- Update to 3.10.11:

- Core and Builtins - gh-102416: Do not memoize incorrectly automatically generated loop rules in the parser. Patch by Pablo Galindo. - gh-102356: Fix a bug that caused a crash when deallocating deeply nested filter objects. Patch by Marta Gómez Macías. - gh-102397: Fix segfault from race condition in signal handling during garbage collection. Patch by Kumar Aditya. - gh-102126: Fix deadlock at shutdown when clearing thread states if any finalizer tries to acquire the runtime head lock. Patch by Kumar Aditya. - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal module. Patch by Max Bachmann. - gh-101967: Fix possible segfault in positional_only_passed_as_keyword function, when new list created. - gh-101765: Fix SystemError / segmentation fault in iter __reduce__ when internal access of builtins.__dict__ keys mutates the iter object. - Library - gh-102947: Improve traceback when dataclasses.fields() is called on a non-dataclass. Patch by Alex Waygood - gh-101979: Fix a bug where parentheses in the metavar argument to argparse.ArgumentParser.add_argument() were dropped. Patch by Yeojin Kim. - gh-102179: Fix os.dup2() error message for negative fds. - gh-101961: For the binary mode, fileinput.hookcompressed() doesn’t set the encoding value even if the value is None. Patch by Gihwan Kim. - gh-101936: The default value of fp becomes io.BytesIO OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=85
2023-04-27 21:53:08 +00:00 · 2023-04-27 21:53:08 +00:00 · e8a35797e6
commit e8a35797e6
parent 0a6bd2edcb
8 changed files with 120 additions and 85 deletions
--- a/CVE-2007-4559-filter-tarfile_extractall.patch
+++ b/CVE-2007-4559-filter-tarfile_extractall.patch
@ -1513,7 +1513,7 @@ Content-Transfer-Encoding: 8bit
         with open(os.path.join(TEMPDIR, "ustar/regtype"), "rb") as fobj:
             data = fobj.read()
-@@ -454,7 +460,7 @@ class CommonReadTest(ReadTest):
+@@ -455,7 +461,7 @@ class CommonReadTest(ReadTest):
                 t = tar.next()
                 with self.assertRaisesRegex(tarfile.ReadError, "unexpected end of data"):
@ -1522,7 +1522,7 @@ Content-Transfer-Encoding: 8bit
                 with self.assertRaisesRegex(tarfile.ReadError, "unexpected end of data"):
                     tar.extractfile(t).read()
-@@ -609,16 +615,16 @@ class MiscReadTestBase(CommonReadTest):
+@@ -610,16 +616,16 @@ class MiscReadTestBase(CommonReadTest):
     def test_extract_hardlink(self):
         # Test hardlink extraction (e.g. bug #857297).
         with tarfile.open(tarname, errorlevel=1, encoding="iso8859-1") as tar:
@ -1542,7 +1542,7 @@ Content-Transfer-Encoding: 8bit
             self.addCleanup(os_helper.unlink, os.path.join(TEMPDIR, "ustar/symtype"))
             with open(os.path.join(TEMPDIR, "ustar/symtype"), "rb") as f:
                 data = f.read()
-@@ -632,13 +638,14 @@ class MiscReadTestBase(CommonReadTest):
+@@ -633,13 +639,14 @@ class MiscReadTestBase(CommonReadTest):
         os.mkdir(DIR)
         try:
             directories = [t for t in tar if t.isdir()]
@ -1559,7 +1559,7 @@ Content-Transfer-Encoding: 8bit
                 def format_mtime(mtime):
                     if isinstance(mtime, float):
