSRVfYowAh1lQqiXDnbfaX40BVCw78YKFsYN//PCpU
+DrsE7JFapXQGvCJmcZ+WC8A/WMjyLoKI36w2WDcy8AFKsf49xQWPEWnUzXcJyF2n
+zKGxn6kUEMdzelSWWWqMYlckL6Xf87E+CRTRS0MRX6OIrf+zJkeEoWRW8cGT/U8I
+1o0hawm9O50nSIjMGzaXGKjWsHLSIeOA9ToLz19TzzO7VikNkXAx5gQcHQu3bJyT
+SrMCw/VXJy+0BinBpSX/qZoptX2+6lFfArb/xOZGX2ZhU44+ecPrUHxB8xiw0qr8
+pw16k6nCkW3f0aZ0jrlsfNLsXr9G/ZRu+ugrcTTQ53rfXO0pQ5nxm0CJ5O9twDjw
+DIKvuqnOHlSGEcFM4bNDvpqskDnXrK6oyqBvtVhsjdFAp8YHYoM0yALTBlS4v2Xt
+Em1BPUXHps0M1AY59KrXe0OpwibJjKhvWoogAS5bqe/mYInBE/Y=
+=2vcv
+-----END PGP SIGNATURE-----

fix_configure_rst.patch

@@ -29,7 +29,7 @@
     Create a Python.framework rather than a traditional Unix install. Optional
 --- a/Misc/NEWS
 +++ b/Misc/NEWS
-@@ -2783,7 +2783,7 @@ C API
+@@ -2979,7 +2979,7 @@ C API
  -----
  
  - bpo-43795: The list in :ref:`stable-abi-list` now shows the public name

python310.changes

@@ -1,3 +1,121 @@
+-------------------------------------------------------------------
+Fri Oct 21 10:14:03 UTC 2022 - Matej Cepl <mcepl@suse.com>
+
+- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to
+  allow building of documentation with the latest Sphinx 5.3.0
+  (gh#python/cpython#98366).
+
+-------------------------------------------------------------------
+Wed Oct 19 07:12:23 UTC 2022 - Matej Cepl <mcepl@suse.com>
+
+- Update to 3.10.8:
+  - Fix multiplying a list by an integer (list *= int): detect
+    the integer overflow when the new allocated length is close
+    to the maximum size.
+  - Fix a shell code injection vulnerability in the
+    get-remote-certificate.py example script. The script no
+    longer uses a shell to run openssl commands. (originally
+    filed as CVE-2022-37460, later withdrawn)
+  - Fix command line parsing: reject -X int_max_str_digits option
+    with no value (invalid) when the PYTHONINTMAXSTRDIGITS
+    environment variable is set to a valid limit.
+  - When ValueError is raised if an integer is larger than the
+    limit, mention the sys.set_int_max_str_digits() function in
+    the error message.
+  - The deprecated mailcap module now refuses to inject unsafe
+    text (filenames, MIME types, parameters) into shell
+    commands. Instead of using such text, it will warn and act
+    as if a match was not found (or for test commands, as if the
+    test failed).
+  - os.sched_yield() now release the GIL while calling
+    sched_yield(2).
+  - Bugfix: PyFunction_GetAnnotations() should return a borrowed
+    reference. It was returning a new reference.
+  - Fixed a missing incref/decref pair in
+    Exception.__setstate__().
+  - Fix overly-broad source position information for chained
+    comparisons used as branching conditions.
+  - Fix undefined behaviour in _testcapimodule.c.
+  - At Python exit, sometimes a thread holding the GIL can
+    wait forever for a thread (usually a daemon thread) which
+    requested to drop the GIL, whereas the thread already
+    exited. To fix the race condition, the thread which requested
+    the GIL drop now resets its request before exiting.
+  - Fix a possible assertion failure, fatal error, or SystemError
+    if a line tracing event raises an exception while opcode
+    tracing is enabled.
+  - Fix undefined behaviour in C code of null pointer arithmetic.
+  - Do not expose KeyWrapper in _functools.
+  - When loading a file with invalid UTF-8 inside a multi-line
+    string, a correct SyntaxError is emitted.
+  - Disable incorrect pickling of the C implemented classmethod
+    descriptors.
+  - Fix AttributeError missing name and obj attributes in       .
+    object.__getattribute__() bpo-42316: Document some places   .
+    where an assignment expression needs parentheses            .
+  - Wrap network errors consistently in urllib FTP support, so
+    the test suite doesn’t fail when a network is available but
+    the public internet is not reachable.
+  - Fixes AttributeError when subprocess.check_output() is used
+    with argument input=None and either of the arguments encoding
+    or errors are used.
+  - Avoid spurious tracebacks from asyncio when default executor
+    cleanup is delayed until after the event loop is closed (e.g.
+    as the result of a keyboard interrupt).
+  - Avoid a crash in the C version of
+    asyncio.Future.remove_done_callback() when an evil argument
+    is passed.
+  - Remove tokenize.NL check from tabnanny.
+  - Make Semaphore run faster.
+  - Fix generation of the default name of
+    tkinter.Checkbutton. Previously, checkbuttons in different
+    parent widgets could have the same short name and share
+    the same state if arguments “name” and “variable” are not
+    specified. Now they are globally unique.
+  - Update bundled libexpat to 2.4.9
+  - Fix race condition in asyncio where process_exited() called
+    before the pipe_data_received() leading to inconsistent
+    output.
+  - Fixed check in multiprocessing.resource_tracker that
+    guarantees that the length of a write to a pipe is not
+    greater than PIPE_BUF.
+  - Corrected type annotation for dataclass attribute
+    pstats.FunctionProfile.ncalls to be str.
+  - Fix the faulthandler implementation of
+    faulthandler.register(signal, chain=True) if the sigaction()
+    function is not available: don’t call the previous signal
+    handler if it’s NULL.
+  - In inspect, fix overeager replacement of “typing.” in
+    formatting annotations.
+  - Fix asyncio.streams.StreamReaderProtocol to keep a strong
+    reference to the created task, so that it’s not garbage
+    collected
+  - Fix handling compiler warnings (SyntaxWarning and
+    DeprecationWarning) in codeop.compile_command() when checking
+    for incomplete input. Previously it emitted warnings and
+    raised a SyntaxError. Now it always returns None for
+    incomplete input without emitting any warnings.
+  - Fixed flickering of the turtle window when the tracer is
+    turned off.
+  - Allow asyncio.StreamWriter.drain() to be awaited concurrently
+    by multiple tasks.
+  - Fix broken asyncio.Semaphore when acquire is cancelled.
+  - Fix ast.unparse() when ImportFrom.level is None
+  - Improve performance of urllib.request.getproxies_environment
+    when there are many environment variables
+  - Fix ! in c domain ref target syntax via a conf.py patch, so
+    it works as intended to disable ref target resolution.
+  - Clarified the conflicting advice given in the ast
+    documentation about ast.literal_eval() being “safe” for use
+    on untrusted input while at the same time warning that it
+    can crash the process. The latter statement is true and is
+    deemed unfixable without a large amount of work unsuitable
+    for a bugfix. So we keep the warning and no longer claim that
+    literal_eval is safe.
+  - Update tutorial introduction output to use 3.10+ SyntaxError
+    invalid range.
+- Remove upstreamed test-int-timing.patch.
+
 -------------------------------------------------------------------
 Sun Sep 18 08:48:51 UTC 2022 - Andreas Schwab <schwab@suse.de>
 

