Commit Graph

41 Commits

Author SHA256 Message Date
00fe94daed - Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
  extremely long domain names.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=66
2022-11-09 18:33:25 +00:00
7c8b7412f2 - Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid
CVE-2022-42919 (bsc#1204886) avoiding Linux specific local
  privilege escalation via the multiprocessing forkserver start
  method.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=64
2022-11-04 14:58:28 +00:00
87c3616141 Accepting request 1031400 from home:mcepl:branches:devel:languages:python:Factory
- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to
  allow building of documentation with the latest Sphinx 5.3.0
  (gh#python/cpython#98366).

OBS-URL: https://build.opensuse.org/request/show/1031400
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=62
2022-10-26 21:24:55 +00:00
9ffbba32c9 - Update to 3.10.8:
- Fix multiplying a list by an integer (list *= int): detect
    the integer overflow when the new allocated length is close
    to the maximum size.
  - Fix a shell code injection vulnerability in the
    get-remote-certificate.py example script. The script no
    longer uses a shell to run openssl commands. (originally
    filed as CVE-2022-37460, later withdrawn)
  - Fix command line parsing: reject -X int_max_str_digits option
    with no value (invalid) when the PYTHONINTMAXSTRDIGITS
    environment variable is set to a valid limit.
  - When ValueError is raised if an integer is larger than the
    limit, mention the sys.set_int_max_str_digits() function in
    the error message.
  - The deprecated mailcap module now refuses to inject unsafe
    text (filenames, MIME types, parameters) into shell
    commands. Instead of using such text, it will warn and act
    as if a match was not found (or for test commands, as if the
    test failed).
  - os.sched_yield() now release the GIL while calling
    sched_yield(2).
  - Bugfix: PyFunction_GetAnnotations() should return a borrowed
    reference. It was returning a new reference.
  - Fixed a missing incref/decref pair in
    Exception.__setstate__().
  - Fix overly-broad source position information for chained
    comparisons used as branching conditions.
  - Fix undefined behaviour in _testcapimodule.c.
  - At Python exit, sometimes a thread holding the GIL can
    wait forever for a thread (usually a daemon thread) which

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=61
2022-10-19 07:46:21 +00:00
01ff931ee1 Accepting request 1004493 from openSUSE:Factory:RISCV
- test-int-timing.patch: gh-96710: Make the test timing more lenient for
  the int/str DoS regression test. (#96717)

OBS-URL: https://build.opensuse.org/request/show/1004493
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=59
2022-09-19 11:20:10 +00:00
8e56b3482c - Update to 3.10.7:
- Fix for CVE-2020-10735 (bsc#1203125) Converting between int
    and str in bases other than 2 (binary), 4, 8 (octal), 16
    (hexadecimal), or 32 such as base 10 (decimal) now raises
    a ValueError if the number of digits in string form is above
    a limit to avoid potential denial of service attacks due to
    the algorithmic complexity.
  - Other bug fixes:
    - Fixed a bug that caused _PyCode_GetExtra to return garbage
      for negative indexes.
    - Fix format string in _PyPegen_raise_error_known_location
      that can lead to memory corruption on some 64bit systems.
      The function was building a tuple with i (int) instead of
      n (Py_ssize_t) for Py_ssize_t arguments.
    - Fix misleading contents of error message when converting an
      all-whitespace string to float.
    - coroutine.throw() now properly initializes the frame.f_back
      when resuming a stack of coroutines. This allows e.g.
      traceback.print_stack() to work correctly when an exception
      (such as CancelledError) is thrown into a coroutine.
    - ast.parse() will no longer parse function definitions with
      positional-only params when passed feature_version less
      than (3, 8).
    - Correct conversion of numbers.Rational’s to float.
    - Fix a performance regression in logging
      TimedRotatingFileHandler. Only check for special files when
      the rollover time has passed.
    - Fix unused localName parameter in the Attr class in
      xml.dom.minidom.
    - Update bundled pip to 22.2.2.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=56
2022-09-11 08:41:57 +00:00
204d863a88 - Update to 3.10.6:
- gh-87389: http.server: Fix an open redirection vulnerability
    in the HTTP server when an URI path starts with //.
    Vulnerability discovered, and initial fix proposed, by Hamza
    Avvan.
  - gh-92888: Fix memoryview use after free when accessing the
    backing buffer in certain cases.
  - gh-95355: _PyPegen_Parser_New now properly detects token
    memory allocation errors. Patch by Honglin Zhu.
  - gh-94938: Fix error detection in some builtin functions when
    keyword argument name is an instance of a str subclass with
    overloaded __eq__ and __hash__. Previously it could cause
    SystemError or other undesired behavior.
  - gh-94949: ast.parse() will no longer parse parenthesized
    context managers when passed feature_version less than
    (3, 9). Patch by Shantanu Jain.
  - gh-94947: ast.parse() will no longer parse assignment
    expressions when passed feature_version less than
    (3, 8). Patch by Shantanu Jain.
  - gh-94869: Fix the column offsets for some expressions in
    multi-line f-strings ast nodes. Patch by Pablo Galindo.
  - gh-91153: Fix an issue where a bytearray item assignment
    could crash if it’s resized by the new value’s __index__()
    method.
  - gh-94329: Compile and run code with unpacking of extremely
    large sequences (1000s of elements). Such code failed to
    compile. It now compiles and runs correctly.
  - gh-94360: Fixed a tokenizer crash when reading encoded
    files with syntax errors from stdin with non utf-8 encoded
    text. Patch by Pablo Galindo