                         return "{} ({})".format(mtime, mtime.hex())
-@@ -661,7 +668,7 @@ class MiscReadTestBase(CommonReadTest):
+@@ -662,7 +669,7 @@ class MiscReadTestBase(CommonReadTest):
         try:
             with tarfile.open(tarname, encoding="iso8859-1") as tar:
                 tarinfo = tar.getmember(dirtype)
@ -1568,7 +1568,7 @@ Content-Transfer-Encoding: 8bit
                 extracted = os.path.join(DIR, dirtype)
                 self.assertEqual(os.path.getmtime(extracted), tarinfo.mtime)
                 if sys.platform != "win32":
-@@ -674,7 +681,7 @@ class MiscReadTestBase(CommonReadTest):
+@@ -675,7 +682,7 @@ class MiscReadTestBase(CommonReadTest):
         with os_helper.temp_dir(DIR), \
              tarfile.open(tarname, encoding="iso8859-1") as tar:
             directories = [t for t in tar if t.isdir()]
@ -1577,7 +1577,7 @@ Content-Transfer-Encoding: 8bit
             for tarinfo in directories:
                 path = DIR / tarinfo.name
                 self.assertEqual(os.path.getmtime(path), tarinfo.mtime)
-@@ -685,7 +692,7 @@ class MiscReadTestBase(CommonReadTest):
+@@ -686,7 +693,7 @@ class MiscReadTestBase(CommonReadTest):
         with os_helper.temp_dir(DIR), \
              tarfile.open(tarname, encoding="iso8859-1") as tar:
             tarinfo = tar.getmember(dirtype)
@ -1586,7 +1586,7 @@ Content-Transfer-Encoding: 8bit
             extracted = DIR / dirtype
             self.assertEqual(os.path.getmtime(extracted), tarinfo.mtime)
-@@ -1041,7 +1048,7 @@ class GNUReadTest(LongnameTest, ReadTest
+@@ -1042,7 +1049,7 @@ class GNUReadTest(LongnameTest, ReadTest
     # an all platforms, and after that a test that will work only on
     # platforms/filesystems that prove to support sparse files.
     def _test_sparse_file(self, name):
@ -1595,7 +1595,7 @@ Content-Transfer-Encoding: 8bit
         filename = os.path.join(TEMPDIR, name)
         with open(filename, "rb") as fobj:
             data = fobj.read()
-@@ -1408,7 +1415,8 @@ class WriteTest(WriteTestBase, unittest.
+@@ -1409,7 +1416,8 @@ class WriteTest(WriteTestBase, unittest.
             with tarfile.open(temparchive, errorlevel=2) as tar:
                 # this should not raise OSError: [Errno 17] File exists
                 try:
@ -1605,7 +1605,7 @@ Content-Transfer-Encoding: 8bit
                 except OSError:
                     self.fail("extractall failed with symlinked files")
         finally:
-@@ -2440,6 +2448,15 @@ class CommandLineTest(unittest.TestCase)
+@@ -2441,6 +2449,15 @@ class CommandLineTest(unittest.TestCase)
             for tardata in files:
                 tf.add(tardata, arcname=os.path.basename(tardata))
@ -1621,7 +1621,7 @@ Content-Transfer-Encoding: 8bit
     def test_bad_use(self):
         rc, out, err = self.tarfilecmd_failure()
         self.assertEqual(out, b'')
-@@ -2596,6 +2613,25 @@ class CommandLineTest(unittest.TestCase)
+@@ -2597,6 +2614,25 @@ class CommandLineTest(unittest.TestCase)
             finally:
                 os_helper.rmtree(tarextdir)
@ -1647,7 +1647,7 @@ Content-Transfer-Encoding: 8bit
     def test_extract_command_different_directory(self):
         self.make_simple_tarfile(tmpname)
         try:
-@@ -2679,7 +2715,7 @@ class LinkEmulationTest(ReadTest, unitte
+@@ -2680,7 +2716,7 @@ class LinkEmulationTest(ReadTest, unitte
     # symbolic or hard links tarfile tries to extract these types of members
     # as the regular files they point to.
     def _test_link_extraction(self, name):
@ -1656,7 +1656,7 @@ Content-Transfer-Encoding: 8bit
         with open(os.path.join(TEMPDIR, name), "rb") as f:
             data = f.read()
         self.assertEqual(sha256sum(data), sha256_regtype)
-@@ -2811,8 +2847,10 @@ class NumericOwnerTest(unittest.TestCase
+@@ -2812,8 +2848,10 @@ class NumericOwnerTest(unittest.TestCase
                                         mock_chown):
         with self._setup_test(mock_geteuid) as (tarfl, filename_1, _,
                                                 filename_2):
@ -1669,7 +1669,7 @@ Content-Transfer-Encoding: 8bit
         # convert to filesystem paths
         f_filename_1 = os.path.join(TEMPDIR, filename_1)
-@@ -2830,7 +2868,8 @@ class NumericOwnerTest(unittest.TestCase
+@@ -2831,7 +2869,8 @@ class NumericOwnerTest(unittest.TestCase
                                            mock_chown):
         with self._setup_test(mock_geteuid) as (tarfl, filename_1, dirname_1,
                                                 filename_2):
@ -1679,7 +1679,7 @@ Content-Transfer-Encoding: 8bit
         # convert to filesystem paths
         f_filename_1 = os.path.join(TEMPDIR, filename_1)
-@@ -2855,7 +2894,8 @@ class NumericOwnerTest(unittest.TestCase
+@@ -2856,7 +2895,8 @@ class NumericOwnerTest(unittest.TestCase
     def test_extract_without_numeric_owner(self, mock_geteuid, mock_chmod,
                                            mock_chown):
         with self._setup_test(mock_geteuid) as (tarfl, filename_1, _, _):
@ -1689,7 +1689,7 @@ Content-Transfer-Encoding: 8bit
         # convert to filesystem paths
         f_filename_1 = os.path.join(TEMPDIR, filename_1)
-@@ -2869,6 +2909,890 @@ class NumericOwnerTest(unittest.TestCase
+@@ -2870,6 +2910,890 @@ class NumericOwnerTest(unittest.TestCase
                               tarfl.extract, filename_1, TEMPDIR, False, True)
--- a/Python-3.10.10.tar.xz
+++ b/Python-3.10.10.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:0419e9085bf51b7a672009b3f50dbf1859acdf18ba725d0ec19aa5c8503f0ea3
 size 19627028
--- a/Python-3.10.10.tar.xz.asc
+++ b/Python-3.10.10.tar.xz.asc
@ -1,16 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmPiQfoACgkQ/+h0BBaL
 2EcB8hAAmFEIHZopWn+A4tDxd001eViLrOmjygqPn1doAQ3dAgyESt4Z/HDtN6rB
 +6z5rsx+qdcP9kfb/+3V0gKBh/3V4bEpnD+EQtpONWhKbCcqOfq1ok1V+uNH8uOF
 ixxWkY+MWJzPPhlQiW/sm9FP6CdnaeriKf1JMCUt9aiganpo2CQv5gPE/0PlSGO5
 BEKjCcyHHPIEAxC6jLm/+33PSzbhGq+YstK/1tcqUrJfkifipovmSZeFyzULPonK
 MATPyliOupo3ixPs3LoJUjNpGD4fH+p2Lg1ZOgYv7vGmeLcadNVanRlqRg76m+ke
 zvp/MAqQg4Fr75m2+mfDG/Md+PrSMvz71i55a1Q1NcYdW6QR62m08FCZg7/+t5pD
 H91ywhMqTv1nySsEZGfuETPTs7gMCtyBeDjIhXBMcfbhGivd7r5zZJ8MUD/FSASC
 fQ/vEVeHWQeWpfFgxLfLmRnkjIS7JCGlM9z6zsZqbppWqeA94sBIf4ka2JG2DnGP
 1Pvn+ragiHt1++i2yVhmoAB0t44/SgXacCce5AT3yB71brT21cOXQs0Gq80MwVPI
 nVbzdOtuGNGcvEi2fbO2IEcgegSHaOHo9PvYTRropSz3V7A95x8mA1xjZf2y77H5
 /mfJ4687YIItCIcNE5Zzj6GspWlWP31OvRFIIefnKYf2JuU+qt8=
 =B3xo
 -----END PGP SIGNATURE-----
--- a/Python-3.10.11.tar.xz
+++ b/Python-3.10.11.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:3c3bc3048303721c904a03eb8326b631e921f11cc3be2988456a42f115daf04c
 size 19640792
--- a/Python-3.10.11.tar.xz.asc
+++ b/Python-3.10.11.tar.xz.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmQsoHwACgkQ/+h0BBaL
 2Efs9BAAheWCnenhHhXi0m0DgyB6eEVH8xmZrBqA1WMgGQOqWVZmEnJdc0IXyFWQ
 1A4C59d6rEvu8jvXTLvsqGEmehofKqq0bXB1tMUBn9CwSiELOm19WvCHc/Htwo2U