python310.spec

@@ -67,7 +67,7 @@ Obsoletes:      python39%{?1:-%{1}}
 %define tarversion %{version}
 %endif
 # We don't process beta signs well
-%define         folderversion 3.10.7
+%define         folderversion %{tarversion}
 %define         tarname    Python-%{tarversion}
 %define         sitedir         %{_libdir}/python%{python_version}
 # three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149
@@ -103,7 +103,7 @@ Obsoletes:      python39%{?1:-%{1}}
 %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
 %bcond_without profileopt
 Name:           %{python_pkg_name}%{psuffix}
-Version:        3.10.7
+Version:        3.10.8
 Release:        0
 Summary:        Python 3 Interpreter
 License:        Python-2.0
@@ -169,8 +169,9 @@ Patch36:        support-expat-CVE-2022-25236-patched.patch
 # PATCH-FIX-UPSTREAM CVE-2015-20107-mailcap-unsafe-filenames.patch bsc#1198511 mcepl@suse.com
 # avoid the command injection in the mailcap module.
 Patch37:        CVE-2015-20107-mailcap-unsafe-filenames.patch
-# PATCH-FIX-UPSTREAM gh-96710: Make the test timing more lenient for the int/str DoS regression test. (#96717)
+# PATCH-FIX-UPSTREAM 98437-sphinx.locale._-as-gettext-in-pyspecific.patch gh#python/cpython#98366 mcepl@suse.com
-Patch38:        test-int-timing.patch
+# this patch makes things totally awesome
+Patch38:        98437-sphinx.locale._-as-gettext-in-pyspecific.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  fdupes

subprocess-raise-timeout.patch

@@ -4,7 +4,7 @@
 
 --- a/Lib/test/test_subprocess.py
 +++ b/Lib/test/test_subprocess.py
-@@ -261,7 +261,8 @@ class ProcessTestCase(BaseTestCase):
+@@ -267,7 +267,8 @@ class ProcessTestCase(BaseTestCase):
                       "time.sleep(3600)"],
                      # Some heavily loaded buildbots (sparc Debian 3.x) require
                      # this much time to start and print.