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=49
2022-08-02 17:22:32 +00:00
d852af53f4 Restore %primary_interpreter
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=47
2022-07-21 15:15:23 +00:00
318a36b4de - Switch from %primary_interpreter to prjconf-defined
%primary_python (gh#openSUSE/python-rpm-macros#127).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=46
2022-07-21 14:25:07 +00:00
84e54ed87f Fix conditions for primary_interpreter
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=44
2022-06-20 09:49:55 +00:00
140fcc45f7 - Fix building of documentation and the universal configuration of the
%primary_interpreter.
- Switch primary_interpreter from python38 to python310 for
  Factory (only)

- (bsc#1196784, CVE-2022-25236) Rename patch:
  support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch
  and update the patch to detect expat >= 2.4.4 instead of >= 2.4.5
  as it was fully patched against CVE-2022-25236.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=41
2022-06-10 17:46:36 +00:00
83bcadedd7 - Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
  command injection in the mailcap module.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=40
2022-06-10 10:02:35 +00:00
5dbebc15a6 - Update to 3.10.5:
- Core and Builtins
    - gh-93418: Fixed an assert where an f-string has an equal
      sign ‘=’ following an expression, but there’s no trailing
      brace. For example, f”{i=”.
    - gh-91924: Fix __ltrace__ debug feature if the stdout
      encoding is not UTF-8. Patch by Victor Stinner.
    - gh-93061: Backward jumps after async for loops are no
      longer given dubious line numbers.
    - gh-93065: Fix contextvars HAMT implementation to handle
      iteration over deep trees.
    - The bug was discovered and fixed by Eli Libman. See
      MagicStack/immutables#84 for more details.
    - gh-92311: Fixed a bug where setting frame.f_lineno to jump
      over a list comprehension could misbehave or crash.
    - gh-92112: Fix crash triggered by an evil custom mro() on
      a metaclass.
    - gh-92036: Fix a crash in subinterpreters related to the
      garbage collector. When a subinterpreter is deleted,
      untrack all objects tracked by its GC. To prevent a crash
      in deallocator functions expecting objects to be tracked by
      the GC, leak a strong reference to these objects on
      purpose, so they are never deleted and their deallocator
      functions are not called. Patch by Victor Stinner.
    - gh-91421: Fix a potential integer overflow in
      _Py_DecodeUTF8Ex.
    - bpo-47212: Raise IndentationError instead of SyntaxError
      for a bare except with no following indent. Improve
      SyntaxError locations for an un-parenthesized generator
      used as arguments. Patch by Matthieu Dartiailh.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=38
2022-06-06 22:34:45 +00:00
564c0ba86c - Switch primary_interpreter from python38 to python310
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=36
2022-05-05 14:36:14 +00:00
30dacf455e - Update to 3.10.4:
- bpo-46968: Check for the existence of the “sys/auxv.h” header
    in faulthandler to avoid compilation problems in systems
    where this header doesn’t exist. Patch by Pablo Galindo
  - bpo-23691: Protect the re.finditer() iterator from
    re-entering.
  - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to
    avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception
    when reading a ZipFile from multiple threads.
  - bpo-38256: Fix binascii.crc32() when it is compiled to use
    zlib’c crc32 to work properly on inputs 4+GiB in length
    instead of returning the wrong result. The workaround prior
    to this was to always feed the function data in increments
    smaller than 4GiB or to just call the zlib module function.
  - bpo-39394: A warning about inline flags not at the start of
    the regular expression now contains the position of the flag.
  - bpo-47061: Deprecate the various modules listed by PEP 594:
  - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt,
    imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd,
    sndhdr, spwd, sunau, telnetlib, uu, xdrlib
  - bpo-2604: Fix bug where doctests using globals would fail
    when run multiple times.
  - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order.
  - bpo-47022: The asynchat, asyncore and smtpd modules have been
    deprecated since at least Python 3.6. Their documentation and
    deprecation warnings and have now been updated to note they
    will removed in Python 3.12 (PEP 594).
  - bpo-46421: Fix a unittest issue where if the command was
    invoked as python -m unittest and the filename(s) began with
    a dot (.), a ValueError is returned.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=34
2022-03-26 22:57:32 +00:00
36844da9e7 - bsc#1195831 Obsolete older "most modern" versions of python
packages (python39 for python310 and so forth). For next
  versions it is necessary just to edit the macro.


- Remove second superfluous BR rpm-build-python
- Add fix_configure_rst.patch, which removes duplicate link
  targets and make documentation with old Sphinx in SLE
- Skip test_capi (bsc#1195140 and bpo#37169)
- Upgrade to 3.10.1 (jsc#SLE-18038):

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=32
2022-03-26 22:48:52 +00:00
Steve Kowalik
3cfec74100 - Add patch support-expat-245.patch:
* Support Expat >= 2.4.5

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=31
2022-02-22 05:56:05 +00:00
31add90f4c - Remove second superfluous BR rpm-build-python
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=30
2022-01-25 16:09:40 +00:00
6f5316e738 Fix version of python-docs-theme module
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=29
2022-01-20 00:20:05 +00:00
45f43a9e30 - Update to 3.10.2:
Bugfix only
  - bpo#46347 memory leak in PyEval_EvalCodeEx (especially
    visible with Cython code)
  - and many others

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=28
2022-01-19 22:05:07 +00:00
83b3ac1d53 - Upgrade to 3.10.1:
- PEP 623 – Deprecate and prepare for the removal of the wstr
    member in PyUnicodeObject.
  - PEP 604 – Allow writing union types as X | Y
  - PEP 612 – Parameter Specification Variables
  - PEP 626 – Precise line numbers for debugging and other tools.
  - PEP 618 – Add Optional Length-Checking To zip.
  - bpo-12782: Parenthesized context managers are now officially
    allowed.
  - PEP 632 – Deprecate distutils module.
  - PEP 613 – Explicit Type Aliases
  - PEP 634 – Structural Pattern Matching: Specification
  - PEP 635 – Structural Pattern Matching: Motivation and
    Rationale
  - PEP 636 – Structural Pattern Matching: Tutorial
  - PEP 644 – Require OpenSSL 1.1.1 or newer
  - PEP 624 – Remove Py_UNICODE encoder APIs
  - PEP 597 – Add optional EncodingWarning
- Patches readjusted:
  - bpo-31046_ensurepip_honours_prefix.patch
  - python-3.3.0b1-fix_date_time_compiler.patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=27
2021-12-08 13:20:38 +00:00
1cb5117595 - Adjust location of the test breakpoint in Lib/test/test_pdb.py,
because we have shortened Lib/pdb.py by removing the shebang

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=24
2021-12-04 18:04:39 +00:00
b8412ecb52 - Add pdb_adjust_breakpoints.patch fixing expectd results in
test_pdb_breakpoints_preserved_across_interactive_sessions
  (bpo#45964).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=23
2021-12-02 13:52:47 +00:00
ea428dc2a4 Run spec-cleaner
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=22
2021-11-29 21:18:14 +00:00
8fefdd3811 - Remove shebangs from from python-base libraries in _libdir
(bsc#1193179).
- Readjust patches:
  - bpo-31046_ensurepip_honours_prefix.patch
  - decimal.patch
  - python-3.3.0b1-fix_date_time_compiler.patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=21
2021-11-29 21:17:24 +00:00
5236b2559a - BuildRequire rpm-build-python: The provider to inject python(abi)
has been moved there. rpm-build pulls rpm-build-python
  automatically in when building anything against python3-base, but
  this implies that the initial build of python3-base does not
  trigger the automatic installation.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=19
2021-11-06 15:39:53 +00:00
dc5e49f58d Accepting request 925040 from home:dimstar:Factory
- BuildRequire rpm-build-python: The provider to inject python(abi)
  has been moved there. rpm-build pulls rpm-build-python
  automatically in when building anything against python3-base, but
  this implies that the initial build of python3-base does not
  trigger the automatic installation.