 DsvAsXXO7vBkKBT9+CQ4BmkGzPUTrBLZRHsQX/M/tpx81jnQVunoMojyPK19sf1I
 C+YnxE0cQVL9+INd0WtbVByJIwzBBDCLqTQWL//73CqFs8IO6PsjFXqmlVqVfpmz
 aEXuGeRkRgy7kZaDdLcnhBq7a6vgaecfgfRUGyBgwgakfrHA5SOdsWdAonjA676J
 6DHmFIf82R4wo7Vu0WAfFAq9jJfVxXN7n5Y/N/cxzqjhrfO341vCflN1c16VAFnu
 ok7n50poENO/tMRerOEj5baL+mToi8Wh+cYHY6tNpaM2iP+bSyjoS+Ff225xhdNV
 fqGuyaH7cPgGgoXECrSb7iTWYZxJxQV9S8OlR2gX8IlA+XrbGWQl0PvmErhO3FqN
 W88gBmYrzrSl6+dzF62yn2gKFc2K5k6NmCcySFfjY87G7RhEf1ixPeDyMSvbKlVw
 sJWeoXuCNPL+PQV+V76UAbn3bEvH87fyImxoYHNAIbHh8JaTvO5vIKDrrsw92siQ
 6Pud3Oy6DcD5gWX2KcaAjQjruh18dljsbYN+2KVFfQHM8SYeXns=
 =enP4
 -----END PGP SIGNATURE-----
--- a/invalid-json.patch
+++ b/invalid-json.patch
@ -1,44 +0,0 @@
 ---
 Doc/howto/logging-cookbook.rst |   24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)
 --- a/Doc/howto/logging-cookbook.rst
 +++ b/Doc/howto/logging-cookbook.rst
@@ -340,10 +340,12 @@ adding a ``filters`` section parallel to
 .. code-block:: json
 -    "filters": {
 -        "warnings_and_below": {
 -            "()" : "__main__.filter_maker",
 -            "level": "WARNING"
 +    {
 +        "filters": {
 +            "warnings_and_below": {
 +                "()" : "__main__.filter_maker",
 +                "level": "WARNING"
 +            }
         }
     }
@@ -351,12 +353,14 @@ and changing the section on the ``stdout
 .. code-block:: json
 -    "stdout": {
 -        "class": "logging.StreamHandler",
 -        "level": "INFO",
 -        "formatter": "simple",
 -        "stream": "ext://sys.stdout",
 -        "filters": ["warnings_and_below"]
 +    {
 +        "stdout": {
 +            "class": "logging.StreamHandler",
 +            "level": "INFO",
 +            "formatter": "simple",
 +            "stream": "ext://sys.stdout",
 +            "filters": ["warnings_and_below"]
 +        }
     }
 A filter is just a function, so we can define the ``filter_maker`` (a factory
--- a/python310.changes
+++ b/python310.changes
@ -1,10 +1,93 @@
 -------------------------------------------------------------------
-Thu Apr 27 21:19:52 UTC 2023 - Matej Cepl <mcepl@suse.com>
+Thu Apr 27 21:23:19 UTC 2023 - Matej Cepl <mcepl@suse.com>
 - Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
  CVE-2007-4559 (bsc#1203750) by adding the filter for
  tarfile.extractall (PEP 706).
 -------------------------------------------------------------------
 Thu Apr 27 21:19:52 UTC 2023 - Matej Cepl <mcepl@suse.com>
 - Update to 3.10.11:
  - Core and Builtins
    - gh-102416: Do not memoize incorrectly automatically
      generated loop rules in the parser. Patch by Pablo Galindo.
    - gh-102356: Fix a bug that caused a crash when deallocating
      deeply nested filter objects. Patch by Marta Gómez Macías.
    - gh-102397: Fix segfault from race condition in signal
      handling during garbage collection. Patch by Kumar Aditya.
    - gh-102126: Fix deadlock at shutdown when clearing thread
      states if any finalizer tries to acquire the runtime head
      lock. Patch by Kumar Aditya.
    - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal
      module. Patch by Max Bachmann.
    - gh-101967: Fix possible segfault in
      positional_only_passed_as_keyword function, when new list
      created.
    - gh-101765: Fix SystemError / segmentation fault in iter
      __reduce__ when internal access of builtins.__dict__ keys
      mutates the iter object.
  - Library
    - gh-102947: Improve traceback when dataclasses.fields() is
      called on a non-dataclass. Patch by Alex Waygood
    - gh-101979: Fix a bug where parentheses in the metavar
      argument to argparse.ArgumentParser.add_argument() were
      dropped. Patch by Yeojin Kim.