test-int-timing.patch

@@ -1,78 +0,0 @@
-From 11e3548fd1d3445ccde971d613633b58d73c3016 Mon Sep 17 00:00:00 2001
-From: "Gregory P. Smith" <greg@krypto.org>
-Date: Fri, 9 Sep 2022 12:51:34 -0700
-Subject: [PATCH] gh-96710: Make the test timing more lenient for the int/str
- DoS regression test. (#96717)
-
-A regression would still absolutely fail and even a flaky pass isn't
-harmful as it'd fail most of the time across our N system test runs.
-
-Windows has a low resolution timer and CI systems are prone to odd
-timing so this just gives more leeway to avoid flakiness.
----
- Lib/test/test_int.py | 14 ++++++++------
- 1 file changed, 8 insertions(+), 6 deletions(-)
-
-diff --git a/Lib/test/test_int.py b/Lib/test/test_int.py
-index 800c0b006c..c972b8afb4 100644
---- a/Lib/test/test_int.py
-+++ b/Lib/test/test_int.py
-@@ -650,7 +650,8 @@ def test_denial_of_service_prevented_int_to_str(self):
-         self.assertEqual(len(huge_decimal), digits)
-         # Ensuring that we chose a slow enough conversion to measure.
-         # It takes 0.1 seconds on a Zen based cloud VM in an opt build.
--        if seconds_to_convert < 0.005:
-+        # Some OSes have a low res 1/64s timer, skip if hard to measure.
-+        if seconds_to_convert < 1/64:
-             raise unittest.SkipTest('"slow" conversion took only '
-                                     f'{seconds_to_convert} seconds.')
- 
-@@ -662,7 +663,7 @@ def test_denial_of_service_prevented_int_to_str(self):
-                 str(huge_int)
-             seconds_to_fail_huge = get_time() - start
-         self.assertIn('conversion', str(err.exception))
--        self.assertLess(seconds_to_fail_huge, seconds_to_convert/8)
-+        self.assertLessEqual(seconds_to_fail_huge, seconds_to_convert/2)
- 
-         # Now we test that a conversion that would take 30x as long also fails
-         # in a similarly fast fashion.
-@@ -673,7 +674,7 @@ def test_denial_of_service_prevented_int_to_str(self):
-             str(extra_huge_int)
-         seconds_to_fail_extra_huge = get_time() - start
-         self.assertIn('conversion', str(err.exception))
--        self.assertLess(seconds_to_fail_extra_huge, seconds_to_convert/8)
-+        self.assertLess(seconds_to_fail_extra_huge, seconds_to_convert/2)
- 
-     def test_denial_of_service_prevented_str_to_int(self):
-         """Regression test: ensure we fail before performing O(N**2) work."""
-@@ -691,7 +692,8 @@ def test_denial_of_service_prevented_str_to_int(self):
-         seconds_to_convert = get_time() - start
-         # Ensuring that we chose a slow enough conversion to measure.
-         # It takes 0.1 seconds on a Zen based cloud VM in an opt build.
--        if seconds_to_convert < 0.005:
-+        # Some OSes have a low res 1/64s timer, skip if hard to measure.
-+        if seconds_to_convert < 1/64:
-             raise unittest.SkipTest('"slow" conversion took only '
-                                     f'{seconds_to_convert} seconds.')
- 
-@@ -701,7 +703,7 @@ def test_denial_of_service_prevented_str_to_int(self):
-                 int(huge)
-             seconds_to_fail_huge = get_time() - start
-         self.assertIn('conversion', str(err.exception))
--        self.assertLess(seconds_to_fail_huge, seconds_to_convert/8)
-+        self.assertLessEqual(seconds_to_fail_huge, seconds_to_convert/2)
- 
-         # Now we test that a conversion that would take 30x as long also fails
-         # in a similarly fast fashion.
-@@ -712,7 +714,7 @@ def test_denial_of_service_prevented_str_to_int(self):
-             int(extra_huge)
-         seconds_to_fail_extra_huge = get_time() - start
-         self.assertIn('conversion', str(err.exception))
--        self.assertLess(seconds_to_fail_extra_huge, seconds_to_convert/8)
-+        self.assertLessEqual(seconds_to_fail_extra_huge, seconds_to_convert/2)
- 
-     def test_power_of_two_bases_unlimited(self):
-         """The limit does not apply to power of 2 bases."""
--- 
-2.37.3
-