OBS-URL: https://build.opensuse.org/request/show/925040
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=18
2021-10-13 12:04:56 +00:00
244186d971 - Final release of 3.10.0:
Complete list on https://www.python.org/downloads/release/python-3100/,
  but highlights are:
  - PEP 623 – Deprecate and prepare for the removal of the wstr
    member in PyUnicodeObject.
  - PEP 604 – Allow writing union types as X | Y
  - PEP 612 – Parameter Specification Variables
  - PEP 626 – Precise line numbers for debugging and other
    tools.
  - PEP 618 – Add Optional Length-Checking To zip.
  - PEP 632 – Deprecate distutils module.
  - PEP 613 – Explicit Type Aliases
  - PEP 634 – Structural Pattern Matching: Specification
  - PEP 635 – Structural Pattern Matching: Motivation and
    Rationale
  - PEP 636 – Structural Pattern Matching: Tutorial
  - PEP 644 – Require OpenSSL 1.1.1 or newer
  - PEP 624 – Remove Py_UNICODE encoder APIs
  - PEP 597 – Add optional EncodingWarning
  - bpo-12782: Parenthesized context managers are now officially
    allowed.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=17
2021-10-05 22:47:12 +00:00
fd4563b720 Accepting request 915060 from home:mcepl:python-libmpdec
- Switch on option --with-system-libmpdec (bsc#1189356).

OBS-URL: https://build.opensuse.org/request/show/915060
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=16
2021-08-30 13:24:05 +00:00
06f448d744 Accepting request 914824 from home:Andreas_Schwab:Factory
- Reenable profileopt with qemu emulation, test_faulthandler is no longer
  run during profiling

OBS-URL: https://build.opensuse.org/request/show/914824
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=15
2021-08-28 20:49:05 +00:00
e295d422e7 Accepting request 911856 from home:Andreas_Schwab:Factory
- test_faulthandler is still problematic under qemu linux-user emulation,
  disable it there

OBS-URL: https://build.opensuse.org/request/show/911856
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=14
2021-08-13 12:10:57 +00:00
342d96889e Fix python_pkg_name macro
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=11
2021-08-11 15:15:46 +00:00
f717adb56f Fix PGP keyring
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=10
2021-08-11 06:10:40 +00:00
ec4bce4dea - Update to 3.10.0rc1 (the penultimate prerelease), which contains
plenty of small bugfixes among others:
  - bpo#38605: from __future__ import annotations (PEP 563) used to be
    on this list in previous pre-releases but it has been postponed to
    Python 3.11 due to some compatibility concerns.
  - bpo-44600: Fix incorrect line numbers while tracing some failed
    patterns in match statements. Patch by Charles Burkland.
  - plenty of modifications in types.Union

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=9
2021-08-11 06:06:18 +00:00
00c3fa6c80 Accepting request 909763 from devel:languages:python:Factory
revert

OBS-URL: https://build.opensuse.org/request/show/909763
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=8
2021-08-02 12:42:47 +00:00
95e0ab74a3 - Use versioned python-Sphinx to avoid dependency on other
version of Python (bsc#1183858).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=7
2021-08-02 12:41:33 +00:00
415aca7955 ok
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=6
2021-07-22 08:55:56 +00:00
602582afa8 Reformat SPEC
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=5
2021-07-22 08:55:39 +00:00
d51d6dbf9b Fix bundled modules
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=4
2021-07-21 14:59:47 +00:00
215e2ebbfe - Remove python3-imp-returntype.patch which has been upstreamed.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=3
2021-07-21 14:21:56 +00:00
f74f5f6179 - Update to 3.10.0b4:
https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-0-beta-4

- Update to 3.10.0b2:
  - PEP 623 -- Deprecate and prepare for the removal of the wstr
    member in PyUnicodeObject.
  - PEP 604 -- Allow writing union types as X | Y
  - PEP 612 -- Parameter Specification Variables
  - PEP 626 -- Precise line numbers for debugging and other
    tools.
  - PEP 618 -- Add Optional Length-Checking To zip.
  - bpo-12782: Parenthesized context managers are now officially
    allowed.
  - PEP 632 -- Deprecate distutils module.
  - PEP 613 -- Explicit Type Aliases
  - PEP 634 -- Structural Pattern Matching: Specification
  - PEP 635 -- Structural Pattern Matching: Motivation and
    Rationale
  - PEP 636 -- Structural Pattern Matching: Tutorial
  - PEP 644 -- Require OpenSSL 1.1.1 or newer
  - PEP 624 -- Remove Py_UNICODE encoder APIs
  - PEP 597 -- Add optional EncodingWarning
- Removed patches (assumed upstream):
  - sphinx-update-removed-function.patch

- Revert previous skip over test_capi
- Add skip-test_pyobject_freed_is_freed.patch to skip failing
  test on SLE-15.

- allow build with Sphinx >= 3.x

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=2
2021-07-21 13:48:23 +00:00