- Fix multiplying a list by an integer (list *= int): detect
the integer overflow when the new allocated length is close
to the maximum size.
- Fix a shell code injection vulnerability in the
get-remote-certificate.py example script. The script no
longer uses a shell to run openssl commands. (originally
filed as CVE-2022-37460, later withdrawn)
- Fix command line parsing: reject -X int_max_str_digits option
with no value (invalid) when the PYTHONINTMAXSTRDIGITS
environment variable is set to a valid limit.
- When ValueError is raised if an integer is larger than the
limit, mention the sys.set_int_max_str_digits() function in
the error message.
- The deprecated mailcap module now refuses to inject unsafe
text (filenames, MIME types, parameters) into shell
commands. Instead of using such text, it will warn and act
as if a match was not found (or for test commands, as if the
test failed).
- os.sched_yield() now release the GIL while calling
sched_yield(2).
- Bugfix: PyFunction_GetAnnotations() should return a borrowed
reference. It was returning a new reference.
- Fixed a missing incref/decref pair in
Exception.__setstate__().
- Fix overly-broad source position information for chained
comparisons used as branching conditions.
- Fix undefined behaviour in _testcapimodule.c.
- At Python exit, sometimes a thread holding the GIL can
wait forever for a thread (usually a daemon thread) which
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=61
- Fix for CVE-2020-10735 (bsc#1203125) Converting between int
and str in bases other than 2 (binary), 4, 8 (octal), 16
(hexadecimal), or 32 such as base 10 (decimal) now raises
a ValueError if the number of digits in string form is above
a limit to avoid potential denial of service attacks due to
the algorithmic complexity.
- Other bug fixes:
- Fixed a bug that caused _PyCode_GetExtra to return garbage
for negative indexes.
- Fix format string in _PyPegen_raise_error_known_location
that can lead to memory corruption on some 64bit systems.
The function was building a tuple with i (int) instead of
n (Py_ssize_t) for Py_ssize_t arguments.
- Fix misleading contents of error message when converting an
all-whitespace string to float.
- coroutine.throw() now properly initializes the frame.f_back
when resuming a stack of coroutines. This allows e.g.
traceback.print_stack() to work correctly when an exception
(such as CancelledError) is thrown into a coroutine.
- ast.parse() will no longer parse function definitions with
positional-only params when passed feature_version less
than (3, 8).
- Correct conversion of numbers.Rational’s to float.
- Fix a performance regression in logging
TimedRotatingFileHandler. Only check for special files when
the rollover time has passed.
- Fix unused localName parameter in the Attr class in
xml.dom.minidom.
- Update bundled pip to 22.2.2.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=56
- gh-87389: http.server: Fix an open redirection vulnerability
in the HTTP server when an URI path starts with //.
Vulnerability discovered, and initial fix proposed, by Hamza
Avvan.
- gh-92888: Fix memoryview use after free when accessing the
backing buffer in certain cases.
- gh-95355: _PyPegen_Parser_New now properly detects token
memory allocation errors. Patch by Honglin Zhu.
- gh-94938: Fix error detection in some builtin functions when
keyword argument name is an instance of a str subclass with
overloaded __eq__ and __hash__. Previously it could cause
SystemError or other undesired behavior.
- gh-94949: ast.parse() will no longer parse parenthesized
context managers when passed feature_version less than
(3, 9). Patch by Shantanu Jain.
- gh-94947: ast.parse() will no longer parse assignment
expressions when passed feature_version less than
(3, 8). Patch by Shantanu Jain.
- gh-94869: Fix the column offsets for some expressions in
multi-line f-strings ast nodes. Patch by Pablo Galindo.
- gh-91153: Fix an issue where a bytearray item assignment
could crash if it’s resized by the new value’s __index__()
method.
- gh-94329: Compile and run code with unpacking of extremely
large sequences (1000s of elements). Such code failed to
compile. It now compiles and runs correctly.
- gh-94360: Fixed a tokenizer crash when reading encoded
files with syntax errors from stdin with non utf-8 encoded
text. Patch by Pablo Galindo
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=49
%primary_interpreter.
- Switch primary_interpreter from python38 to python310 for
Factory (only)
- (bsc#1196784, CVE-2022-25236) Rename patch:
support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch
and update the patch to detect expat >= 2.4.4 instead of >= 2.4.5
as it was fully patched against CVE-2022-25236.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=41
- Core and Builtins
- gh-93418: Fixed an assert where an f-string has an equal
sign ‘=’ following an expression, but there’s no trailing
brace. For example, f”{i=”.
- gh-91924: Fix __ltrace__ debug feature if the stdout
encoding is not UTF-8. Patch by Victor Stinner.
- gh-93061: Backward jumps after async for loops are no
longer given dubious line numbers.
- gh-93065: Fix contextvars HAMT implementation to handle
iteration over deep trees.
- The bug was discovered and fixed by Eli Libman. See
MagicStack/immutables#84 for more details.
- gh-92311: Fixed a bug where setting frame.f_lineno to jump
over a list comprehension could misbehave or crash.
- gh-92112: Fix crash triggered by an evil custom mro() on
a metaclass.
- gh-92036: Fix a crash in subinterpreters related to the
garbage collector. When a subinterpreter is deleted,
untrack all objects tracked by its GC. To prevent a crash
in deallocator functions expecting objects to be tracked by
the GC, leak a strong reference to these objects on
purpose, so they are never deleted and their deallocator
functions are not called. Patch by Victor Stinner.
- gh-91421: Fix a potential integer overflow in
_Py_DecodeUTF8Ex.
- bpo-47212: Raise IndentationError instead of SyntaxError
for a bare except with no following indent. Improve
SyntaxError locations for an un-parenthesized generator
used as arguments. Patch by Matthieu Dartiailh.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=38
- bpo-46968: Check for the existence of the “sys/auxv.h” header
in faulthandler to avoid compilation problems in systems
where this header doesn’t exist. Patch by Pablo Galindo
- bpo-23691: Protect the re.finditer() iterator from
re-entering.
- bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to
avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception
when reading a ZipFile from multiple threads.
- bpo-38256: Fix binascii.crc32() when it is compiled to use
zlib’c crc32 to work properly on inputs 4+GiB in length
instead of returning the wrong result. The workaround prior
to this was to always feed the function data in increments
smaller than 4GiB or to just call the zlib module function.
- bpo-39394: A warning about inline flags not at the start of
the regular expression now contains the position of the flag.
- bpo-47061: Deprecate the various modules listed by PEP 594:
- aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt,
imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd,
sndhdr, spwd, sunau, telnetlib, uu, xdrlib
- bpo-2604: Fix bug where doctests using globals would fail
when run multiple times.
- bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order.
- bpo-47022: The asynchat, asyncore and smtpd modules have been
deprecated since at least Python 3.6. Their documentation and
deprecation warnings and have now been updated to note they
will removed in Python 3.12 (PEP 594).
- bpo-46421: Fix a unittest issue where if the command was
invoked as python -m unittest and the filename(s) began with
a dot (.), a ValueError is returned.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=34
packages (python39 for python310 and so forth). For next
versions it is necessary just to edit the macro.
- Remove second superfluous BR rpm-build-python
- Add fix_configure_rst.patch, which removes duplicate link
targets and make documentation with old Sphinx in SLE
- Skip test_capi (bsc#1195140 and bpo#37169)
- Upgrade to 3.10.1 (jsc#SLE-18038):
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=32
- PEP 623 – Deprecate and prepare for the removal of the wstr
member in PyUnicodeObject.
- PEP 604 – Allow writing union types as X | Y
- PEP 612 – Parameter Specification Variables
- PEP 626 – Precise line numbers for debugging and other tools.
- PEP 618 – Add Optional Length-Checking To zip.
- bpo-12782: Parenthesized context managers are now officially
allowed.
- PEP 632 – Deprecate distutils module.
- PEP 613 – Explicit Type Aliases
- PEP 634 – Structural Pattern Matching: Specification
- PEP 635 – Structural Pattern Matching: Motivation and
Rationale
- PEP 636 – Structural Pattern Matching: Tutorial
- PEP 644 – Require OpenSSL 1.1.1 or newer
- PEP 624 – Remove Py_UNICODE encoder APIs
- PEP 597 – Add optional EncodingWarning
- Patches readjusted:
- bpo-31046_ensurepip_honours_prefix.patch
- python-3.3.0b1-fix_date_time_compiler.patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=27
Complete list on https://www.python.org/downloads/release/python-3100/,
but highlights are:
- PEP 623 – Deprecate and prepare for the removal of the wstr
member in PyUnicodeObject.
- PEP 604 – Allow writing union types as X | Y
- PEP 612 – Parameter Specification Variables
- PEP 626 – Precise line numbers for debugging and other
tools.
- PEP 618 – Add Optional Length-Checking To zip.
- PEP 632 – Deprecate distutils module.
- PEP 613 – Explicit Type Aliases
- PEP 634 – Structural Pattern Matching: Specification
- PEP 635 – Structural Pattern Matching: Motivation and
Rationale
- PEP 636 – Structural Pattern Matching: Tutorial
- PEP 644 – Require OpenSSL 1.1.1 or newer
- PEP 624 – Remove Py_UNICODE encoder APIs
- PEP 597 – Add optional EncodingWarning
- bpo-12782: Parenthesized context managers are now officially
allowed.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=17
plenty of small bugfixes among others:
- bpo#38605: from __future__ import annotations (PEP 563) used to be
on this list in previous pre-releases but it has been postponed to
Python 3.11 due to some compatibility concerns.
- bpo-44600: Fix incorrect line numbers while tracing some failed
patterns in match statements. Patch by Charles Burkland.
- plenty of modifications in types.Union
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=9
https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-0-beta-4
- Update to 3.10.0b2:
- PEP 623 -- Deprecate and prepare for the removal of the wstr
member in PyUnicodeObject.
- PEP 604 -- Allow writing union types as X | Y
- PEP 612 -- Parameter Specification Variables
- PEP 626 -- Precise line numbers for debugging and other
tools.
- PEP 618 -- Add Optional Length-Checking To zip.
- bpo-12782: Parenthesized context managers are now officially
allowed.
- PEP 632 -- Deprecate distutils module.
- PEP 613 -- Explicit Type Aliases
- PEP 634 -- Structural Pattern Matching: Specification
- PEP 635 -- Structural Pattern Matching: Motivation and
Rationale
- PEP 636 -- Structural Pattern Matching: Tutorial
- PEP 644 -- Require OpenSSL 1.1.1 or newer
- PEP 624 -- Remove Py_UNICODE encoder APIs
- PEP 597 -- Add optional EncodingWarning
- Removed patches (assumed upstream):
- sphinx-update-removed-function.patch
- Revert previous skip over test_capi
- Add skip-test_pyobject_freed_is_freed.patch to skip failing
test on SLE-15.
- allow build with Sphinx >= 3.x
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=2