    - gh-102179: Fix os.dup2() error message for negative fds.
    - gh-101961: For the binary mode, fileinput.hookcompressed()
      doesn’t set the encoding value even if the value is
      None. Patch by Gihwan Kim.
    - gh-101936: The default value of fp becomes io.BytesIO
      if HTTPError is initialized without a designated fp
      parameter. Patch by Long Vo.
    - gh-101566: In zipfile, apply fix for extractall on the
      underlying zipfile after being wrapped in Path.
    - gh-101997: Upgrade pip wheel bundled with ensurepip (pip
      23.0.1)
    - gh-101892: Callable iterators no longer raise SystemError
      when the callable object exhausts the iterator but forgets
      to either return a sentinel value or raise StopIteration.
    - gh-97786: Fix potential undefined behaviour in corner cases
      of floating-point-to-time conversions.
    - gh-101517: Fixed bug where bdb looks up the source line
      with linecache with a lineno=None, which causes it to fail
      with an unhandled exception.
    - gh-101673: Fix a pdb bug where ll clears the changes to
      local variables.
    - gh-96931: Fix incorrect results from
      ssl.SSLSocket.shared_ciphers()
    - gh-88233: Correctly preserve “extra” fields in zipfile
      regardless of their ordering relative to a zip64 “extra.”
    - gh-95495: When built against OpenSSL 3.0, the ssl module
      had a bug where it reported unauthenticated EOFs (i.e.
      without close_notify) as a clean TLS-level EOF. It now
      raises SSLEOFError, matching the behavior in previous
      versions of OpenSSL. The options attribute on SSLContext
      also no longer includes OP_IGNORE_UNEXPECTED_EOF by
      default. This option may be set to specify the previous
      OpenSSL 3.0 behavior.
    - gh-94440: Fix a concurrent.futures.process bug where
      ProcessPoolExecutor shutdown could hang after a future has
      been quickly submitted and canceled.
  - Documentation
    - gh-103112: Add docstring to http.client.HTTPResponse.read()
      to fix pydoc output.
    - gh-85417: Update cmath documentation to clarify behaviour
      on branch cuts.
    - gh-97725: Fix asyncio.Task.print_stack() description for
      file=None. Patch by Oleg Iarygin.
  - Tests
    - gh-102980: Improve test coverage on pdb.
    - gh-102537: Adjust the error handling strategy in
      test_zoneinfo.TzPathTest.python_tzpath_context. Patch by
      Paul Ganssle.
    - gh-101377: Improved test_locale_calendar_formatweekday of
      calendar.
  - Build
    - gh-102711: Fix -Wstrict-prototypes compiler warnings.
 - Removed upstreamed:
  - invalid-json.patch
 -------------------------------------------------------------------
 Mon Mar 13 08:39:53 UTC 2023 - Matej Cepl <mcepl@suse.com>
--- a/python310.spec
+++ b/python310.spec
@ -103,7 +103,7 @@ Obsoletes:      python39%{?1:-%{1}}
 %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
 %bcond_without profileopt
 Name:           %{python_pkg_name}%{psuffix}
-Version:        3.10.10
+Version:        3.10.11
 Release:        0
 Summary:        Python 3 Interpreter
 License:        Python-2.0
@ -170,12 +170,9 @@ Patch36:        support-expat-CVE-2022-25236-patched.patch
 # blocklist bypass via the urllib.parse component when supplying
 # a URL that starts with blank characters
 Patch37:        CVE-2023-24329-blank-URL-bypass.patch
 # PATCH-FIX-UPSTREAM invalid-json.patch gh#python/cpython#102582 mcepl@suse.com
 # We require valid JSON in documentation
 Patch38:        invalid-json.patch
 # PATCH-FIX-UPSTREAM CVE-2007-4559-filter-tarfile_extractall.patch bsc#1203750 mcepl@suse.com
 # PEP 706 – Filter for tarfile.extractall
-Patch39:        CVE-2007-4559-filter-tarfile_extractall.patch
+Patch38:        CVE-2007-4559-filter-tarfile_extractall.patch
 BuildRequires:  autoconf-archive
 BuildRequires:  automake
 BuildRequires:  fdupes
@ -450,7 +447,6 @@ other applications.
 %patch36 -p1
 %patch37 -p1
 %patch38 -p1
 %patch39 -p1
 # drop Autoconf version requirement
 sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac