Matej Cepl
a5c76344b0
header injection due to unquoted newlines (bsc#1228780, CVE-2024-6923). - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999) - Update bluez-devel-vendor.tar.xz OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=139
4157 lines
181 KiB
Plaintext
4157 lines
181 KiB
Plaintext
-------------------------------------------------------------------
|
||
Wed Aug 7 13:40:44 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
|
||
|
||
- Add CVE-2024-6923-email-hdr-inject.patch to prevent email
|
||
header injection due to unquoted newlines (bsc#1228780,
|
||
CVE-2024-6923).
|
||
- %{profileopt} variable is set according to the variable
|
||
%{do_profiling} (bsc#1227999)
|
||
- Update bluez-devel-vendor.tar.xz
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 22 21:20:55 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
|
||
|
||
- Remove %suse_update_desktop_file macro as it is not useful any
|
||
more.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 15 12:14:57 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
|
||
|
||
- Stop using %%defattr, it seems to be breaking proper executable
|
||
attributes on /usr/bin/ scripts (bsc#1227378).
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 2 10:31:26 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
|
||
|
||
- Update F00251-change-user-install-location.patch to make pip and
|
||
modern tools install directly in /usr/local when used by the user.
|
||
bsc#1225660
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 25 21:57:40 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
|
||
|
||
- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448
|
||
(CVE-2024-4032) rearranging definition of private v global IP
|
||
addresses.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 19 08:37:04 UTC 2024 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Add CVE-2023-52425-libexpat-2.6.0-backport.patch to fix tests with
|
||
patched libexpat below 2.6.0 that doesn't update the version number,
|
||
just in SLE.
|
||
- Remove old-libexpat.patch, of course.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Mar 24 00:43:14 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
|
||
|
||
- Add old-libexpat.patch making the test suite work with
|
||
libexpat < 2.6.0 (gh#python/cpython#117187).
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 22 21:17:25 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
|
||
|
||
- Because of bsc#1189495 we have to revert use of %autopatch.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 21 07:38:15 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
|
||
|
||
- Update 3.10.14:
|
||
- gh-115399 & gh-115398: bundled libexpat was updated to 2.6.0
|
||
to address CVE-2023-52425, and control of the new reparse
|
||
deferral functionality was exposed with new APIs
|
||
(bsc#1219559).
|
||
- gh-109858: zipfile is now protected from the “quoted-overlap”
|
||
zipbomb to address CVE-2024-0450. It now raises BadZipFile
|
||
when attempting to read an entry that overlaps with another
|
||
entry or central directory. (bsc#1221854)
|
||
- gh-91133: tempfile.TemporaryDirectory cleanup no longer
|
||
dereferences symlinks when working around file system
|
||
permission errors to address CVE-2023-6597 (bsc#1219666)
|
||
- gh-115197: urllib.request no longer resolves the hostname
|
||
before checking it against the system’s proxy bypass list on
|
||
macOS and Windows
|
||
- gh-81194: a crash in socket.if_indextoname() with a specific
|
||
value (UINT_MAX) was fixed. Relatedly, an integer overflow in
|
||
socket.if_indextoname() on 64-bit non-Windows platforms was
|
||
fixed
|
||
- gh-113659: .pth files with names starting with a dot or
|
||
containing the hidden file attribute are now skipped
|
||
- gh-102388: iso2022_jp_3 and iso2022_jp_2004 codecs no longer
|
||
read out of bounds
|
||
- gh-114572: ssl.SSLContext.cert_store_stats() and
|
||
ssl.SSLContext.get_ca_certs() now correctly lock access to
|
||
the certificate store, when the ssl.SSLContext is shared
|
||
across multiple threads (bsc#1226447, CVE-2024-0397)
|
||
- Remove upstreamed patches:
|
||
- CVE-2023-6597-TempDir-cleaning-symlink.patch
|
||
- libexpat260.patch
|
||
- Readjust patches:
|
||
- F00251-change-user-install-location.patch
|
||
- fix_configure_rst.patch
|
||
- python-3.3.0b1-localpath.patch
|
||
- skip-test_pyobject_freed_is_freed.patch
|
||
- Port to %autosetup and %autopatch.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 6 14:13:58 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
|
||
|
||
- Use the system-wide crypto-policies [bsc#1211301]
|
||
* Use the system default cipher list instead of hardcoded values
|
||
* Add the --with-ssl-default-suites=openssl configure option
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 23 01:06:42 UTC 2024 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- (bsc#1219666, CVE-2023-6597) Add
|
||
CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from
|
||
gh#python/cpython!99930) fixing symlink bug in cleanup of
|
||
tempfile.TemporaryDirectory.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 20 22:14:02 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
|
||
|
||
- Remove double definition of /usr/bin/idle%%{version} in
|
||
%%files.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 15 10:29:07 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
|
||
|
||
- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
|
||
with Expat 2.6.0, gh#python/cpython#115289
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 18 16:20:58 UTC 2023 - Matej Cepl <mcepl@cepl.eu>
|
||
|
||
- Refresh CVE-2023-27043-email-parsing-errors.patch to
|
||
gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
|
||
- Thus we can remove Revert-gh105127-left-tests.patch, which is
|
||
now useless.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 4 13:18:29 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
|
||
|
||
- Add fix-sphinx-72.patch to make it work with latest sphinx version
|
||
gh#python/cpython#97950
|
||
- Update to 3.10.13 (bsc#1214692):
|
||
- gh-108310: Fixed an issue where instances of ssl.SSLSocket were
|
||
vulnerable to a bypass of the TLS handshake and included
|
||
protections (like certificate verification) and treating sent
|
||
unencrypted data as if it were post-handshake TLS encrypted data.
|
||
Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by
|
||
Gregory P. Smith.
|
||
- gh-107845: tarfile.data_filter() now takes the location of
|
||
symlinks into account when determining their target, so it will no
|
||
longer reject some valid tarballs with
|
||
LinkOutsideDestinationError.
|
||
- gh-107565: Update multissltests and GitHub CI workflows to use
|
||
OpenSSL 1.1.1v, 3.0.10, and 3.1.2.
|
||
- gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only data:
|
||
*consumed was not set.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 3 14:13:30 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941)
|
||
partially reverting CVE-2023-27043-email-parsing-errors.patch,
|
||
because of the regression in gh#python/cpython#106669.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 19 11:15:39 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Add gh-78214-marshal_stabilize_FLAG_REF.patch to marshal.c for
|
||
stabilizing FLAG_REF usage (required for reproduceability;
|
||
bsc#1213463).
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 11 07:35:18 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- (bsc#1210638, CVE-2023-27043) Add
|
||
CVE-2023-27043-email-parsing-errors.patch, which detects email
|
||
address parsing errors and returns empty tuple to indicate the
|
||
parsing error (old API).
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 28 16:57:46 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.10.12:
|
||
- gh-103142: The version of OpenSSL used in Windows and
|
||
Mac installers has been upgraded to 1.1.1u to address
|
||
CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
|
||
as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
|
||
fixed previously in 1.1.1t (gh-101727).
|
||
- gh-102153: urllib.parse.urlsplit() now strips leading C0
|
||
control and space characters following the specification for
|
||
URLs defined by WHATWG in response to CVE-2023-24329
|
||
(bsc#1208471).
|
||
- gh-99889: Fixed a security in flaw in uu.decode() that could
|
||
allow for directory traversal based on the input if no
|
||
out_file was specified.
|
||
- gh-104049: Do not expose the local on-disk
|
||
location in directory indexes produced by
|
||
http.client.SimpleHTTPRequestHandler.
|
||
- gh-103935: trace.__main__ now uses io.open_code() for files
|
||
to be executed instead of raw open().
|
||
- gh-102953: The extraction methods in tarfile, and
|
||
shutil.unpack_archive(), have a new filter argument that
|
||
allows limiting tar features than may be surprising or
|
||
dangerous, such as creating files outside the destination
|
||
directory. See Extraction filters for details (fixing
|
||
CVE-2007-4559, bsc#1203750).
|
||
- Remove upstreamed patches:
|
||
- CVE-2023-24329-blank-URL-bypass.patch
|
||
- CVE-2007-4559-filter-tarfile_extractall.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 20 21:39:58 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Add bpo-37596-make-set-marshalling.patch making marshalling of
|
||
`set` and `frozenset` deterministic (bsc#1211765).
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 27 21:23:19 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
|
||
CVE-2007-4559 (bsc#1203750) by adding the filter for
|
||
tarfile.extractall (PEP 706).
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 27 21:19:52 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.10.11:
|
||
- Core and Builtins
|
||
- gh-102416: Do not memoize incorrectly automatically
|
||
generated loop rules in the parser. Patch by Pablo Galindo.
|
||
- gh-102356: Fix a bug that caused a crash when deallocating
|
||
deeply nested filter objects. Patch by Marta Gómez Macías.
|
||
- gh-102397: Fix segfault from race condition in signal
|
||
handling during garbage collection. Patch by Kumar Aditya.
|
||
- gh-102126: Fix deadlock at shutdown when clearing thread
|
||
states if any finalizer tries to acquire the runtime head
|
||
lock. Patch by Kumar Aditya.
|
||
- gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal
|
||
module. Patch by Max Bachmann.
|
||
- gh-101967: Fix possible segfault in
|
||
positional_only_passed_as_keyword function, when new list
|
||
created.
|
||
- gh-101765: Fix SystemError / segmentation fault in iter
|
||
__reduce__ when internal access of builtins.__dict__ keys
|
||
mutates the iter object.
|
||
- Library
|
||
- gh-102947: Improve traceback when dataclasses.fields() is
|
||
called on a non-dataclass. Patch by Alex Waygood
|
||
- gh-101979: Fix a bug where parentheses in the metavar
|
||
argument to argparse.ArgumentParser.add_argument() were
|
||
dropped. Patch by Yeojin Kim.
|
||
- gh-102179: Fix os.dup2() error message for negative fds.
|
||
- gh-101961: For the binary mode, fileinput.hookcompressed()
|
||
doesn’t set the encoding value even if the value is
|
||
None. Patch by Gihwan Kim.
|
||
- gh-101936: The default value of fp becomes io.BytesIO
|
||
if HTTPError is initialized without a designated fp
|
||
parameter. Patch by Long Vo.
|
||
- gh-101566: In zipfile, apply fix for extractall on the
|
||
underlying zipfile after being wrapped in Path.
|
||
- gh-101997: Upgrade pip wheel bundled with ensurepip (pip
|
||
23.0.1)
|
||
- gh-101892: Callable iterators no longer raise SystemError
|
||
when the callable object exhausts the iterator but forgets
|
||
to either return a sentinel value or raise StopIteration.
|
||
- gh-97786: Fix potential undefined behaviour in corner cases
|
||
of floating-point-to-time conversions.
|
||
- gh-101517: Fixed bug where bdb looks up the source line
|
||
with linecache with a lineno=None, which causes it to fail
|
||
with an unhandled exception.
|
||
- gh-101673: Fix a pdb bug where ll clears the changes to
|
||
local variables.
|
||
- gh-96931: Fix incorrect results from
|
||
ssl.SSLSocket.shared_ciphers()
|
||
- gh-88233: Correctly preserve “extra” fields in zipfile
|
||
regardless of their ordering relative to a zip64 “extra.”
|
||
- gh-95495: When built against OpenSSL 3.0, the ssl module
|
||
had a bug where it reported unauthenticated EOFs (i.e.
|
||
without close_notify) as a clean TLS-level EOF. It now
|
||
raises SSLEOFError, matching the behavior in previous
|
||
versions of OpenSSL. The options attribute on SSLContext
|
||
also no longer includes OP_IGNORE_UNEXPECTED_EOF by
|
||
default. This option may be set to specify the previous
|
||
OpenSSL 3.0 behavior.
|
||
- gh-94440: Fix a concurrent.futures.process bug where
|
||
ProcessPoolExecutor shutdown could hang after a future has
|
||
been quickly submitted and canceled.
|
||
- Documentation
|
||
- gh-103112: Add docstring to http.client.HTTPResponse.read()
|
||
to fix pydoc output.
|
||
- gh-85417: Update cmath documentation to clarify behaviour
|
||
on branch cuts.
|
||
- gh-97725: Fix asyncio.Task.print_stack() description for
|
||
file=None. Patch by Oleg Iarygin.
|
||
- Tests
|
||
- gh-102980: Improve test coverage on pdb.
|
||
- gh-102537: Adjust the error handling strategy in
|
||
test_zoneinfo.TzPathTest.python_tzpath_context. Patch by
|
||
Paul Ganssle.
|
||
- gh-101377: Improved test_locale_calendar_formatweekday of
|
||
calendar.
|
||
- Build
|
||
- gh-102711: Fix -Wstrict-prototypes compiler warnings.
|
||
- Removed upstreamed:
|
||
- invalid-json.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 13 08:39:53 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Add invalid-json.patch fixing invalid JSON in
|
||
Doc/howto/logging-cookbook.rst (somehow similar to
|
||
gh#python/cpython#102582).
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 1 20:59:04 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.10.10:
|
||
Bug fixes and regressions handling, no change of behaviour and
|
||
no security bugs fixed.
|
||
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
|
||
bsc#1208471) blocklists bypass via the urllib.parse component
|
||
when supplying a URL that starts with blank characters
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 21 11:34:49 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Add provides for readline and sqlite3 to the main Python
|
||
package.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 27 15:00:21 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
|
||
|
||
- Disable NIS for new products, it's deprecated and gets removed
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 8 14:42:15 UTC 2022 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.10.9:
|
||
- python -m http.server no longer allows terminal
|
||
control characters sent within a garbage request to be
|
||
printed to the stderr server lo This is done by changing
|
||
the http.server BaseHTTPRequestHandler .log_message method
|
||
to replace control characters with a \xHH hex escape before
|
||
printin
|
||
- Avoid publishing list of active per-interpreter
|
||
audit hooks via the gc module
|
||
- The IDNA codec decoder used on DNS hostnames by
|
||
socket or asyncio related name resolution functions no
|
||
longer involves a quadratic algorithm. This prevents a
|
||
potential CPU denial of service if an out-of-spec excessive
|
||
length hostname involving bidirectional characters were
|
||
decoded. Some protocols such as urllib http 3xx redirects
|
||
potentially allow for an attacker to supply such a name.
|
||
- Update bundled libexpat to 2.5.0
|
||
- Port XKCP’s fix for the buffer overflows in SHA-3
|
||
(CVE-2022-37454).
|
||
- On Linux the multiprocessing module returns
|
||
to using filesystem backed unix domain sockets for
|
||
communication with the forkserver process instead of the
|
||
Linux abstract socket namespace. Only code that chooses
|
||
to use the “forkserver” start method is affected Abstract
|
||
sockets have no permissions and could allow any user
|
||
on the system in the same network namespace (often the
|
||
whole system) to inject code into the multiprocessing
|
||
forkserver process. This was a potential privilege
|
||
escalation. Filesystem based socket permissions restrict
|
||
this to the forkserver process user as was the default in
|
||
Python 3.8 and earlier This prevents Linux CVE-2022-42919
|
||
- Fix a reference bug in _imp.create_builtin()
|
||
after the creation of the first sub-interpreter for modules
|
||
builtins and sys. Patch by Victor Stinner.
|
||
- Fixed a bug that was causing a buffer overflow if
|
||
the tokenizer copies a line missing the newline caracter
|
||
from a file that is as long as the available tokenizer
|
||
buffer. Patch by Pablo galindo
|
||
- Update faulthandler to emit an error message with
|
||
the proper unexpected signal number. Patch by Dong-hee Na.
|
||
- Fix subscription of types.GenericAlias instances
|
||
containing bare generic types: for example tuple[A, T][int],
|
||
where A is a generic type, and T is a type variable.
|
||
- Fix detection of MAC addresses for uuid on certain
|
||
OSs. Patch by Chaim Sanders
|
||
- Print exception class name instead of its string
|
||
representation when raising errors from ctypes calls.
|
||
- Allow pdb to locate source for frozen modules in
|
||
the standard library.
|
||
- Raise ValueError instead of SystemError when
|
||
methods of uninitialized io.IncrementalNewlineDecoder objects
|
||
are called. Patch by Oren Milman.
|
||
- Fix a possible assertion failure in io.FileIO when
|
||
the opener returns an invalid file descriptor.
|
||
- Also escape s in the http.server
|
||
BaseHTTPRequestHandler.log_message so that it is technically
|
||
possible to parse the line and reconstruct what the original
|
||
data was. Without this a xHH is ambiguious as to if it is a
|
||
hex replacement we put in or the characters r”x” came through
|
||
in the original request line.
|
||
- asyncio.get_event_loop() now only emits a
|
||
deprecation warning when a new event loop was created
|
||
implicitly. It no longer emits a deprecation warning if the
|
||
current event loop was set.
|
||
- Fix bug when calling trace.CoverageResults with
|
||
valid infile.
|
||
- Fix a bug in handling class cleanups in
|
||
unittest.TestCase. Now addClassCleanup() uses separate lists
|
||
for different TestCase subclasses, and doClassCleanups() only
|
||
cleans up the particular class.
|
||
- Release the GIL when calling termios APIs to avoid
|
||
blocking threads.
|
||
- Fix ast.increment_lineno() to also cover
|
||
ast.TypeIgnore when changing line numbers.
|
||
- Fixed bug where inspect.signature() reported
|
||
incorrect arguments for decorated methods.
|
||
- Fix SystemError in ctypes when exception was not
|
||
set during __initsubclass__.
|
||
- Fix statistics.NormalDist pickle with 0 and 1
|
||
protocols.
|
||
- Update the bundled copy of pip to version 22.3.1.
|
||
- Apply bugfixes from importlib_metadata 4.11.4,
|
||
namely: In PathDistribution._name_from_stem, avoid
|
||
including parts of the extension in the result. In
|
||
PathDistribution._normalized_name, ensure names loaded from
|
||
the stem of the filename are also normalized, ensuring
|
||
duplicate entry points by packages varying only by
|
||
non-normalized name are hidden.
|
||
- Clean up refleak on failed module initialisation in
|
||
_zoneinfo
|
||
- Clean up refleaks on failed module initialisation
|
||
in in _pickle
|
||
- Clean up refleak on failed module initialisation in
|
||
_io.
|
||
- Fix memory leak in math.dist() when both points
|
||
don’t have the same dimension. Patch by Kumar Aditya.
|
||
- Fix argument typechecks in _overlapped.WSAConnect()
|
||
and _overlapped.Overlapped.WSASendTo() functions.
|
||
- Fix internal error in the re module which in
|
||
very rare circumstances prevented compilation of a regular
|
||
expression containing a conditional expression without the
|
||
“else” branch.
|
||
- Fix asyncio.StreamWriter.drain() to call
|
||
protocol.connection_lost callback only once on Windows.
|
||
- Add a mutex to unittest.mock.NonCallableMock to
|
||
protect concurrent access to mock attributes.
|
||
- Fix hang on Windows in subprocess.wait_closed() in
|
||
asyncio with ProactorEventLoop. Patch by Kumar Aditya.
|
||
- Fix infinite loop in unittest when a
|
||
self-referencing chained exception is raised
|
||
- tkinter.Text.count() raises now an exception for
|
||
options starting with “-” instead of silently ignoring them.
|
||
- On uname_result, restored expectation that _fields
|
||
and _asdict would include all six properties including
|
||
processor.
|
||
- Update the bundled copies of pip and setuptools to
|
||
versions 22.3 and 65.5.0 respectively.
|
||
- Fix bug in urllib.parse.urlparse() that causes
|
||
certain port numbers containing whitespace, underscores,
|
||
plus and minus signs, or non-ASCII digits to be incorrectly
|
||
accepted.
|
||
- Allow venv to pass along PYTHON* variables to
|
||
ensurepip and pip when they do not impact path resolution
|
||
- On macOS, fix a crash in syslog.syslog() in
|
||
multi-threaded applications. On macOS, the libc syslog()
|
||
function is not thread-safe, so syslog.syslog() no longer
|
||
releases the GIL to call it. Patch by Victor Stinner.
|
||
- Allow BUILTINS to be a valid field name for frozen
|
||
dataclasses.
|
||
- Make sure patch.dict() can be applied on async
|
||
functions.
|
||
- To avoid apparent memory leaks when
|
||
asyncio.open_connection() raises, break reference cycles
|
||
generated by local exception and future instances (which has
|
||
exception instance as its member var). Patch by Dong Uk,
|
||
Kang.
|
||
- Prevent error when activating venv in nested fish
|
||
instances.
|
||
- Restrict use of sockets instead of pipes for stdin
|
||
of subprocesses created by asyncio to AIX platform only.
|
||
- shutil.copytree() now applies the
|
||
ignore_dangling_symlinks argument recursively.
|
||
- Fix IndexError in argparse.ArgumentParser when a
|
||
store_true action is given an explicit argument.
|
||
- Document that calling variadic functions with
|
||
ctypes requires special care on macOS/arm64 (and possibly
|
||
other platforms).
|
||
- Skip test_normalization() of test_unicodedata
|
||
if it fails to download NormalizationTest.txt file from
|
||
pythontest.net. Patch by Victor Stinner.
|
||
- Some C API tests were moved into the new
|
||
Lib/test/test_capi/ directory.
|
||
- Fix -Wimplicit-int, -Wstrict-prototypes, and
|
||
-Wimplicit-function-declaration compiler warnings in
|
||
configure checks.
|
||
- Fix -Wimplicit-int compiler warning in configure
|
||
check for PTHREAD_SCOPE_SYSTEM.
|
||
- Specify the full path to the source location for
|
||
make docclean (needed for cross-builds).
|
||
- Fix NO_MISALIGNED_ACCESSES being not defined
|
||
for the SHA3 extension when HAVE_ALIGNED_REQUIRED is
|
||
set. Allowing builds on hardware that unaligned memory
|
||
accesses are not allowed.
|
||
- Fix handling of module docstrings in
|
||
Tools/i18n/pygettext.py.
|
||
|
||
- Remove upstreamed patches:
|
||
- 98437-sphinx.locale._-as-gettext-in-pyspecific.patch
|
||
- CVE-2015-20107-mailcap-unsafe-filenames.patch
|
||
- CVE-2022-42919-loc-priv-mulitproc-forksrv.patch
|
||
- CVE-2022-45061-DoS-by-IDNA-decode.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 9 18:31:23 UTC 2022 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
|
||
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
|
||
extremely long domain names.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 3 21:35:28 UTC 2022 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid
|
||
CVE-2022-42919 (bsc#1204886) avoiding Linux specific local
|
||
privilege escalation via the multiprocessing forkserver start
|
||
method.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 21 10:14:03 UTC 2022 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to
|
||
allow building of documentation with the latest Sphinx 5.3.0
|
||
(gh#python/cpython#98366).
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 19 07:12:23 UTC 2022 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.10.8:
|
||
- Fix multiplying a list by an integer (list *= int): detect
|
||
the integer overflow when the new allocated length is close
|
||
to the maximum size.
|
||
- Fix a shell code injection vulnerability in the
|
||
get-remote-certificate.py example script. The script no
|
||
longer uses a shell to run openssl commands. (originally
|
||
filed as CVE-2022-37460, later withdrawn)
|
||
- Fix command line parsing: reject -X int_max_str_digits option
|
||
with no value (invalid) when the PYTHONINTMAXSTRDIGITS
|
||
environment variable is set to a valid limit.
|
||
- When ValueError is raised if an integer is larger than the
|
||
limit, mention the sys.set_int_max_str_digits() function in
|
||
the error message.
|
||
- The deprecated mailcap module now refuses to inject unsafe
|
||
text (filenames, MIME types, parameters) into shell
|
||
commands. Instead of using such text, it will warn and act
|
||
as if a match was not found (or for test commands, as if the
|
||
test failed).
|
||
- os.sched_yield() now release the GIL while calling
|
||
sched_yield(2).
|
||
- Bugfix: PyFunction_GetAnnotations() should return a borrowed
|
||
reference. It was returning a new reference.
|
||
- Fixed a missing incref/decref pair in
|
||
Exception.__setstate__().
|
||
- Fix overly-broad source position information for chained
|
||
comparisons used as branching conditions.
|
||
- Fix undefined behaviour in _testcapimodule.c.
|
||
- At Python exit, sometimes a thread holding the GIL can
|
||
wait forever for a thread (usually a daemon thread) which
|
||
requested to drop the GIL, whereas the thread already
|
||
exited. To fix the race condition, the thread which requested
|
||
the GIL drop now resets its request before exiting.
|
||
- Fix a possible assertion failure, fatal error, or SystemError
|
||
if a line tracing event raises an exception while opcode
|
||
tracing is enabled.
|
||
- Fix undefined behaviour in C code of null pointer arithmetic.
|
||
- Do not expose KeyWrapper in _functools.
|
||
- When loading a file with invalid UTF-8 inside a multi-line
|
||
string, a correct SyntaxError is emitted.
|
||
- Disable incorrect pickling of the C implemented classmethod
|
||
descriptors.
|
||
- Fix AttributeError missing name and obj attributes in .
|
||
object.__getattribute__() bpo-42316: Document some places .
|
||
where an assignment expression needs parentheses .
|
||
- Wrap network errors consistently in urllib FTP support, so
|
||
the test suite doesn’t fail when a network is available but
|
||
the public internet is not reachable.
|
||
- Fixes AttributeError when subprocess.check_output() is used
|
||
with argument input=None and either of the arguments encoding
|
||
or errors are used.
|
||
- Avoid spurious tracebacks from asyncio when default executor
|
||
cleanup is delayed until after the event loop is closed (e.g.
|
||
as the result of a keyboard interrupt).
|
||
- Avoid a crash in the C version of
|
||
asyncio.Future.remove_done_callback() when an evil argument
|
||
is passed.
|
||
- Remove tokenize.NL check from tabnanny.
|
||
- Make Semaphore run faster.
|
||
- Fix generation of the default name of
|
||
tkinter.Checkbutton. Previously, checkbuttons in different
|
||
parent widgets could have the same short name and share
|
||
the same state if arguments “name” and “variable” are not
|
||
specified. Now they are globally unique.
|
||
- Update bundled libexpat to 2.4.9
|
||
- Fix race condition in asyncio where process_exited() called
|
||
before the pipe_data_received() leading to inconsistent
|
||
output.
|
||
- Fixed check in multiprocessing.resource_tracker that
|
||
guarantees that the length of a write to a pipe is not
|
||
greater than PIPE_BUF.
|
||
- Corrected type annotation for dataclass attribute
|
||
pstats.FunctionProfile.ncalls to be str.
|
||
- Fix the faulthandler implementation of
|
||
faulthandler.register(signal, chain=True) if the sigaction()
|
||
function is not available: don’t call the previous signal
|
||
handler if it’s NULL.
|
||
- In inspect, fix overeager replacement of “typing.” in
|
||
formatting annotations.
|
||
- Fix asyncio.streams.StreamReaderProtocol to keep a strong
|
||
reference to the created task, so that it’s not garbage
|
||
collected
|
||
- Fix handling compiler warnings (SyntaxWarning and
|
||
DeprecationWarning) in codeop.compile_command() when checking
|
||
for incomplete input. Previously it emitted warnings and
|
||
raised a SyntaxError. Now it always returns None for
|
||
incomplete input without emitting any warnings.
|
||
- Fixed flickering of the turtle window when the tracer is
|
||
turned off.
|
||
- Allow asyncio.StreamWriter.drain() to be awaited concurrently
|
||
by multiple tasks.
|
||
- Fix broken asyncio.Semaphore when acquire is cancelled.
|
||
- Fix ast.unparse() when ImportFrom.level is None
|
||
- Improve performance of urllib.request.getproxies_environment
|
||
when there are many environment variables
|
||
- Fix ! in c domain ref target syntax via a conf.py patch, so
|
||
it works as intended to disable ref target resolution.
|
||
- Clarified the conflicting advice given in the ast
|
||
documentation about ast.literal_eval() being “safe” for use
|
||
on untrusted input while at the same time warning that it
|
||
can crash the process. The latter statement is true and is
|
||
deemed unfixable without a large amount of work unsuitable
|
||
for a bugfix. So we keep the warning and no longer claim that
|
||
literal_eval is safe.
|
||
- Update tutorial introduction output to use 3.10+ SyntaxError
|
||
invalid range.
|
||
- Remove upstreamed test-int-timing.patch.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Sep 18 08:48:51 UTC 2022 - Andreas Schwab <schwab@suse.de>
|
||
|
||
- test-int-timing.patch: gh-96710: Make the test timing more lenient for
|
||
the int/str DoS regression test. (#96717)
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Sep 11 08:32:53 UTC 2022 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.10.7:
|
||
- Fix for CVE-2020-10735 (bsc#1203125) Converting between int
|
||
and str in bases other than 2 (binary), 4, 8 (octal), 16
|
||
(hexadecimal), or 32 such as base 10 (decimal) now raises
|
||
a ValueError if the number of digits in string form is above
|
||
a limit to avoid potential denial of service attacks due to
|
||
the algorithmic complexity.
|
||
- Other bug fixes:
|
||
- Fixed a bug that caused _PyCode_GetExtra to return garbage
|
||
for negative indexes.
|
||
- Fix format string in _PyPegen_raise_error_known_location
|
||
that can lead to memory corruption on some 64bit systems.
|
||
The function was building a tuple with i (int) instead of
|
||
n (Py_ssize_t) for Py_ssize_t arguments.
|
||
- Fix misleading contents of error message when converting an
|
||
all-whitespace string to float.
|
||
- coroutine.throw() now properly initializes the frame.f_back
|
||
when resuming a stack of coroutines. This allows e.g.
|
||
traceback.print_stack() to work correctly when an exception
|
||
(such as CancelledError) is thrown into a coroutine.
|
||
- ast.parse() will no longer parse function definitions with
|
||
positional-only params when passed feature_version less
|
||
than (3, 8).
|
||
- Correct conversion of numbers.Rational’s to float.
|
||
- Fix a performance regression in logging
|
||
TimedRotatingFileHandler. Only check for special files when
|
||
the rollover time has passed.
|
||
- Fix unused localName parameter in the Attr class in
|
||
xml.dom.minidom.
|
||
- Update bundled pip to 22.2.2.
|
||
- Fail gracefully if EPERM or ENOSYS is raised when loading
|
||
crypt methods. This may happen when trying to load MD5 on
|
||
a Linux kernel with FIPS enabled.
|
||
- Improve discoverability of the higher level
|
||
concurrent.futures module by providing clearer links from
|
||
the lower level threading and multiprocessing modules.
|
||
- Update the default RFC base URL from deprecated
|
||
tools.ietf.org to datatracker.ietf.org
|
||
- Fix stylesheet not working in Windows CHM htmlhelp docs.
|
||
- The documentation now lists which members of C structs are
|
||
part of the Limited API/Stable ABI.
|
||
- Mitigate the inherent race condition from using
|
||
find_unused_port() in testSockName() by trying to find an
|
||
unused port a few times before failing.
|
||
- Build and test with OpenSSL 1.1.1q
|
||
- Document handling of extensions in Save As dialogs.
|
||
- Include prompts when saving Shell (interactive input and
|
||
output).
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 17 11:08:56 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
||
|
||
- fix import_failed.map to refer to the python 3.10 package versions
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 2 17:13:37 UTC 2022 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.10.6:
|
||
- gh-87389: http.server: Fix an open redirection vulnerability
|
||
in the HTTP server when an URI path starts with //.
|
||
Vulnerability discovered, and initial fix proposed, by Hamza
|
||
Avvan. (bsc#1202624, CVE-2021-28861)
|
||
- gh-92888: Fix memoryview use after free when accessing the
|
||
backing buffer in certain cases.
|
||
- gh-95355: _PyPegen_Parser_New now properly detects token
|
||
memory allocation errors. Patch by Honglin Zhu.
|
||
- gh-94938: Fix error detection in some builtin functions when
|
||
keyword argument name is an instance of a str subclass with
|
||
overloaded __eq__ and __hash__. Previously it could cause
|
||
SystemError or other undesired behavior.
|
||
- gh-94949: ast.parse() will no longer parse parenthesized
|
||
context managers when passed feature_version less than
|
||
(3, 9). Patch by Shantanu Jain.
|
||
- gh-94947: ast.parse() will no longer parse assignment
|
||
expressions when passed feature_version less than
|
||
(3, 8). Patch by Shantanu Jain.
|
||
- gh-94869: Fix the column offsets for some expressions in
|
||
multi-line f-strings ast nodes. Patch by Pablo Galindo.
|
||
- gh-91153: Fix an issue where a bytearray item assignment
|
||
could crash if it’s resized by the new value’s __index__()
|
||
method.
|
||
- gh-94329: Compile and run code with unpacking of extremely
|
||
large sequences (1000s of elements). Such code failed to
|
||
compile. It now compiles and runs correctly.
|
||
- gh-94360: Fixed a tokenizer crash when reading encoded
|
||
files with syntax errors from stdin with non utf-8 encoded
|
||
text. Patch by Pablo Galindo
|
||
- gh-94192: Fix error for dictionary literals with invalid
|
||
expression as value.
|
||
- gh-93964: Strengthened compiler overflow checks to prevent
|
||
crashes when compiling very large source files.
|
||
- gh-93671: Fix some exponential backtrace case happening with
|
||
deeply nested sequence patterns in match statements. Patch by
|
||
Pablo Galindo
|
||
- gh-93021: Fix the __text_signature__ for __get__() methods
|
||
implemented in C. Patch by Jelle Zijlstra.
|
||
- gh-92930: Fixed a crash in _pickle.c from mutating
|
||
collections during __reduce__ or persistent_id.
|
||
- gh-92914: Always round the allocated size for lists up to the
|
||
nearest even number.
|
||
- gh-92858: Improve error message for some suites with syntax
|
||
error before ‘:’
|
||
- gh-95339: Update bundled pip to 22.2.1.
|
||
- gh-95045: Fix GC crash when deallocating _lsprof.Profiler by
|
||
untracking it before calling any callbacks. Patch by Kumar
|
||
Aditya.
|
||
- gh-95087: Fix IndexError in parsing invalid date in the email
|
||
module.
|
||
- gh-95199: Upgrade bundled setuptools to 63.2.0.
|
||
- gh-95194: Upgrade bundled pip to 22.2.
|
||
- gh-93899: Fix check for existence of os.EFD_CLOEXEC,
|
||
os.EFD_NONBLOCK and os.EFD_SEMAPHORE flags on older kernel
|
||
versions where these flags are not present. Patch by Kumar
|
||
Aditya.
|
||
- gh-95166: Fix concurrent.futures.Executor.map() to cancel the
|
||
currently waiting on future on an error - e.g. TimeoutError
|
||
or KeyboardInterrupt.
|
||
- gh-93157: Fix fileinput module didn’t support errors option
|
||
when inplace is true.
|
||
- gh-94821: Fix binding of unix socket to empty address
|
||
on Linux to use an available address from the abstract
|
||
namespace, instead of “0”.
|
||
- gh-94736: Fix crash when deallocating an instance of a
|
||
subclass of _multiprocessing.SemLock. Patch by Kumar Aditya.
|
||
- gh-94637: SSLContext.set_default_verify_paths() now releases
|
||
the GIL around SSL_CTX_set_default_verify_paths call. The
|
||
function call performs I/O and CPU intensive work.
|
||
- gh-94510: Re-entrant calls to sys.setprofile() and
|
||
sys.settrace() now raise RuntimeError. Patch by Pablo
|
||
Galindo.
|
||
- gh-92336: Fix bug where linecache.getline() fails on bad
|
||
files with UnicodeDecodeError or SyntaxError. It now returns
|
||
an empty string as per the documentation.
|
||
- gh-89988: Fix memory leak in pickle.Pickler when looking up
|
||
dispatch_table. Patch by Kumar Aditya.
|
||
- gh-94254: Fixed types of struct module to be immutable. Patch
|
||
by Kumar Aditya.
|
||
- gh-94245: Fix pickling and copying of typing.Tuple[()].
|
||
- gh-94207: Made _struct.Struct GC-tracked in order to fix a
|
||
reference leak in the _struct module.
|
||
- gh-94101: Manual instantiation of ssl.SSLSession objects is
|
||
no longer allowed as it lead to misconfigured instances that
|
||
crashed the interpreter when attributes where accessed on
|
||
them.
|
||
- gh-84753: inspect.iscoroutinefunction(),
|
||
inspect.isgeneratorfunction(), and
|
||
inspect.isasyncgenfunction() now properly return True
|
||
for duck-typed function-like objects like instances of
|
||
unittest.mock.AsyncMock.
|
||
- This makes inspect.iscoroutinefunction() consistent with the
|
||
behavior of asyncio.iscoroutinefunction(). Patch by Mehdi
|
||
ABAAKOUK.
|
||
- gh-83499: Fix double closing of file description in tempfile.
|
||
- gh-79512: Fixed names and __module__ value of weakref classes
|
||
ReferenceType, ProxyType, CallableProxyType. It makes them
|
||
pickleable.
|
||
- gh-90494: copy.copy() and copy.deepcopy() now always raise
|
||
a TypeError if __reduce__() returns a tuple with length 6
|
||
instead of silently ignore the 6th item or produce incorrect
|
||
result.
|
||
- gh-90549: Fix a multiprocessing bug where a global named
|
||
resource (such as a semaphore) could leak when a child
|
||
process is spawned (as opposed to forked).
|
||
- gh-79579: sqlite3 now correctly detects DML queries with
|
||
leading comments. Patch by Erlend E. Aasland.
|
||
- gh-93421: Update sqlite3.Cursor.rowcount when a DML
|
||
statement has run to completion. This fixes the row count
|
||
for SQL queries like UPDATE ... RETURNING. Patch by Erlend
|
||
E. Aasland.
|
||
- gh-91810: Suppress writing an XML declaration in open
|
||
files in ElementTree.write() with encoding='unicode' and
|
||
xml_declaration=None.
|
||
- gh-93353: Fix the importlib.resources.as_file() context
|
||
manager to remove the temporary file if destroyed late
|
||
during Python finalization: keep a local reference to the
|
||
os.remove() function. Patch by Victor Stinner.
|
||
- gh-83658: Make multiprocessing.Pool raise an exception if
|
||
maxtasksperchild is not None or a positive int.
|
||
- gh-74696: shutil.make_archive() no longer temporarily changes
|
||
the current working directory during creation of standard
|
||
.zip or tar archives.
|
||
- gh-91577: Move imports in SharedMemory methods to module
|
||
level so that they can be executed late in python
|
||
finalization.
|
||
- bpo-47231: Fixed an issue with inconsistent trailing slashes
|
||
in tarfile longname directories.
|
||
- bpo-46755: In QueueHandler, clear stack_info from LogRecord
|
||
to prevent stack trace from being written twice.
|
||
- bpo-46053: Fix OSS audio support on NetBSD.
|
||
- bpo-46197: Fix ensurepip environment isolation for subprocess
|
||
running pip.
|
||
- bpo-45924: Fix asyncio incorrect traceback when future’s
|
||
exception is raised multiple times. Patch by Kumar Aditya.
|
||
- bpo-34828: sqlite3.Connection.iterdump() now handles
|
||
databases that use AUTOINCREMENT in one or more tables.
|
||
- gh-94321: Document the PEP 246 style protocol type
|
||
sqlite3.PrepareProtocol.
|
||
- gh-86128: Document a limitation in ThreadPoolExecutor where
|
||
its exit handler is executed before any handlers in atexit.
|
||
- gh-61162: Clarify sqlite3 behavior when Using the connection
|
||
as a context manager.
|
||
- gh-87260: Align sqlite3 argument specs with the actual
|
||
implementation.
|
||
- gh-86986: The minimum Sphinx version required to build the
|
||
documentation is now 3.2.
|
||
- gh-88831: Augmented documentation of
|
||
asyncio.create_task(). Clarified the need to keep strong
|
||
references to tasks and added a code snippet detailing how to
|
||
to this.
|
||
- bpo-47161: Document that pathlib.PurePath does not collapse
|
||
initial double slashes because they denote UNC paths.
|
||
- gh-95280: Fix problem with test_ssl test_get_ciphers on
|
||
systems that require perfect forward secrecy (PFS) ciphers.
|
||
- gh-95212: Make multiprocessing test case
|
||
test_shared_memory_recreate parallel-safe.
|
||
- gh-91330: Added more tests for dataclasses to cover behavior
|
||
with data descriptor-based fields.
|
||
- gh-94208: test_ssl is now checking for supported TLS version
|
||
and protocols in more tests.
|
||
- gh-93951: In test_bdb.StateTestCase.test_skip, avoid
|
||
including auxiliary importers.
|
||
- gh-93957: Provide nicer error reporting from subprocesses in
|
||
test_venv.EnsurePipTest.test_with_pip.
|
||
- gh-57539: Increase calendar test coverage for
|
||
calendar.LocaleTextCalendar.formatweekday().
|
||
- gh-92886: Fixing tests that fail when running with
|
||
optimizations (-O) in test_zipimport.py
|
||
- bpo-47016: Create a GitHub Actions workflow for verifying
|
||
bundled pip and setuptools. Patch by Illia Volochii and Adam
|
||
Turner.
|
||
- gh-94841: Fix the possible performance regression of
|
||
PyObject_Free() compiled with MSVC version 1932.
|
||
- gh-95511: Fix the Shell context menu copy-with-prompts bug of
|
||
copying an extra line when one selects whole lines.
|
||
- gh-95471: In the Edit menu, move Select All and add a new
|
||
separator.
|
||
- gh-95411: Enable using IDLE’s module browser with .pyw files.
|
||
- gh-89610: Add .pyi as a recognized extension for IDLE on
|
||
macOS. This allows opening stub files by double clicking on
|
||
them in the Finder.
|
||
- gh-94538: Fix Argument Clinic output to custom file
|
||
destinations. Patch by Erlend E. Aasland.
|
||
- gh-94430: Allow parameters named module and self with custom
|
||
C names in Argument Clinic. Patch by Erlend E. Aasland
|
||
- gh-94930: Fix SystemError raised when
|
||
PyArg_ParseTupleAndKeywords() is used with # in (...) but
|
||
without PY_SSIZE_T_CLEAN defined.
|
||
- gh-94864: Fix PyArg_Parse* with deprecated format units “u”
|
||
and “Z”. It returned 1 (success) when warnings are turned
|
||
into exceptions.
|
||
- Reapply patches
|
||
- bpo-31046_ensurepip_honours_prefix.patch
|
||
- fix_configure_rst.patch
|
||
- no-skipif-doctests.patch
|
||
- skip-test_pyobject_freed_is_freed.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jul 31 09:41:30 UTC 2022 - Stephan Kulow <coolo@suse.com>
|
||
|
||
- Extend distutils-reproducible-compile.patch with a workaround
|
||
for non reproducible pyc files issue 93317
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 21 14:19:52 UTC 2022 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Switch from %primary_interpreter to prjconf-defined
|
||
%primary_python (gh#openSUSE/python-rpm-macros#127).
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 9 16:43:30 UTC 2022 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
|
||
CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
|
||
command injection in the mailcap module.
|
||
- Fix building of documentation and the universal configuration of the
|
||
%primary_interpreter.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 6 22:29:23 UTC 2022 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.10.5:
|
||
- Core and Builtins
|
||
- gh-93418: Fixed an assert where an f-string has an equal
|
||
sign ‘=’ following an expression, but there’s no trailing
|
||
brace. For example, f”{i=”.
|
||
- gh-91924: Fix __ltrace__ debug feature if the stdout
|
||
encoding is not UTF-8. Patch by Victor Stinner.
|
||
- gh-93061: Backward jumps after async for loops are no
|
||
longer given dubious line numbers.
|
||
- gh-93065: Fix contextvars HAMT implementation to handle
|
||
iteration over deep trees.
|
||
- The bug was discovered and fixed by Eli Libman. See
|
||
MagicStack/immutables#84 for more details.
|
||
- gh-92311: Fixed a bug where setting frame.f_lineno to jump
|
||
over a list comprehension could misbehave or crash.
|
||
- gh-92112: Fix crash triggered by an evil custom mro() on
|
||
a metaclass.
|
||
- gh-92036: Fix a crash in subinterpreters related to the
|
||
garbage collector. When a subinterpreter is deleted,
|
||
untrack all objects tracked by its GC. To prevent a crash
|
||
in deallocator functions expecting objects to be tracked by
|
||
the GC, leak a strong reference to these objects on
|
||
purpose, so they are never deleted and their deallocator
|
||
functions are not called. Patch by Victor Stinner.
|
||
- gh-91421: Fix a potential integer overflow in
|
||
_Py_DecodeUTF8Ex.
|
||
- bpo-47212: Raise IndentationError instead of SyntaxError
|
||
for a bare except with no following indent. Improve
|
||
SyntaxError locations for an un-parenthesized generator
|
||
used as arguments. Patch by Matthieu Dartiailh.
|
||
- bpo-47182: Fix a crash when using a named unicode character
|
||
like "\N{digit nine}" after the main interpreter has been
|
||
initialized a second time.
|
||
- bpo-47117: Fix a crash if we fail to decode characters in
|
||
interactive mode if the tokenizer buffers are
|
||
uninitialized. Patch by Pablo Galindo.
|
||
- bpo-39829: Removed the __len__() call when initializing
|
||
a list and moved initializing to list_extend. Patch by
|
||
Jeremiah Pascual.
|
||
- bpo-46962: Classes and functions that unconditionally
|
||
declared their docstrings ignoring the
|
||
--without-doc-strings compilation flag no longer do so.
|
||
- The classes affected are ctypes.UnionType,
|
||
pickle.PickleBuffer, testcapi.RecursingInfinitelyError, and
|
||
types.GenericAlias.
|
||
- The functions affected are 24 methods in ctypes.
|
||
- Patch by Oleg Iarygin.
|
||
- bpo-36819: Fix crashes in built-in encoders with error
|
||
handlers that return position less or equal than the
|
||
starting position of non-encodable characters.
|
||
- Library
|
||
- gh-93156: Accessing the pathlib.PurePath.parents sequence
|
||
of an absolute path using negative index values produced
|
||
incorrect results.
|
||
- gh-89973: Fix re.error raised in fnmatch if the pattern
|
||
contains a character range with upper bound lower than
|
||
lower bound (e.g. [c-a]). Now such ranges are interpreted
|
||
as empty ranges.
|
||
- gh-93010: In a very special case, the email package tried
|
||
to append the nonexistent InvalidHeaderError to the defect
|
||
list. It should have been InvalidHeaderDefect.
|
||
- gh-92839: Fixed crash resulting from calling
|
||
bisect.insort() or bisect.insort_left() with the key
|
||
argument not equal to None.
|
||
- gh-91581: utcfromtimestamp() no longer attempts to resolve
|
||
fold in the pure Python implementation, since the fold is
|
||
never 1 in UTC. In addition to being slightly faster in the
|
||
common case, this also prevents some errors when the
|
||
timestamp is close to datetime.min. Patch by Paul Ganssle.
|
||
- gh-92530: Fix an issue that occurred after interrupting
|
||
threading.Condition.notify().
|
||
- gh-92049: Forbid pickling constants re._constants.SUCCESS
|
||
etc. Previously, pickling did not fail, but the result
|
||
could not be unpickled.
|
||
- bpo-47029: Always close the read end of the pipe used by
|
||
multiprocessing.Queue after the last write of buffered data
|
||
to the write end of the pipe to avoid BrokenPipeError at
|
||
garbage collection and at multiprocessing.Queue.close()
|
||
calls. Patch by Géry Ogam.
|
||
- gh-91401: Provide a fail-safe way to disable subprocess use
|
||
of vfork() via a private subprocess._USE_VFORK attribute.
|
||
While there is currently no known need for this, if you
|
||
find a need please only set it to False. File a CPython
|
||
issue as to why you needed it and link to that from
|
||
a comment in your code. This attribute is documented as
|
||
a footnote in 3.11.
|
||
- gh-91910: Add missing f prefix to f-strings in error
|
||
messages from the multiprocessing and asyncio modules.
|
||
- gh-91810: ElementTree method write() and function
|
||
tostring() now use the text file’s encoding (“UTF-8” if not
|
||
available) instead of locale encoding in XML declaration
|
||
when encoding="unicode" is specified.
|
||
- gh-91832: Add required attribute to argparse.Action repr
|
||
output.
|
||
- gh-91700: Compilation of regular expression containing
|
||
a conditional expression (?(group)...) now raises an
|
||
appropriate re.error if the group number refers to not
|
||
defined group. Previously an internal RuntimeError was
|
||
raised.
|
||
- gh-91676: Fix unittest.IsolatedAsyncioTestCase to shutdown
|
||
the per test event loop executor before returning from its
|
||
run method so that a not yet stopped or garbage collected
|
||
executor state does not persist beyond the test.
|
||
- gh-90568: Parsing \N escapes of Unicode Named Character
|
||
Sequences in a regular expression raises now re.error
|
||
instead of TypeError.
|
||
- gh-91595: Fix the comparison of character and integer
|
||
inside Tools.gdb.libpython.write_repr(). Patch by Yu Liu.
|
||
- gh-90622: Worker processes for
|
||
concurrent.futures.ProcessPoolExecutor are no longer
|
||
spawned on demand (a feature added in 3.9) when the
|
||
multiprocessing context start method is "fork" as that can
|
||
lead to deadlocks in the child processes due to a fork
|
||
happening while threads are running.
|
||
- gh-91575: Update case-insensitive matching in the re module
|
||
to the latest Unicode version.
|
||
- gh-91581: Remove an unhandled error case in the
|
||
C implementation of calls to datetime.fromtimestamp with no
|
||
time zone (i.e. getting a local time from an epoch
|
||
timestamp). This should have no user-facing effect other
|
||
than giving a possibly more accurate error message when
|
||
called with timestamps that fall on 10000-01-01 in the
|
||
local time. Patch by Paul Ganssle.
|
||
- bpo-47260: Fix os.closerange() potentially being a no-op in
|
||
a Linux seccomp sandbox.
|
||
- bpo-39064: zipfile.ZipFile now raises zipfile.BadZipFile
|
||
instead of ValueError when reading a corrupt zip file in
|
||
which the central directory offset is negative.
|
||
- bpo-47151: When subprocess tries to use vfork, it now falls
|
||
back to fork if vfork returns an error. This allows use in
|
||
situations where vfork isn’t allowed by the OS kernel.
|
||
- bpo-27929: Fix asyncio.loop.sock_connect() to only resolve
|
||
names for socket.AF_INET or socket.AF_INET6 families.
|
||
Resolution may not make sense for other families, like
|
||
socket.AF_BLUETOOTH and socket.AF_UNIX.
|
||
- bpo-43323: Fix errors in the email module if the charset
|
||
itself contains undecodable/unencodable characters.
|
||
- bpo-47101: hashlib.algorithms_available now lists only
|
||
algorithms that are provided by activated crypto providers
|
||
on OpenSSL 3.0. Legacy algorithms are not listed unless the
|
||
legacy provider has been loaded into the default OSSL
|
||
context.
|
||
- bpo-46787: Fix concurrent.futures.ProcessPoolExecutor
|
||
exception memory leak
|
||
- bpo-45393: Fix the formatting for await x and not x in the
|
||
operator precedence table when using the help() system.
|
||
- bpo-46415: Fix ipaddress.ip_{address,interface,network}
|
||
raising TypeError instead of ValueError if given invalid
|
||
tuple as address parameter.
|
||
- bpo-28249: Set doctest.DocTest.lineno to None when object
|
||
does not have __doc__.
|
||
- bpo-45138: Fix a regression in the sqlite3 trace callback
|
||
where bound parameters were not expanded in the passed
|
||
statement string. The regression was introduced in Python
|
||
3.10 by bpo-40318. Patch by Erlend E. Aasland.
|
||
- bpo-44493: Add missing terminated NUL in sockaddr_un’s
|
||
length
|
||
- This was potentially observable when using non-abstract
|
||
AF_UNIX datagram sockets to processes written in another
|
||
programming language.
|
||
- bpo-42627: Fix incorrect parsing of Windows registry proxy
|
||
settings
|
||
- bpo-36073: Raise ProgrammingError instead of segfaulting on
|
||
recursive usage of cursors in sqlite3 converters. Patch by
|
||
Sergey Fedoseev.
|
||
- Documentation
|
||
- gh-86438: Clarify that -W and PYTHONWARNINGS are matched
|
||
literally and case-insensitively, rather than as regular
|
||
expressions, in warnings.
|
||
- gh-92240: Added release dates for “What’s New in Python
|
||
3.X” for 3.0, 3.1, 3.2, 3.8 and 3.10
|
||
- gh-91888: Add a new gh role to the documentation to link to
|
||
GitHub issues.
|
||
- gh-91783: Document security issues concerning the use of
|
||
the function shutil.unpack_archive()
|
||
- gh-91547: Remove “Undocumented modules” page.
|
||
- bpo-44347: Clarify the meaning of dirs_exist_ok, a kwarg of
|
||
shutil.copytree().
|
||
- bpo-38668: Update the introduction to documentation for
|
||
os.path to remove warnings that became irrelevant after the
|
||
implementations of PEP 383 and PEP 529.
|
||
- bpo-47138: Pin Jinja to a version compatible with Sphinx
|
||
version 3.2.1.
|
||
- bpo-46962: All docstrings in code snippets are now wrapped
|
||
into PyDoc_STR() to follow the guideline of PEP 7’s
|
||
Documentation Strings paragraph. Patch by Oleg Iarygin.
|
||
- bpo-26792: Improve the docstrings of runpy.run_module() and
|
||
runpy.run_path(). Original patch by Andrew Brezovsky.
|
||
- bpo-40838: Document that inspect.getdoc(),
|
||
inspect.getmodule(), and inspect.getsourcefile() might
|
||
return None.
|
||
- bpo-45790: Adjust inaccurate phrasing in Defining Extension
|
||
Types: Tutorial about the ob_base field and the macros used
|
||
to access its contents.
|
||
- bpo-42340: Document that in some circumstances
|
||
KeyboardInterrupt may cause the code to enter an
|
||
inconsistent state. Provided a sample workaround to avoid
|
||
it if needed.
|
||
- bpo-41233: Link the errnos referenced in
|
||
Doc/library/exceptions.rst to their respective section in
|
||
Doc/library/errno.rst, and vice versa. Previously this was
|
||
only done for EINTR and InterruptedError. Patch by Yan
|
||
“yyyyyyyan” Orestes.
|
||
- bpo-38056: Overhaul the Error Handlers documentation in
|
||
codecs.
|
||
- bpo-13553: Document tkinter.Tk args.
|
||
- Tests
|
||
- gh-92886: Fixing tests that fail when running with
|
||
optimizations (-O) in test_imaplib.py.
|
||
- gh-92670: Skip
|
||
test_shutil.TestCopy.test_copyfile_nonexistent_dir test on
|
||
AIX as the test uses a trailing slash to force the OS
|
||
consider the path as a directory, but on AIX the trailing
|
||
slash has no effect and is considered as a file.
|
||
- gh-91904: Fix initialization of
|
||
PYTHONREGRTEST_UNICODE_GUARD which prevented running
|
||
regression tests on non-UTF-8 locale.
|
||
- gh-91607: Fix test_concurrent_futures to test the correct
|
||
multiprocessing start method context in several cases where
|
||
the test logic mixed this up.
|
||
- bpo-47205: Skip test for sched_getaffinity() and
|
||
sched_setaffinity() error case on FreeBSD.
|
||
- bpo-47104: Rewrite asyncio.to_thread() tests to use
|
||
unittest.IsolatedAsyncioTestCase.
|
||
- bpo-29890: Add tests for ipaddress.IPv4Interface and
|
||
ipaddress.IPv6Interface construction with tuple arguments.
|
||
Original patch and tests by louisom.
|
||
- Tools/Demos
|
||
- gh-91583: Fix regression in the code generated by Argument
|
||
Clinic for functions with the defining_class parameter.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 10 14:35:52 UTC 2022 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Refresh bluez-devel-vendor.tar.xz
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 5 14:35:56 UTC 2022 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Switch primary_interpreter from python38 to python310 for
|
||
Factory (only)
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Mar 26 22:52:45 UTC 2022 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.10.4:
|
||
- bpo-46968: Check for the existence of the “sys/auxv.h” header
|
||
in faulthandler to avoid compilation problems in systems
|
||
where this header doesn’t exist. Patch by Pablo Galindo
|
||
- bpo-23691: Protect the re.finditer() iterator from
|
||
re-entering.
|
||
- bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to
|
||
avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception
|
||
when reading a ZipFile from multiple threads.
|
||
- bpo-38256: Fix binascii.crc32() when it is compiled to use
|
||
zlib’c crc32 to work properly on inputs 4+GiB in length
|
||
instead of returning the wrong result. The workaround prior
|
||
to this was to always feed the function data in increments
|
||
smaller than 4GiB or to just call the zlib module function.
|
||
- bpo-39394: A warning about inline flags not at the start of
|
||
the regular expression now contains the position of the flag.
|
||
- bpo-47061: Deprecate the various modules listed by PEP 594:
|
||
- aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt,
|
||
imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd,
|
||
sndhdr, spwd, sunau, telnetlib, uu, xdrlib
|
||
- bpo-2604: Fix bug where doctests using globals would fail
|
||
when run multiple times.
|
||
- bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order.
|
||
- bpo-47022: The asynchat, asyncore and smtpd modules have been
|
||
deprecated since at least Python 3.6. Their documentation and
|
||
deprecation warnings and have now been updated to note they
|
||
will removed in Python 3.12 (PEP 594).
|
||
- bpo-46421: Fix a unittest issue where if the command was
|
||
invoked as python -m unittest and the filename(s) began with
|
||
a dot (.), a ValueError is returned.
|
||
- bpo-40296: Fix supporting generic aliases in pydoc.
|
||
|
||
- Update to 3.10.3:
|
||
- bpo-46940: Avoid overriding AttributeError metadata
|
||
information for nested attribute access calls. Patch by Pablo
|
||
Galindo.
|
||
- bpo-46852: Rename the private undocumented
|
||
float.__set_format__() method to float.__setformat__() to fix
|
||
a typo introduced in Python 3.7. The method is only used by
|
||
test_float. Patch by Victor Stinner.
|
||
- bpo-46794: Bump up the libexpat version into 2.4.6
|
||
- bpo-46820: Fix parsing a numeric literal immediately (without
|
||
spaces) followed by “not in” keywords, like in 1not in x. Now
|
||
the parser only emits a warning, not a syntax error.
|
||
- bpo-46762: Fix an assert failure in debug builds when a ‘<’,
|
||
‘>’, or ‘=’ is the last character in an f-string that’s
|
||
missing a closing right brace.
|
||
- bpo-46724: Make sure that all backwards jumps use the
|
||
JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an
|
||
argument of (2**32)+offset.
|
||
- bpo-46732: Correct the docstring for the __bool__() method.
|
||
Patch by Jelle Zijlstra.
|
||
- bpo-46707: Avoid potential exponential backtracking when
|
||
producing some syntax errors involving lots of brackets.
|
||
Patch by Pablo Galindo.
|
||
- bpo-40479: Add a missing call to va_end() in
|
||
Modules/_hashopenssl.c.
|
||
- bpo-46615: When iterating over sets internally in
|
||
setobject.c, acquire strong references to the resulting items
|
||
from the set. This prevents crashes in corner-cases of
|
||
various set operations where the set gets mutated.
|
||
- bpo-45773: Remove two invalid “peephole” optimizations from
|
||
the bytecode compiler.
|
||
- bpo-43721: Fix docstrings of getter, setter, and deleter to
|
||
clarify that they create a new copy of the property.
|
||
- bpo-46503: Fix an assert when parsing some invalid N escape
|
||
sequences in f-strings.
|
||
- bpo-46417: Fix a race condition on setting a type __bases__
|
||
attribute: the internal function add_subclass() now gets the
|
||
PyTypeObject.tp_subclasses member after calling
|
||
PyWeakref_NewRef() which can trigger a garbage collection
|
||
which can indirectly modify PyTypeObject.tp_subclasses. Patch
|
||
by Victor Stinner.
|
||
- bpo-46383: Fix invalid signature of _zoneinfo’s module_free
|
||
function to resolve a crash on wasm32-emscripten platform.
|
||
- bpo-46070: Py_EndInterpreter() now explicitly untracks all
|
||
objects currently tracked by the GC. Previously, if an object
|
||
was used later by another interpreter, calling
|
||
PyObject_GC_UnTrack() on the object crashed if the previous
|
||
or the next object of the PyGC_Head structure became
|
||
a dangling pointer. Patch by Victor Stinner.
|
||
- bpo-46339: Fix a crash in the parser when retrieving the
|
||
error text for multi-line f-strings expressions that do not
|
||
start in the first line of the string. Patch by Pablo Galindo
|
||
- bpo-46240: Correct the error message for unclosed parentheses
|
||
when the tokenizer doesn’t reach the end of the source when
|
||
the error is reported. Patch by Pablo Galindo
|
||
- bpo-46091: Correctly calculate indentation levels for lines
|
||
with whitespace character that are ended by line continuation
|
||
characters. Patch by Pablo Galindo
|
||
- bpo-43253: Fix a crash when closing transports where the
|
||
underlying socket handle is already invalid on the Proactor
|
||
event loop.
|
||
- bpo-47004: Apply bugfixes from importlib_metadata 4.11.3,
|
||
including bugfix for EntryPoint.extras, which was returning
|
||
match objects and not the extras strings.
|
||
- bpo-46985: Upgrade pip wheel bundled with ensurepip (pip
|
||
22.0.4)
|
||
- bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically
|
||
determine size of signal handler stack size CPython allocates
|
||
using getauxval(AT_MINSIGSTKSZ). This changes allows for
|
||
Python extension’s request to Linux kernel to use AMX_TILE
|
||
instruction set on Sapphire Rapids Xeon processor to succeed,
|
||
unblocking use of the ISA in frameworks.
|
||
- bpo-46955: Expose asyncio.base_events.Server as
|
||
asyncio.Server. Patch by Stefan Zabka.
|
||
- bpo-23325: The signal module no longer assumes that SIG_IGN
|
||
and SIG_DFL are small int singletons.
|
||
- bpo-46932: Update bundled libexpat to 2.4.7
|
||
- bpo-25707: Fixed a file leak in
|
||
xml.etree.ElementTree.iterparse() when the iterator is not
|
||
exhausted. Patch by Jacob Walls.
|
||
- bpo-44886: Inherit asyncio proactor datagram transport from
|
||
asyncio.DatagramTransport.
|
||
- bpo-46827: Support UDP sockets in asyncio.loop.sock_connect()
|
||
for selector-based event loops. Patch by Thomas Grainger.
|
||
- bpo-46811: Make test suite support Expat >=2.4.5
|
||
- bpo-46252: Raise TypeError if ssl.SSLSocket is passed to
|
||
transport-based APIs.
|
||
- bpo-46784: Fix libexpat symbols collisions with user
|
||
dynamically loaded or statically linked libexpat in embedded
|
||
Python.
|
||
- bpo-39327: shutil.rmtree() can now work with VirtualBox
|
||
shared folders when running from the guest operating-system.
|
||
- bpo-46756: Fix a bug in
|
||
urllib.request.HTTPPasswordMgr.find_user_password() and
|
||
urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated()
|
||
which allowed to bypass authorization. For example, access to
|
||
URI example.org/foobar was allowed if the user was authorized
|
||
for URI example.org/foo.
|
||
- bpo-46643: In typing.get_type_hints(), support evaluating
|
||
stringified ParamSpecArgs and ParamSpecKwargs annotations.
|
||
Patch by Gregory Beauregard.
|
||
- bpo-45863: When the tarfile module creates a pax format
|
||
archive, it will put an integer representation of timestamps
|
||
in the ustar header (if possible) for the benefit of older
|
||
unarchivers, in addition to the existing full-precision
|
||
timestamps in the pax extended header.
|
||
- bpo-46676: Make typing.ParamSpec args and kwargs equal to
|
||
themselves. Patch by Gregory Beauregard.
|
||
- bpo-46672: Fix NameError in asyncio.gather() when initial
|
||
type check fails.
|
||
- bpo-46655: In typing.get_type_hints(), support evaluating
|
||
bare stringified TypeAlias annotations. Patch by Gregory
|
||
Beauregard.
|
||
- bpo-45948: Fixed a discrepancy in the C implementation of the
|
||
xml.etree.ElementTree module. Now, instantiating an
|
||
xml.etree.ElementTree.XMLParser with a target=None keyword
|
||
provides a default xml.etree.ElementTree.TreeBuilder target
|
||
as the Python implementation does.
|
||
- bpo-46521: Fix a bug in the codeop module that was
|
||
incorrectly identifying invalid code involving string quotes
|
||
as valid code.
|
||
- bpo-46581: Brings ParamSpec propagation for GenericAlias in
|
||
line with Concatenate (and others).
|
||
- bpo-46591: Make the IDLE doc URL on the About IDLE dialog
|
||
clickable.
|
||
- bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4
|
||
- bpo-46487: Add the get_write_buffer_limits method to
|
||
asyncio.transports.WriteTransport and to the SSL transport.
|
||
- bpo-45173: Note the configparser deprecations will be removed
|
||
in Python 3.12.
|
||
- bpo-46539: In typing.get_type_hints(), support evaluating
|
||
stringified ClassVar and Final annotations inside Annotated.
|
||
Patch by Gregory Beauregard.
|
||
- bpo-46491: Allow typing.Annotated to wrap typing.Final and
|
||
typing.ClassVar. Patch by Gregory Beauregard.
|
||
- bpo-46436: Fix command-line option -d/--directory in module
|
||
http.server which is ignored when combined with command-line
|
||
option --cgi. Patch by Géry Ogam.
|
||
- bpo-41403: Make mock.patch() raise a TypeError with
|
||
a relevant error message on invalid arg. Previously it
|
||
allowed a cryptic AttributeError to escape.
|
||
- bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid
|
||
potential REDoS by limiting ambiguity in consecutive
|
||
whitespace.
|
||
- bpo-46469: asyncio generic classes now return
|
||
types.GenericAlias in __class_getitem__ instead of the same
|
||
class.
|
||
- bpo-46434: pdb now gracefully handles help when __doc__ is
|
||
missing, for example when run with pregenerated optimized
|
||
.pyc files.
|
||
- bpo-46333: The __eq__() and __hash__() methods of
|
||
typing.ForwardRef now honor the module parameter of
|
||
typing.ForwardRef. Forward references from different modules
|
||
are now differentiated.
|
||
- bpo-46246: Add missing __slots__ to
|
||
importlib.metadata.DeprecatedList. Patch by Arie Bovenberg.
|
||
- bpo-46266: Improve day constants in calendar.
|
||
- Now all constants (MONDAY … SUNDAY) are documented, tested,
|
||
and added to __all__.
|
||
- bpo-46232: The ssl module now handles certificates with bit
|
||
strings in DN correctly.
|
||
- bpo-43118: Fix a bug in inspect.signature() that was causing
|
||
it to fail on some subclasses of classes with
|
||
a __text_signature__ referencing module globals. Patch by
|
||
Weipeng Hong.
|
||
- bpo-26552: Fixed case where failing asyncio.ensure_future()
|
||
did not close the coroutine. Patch by Kumar Aditya.
|
||
- bpo-21987: Fix an issue with tarfile.TarFile.getmember()
|
||
getting a directory name with a trailing slash.
|
||
- bpo-20392: Fix inconsistency with uppercase file extensions
|
||
in MimeTypes.guess_type(). Patch by Kumar Aditya.
|
||
- bpo-46080: Fix exception in argparse help text generation if
|
||
a argparse.BooleanOptionalAction argument’s default is
|
||
argparse.SUPPRESS and it has help specified. Patch by Felix
|
||
Fontein.
|
||
- bpo-44439: Fix .write() method of a member file in ZipFile,
|
||
when the input data is an object that supports the buffer
|
||
protocol, the file length may be wrong.
|
||
- bpo-45703: When a namespace package is imported before
|
||
another module from the same namespace is created/installed
|
||
in a different sys.path location while the program is
|
||
running, calling the importlib.invalidate_caches() function
|
||
will now also guarantee the new module is noticed.
|
||
- bpo-24959: Fix bug where unittest sometimes drops frames from
|
||
tracebacks of exceptions raised in tests.
|
||
- bpo-44791: Fix substitution of ParamSpec in Concatenate with
|
||
different parameter expressions. Substitution with a list of
|
||
types returns now a tuple of types. Substitution with
|
||
Concatenate returns now a Concatenate with concatenated lists
|
||
of arguments.
|
||
- bpo-14156: argparse.FileType now supports an argument of ‘-’
|
||
in binary mode, returning the .buffer attribute of
|
||
sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and
|
||
‘a’ are treated equivalently to ‘w’ when argument is ‘-’.
|
||
Patch contributed by Josh Rosenberg
|
||
- bpo-46463: Fixes escape4chm.py script used when building the
|
||
CHM documentation file
|
||
- bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is
|
||
built with undefined behavior sanitizer (UBSAN): disable
|
||
UBSAN on the faulthandler_sigfpe() function. Patch by Victor
|
||
Stinner.
|
||
- bpo-46708: Prevent default asyncio event loop policy
|
||
modification warning after test_asyncio execution.
|
||
- bpo-46678: The function make_legacy_pyc in
|
||
Lib/test/support/import_helper.py no longer fails when
|
||
PYTHONPYCACHEPREFIX is set to a directory on a different
|
||
device from where tempfiles are stored.
|
||
- bpo-46616: Ensures test_importlib.test_windows cleans up
|
||
registry keys after completion.
|
||
- bpo-44359: test_ftplib now silently ignores socket errors to
|
||
prevent logging unhandled threading exceptions. Patch by
|
||
Victor Stinner.
|
||
- bpo-46542: Fix a Python crash in test_lib2to3 when using
|
||
Python built in debug mode: limit the recursion limit. Patch
|
||
by Victor Stinner.
|
||
- bpo-46576: test_peg_generator now disables compiler
|
||
optimization when testing compilation of its own C extensions
|
||
to significantly speed up the testing on non-debug builds of
|
||
CPython.
|
||
- bpo-46542: Fix test_json tests checking for RecursionError:
|
||
modify these tests to use support.infinite_recursion(). Patch
|
||
by Victor Stinner.
|
||
- bpo-13886: Skip test_builtin PTY tests on non-ASCII
|
||
characters if the readline module is loaded. The readline
|
||
module changes input() behavior, but test_builtin is not
|
||
intented to test the readline module. Patch by Victor
|
||
Stinner.
|
||
- bpo-38472: Fix GCC detection in setup.py when
|
||
cross-compiling. The C compiler is now run with LC_ALL=C.
|
||
Previously, the detection failed with a German locale.
|
||
- bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro
|
||
and pyconfig.h no longer defines reserved symbol
|
||
__CHAR_UNSIGNED__.
|
||
- bpo-45296: Clarify close, quit, and exit in IDLE. In the File
|
||
menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current
|
||
one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows).
|
||
In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there
|
||
are no other windows, this also exits IDLE.
|
||
- bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch
|
||
by Alex Waygood and Terry Jan Reedy.
|
||
- bpo-46433: The internal function _PyType_GetModuleByDef now
|
||
correctly handles inheritance patterns involving static
|
||
types.
|
||
- bpo-14916: Fixed bug in the tokenizer that prevented
|
||
PyRun_InteractiveOne from parsing from the provided FD.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 24 18:55:46 UTC 2022 - David Anes <david.anes@suse.com>
|
||
|
||
- (bsc#1196784, CVE-2022-25236) Rename patch:
|
||
support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch
|
||
and update the patch to detect expat >= 2.4.4 instead of >= 2.4.5
|
||
as it was fully patched against CVE-2022-25236.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 22 05:53:06 UTC 2022 - Steve Kowalik <steven.kowalik@suse.com>
|
||
|
||
- Add patch support-expat-245.patch:
|
||
* Support Expat >= 2.4.5
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 15 23:05:55 UTC 2022 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- bsc#1195831 Obsolete older "most modern" versions of python
|
||
packages (python39 for python310 and so forth). For next
|
||
versions it is necessary just to edit the macro.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Remove second superfluous BR rpm-build-python
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Remove second superfluous BR rpm-build-python
|
||
- Add fix_configure_rst.patch, which removes duplicate link
|
||
targets and make documentation with old Sphinx in SLE
|
||
- Skip test_capi (bsc#1195140 and bpo#37169)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 19 22:01:51 UTC 2022 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.10.2:
|
||
Bugfix only
|
||
- bpo#46347 memory leak in PyEval_EvalCodeEx (especially
|
||
visible with Cython code)
|
||
- and many others
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 8 13:07:25 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Upgrade to 3.10.1 (jsc#SLE-18038):
|
||
- PEP 623 – Deprecate and prepare for the removal of the wstr
|
||
member in PyUnicodeObject.
|
||
- PEP 604 – Allow writing union types as X | Y
|
||
- PEP 612 – Parameter Specification Variables
|
||
- PEP 626 – Precise line numbers for debugging and other tools.
|
||
- PEP 618 – Add Optional Length-Checking To zip.
|
||
- bpo-12782: Parenthesized context managers are now officially
|
||
allowed.
|
||
- PEP 632 – Deprecate distutils module.
|
||
- PEP 613 – Explicit Type Aliases
|
||
- PEP 634 – Structural Pattern Matching: Specification
|
||
- PEP 635 – Structural Pattern Matching: Motivation and
|
||
Rationale
|
||
- PEP 636 – Structural Pattern Matching: Tutorial
|
||
- PEP 644 – Require OpenSSL 1.1.1 or newer
|
||
- PEP 624 – Remove Py_UNICODE encoder APIs
|
||
- PEP 597 – Add optional EncodingWarning
|
||
- Patches readjusted:
|
||
- bpo-31046_ensurepip_honours_prefix.patch
|
||
- python-3.3.0b1-fix_date_time_compiler.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Dec 4 18:40:28 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Remove pdb_adjust_breakpoints.patch and instead just adjust location
|
||
of the test breakpoint in Lib/test/test_pdb.py via sed, because we
|
||
have shortened Lib/pdb.py by removing the shebang (bpo#45964).
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 2 13:51:57 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Add pdb_adjust_breakpoints.patch fixing expectd results in
|
||
test_pdb_breakpoints_preserved_across_interactive_sessions
|
||
(bpo#45964).
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Nov 29 00:17:07 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Remove shebangs from from python-base libraries in _libdir
|
||
(bsc#1193179).
|
||
- Readjust patches:
|
||
- bpo-31046_ensurepip_honours_prefix.patch
|
||
- decimal.patch
|
||
- python-3.3.0b1-fix_date_time_compiler.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 16 16:03:43 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Move rpm-build-python construct to correct place.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 13 08:52:47 UTC 2021 - Dominique Leuenberger <dimstar@opensuse.org>
|
||
|
||
- BuildRequire rpm-build-python: The provider to inject python(abi)
|
||
has been moved there. rpm-build pulls rpm-build-python
|
||
automatically in when building anything against python3-base, but
|
||
this implies that the initial build of python3-base does not
|
||
trigger the automatic installation.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 5 22:36:51 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Final release of 3.10.0:
|
||
Complete list on https://www.python.org/downloads/release/python-3100/,
|
||
but highlights are:
|
||
- PEP 623 – Deprecate and prepare for the removal of the wstr
|
||
member in PyUnicodeObject.
|
||
- PEP 604 – Allow writing union types as X | Y
|
||
- PEP 612 – Parameter Specification Variables
|
||
- PEP 626 – Precise line numbers for debugging and other
|
||
tools.
|
||
- PEP 618 – Add Optional Length-Checking To zip.
|
||
- PEP 632 – Deprecate distutils module.
|
||
- PEP 613 – Explicit Type Aliases
|
||
- PEP 634 – Structural Pattern Matching: Specification
|
||
- PEP 635 – Structural Pattern Matching: Motivation and
|
||
Rationale
|
||
- PEP 636 – Structural Pattern Matching: Tutorial
|
||
- PEP 644 – Require OpenSSL 1.1.1 or newer
|
||
- PEP 624 – Remove Py_UNICODE encoder APIs
|
||
- PEP 597 – Add optional EncodingWarning
|
||
- bpo-12782: Parenthesized context managers are now officially
|
||
allowed.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 30 12:48:25 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Switch on option --with-system-libmpdec (bsc#1189356).
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 27 13:15:03 UTC 2021 - Andreas Schwab <schwab@suse.de>
|
||
|
||
- Reenable profileopt with qemu emulation, test_faulthandler is no longer
|
||
run during profiling
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 12 15:11:39 UTC 2021 - Andreas Schwab <schwab@suse.de>
|
||
|
||
- test_faulthandler is still problematic under qemu linux-user emulation,
|
||
disable it there
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 11 05:57:11 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.10.0rc1 (the penultimate prerelease), which contains
|
||
plenty of small bugfixes among others:
|
||
- bpo#38605: from __future__ import annotations (PEP 563) used to be
|
||
on this list in previous pre-releases but it has been postponed to
|
||
Python 3.11 due to some compatibility concerns.
|
||
- bpo-44600: Fix incorrect line numbers while tracing some failed
|
||
patterns in match statements. Patch by Charles Burkland.
|
||
- plenty of modifications in types.Union
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 21 13:44:48 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.10.0b4:
|
||
https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-0-beta-4
|
||
- Remove python3-imp-returntype.patch which has been upstreamed.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 7 15:52:44 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.10.0b2:
|
||
- PEP 623 -- Deprecate and prepare for the removal of the wstr
|
||
member in PyUnicodeObject.
|
||
- PEP 604 -- Allow writing union types as X | Y
|
||
- PEP 612 -- Parameter Specification Variables
|
||
- PEP 626 -- Precise line numbers for debugging and other
|
||
tools.
|
||
- PEP 618 -- Add Optional Length-Checking To zip.
|
||
- bpo-12782: Parenthesized context managers are now officially
|
||
allowed.
|
||
- PEP 632 -- Deprecate distutils module.
|
||
- PEP 613 -- Explicit Type Aliases
|
||
- PEP 634 -- Structural Pattern Matching: Specification
|
||
- PEP 635 -- Structural Pattern Matching: Motivation and
|
||
Rationale
|
||
- PEP 636 -- Structural Pattern Matching: Tutorial
|
||
- PEP 644 -- Require OpenSSL 1.1.1 or newer
|
||
- PEP 624 -- Remove Py_UNICODE encoder APIs
|
||
- PEP 597 -- Add optional EncodingWarning
|
||
- Removed patches (assumed upstream):
|
||
- sphinx-update-removed-function.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jun 5 21:21:38 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Revert previous skip over test_capi
|
||
- Add skip-test_pyobject_freed_is_freed.patch to skip failing
|
||
test on SLE-15.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 4 21:36:30 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
||
|
||
- allow build with Sphinx >= 3.x
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 2 13:12:04 UTC 2021 - Dan Čermák <dcermak@suse.com>
|
||
|
||
- Exclude test_capi on Leap (test fails there)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 21 15:13:59 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Stop providing "python" symbol (bsc#1185588), which means
|
||
python2 currently.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 5 15:16:58 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.9.5:
|
||
* Security
|
||
- bpo-43434: Creating a sqlite3.Connection object now also
|
||
produces a sqlite3.connect auditing event. Previously this
|
||
event was only produced by sqlite3.connect() calls. Patch
|
||
by Erlend E. Aasland.
|
||
- bpo-43882: The presence of newline or tab characters in
|
||
parts of a URL could allow some forms of attacks.
|
||
- Following the controlling specification for URLs defined by
|
||
WHATWG urllib.parse() now removes ASCII newlines and tabs
|
||
from URLs, preventing such attacks.
|
||
- bpo-43472: Ensures interpreter-level audit hooks receive
|
||
the cpython.PyInterpreterState_New event when called
|
||
through the _xxsubinterpreters module.
|
||
- bpo-36384: ipaddress module no longer accepts any leading
|
||
zeros in IPv4 address strings. Leading zeros are ambiguous
|
||
and interpreted as octal notation by some libraries. For
|
||
example the legacy function socket.inet_aton() treats
|
||
leading zeros as octal notatation. glibc implementation of
|
||
modern inet_pton() does not accept any leading zeros. For
|
||
a while the ipaddress module used to accept ambiguous
|
||
leading zeros.
|
||
- bpo-43075: Fix Regular Expression Denial of Service (ReDoS)
|
||
vulnerability in urllib.request.AbstractBasicAuthHandler.
|
||
The ReDoS-vulnerable regex has quadratic worst-case
|
||
complexity and it allows cause a denial of service when
|
||
identifying crafted invalid RFCs. This ReDoS issue is on
|
||
the client side and needs remote attackers to control the
|
||
HTTP server.
|
||
- bpo-42800: Audit hooks are now fired for frame.f_code,
|
||
traceback.tb_frame, and generator code/frame attribute
|
||
access.
|
||
* Core and Builtins
|
||
- bpo-43105: Importlib now resolves relative paths when
|
||
creating module spec objects from file locations.
|
||
- bpo-42924: Fix bytearray repetition incorrectly copying
|
||
data from the start of the buffer, even if the data is
|
||
offset within the buffer (e.g. after reassigning a slice at
|
||
the start of the bytearray to a shorter byte string).
|
||
* Library
|
||
- bpo-43993: Update bundled pip to 21.1.1.
|
||
- bpo-43937: Fixed the turtle module working with non-default
|
||
root window.
|
||
- bpo-43930: Update bundled pip to 21.1 and setuptools to
|
||
56.0.0
|
||
- bpo-43920: OpenSSL 3.0.0: load_verify_locations() now
|
||
returns a consistent error message when cadata contains no
|
||
valid certificate.
|
||
- bpo-43607: urllib can now convert Windows paths with \\?\
|
||
prefixes into URL paths.
|
||
- bpo-43284: platform.win32_ver derives the windows version
|
||
from sys.getwindowsversion().platform_version which in turn
|
||
derives the version from kernel32.dll (which can be of
|
||
a different version than Windows itself). Therefore change
|
||
the platform.win32_ver to determine the version using the
|
||
platform module’s _syscmd_ver private function to return an
|
||
accurate version.
|
||
- bpo-42248: [Enum] ensure exceptions raised in _missing__
|
||
are released
|
||
- bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1
|
||
to suppress deprecation warnings. Python requires OpenSSL
|
||
1.1.1 APIs.
|
||
- bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants
|
||
(OpenSSL 3.0.0)
|
||
- bpo-43789: OpenSSL 3.0.0: Don’t call the password callback
|
||
function a second time when first call has signaled an
|
||
error condition.
|
||
- bpo-43788: The header files for ssl error codes are now
|
||
OpenSSL version-specific. Exceptions will now show correct
|
||
reason and library codes. The make_ssl_data.py script has
|
||
been rewritten to use OpenSSL’s text file with error codes.
|
||
- bpo-43655: tkinter dialog windows are now recognized as
|
||
dialogs by window managers on macOS and X Window.
|
||
- bpo-43534: turtle.textinput() and turtle.numinput() create
|
||
now a transient window working on behalf of the canvas
|
||
window.
|
||
- bpo-43522: Fix problem with hostname_checks_common_name.
|
||
OpenSSL does not copy hostflags from struct SSL_CTX to
|
||
struct SSL.
|
||
- bpo-42967: Allow bytes separator argument in
|
||
urllib.parse.parse_qs and urllib.parse.parse_qsl when
|
||
parsing str query strings. Previously, this raised
|
||
a TypeError.
|
||
- bpo-43176: Fixed processing of a dataclass that inherits
|
||
from a frozen dataclass with no fields. It is now correctly
|
||
detected as an error.
|
||
- bpo-41735: Fix thread locks in zlib module may go wrong in
|
||
rare case. Patch by Ma Lin.
|
||
- bpo-36470: Fix dataclasses with InitVars and replace().
|
||
Patch by Claudiu Popa.
|
||
- bpo-32745: Fix a regression in the handling of ctypes’
|
||
ctypes.c_wchar_p type: embedded null characters would cause
|
||
a ValueError to be raised. Patch by Zackery Spytz.
|
||
* Documentation
|
||
- bpo-43959: The documentation on the PyContextVar C-API was
|
||
clarified.
|
||
- bpo-43938: Update dataclasses documentation to express that
|
||
FrozenInstanceError is derived from AttributeError.
|
||
- bpo-43755: Update documentation to reflect that
|
||
unparenthesized lambda expressions can no longer be the
|
||
expression part in an if clause in comprehensions and
|
||
generator expressions since Python 3.9.
|
||
- bpo-43739: Fixing the example code in
|
||
Doc/extending/extending.rst to declare and initialize the
|
||
pmodule variable to be of the right type.
|
||
* Tests
|
||
- bpo-43961: Fix
|
||
test_logging.test_namer_rotator_inheritance() on Windows:
|
||
use os.replace() rather than os.rename(). Patch by Victor
|
||
Stinner.
|
||
- bpo-43842: Fix a race condition in the SMTP test of
|
||
test_logging. Don’t close a file descriptor (socket) from
|
||
a different thread while asyncore.loop() is polling the
|
||
file descriptor. Patch by Victor Stinner.
|
||
- bpo-43811: Tests multiple OpenSSL versions on GitHub
|
||
Actions. Use ccache to speed up testing.
|
||
- bpo-43791: OpenSSL 3.0.0: Disable testing of legacy
|
||
protocols TLS 1.0 and 1.1. Tests are failing with
|
||
TLSV1_ALERT_INTERNAL_ERROR.
|
||
- Refreshed patches:
|
||
- bpo-31046_ensurepip_honours_prefix.patch
|
||
- python-3.3.0b1-fix_date_time_compiler.patch
|
||
- Add vendorized files from bluez-devel to enable building support for
|
||
Bluetooth.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun May 2 09:20:06 UTC 2021 - Ben Greiner <code@bnavigator.de>
|
||
|
||
- Make sure to close the import_failed.map file after the exception
|
||
has been raised in order to avoid ResourceWarnings when the
|
||
failing import is part of a try...except block.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 28 16:39:54 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.9.4:
|
||
- bpo#43710: Reverted the fix for https://bugs.python.org/issue42500
|
||
as it changed the PyThreadState struct size and broke the 3.9.x ABI
|
||
in the 3.9.3 release (visible on 32-bit platforms using binaries
|
||
compiled using an earlier version of Python 3.9.x headers).
|
||
- bpo#26053: Fixed bug where the pdb interactive run command echoed
|
||
the args from the shell command line, even if those have been
|
||
overridden at the pdb prompt.
|
||
- bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile
|
||
feature of the pydoc module which could be abused to read
|
||
arbitrary files on the disk (directory traversal
|
||
vulnerability). Moreover, even source code of Python modules
|
||
can contain sensitive data like passwords. Vulnerability
|
||
reported by David Schwörer.
|
||
- bpo#43285: ftplib no longer trusts the IP address value
|
||
returned from the server in response to the PASV command by
|
||
default. This prevents a malicious FTP server from using the
|
||
response to probe IPv4 address and port combinations on the
|
||
client network. Code that requires the former vulnerable
|
||
behavior may set a trust_server_pasv_ipv4_address attribute
|
||
on their ftplib.FTP instances to True to re-enable it.
|
||
- bpo#43439: Add audit hooks for gc.get_objects(),
|
||
gc.get_referrers() and gc.get_referents(). Patch by Pablo
|
||
Galindo.
|
||
- bpo#43660: Fix crash that happens when replacing sys.stderr
|
||
with a callable that can remove the object while an exception
|
||
is being printed. Patch by Pablo Galindo.
|
||
- bpo#43555: Report the column offset for SyntaxError for
|
||
invalid line continuation characters. Patch by Pablo Galindo.
|
||
- bpo#43517: Fix misdetection of circular imports when using
|
||
from pkg.mod import attr, which caused false positives in
|
||
non-trivial multi-threaded code.
|
||
- bpo#35883: Python no longer fails at startup with a fatal
|
||
error if a command line argument contains an invalid Unicode
|
||
character. The Py_DecodeLocale() function now escapes byte
|
||
sequences which would be decoded as Unicode characters
|
||
outside the [U+0000; U+10ffff] range.
|
||
- bpo#43406: Fix a possible race condition where
|
||
PyErr_CheckSignals tries to execute a non-Python signal
|
||
handler.
|
||
- bpo#42500: Improve handling of exceptions near recursion
|
||
limit. Converts a number of Fatal Errors in RecursionErrors.
|
||
- bpo#43433: xmlrpc.client.ServerProxy no longer ignores query
|
||
and fragment in the URL of the server.
|
||
- bpo#35930: Raising an exception raised in a “future” instance
|
||
will create reference cycles.
|
||
- bpo#43577: Fix deadlock when using ssl.SSLContext debug
|
||
callback with ssl.SSLContext.sni_callback().
|
||
- bpo#43521: ast.unparse can now render NaNs and empty sets.
|
||
- bpo#43423: subprocess.communicate() no longer raises an
|
||
IndexError when there is an empty stdout or stderr IO buffer
|
||
during a timeout on Windows.
|
||
- bpo#27820: Fixed long-standing bug of smtplib.SMTP where
|
||
doing AUTH LOGIN with initial_response_ok=False will fail.
|
||
The cause is that SMTP.auth_login _always_ returns a password
|
||
if provided with a challenge string, thus non-compliant with
|
||
the standard for AUTH LOGIN. Also fixes bug with the test for
|
||
smtpd.
|
||
- bpo#43332: Improves the networking efficiency of http.client
|
||
when using a proxy via set_tunnel(). Fewer small send calls
|
||
are made during connection setup.
|
||
- bpo#43399: Fix ElementTree.extend not working on iterators
|
||
when using the Python implementation
|
||
- bpo#43316: The python -m gzip command line application now
|
||
properly fails when detecting an unsupported extension. It
|
||
exits with a non-zero exit code and prints an error message
|
||
to stderr.
|
||
- bpo#43260: Fix TextIOWrapper can not flush internal buffer
|
||
forever after very large text is written.
|
||
- bpo#42782: Fail fast in shutil.move() to avoid creating
|
||
destination directories on failure.
|
||
- bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn
|
||
introduced in Python 3.7.
|
||
- bpo#43199: Answer “Why is there no goto?” in the Design and
|
||
History FAQ.
|
||
- bpo#43407: Clarified that a result from time.monotonic(),
|
||
time.perf_counter(), time.process_time(), or
|
||
time.thread_time() can be compared with the result from any
|
||
following call to the same function - not just the next
|
||
immediate call.
|
||
- bpo#27646: Clarify that ‘yield from <expr>’ works with any
|
||
iterable, not just iterators.
|
||
- bpo#36346: Update some deprecated unicode APIs which are
|
||
documented as “will be removed in 4.0” to “3.12”. See PEP 623
|
||
for detail.
|
||
- bpo#37945: Fix test_getsetlocale_issue1813() of test_locale:
|
||
skip the test if setlocale() fails. Patch by Victor Stinner.
|
||
- bpo#41561: Add workaround for Ubuntu’s custom OpenSSL
|
||
security level policy.
|
||
- bpo#43288: Fix test_importlib to correctly skip Unicode file
|
||
tests if the fileystem does not support them.
|
||
- bpo#43617: Improve configure.ac: Check for presence of
|
||
autoconf-archive package and remove our copies of M4 macros.
|
||
- bpo#42225: Document that IDLE can fail on Unix either from
|
||
misconfigured IP masquerage rules or failure displaying
|
||
complex colored (non-ascii) characters.
|
||
- bpo#43283: Document why printing to IDLE’s Shell is often
|
||
slower than printing to a system terminal and that it can be
|
||
made faster by pre-formatting a single string before
|
||
printing.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 19 16:58:38 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.9.2:
|
||
- bpo#42938 (bsc#1181126): Avoid static buffers when computing
|
||
the repr of ctypes.c_double and ctypes.c_longdouble
|
||
values. This issue was assigned CVE-2021-3177.
|
||
- bpo#42967 (bsc#1182379): Fix web cache poisoning
|
||
vulnerability by defaulting the query args separator to &,
|
||
and allowing the user to choose a custom separator. This
|
||
issue was assigned CVE-2021-23336.
|
||
- Upstreamed patches were removed:
|
||
- CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
|
||
- bsc1167501-invalid-alignment.patch
|
||
- skip_random_failing_tests.patch
|
||
- CVE-2019-5010-null-defer-x509-cert-DOS.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 9 01:37:59 UTC 2021 - Steve Kowalik <steven.kowalik@suse.com>
|
||
|
||
- Add Obsoletes for python3-base when primary interpreter is set to
|
||
properly replace it during upgrades. (bsc#1181324)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 8 22:02:03 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.9.1:
|
||
Security bugs:
|
||
- Prevented potential DoS attack via CPU and RAM exhaustion
|
||
when processing malformed Apple Property List files in binary
|
||
format.
|
||
- The plistlib module no longer accepts entity declarations in
|
||
XML plist files to avoid XML vulnerabilities. This should not
|
||
affect users as entity declarations are not used in regular
|
||
plist files.
|
||
- Add volatile to the accumulator variable in
|
||
hmac.compare_digest, making constant-time-defeating
|
||
optimizations less likely.
|
||
Core and Builtins
|
||
- Allow assignment expressions in set literals and set
|
||
comprehensions as per PEP 572. Patch by Pablo Galindo.
|
||
- Fix a regression introduced by the new parser, where an
|
||
unparenthesized walrus operator was not allowed within
|
||
generator expressions.
|
||
- types.GenericAlias objects can now be the targets of
|
||
weakrefs.
|
||
- Fixed a bug in the PEG parser that was causing crashes in
|
||
debug mode. Now errors are checked in left-recursive rules to
|
||
avoid cases where such errors do not get handled in time and
|
||
appear as long-distance crashes in other places.
|
||
- Fixed a possible crash in the PEG parser when checking for
|
||
the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo
|
||
Galindo.
|
||
- Fix handling of errors during creation of PyFunctionObject,
|
||
which resulted in operations on uninitialized memory. Patch
|
||
by Yonatan Goldschmidt.
|
||
- Fix a bug in the parser, where a curly brace following
|
||
a primary didn’t fail immediately. This led to invalid
|
||
expressions like a {b} to throw a SyntaxError with a wrong
|
||
offset, or invalid expressions ending with a curly brace like
|
||
a { to not fail immediately in the REPL.
|
||
- Fix possible buffer overflow in the new parser when checking
|
||
for continuation lines. Patch by Pablo Galindo.
|
||
- Run the parser two times. On the first run, disable all the
|
||
rules that only generate better error messages to gain
|
||
performance. If there’s a parse failure, run the parser
|
||
a second time with those enabled.
|
||
- Document the default implementation of object.__eq__.
|
||
- Fix peephole optimizer misoptimize conditional jump
|
||
+ JUMP_IF_NOT_EXC_MATCH pair.
|
||
- The garbage collector now tracks all user-defined classes.
|
||
Patch by Brandt Bucher.
|
||
- Fixed potential issues with removing not completely
|
||
initialized module from sys.modules when import fails.
|
||
- Star-unpacking is now allowed for with item’s targets in the
|
||
PEG parser.
|
||
- Fixed stack overflow in issubclass() and isinstance() when
|
||
getting the __bases__ attribute leads to infinite recursion.
|
||
- When loading a native module and a load failure occurs,
|
||
prevent a possible UnicodeDecodeError when not running in
|
||
a UTF-8 locale by decoding the load error message using the
|
||
current locale’s encoding.
|
||
- Correctly count control blocks in ‘except’ in compiler.
|
||
Ensures that a syntax error, rather a fatal error, occurs for
|
||
deeply nested, named exception handlers.
|
||
Library
|
||
- types.GenericAlias will now raise a TypeError when attempting
|
||
to initialize with a keyword argument. Previously, this would
|
||
cause the interpreter to crash if the interpreter was
|
||
compiled with debug symbols. This does not affect
|
||
interpreters compiled for release. Patch by Ken Jin.
|
||
- CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly
|
||
parsed. Replace the special purpose getallmatchingheaders
|
||
with generic get_all method and add relevant tests.
|
||
- inspect.findsource() now raises OSError instead of IndexError
|
||
when co_lineno of a code object is greater than the file
|
||
length. This can happen, for example, when a file is edited
|
||
after it was imported. PR by Irit Katriel.
|
||
- Fix handling of trailing comments by inspect.getsource().
|
||
- ChainMap.__iter__ no longer calls __getitem__ on underlying
|
||
maps
|
||
- TracebackException no longer holds a reference to the
|
||
exception’s traceback object. Consequently, instances of
|
||
TracebackException for equivalent but non-equal exceptions
|
||
now compare as equal.
|
||
- We fixed an issue in pickle.whichmodule in which importing
|
||
multiprocessing could change the how pickle identifies which
|
||
module an object belongs to, potentially breaking the
|
||
unpickling of those objects.
|
||
- Clarify the error message for asyncio.IncompleteReadError
|
||
when expected is None.
|
||
- Extracting a symlink from a tarball should succeed and
|
||
overwrite the symlink if it already exists. The fix is to
|
||
remove the existing file or symlink before extraction. Based
|
||
on patch by Chris AtLee, Jeffrey Kintscher, and Senthil
|
||
Kumaran.
|
||
- Fixed tkinter.ttk.Style.map(). The function accepts now the
|
||
representation of the default state as empty sequence (as
|
||
returned by Style.map()). The structure of the result is now
|
||
the same on all platform and does not depend on the value of
|
||
wantobjects.
|
||
- Fix various issues with typing.Literal parameter handling
|
||
(flatten, deduplicate, use type to cache key). Patch provided
|
||
by Yurii Karabas.
|
||
- Fix the threading.Thread class at fork: do nothing if the
|
||
thread is already stopped (ex: fork called at Python exit).
|
||
Previously, an error was logged in the child process.
|
||
- The onerror callback from shutil.rmtree now receives correct
|
||
function when os.open fails.
|
||
- Fix os.sendfile() on illumos.
|
||
- Fixed writing binary Plist files larger than 4 GiB.
|
||
- The repr() of typing types containing Generic Alias Types
|
||
previously did not show the parameterized types in the
|
||
GenericAlias. They have now been changed to do so.
|
||
- webbrowser: Ignore NotADirectoryError when calling
|
||
xdg-settings.
|
||
- binhex.binhex() consisently writes macOS 9 line endings.
|
||
- Fix a stack overflow error for asyncio Task or Future repr().
|
||
- The overflow occurs under some circumstances when a Task or
|
||
Future recursively returns itself.
|
||
- Fix memory leak in subprocess.Popen() in case an uid (gid)
|
||
specified in user (group, extra_groups) overflows uid_t
|
||
(gid_t).
|
||
- Improve asyncio.wait function to create the futures set just
|
||
one time.
|
||
- InvalidFileException and RecursionError are now the only
|
||
errors caused by loading malformed binary Plist file
|
||
(previously ValueError and TypeError could be raised in some
|
||
specific cases).
|
||
- Pickling heap types implemented in C with protocols 0 and
|
||
1 raises now an error instead of producing incorrect data.
|
||
- plistlib: fix parsing XML plists with hexadecimal integer
|
||
values
|
||
- Fix an incorrectly formatted error from
|
||
_codecs.charmap_decode() when called with a mapped value
|
||
outside the range of valid Unicode code points. PR by Max
|
||
Bernstein.
|
||
- Fix pickling pure Python datetime.time subclasses. Patch by
|
||
Dean Inwood.
|
||
- Fixed a bug that was causing ctypes.util.find_library() to
|
||
return None when triying to locate a library in an
|
||
environment when gcc>=9 is available and ldconfig is not.
|
||
Patch by Pablo Galindo
|
||
- C14N 2.0 serialisation in xml.etree.ElementTree failed for
|
||
unprefixed attributes when a default namespace was defined.
|
||
- Fix a bug in the symtable module that was causing
|
||
module-scope global variables to not be reported as both
|
||
local and global. Patch by Pablo Galindo.
|
||
- str() for the type attribute of the tkinter.Event object
|
||
always returns now the numeric code returned by Tk instead of
|
||
the name of the event type.
|
||
- fix tkinter.EventType Enum so all members are strings, and
|
||
none are tuples
|
||
- Fix SQLite3 segfault when backing up closed database. Patch
|
||
contributed by Peter David McCormick.
|
||
- Fix the tarfile module to write only basename of TAR file to
|
||
GZIP compression header.
|
||
- Allow ctypes.wintypes to be imported on non-Windows systems.
|
||
- shutil.which() now ignores empty entries in PATHEXT instead
|
||
of treating them as a match.
|
||
- Fix time-of-check/time-of-action issue in
|
||
subprocess.Popen.send_signal.
|
||
- Fix --outfile for cProfile / profile not writing the output
|
||
file in the original directory when the program being
|
||
profiled changes the working directory. PR by Anthony
|
||
Sottile.
|
||
- ZipFile truncates files to avoid corruption when a shorter
|
||
comment is provided in append (“a”) mode. Patch by Jan Mazur.
|
||
- Fixed KeyError exception when flattening an email to a string
|
||
attempts to replace a non-existent Content-Transfer-Encoding
|
||
header.
|
||
Documentation
|
||
- Fix the URL for the IMAP protocol documents.
|
||
- Document __format__ functionality for IP addresses.
|
||
- Clarify that subscription expressions are also valid for
|
||
certain classes and types in the standard library, and for
|
||
user-defined classes and types if the classmethod
|
||
__class_getitem__() is provided.
|
||
- Documented generic alias type and types.GenericAlias. Also
|
||
added an entry in glossary for generic types.
|
||
- In Programming FAQ “Sequences (Tuples/Lists)” section, add
|
||
“How do you remove multiple items from a list”.
|
||
- Fix RemovedInSphinx40Warning when building the documentation.
|
||
Patch by Dong-hee Na.
|
||
- Update the refcounts info of PyType_FromModuleAndSpec.
|
||
- Fix tarfile’s extractfile documentation
|
||
- Document some restrictions on the default string
|
||
representations of numeric classes.
|
||
Tests
|
||
- Reenable test_gdb on gdb 9.2 and newer:
|
||
https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is
|
||
fixed in gdb 10.1.
|
||
- Fix test_asyncio.test_call_later() race condition: don’t
|
||
measure asyncio performance in the call_later() unit test.
|
||
The test failed randomly on the CI.
|
||
- Include _testinternalcapi module in Windows installer for
|
||
test suite
|
||
- Fix test_logging.test_race_between_set_target_and_flush():
|
||
the test now waits until all threads complete to avoid
|
||
leaking running threads.
|
||
- Avoid a test failure in test_lib2to3 if the module has
|
||
already imported at the time the test executes. Patch by
|
||
Pablo Galindo.
|
||
- Tests for CJK codecs no longer call eval() on content
|
||
received via HTTP.
|
||
- Fix test_site.test_license_exists_at_url(): call
|
||
urllib.request.urlcleanup() to reset the global
|
||
urllib.request._opener. Patch by Victor Stinner.
|
||
- test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is
|
||
not available
|
||
- Add tests for SIGINT handling in the runpy module.
|
||
- Fixed a failure in test_tk.test_widgets.ScaleTest happening
|
||
when executing the test with Tk 8.6.10.
|
||
Build
|
||
- Fix a race condition in “make regen-all” when make -jN option
|
||
is used to run jobs in parallel. The clinic.py script now
|
||
only use atomic write to write files. Moveover, generated
|
||
files are now left unchanged if the content does not change,
|
||
to not change the file modification time.
|
||
- Update Py_UNREACHABLE to use __builtin_unreachable() if only
|
||
the compiler is able to use it. Patch by Dong-hee Na.
|
||
- Addressed three compiler warnings found by undefined behavior
|
||
sanitizer (ubsan).
|
||
IDLE
|
||
- Fix reporting offset of the RE error in searchengine.
|
||
- Get docstrings for IDLE calltips more often by using
|
||
inspect.getdoc.
|
||
- Mostly finish using ttk widgets, mainly for editor, settings,
|
||
and searches. Some patches by Mark Roseman.
|
||
- Use ‘IDLE Shell’ as shell title
|
||
- Rewrite the Calltips doc section.
|
||
- In calltips, stop reminding that ‘/’ marks the end of
|
||
positional-only arguments.
|
||
- Typing opening and closing parentheses inside the parentheses
|
||
of a function call will no longer cause unnecessary
|
||
“flashing” off and on of an existing open call-tip, e.g. when
|
||
typed in a string literal.
|
||
C API
|
||
- Fix potential crash in deallocating method objects when
|
||
dynamically allocated PyMethodDef’s lifetime is managed
|
||
through the self argument of a PyCFunction.
|
||
- Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are
|
||
available again in limited API.
|
||
- Readjustet and reapplied patches:
|
||
- CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
|
||
- bpo-31046_ensurepip_honours_prefix.patch
|
||
- python-3.3.0b1-fix_date_time_compiler.patch
|
||
- skip_random_failing_tests.patch
|
||
- sphinx-update-removed-function.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 29 17:22:48 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
|
||
bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
|
||
_ctypes/callproc.c, which may lead to remote code execution.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 5 09:15:36 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- (bsc#1180125) We really don't Require python-rpm-macros package.
|
||
Unnecessary dependency.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 16 16:08:42 UTC 2020 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Make python39-doc building again
|
||
- Add no-skipif-doctests.patch, because SLE-15 version of Sphinx
|
||
doesn't know about skipif directive in doctests.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Dec 12 14:29:33 UTC 2020 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update sphinx-update-removed-function.patch patch to the latest
|
||
version in python36.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 10 00:26:51 UTC 2020 - Benjamin Greiner <code@bnavigator.de>
|
||
|
||
- Last try before this results in an editwar:
|
||
* remove importlib_resources and importlib-metadata
|
||
provides/obsoletes
|
||
* import importlib_resources is not the same as
|
||
import importlib.resources, same for metadata
|
||
* The backport packages from PyPI needed for older flavors are
|
||
specified as such for setuptools or in pyproject.toml. If a
|
||
package requires them they typically add them with a python
|
||
version qualifier and the packages have their own version
|
||
numbers.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Dec 5 16:55:12 UTC 2020 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Add patch sphinx-update-removed-function.patch to no longer call
|
||
a now removed function and to make documentation build independent of
|
||
the Sphinx version (bsc#1179630, gh#python/cpython#13236).
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 13 17:20:08 UTC 2020 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Don't require packages which break build on SLE-15 although we really
|
||
don't need them (python3-python-docs-theme and
|
||
python3-sphinxcontrib-qthelp).
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 9 16:05:50 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
|
||
|
||
- Fix build with RPM 4.16: error: bare words are no longer
|
||
supported, please use "...": x86 == ppc.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 6 07:30:56 UTC 2020 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to the final version 3.9.0:
|
||
Complete changelog with all (many)
|
||
changes from previous version is on
|
||
https://docs.python.org/release/3.9.0/whatsnew/3.9.html
|
||
Changes from the previous RC versions (not that many) are on
|
||
https://docs.python.org/release/3.9.0/whatsnew/changelog.html#changelog
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 25 06:58:03 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
|
||
|
||
- Buildrequire timezone only for general flavor. It's used in this
|
||
flavor for the test suite.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 2 14:39:44 UTC 2020 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.9.0rc1:
|
||
* Core and Builtins
|
||
- bpo-38156: Handle interrupts that come after EOF
|
||
correctly in PyOS_StdioReadline.
|
||
* Library
|
||
- bpo-41497: Fix potential UnicodeDecodeError in dis
|
||
module.
|
||
- bpo-41490: Update ensurepip to install pip 20.2.1 and
|
||
setuptools 49.2.1.
|
||
- bpo-41467: On Windows, fix asyncio recv_into() return
|
||
value when the socket/pipe is closed (BrokenPipeError):
|
||
return 0 rather than an empty byte string (b'').
|
||
- bpo-41425: Make tkinter doc example runnable.
|
||
- bpo-41384: Raise TclError instead of TypeError when an
|
||
unknown option is passed to tkinter.OptionMenu.
|
||
- bpo-38731: Fix NameError in command-line interface of
|
||
py_compile.
|
||
- bpo-41317: Use add_done_callback() in
|
||
asyncio.loop.sock_accept() to unsubscribe reader early on
|
||
cancellation.
|
||
- bpo-41364: Reduce import overhead of uuid.
|
||
- bpo-41341: Recursive evaluation of typing.ForwardRef in
|
||
get_type_hints.
|
||
- bpo-41182: selector: use DefaultSelector based upon
|
||
implementation
|
||
- bpo-40726: Handle cases where the end_lineno is None on
|
||
ast.increment_lineno().
|
||
* Documentation
|
||
- bpo-41045: Add documentation for debug feature of
|
||
f-strings.
|
||
- bpo-41314: Changed the release when from __future__
|
||
import annotations becomes the default from 4.0 to 3.10
|
||
(following a change in PEP 563).
|
||
* Windows
|
||
- bpo-41492: Fixes the description that appears in UAC
|
||
prompts.
|
||
- bpo-40948: Improve post-install message to direct people
|
||
to the “py” command.
|
||
- bpo-41412: The installer will now fail to install on
|
||
Windows 7 and Windows 8. Further, the UCRT dependency is
|
||
now always downloaded on demand.
|
||
- bpo-40741: Update Windows release to include SQLite
|
||
3.32.3.
|
||
* IDLE
|
||
- bpo-41468: Improve IDLE run crash error message (which
|
||
users should never see).
|
||
- bpo-41373: Save files loaded with no line ending, as when
|
||
blank, or different line endings, by setting its line
|
||
ending to the system default. Fix regression in 3.8.4 and
|
||
3.9.0b4.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 1 10:15:06 UTC 2020 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Synchronize formatting and fixes with python38.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 20 15:41:28 UTC 2020 - Andreas Schwab <schwab@suse.de>
|
||
|
||
- Increase testsuite timeout to account for super long running
|
||
test_peg_generator
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 21 09:53:06 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
|
||
|
||
- Removed CVE-2019-20907_tarfile-inf-loop.patch: fixed in upstream
|
||
- Removed recursion.tar: contained in upstream
|
||
- Update to 3.9.0b5:
|
||
- bpo-41304: Fixes python3x._pth being ignored on Windows, caused
|
||
by the fix for bpo-29778 (CVE-2020-15801).
|
||
- bpo-41162: Audit hooks are now cleared later during
|
||
finalization to avoid missing events.
|
||
- bpo-29778: Ensure python3.dll is loaded from correct locations
|
||
when Python is embedded (CVE-2020-15523).
|
||
- bpo-39603: Prevent http header injection by rejecting control
|
||
characters in http.client.putrequest(…).
|
||
- bpo-41295: Resolve a regression in CPython 3.8.4 where defining
|
||
“__setattr__” in a multi-inheritance setup and
|
||
calling up the hierarchy chain could fail if builtins/extension
|
||
types were involved in the base types.
|
||
- bpo-41247: Always cache the running loop holder when running
|
||
asyncio.set_running_loop.
|
||
- bpo-41252: Fix incorrect refcounting in
|
||
_ssl.c’s _servername_callback().
|
||
- bpo-41215: Use non-NULL default values in the PEG parser
|
||
keyword list to overcome a bug that was '
|
||
preventing Python from being properly compiled when using the
|
||
XLC compiler. Patch by Pablo Galindo.
|
||
- bpo-41218: Python 3.8.3 had a regression where compiling with
|
||
ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would
|
||
aggressively mark list comprehension with CO_COROUTINE. Now only
|
||
list comprehension making use of async/await will tagged as so.
|
||
- bpo-41175: Guard against a NULL pointer dereference within
|
||
bytearrayobject triggered by the bytearray() + bytearray() operation.
|
||
- bpo-39960: The “hackcheck” that prevents sneaking around a type’s
|
||
__setattr__() by calling the superclass method was
|
||
rewritten to allow C implemented heap types.
|
||
- bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the
|
||
C implementation raises now UnpicklingError instead of crashing.
|
||
- bpo-39017: Avoid infinite loop when reading specially crafted
|
||
TAR files using the tarfile module (CVE-2019-20907, bsc#1174091).
|
||
- bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params().
|
||
- bpo-41207: In distutils.spawn, restore expectation that
|
||
DistutilsExecError is raised when the command is not found.
|
||
- bpo-39168: Remove the __new__ method of typing.Generic.
|
||
- bpo-41194: Fix a crash in the _ast module: it can no longer be
|
||
loaded more than once. It now uses a global state rather than a module state.
|
||
- bpo-39384: Fixed email.contentmanager to allow set_content() to set a
|
||
null string.
|
||
- bpo-41300: Save files with non-ascii chars.
|
||
Fix regression released in 3.9.0b4 and 3.8.4.
|
||
- bpo-37765: Add keywords to module name completion list.
|
||
Rewrite Completions section of IDLE doc.
|
||
- bpo-40170: Revert PyType_HasFeature() change: it reads
|
||
again directly the PyTypeObject.tp_flags
|
||
member when the limited C API is not used, rather than always calling
|
||
PyType_GetFlags() which hides implementation details.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 20 12:06:41 UTC 2020 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091
|
||
(CVE-2019-20907, bpo#39017) avoiding possible infinite loop
|
||
in specifically crafted tarball.
|
||
Add recursion.tar as a testing tarball for the patch.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 17 07:07:19 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
|
||
|
||
- Changed bpo-31046_ensurepip_honours_prefix.patch to include fix from py3.8
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 16 21:45:50 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
|
||
|
||
- Spec file fixes
|
||
- Re-added subprocess-raise-timeout.patch: now compatible
|
||
- Removed bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch: contained in upstream
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 15 09:10:42 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Fix minor issues found in the staging.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 15 06:13:33 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Do not set ourselves as primary interpreter
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 14 20:45:11 UTC 2020 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.9.0b4:
|
||
- PEP 584, Union Operators in dict
|
||
- PEP 585, Type Hinting Generics In Standard Collections
|
||
- PEP 593, Flexible function and variable annotations
|
||
- PEP 602, Python adopts a stable annual release cadence
|
||
- PEP 615, Support for the IANA Time Zone Database in the
|
||
Standard Library
|
||
- PEP 616, String methods to remove prefixes and suffixes
|
||
- PEP 617, New PEG parser for CPython
|
||
- bpo#38379, garbage collection does not block on resurrected
|
||
objects;
|
||
- bpo#38692, os.pidfd_open added that allows process
|
||
management without races and signals;
|
||
- bpo#39926, Unicode support updated to version 13.0.0;
|
||
- bpo#1635741, when Python is initialized multiple times in
|
||
the same process, it does not leak memory anymore;
|
||
- A number of Python builtins (range, tuple, set, frozenset,
|
||
list, dict) are now sped up using PEP 590 vectorcall;
|
||
- A number of Python modules (_abc, audioop, _bz2, _codecs,
|
||
_contextvars, _crypt, _functools, _json, _locale, operator,
|
||
resource, time, _weakref) now use multiphase initialization
|
||
as defined by PEP 489;
|
||
- A number of standard library modules (audioop, ast, grp,
|
||
_hashlib, pwd, _posixsubprocess, random, select, struct,
|
||
termios, zlib) are now using the stable ABI defined by
|
||
PEP 384.
|
||
- Remove upstreamed patches:
|
||
- F00102-lib64.patch
|
||
- SUSE-FEDORA-multilib.patch
|
||
- OBS_dev-shm.patch
|
||
- subprocess-raise-timeout.patch
|
||
- bpo36302-sort-module-sources.patch
|
||
- bpo40784-Fix-sqlite3-deterministic-test.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 10 10:55:15 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update pre_checkin.sh and regenerate
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 10 10:11:39 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Convert few dependencies to their pkgconfig counterparts
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 10 10:08:48 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Remove release requirement on libpython, it is not really needed
|
||
to be equal as the abi changes with versions
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 10 10:07:50 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add provides python3-bla on all the subpkgs in case we are
|
||
primary provider of the functionality
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 10 10:02:01 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Remove unversioned files from devel subpkg too
|
||
- Remove main python3 files from -base based whether we are
|
||
primary interpreter or not
|
||
- Fix idle to be co-installable
|
||
- Add condition to be primary to provide/obsolete python3-*
|
||
- Fix doc to build in versioned folder so the pythons can be
|
||
installed next to each other
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 10 07:57:10 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Revert the full versioning of calls on the macros. These
|
||
are generic so they should really just call python3 X
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 10 07:56:11 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- For the doc package we can build with generic flavor, we don't
|
||
need the our-interpreter based one
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 10 07:18:53 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add provides for pytohn3X-typing/etc to allow BR on those still
|
||
to work when needed
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 10 07:14:33 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Change macros.python3 to use full versioned 3.8 instead of just 3
|
||
for python interpreter
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 1 11:50:19 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Reduce some now unused conditionals
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 1 11:00:40 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Redux the -base dependencies to match up pre-merge layout
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 1 09:24:39 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Generate baselibs in pre-checkin too
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 1 09:14:33 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Generate the importlib-failed using pre_checking again
|
||
- Add back the information about skipped tests on the pre_checkin
|
||
output
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 30 07:11:19 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Use %python_pkg_name instead of hardcoding python3 where
|
||
applicable
|
||
- Sort out preamble with spec-cleaner
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 29 14:36:10 UTC 2020 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Calculate required variables instead of relying on their continuous manual update
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 25 10:44:08 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Fix the -base module build again to generate only the deps
|
||
we need
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 17 18:42:51 UTC 2020 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Replace OBS_dev-shm.patch with the upstream PR#20944
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 10 14:30:15 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Use the %{python_pkg_name} on more places to allow easier
|
||
multiversioning
|
||
- Switch to _multibuild approach for easier maintenance of this
|
||
package. All is now in one spec file with 3 conditionals:
|
||
* bcond_with base
|
||
* bcond_with doc
|
||
* bcond_with general
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 8 14:26:00 UTC 2020 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- add requires python3-base on libpython subpackage (bsc#1167008)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 5 06:08:12 UTC 2020 - Dirk Mueller <dmueller@suse.com>
|
||
|
||
- build against Sphinx 2.x until python is compatible with
|
||
Sphinx 3.x (see gh#python/cpython#19397, bpo#40204)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 29 19:59:01 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Fix build with SQLite 3.32 (bpo#40783)
|
||
add bpo40784-Fix-sqlite3-deterministic-test.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sun May 17 15:37:35 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
|
||
|
||
- Update to version 3.8.3:
|
||
- Complete list of changes is available at
|
||
https://docs.python.org/release/3.8.3/whatsnew/changelog.html#python-3-8-3-final,
|
||
but most of them are just bugfixes.
|
||
- Removed patch CVE-2020-8492-urllib-ReDoS.patch: contained in upstream
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 16 12:06:01 UTC 2020 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Add #!BuildIgnore: gdk-pixbuf-loader-rsvg to python3 SPEC
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 26 15:36:55 UTC 2020 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Add patch bsc1167501-invalid-alignment.patch
|
||
(bsc#1167501, bpo#40052) to fix alignment in abstract.h header file.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 11 11:09:41 UTC 2020 - Andreas Schwab <schwab@suse.de>
|
||
|
||
- Update list of skipped tests for qemu linux-user build, test_setegid
|
||
(test.test_os.PosixUidGidTests) is confusing it
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 5 18:40:29 UTC 2020 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.8.2:
|
||
- Complete list of changes is available at
|
||
https://docs.python.org/release/3.8.2/whatsnew/changelog.html#python-3-8-2-final,
|
||
but most of them are just bugfixes.
|
||
- Updated patches:
|
||
- F00102-lib64.patch
|
||
- OBS_dev-shm.patch
|
||
- SUSE-FEDORA-multilib.patch
|
||
- subprocess-raise-timeout.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Feb 9 00:14:24 CET 2020 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug
|
||
"Python urrlib allowed an HTTP server to conduct Regular
|
||
Expression Denial of Service (ReDoS)" (bsc#1162367)
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Feb 8 22:21:10 CET 2020 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Add Requires: libpython%{so_version} == %{version}-%{release}
|
||
to python3-base to keep both packages always synchronized
|
||
(bsc#1162224).
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 3 20:27:54 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Do not pull in bluez in base again, explain the cycle,
|
||
it needs to be solved by bluez maintainer for us by providing
|
||
just the headers separately
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 3 19:54:25 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Reame idle icons to idle3 in order to not conflict with python2
|
||
variant of the package
|
||
* renamed the icons
|
||
* renamed icon load in desktop file
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 16 09:50:03 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add importlib_resources provide/obsolete as it is integral
|
||
part of the lang since 3.7 release
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 13 11:10:47 UTC 2020 - Martin Liška <mliska@suse.cz>
|
||
|
||
- Add -fno-semantic-interposition as it brings speed up:
|
||
https://fedoraproject.org/wiki/Changes/PythonNoSemanticInterpositionSpeedup
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 19 16:25:26 CET 2019 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.8.1:
|
||
- This is mainly bugfix release and no significant changes to
|
||
API are expected. The full changelog is available on
|
||
https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-1
|
||
- Remove bpo-38688_shutil.copytree_prevent-infinite-recursion.patch,
|
||
which is included in the upstream tarball.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 19 14:57:32 CET 2019 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Add bpo-31046_ensurepip_honours_prefix.patch which makes
|
||
ensurepip to honour the value of $(prefix). Proposed fix for
|
||
bpo#31046..
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 10 11:07:16 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Move bluez-devel dependency to base as it is needed for
|
||
socket.AF_BLUETOOTH and otherwise does not work
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 2 16:52:32 CET 2019 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Reintroduce QtHelp with the help of the new BR
|
||
python-sphinxcontrib-qthelp.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 21 18:51:00 UTC 2019 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
|
||
|
||
- Fix SUSE-FEDORA-multilib.patch, the platform agnostic infix for
|
||
library installation is "lib", not "dir".
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 17 14:19:20 UTC 2019 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
|
||
|
||
- Move idle subpackage build from python3-base to python3.
|
||
appstream-glib required for packaging introduces considerable
|
||
extra dependencies and a build loop via rust/librsvg.
|
||
- Correct installation of idle IDE icons:
|
||
+ idle.png is not the target directory
|
||
+ non-GNOME-specific icons belong into icons/hicolor
|
||
- Add required Name key to idle3 desktop file
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 15 16:39:12 CEST 2019 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to the final release 3.8.0. .
|
||
- New Features:
|
||
- Assignment expressions
|
||
- Positional-only parameters
|
||
- Parallel filesystem cache for compiled bytecode files
|
||
- Debug build uses the same ABI as release build
|
||
- f-strings support = for self-documenting expressions and
|
||
debugging
|
||
- PEP 578: Python Runtime Audit Hooks
|
||
- PEP 587: Python Initialization Configuration
|
||
- Vectorcall: a fast calling protocol for CPython
|
||
- Pickle protocol 5 with out-of-band data buffers
|
||
- New modules:
|
||
- importlib.metadata
|
||
- Improved modules:
|
||
- ast asyncio, builtins, collections, curses, ctypes,
|
||
datetime, functools, gc, gettext, gzip, idelib and IDLE,
|
||
inspect, io, json.tool, math, mmap, multiprocessing, os,
|
||
os.path, pathlib, pickle, plistlib, py_compile, shlex,
|
||
shutil, socket, ssl, statistics, sys, tarfile, threading,
|
||
tokenize, tkinter, time, typing, unicodedata, unittest,
|
||
venv, weakref, xml
|
||
- C API improvements
|
||
- bdist_winnst command has been deprecated (use bdist_wheel)
|
||
- https://docs.python.org/3.8/whatsnew/3.8.html remains rest of
|
||
changes including documentation on how to port your programs to
|
||
the current version of Python.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 14 15:02:08 CEST 2019 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Add idle3.appdata.xml and idle3.desktop (originally from
|
||
Fedora) to make Idle3 full GUI desktop application.
|
||
(bsc#1153830)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 9 19:09:16 UTC 2019 - Michael Gorse <mgorse@suse.com>
|
||
|
||
- Drop intltool from BuildRequires. Doesn't appear to be used.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 9 10:37:59 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add folder version to allow tarball downloads even for beta/rc
|
||
releases
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 8 14:53:54 CEST 2019 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Revert patches from Fedora (F00102-lib64.patch and
|
||
F00251-change-user-install-location.patch) into their original
|
||
prisitine Fedora versions, SUSE-FEDORA-multilib.patch refreshed
|
||
accordingly.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 7 14:33:30 UTC 2019 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Correct quotation of platsubdir in Lib/distutils/command/install.py
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 3 13:59:57 CEST 2019 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Replace python-3.6.0-multilib.patch with two patches from
|
||
Fedora (F00102-lib64.patch and
|
||
F00251-change-user-install-location.patch), and our own
|
||
SUSE-FEDORA-multilib.patch to allow better cooperation with
|
||
Fedora and better upstreaming.
|
||
- Add OBS_dev-shm.patch fixing bpo#38377
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 3 08:39:18 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Pull in just gettext and let solver to sort out between:
|
||
gettext-runtime-mini and gettext-runtime
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 2 15:00:09 CEST 2019 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.8.0rc1. Overall changes from 3.7:
|
||
- PEP 572, Assignment expressions
|
||
- PEP 570, Positional-only arguments
|
||
- PEP 587, Python Initialization Configuration (improved
|
||
embedding)
|
||
- PEP 590, Vectorcall: a fast calling protocol for CPython
|
||
- PEP 578, Runtime audit hooks
|
||
- PEP 574, Pickle protocol 5 with out-of-band data
|
||
- Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal
|
||
types), and PEP 589 (TypedDict)
|
||
- Parallel filesystem cache for compiled bytecode
|
||
- Debug builds share ABI as release builds, also the 'm' ABI
|
||
tag was removed (irrelevant since 3.4), bpo#36707
|
||
- f-strings support a handy = specifier for debugging
|
||
- continue is now legal in finally: blocks
|
||
- on Windows, the default asyncio event loop is now
|
||
ProactorEventLoop
|
||
- on macOS, the spawn start method is now used by default in
|
||
multiprocessing
|
||
- multiprocessing can now use shared memory segments to avoid
|
||
pickling costs between processes
|
||
- typed_ast is merged back to CPython
|
||
- LOAD_GLOBAL is now 40% faster
|
||
- pickle now uses Protocol 4 by default, improving performance
|
||
- Refreshed patches:
|
||
- CVE-2019-5010-null-defer-x509-cert-DOS.patch
|
||
- python-3.3.0b1-fix_date_time_compiler.patch
|
||
- python-3.6.0-multilib.patch
|
||
- subprocess-raise-timeout.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 25 09:46:41 UTC 2019 - Bernhard Wiedemann <bwiedemann@suse.com>
|
||
|
||
- Add bpo36302-sort-module-sources.patch (boo#1041090)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 10 13:43:18 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Try harder obsoleting importlib-metadata
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Aug 31 00:16:47 CEST 2019 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.8.0b4:
|
||
Many bugfixes, full list on
|
||
https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-4
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 29 06:28:15 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
||
|
||
- Re-enable test_threading on aarch64
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Aug 17 13:21:15 UTC 2019 - John Vandenberg <jayvdb@gmail.com>
|
||
|
||
- Remove xrpm from subpackage tk description
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 6 14:24:55 CEST 2019 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.8.0b3:
|
||
Many bugfixes, full list on
|
||
https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-3
|
||
- Patches reapplied:
|
||
- python-3.3.0b1-fix_date_time_compiler.patch
|
||
- python-3.3.0b1-test-posix_fadvise.patch
|
||
- python-3.6.0-multilib.patch
|
||
- subprocess-raise-timeout.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 23 13:20:49 UTC 2019 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Add Provides: python3-importlib-metadata
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jul 7 19:08:48 CEST 2019 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.8.0b2:
|
||
Many bugfixes, full list on
|
||
https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-2
|
||
- Patches included in upstream:
|
||
- bpo-37169_PyObject_IsFreed.patch
|
||
- Patches reapplied:
|
||
- 00251-change-user-install-location.patch
|
||
- distutils-reproducible-compile.patch
|
||
- python-3.3.0b1-localpath.patch
|
||
- python-3.6.0-multilib.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 2 09:03:04 UTC 2019 - Andreas Schwab <schwab@suse.de>
|
||
|
||
- Update list of skipped tests for qemu linux-user build
|
||
- Don't do profiling in qemu linux-user build
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 5 12:19:09 CEST 2019 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.8.0b1 (changes since 3.7.*):
|
||
- PEP 572, Assignment expressions
|
||
- PEP 570, Positional-only arguments
|
||
- PEP 587, Python Initialization Configuration (improved embedding)
|
||
- PEP 590, Vectorcall: a fast calling protocol for CPython
|
||
- PEP 578, Runtime audit hooks
|
||
- PEP 574, Pickle protocol 5 with out-of-band data
|
||
- Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal
|
||
types), and PEP 589 (TypedDict)
|
||
- Parallel filesystem cache for compiled bytecode
|
||
- Debug builds share ABI as release builds
|
||
- f-strings support a handy = specifier for debugging
|
||
- continue is now legal in finally: blocks
|
||
- multiprocessing can now use shared memory segments to avoid
|
||
pickling costs between processes
|
||
- typed_ast is merged back to CPython
|
||
- LOAD_GLOBAL is now 40% faster
|
||
- pickle now uses Protocol 4 by default, improving performance
|
||
- Remove patches which were included in the upstream:
|
||
- 00251-change-user-install-location.patch
|
||
- 00316-mark-bdist_wininst-unsupported.patch
|
||
- CVE-2019-9947-no-ctrl-char-http.patch
|
||
- raise_SIGING_not_handled.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 22 10:53:03 UTC 2019 - Martin Liška <mliska@suse.cz>
|
||
|
||
- Set _lto_cflags to nil as the package is using LTO via --enable-lto.
|
||
That will prevent to propage LTO for Python modules that are
|
||
built in a separate package.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat May 4 21:29:20 CEST 2019 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.8.0.a3:
|
||
- PEP 572: Assignment Expressions.
|
||
- Other (mostly small) changes are on
|
||
https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-3
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 29 15:40:34 CEST 2019 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch
|
||
Address the issue by disallowing URL paths with embedded
|
||
whitespace or control characters through into the underlying
|
||
http client request. Such potentially malicious header
|
||
injection URLs now cause a ValueError to be raised.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 10 10:22:58 CEST 2019 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Fix metadata of patches.
|
||
- Rename boo1071941-make-install-in-sep-loc.patch to
|
||
00251-change-user-install-location.patch which is the original
|
||
name, so it can be looked up in the Fedora VCS.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 9 04:55:24 UTC 2019 - John Vandenberg <jayvdb@gmail.com>
|
||
|
||
- Mark distutils bdist_wininst command unsupported
|
||
with 00316-mark-bdist_wininst-unsupported.patch
|
||
- Remove Windows bdist_wininst executables from runtime package
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 9 01:21:45 CEST 2019 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.7.3, which is the maintenance release without any
|
||
significant changes in API.
|
||
- Updated patches:
|
||
- CVE-2019-5010-null-defer-x509-cert-DOS.patch
|
||
- distutils-reproducible-compile.patch
|
||
- python-3.3.0b1-fix_date_time_compiler.patch
|
||
- python-3.6.0-multilib.patch
|
||
- raise_SIGING_not_handled.patch
|
||
|
||
------------------------------------------------------------------
|
||
Wed Mar 20 14:59:58 UTC 2019 - Matěj Cepl <mcepl@suse.com>
|
||
|
||
- Remove building of Qt Develop help files.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 15 15:10:30 CET 2019 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Return distutils-reproducible-compile.patch which is still
|
||
missing (still unfinished bpo#29708).
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 25 23:30:56 CET 2019 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.8.0a2:
|
||
* List of all (mostly small) changes are on
|
||
https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-2
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 12 10:25:52 CET 2019 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Build nis module again.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 12 10:06:17 CET 2019 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to 3.8.0a1:
|
||
* The most visible change so far is probably the
|
||
implementation of PEP 572: Assignment Expressions. For
|
||
a detailed list of changes, see:
|
||
https://docs.python.org/3.8/whatsnew/changelog.html
|
||
* Recover building of nis module properly in python3 package
|
||
- Update patches:
|
||
* CVE-2019-5010-null-defer-x509-cert-DOS.patch
|
||
* python-3.3.0b1-fix_date_time_compiler.patch
|
||
* python-3.3.0b1-test-posix_fadvise.patch
|
||
* python-3.6.0-multilib.patch
|
||
* raise_SIGING_not_handled.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 30 18:07:49 CET 2019 - mcepl@suse.com
|
||
|
||
- Put LICENSE file where it belongs (bsc#1121852)
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com
|
||
|
||
- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch
|
||
fixing bpo-35746.
|
||
An exploitable denial-of-service vulnerability exists in the
|
||
X509 certificate parser of Python.org Python 2.7.11 / 3.7.2.
|
||
A specially crafted X509 certificate can cause a NULL pointer
|
||
dereference, resulting in a denial of service. An attacker can
|
||
initiate or accept TLS connections using crafted certificates
|
||
to trigger this vulnerability.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 8 12:51:01 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Do not require full gettext in order to avoid pulling in the
|
||
glib2 as a dependency
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 8 12:25:27 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 3.7.2:
|
||
* bugfix release:
|
||
https://docs.python.org/3.7/whatsnew/changelog.html#changelog
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 2 12:51:48 CET 2019 - mcepl@suse.com
|
||
|
||
- Stop applying python-3.6.0-multilib-new.patch (which is still
|
||
WIP), and apply the old proven python-3.6.0-multilib.patch
|
||
instead.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 19 19:29:44 UTC 2018 - Todd R <toddrme2178@gmail.com>
|
||
|
||
- Use upstream-recommended %{_rpmconfigdir}/macros.d directory
|
||
for the rpm macros.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 17 17:24:49 CET 2018 - mcepl@suse.com
|
||
|
||
- Upgrade to 3.7.2rc1:
|
||
* bugfix release, for the full list of all changes see
|
||
https://docs.python.org/3.7/whatsnew/changelog.html#changelog
|
||
- Make run of the test suite more verbose
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 11 01:52:45 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
|
||
|
||
- Write summaries without em dashes.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 3 13:27:54 UTC 2018 - Matěj Cepl <mcepl@suse.com>
|
||
|
||
- Remove python-3.3.0b1-curses-panel.patch it is unnecessary anymore.
|
||
- Add boo1071941-make-install-in-sep-loc.patch to make pip and
|
||
distutils in user environment install into separate location
|
||
(boo#1071941)
|
||
|
||
Set values of prefix and exec_prefix in distutils install
|
||
command to /usr/local if executable is /usr/bin/python* and RPM
|
||
build is not detected to make pip and distutils install into
|
||
separate location
|
||
- Remove finally python-3.3.3-skip-distutils-test_sysconfig_module.patch
|
||
- Remove distutils-reproducible-compile.patch which doesn't make
|
||
really much difference in reproducibility (see
|
||
gh#python/cpython#8057 and discussion there).
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Dec 1 00:14:28 CET 2018 - mcepl@suse.com
|
||
|
||
- Rename Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch
|
||
to bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 7 12:10:41 CET 2018 - mcepl@suse.com
|
||
|
||
- Add dependency on bluez-devel to build support for Bluetooth
|
||
(boo#1109998)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 6 13:52:45 CET 2018 - mcepl@suse.com
|
||
|
||
- Add devhelp subpackage and split qthelp into another
|
||
subpackage.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 24 12:38:00 UTC 2018 - Matěj Cepl <mcepl@suse.com>
|
||
|
||
- Remove python-3.0b1-record-rpm.patch and
|
||
Python-3.0b1-record-rpm.patch, as they are not needed anymore
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 23 14:14:16 UTC 2018 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Switch off test_threading for optimization builds.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 22 14:41:59 CEST 2018 - mcepl@suse.com
|
||
|
||
- Update to python-3.7.1. This is just a brief overview, complete
|
||
changelog available at
|
||
https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-1-final:
|
||
Library
|
||
bpo-34970: Protect tasks weak set manipulation in asyncio.all_tasks()
|
||
- Patches already accepted upstream are removed:
|
||
* 00307-allow-to-call-Py_Main-after-Py_Initialize.patch
|
||
* 00308-tls-1.3.patch
|
||
- New patches added:
|
||
* Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch
|
||
* raise_SIGING_not_handled.patch
|
||
- All other patches refreshed via quilt.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 22 12:22:19 UTC 2018 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Add raise_SIGING_not_handled.patch to fix bsc#1094814
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 17 14:04:35 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add patch to fix importlib return types:
|
||
* python3-imp-returntype.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 15 13:46:32 CEST 2018 - mcepl@suse.com
|
||
|
||
- bpo-34022 still not completely fixed, so we have to keep
|
||
excluding test_cmd_line_script,
|
||
test_multiprocessing_main_handling, and test_runpy from the
|
||
test suite.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Oct 14 15:57:24 UTC 2018 - Matej Cepl <mcepl@suse.com>
|
||
|
||
- Update to python 3.7.1~rc2:
|
||
Core and Builtins
|
||
bpo-34879: Fix a possible null pointer dereference in
|
||
bytesobject.c. Patch by Zackery Spytz.
|
||
bpo-34854: Fixed a crash in compiling string annotations
|
||
containing a lambda with a keyword-only argument that
|
||
doesn’t have a default value.
|
||
bpo-34320: Fix dict(od) didn’t copy iteration order of
|
||
OrderedDict.
|
||
Library
|
||
bpo-34769: Fix for async generators not finalizing when event
|
||
loop is in debug mode and garbage collector runs in another
|
||
thread.
|
||
bpo-34922: Fixed integer overflow in the digest() and
|
||
hexdigest() methods for the SHAKE algorithm in the hashlib
|
||
module.
|
||
bpo-34900: Fixed unittest.TestCase.debug() when used to call
|
||
test methods with subtests. Patch by Bruno Oliveira.
|
||
bpo-34871: Fix inspect module polluted sys.modules when parsing
|
||
__text_signature__ of callable.
|
||
bpo-34872: Fix self-cancellation in C implementation of
|
||
asyncio.Task
|
||
bpo-34819: Use a monotonic clock to compute timeouts in
|
||
Executor.map() and as_completed(), in order to prevent
|
||
timeouts from deviating when the system clock is adjusted.
|
||
bpo-34334: In QueueHandler, clear exc_text from LogRecord to
|
||
prevent traceback from being written twice.
|
||
bpo-6721: Acquire the logging module’s commonly used internal
|
||
locks while fork()ing to avoid deadlocks in the child
|
||
process.
|
||
bpo-34172: Fix a reference issue inside multiprocessing.Pool
|
||
that caused the pool to remain alive if it was deleted
|
||
without being closed or terminated explicitly.
|
||
Documentation
|
||
bpo-32174: chm document displays non-ASCII charaters properly on
|
||
some MBCS Windows systems.
|
||
Tests
|
||
bpo-32962: Fixed test_gdb when Python is compiled with flags
|
||
-mcet -fcf-protection -O0.
|
||
C API
|
||
bpo-34910: Ensure that PyObject_Print() always returns -1 on
|
||
error. Patch by Zackery Spytz.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 12 20:46:58 CEST 2018 - mcepl@suse.com
|
||
|
||
- Add Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch to
|
||
fix problems with SOURCE_DATE_EPOCH variable (bpo-34022)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 17 09:44:02 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add patch to fix build with tls1.3 supported openssl
|
||
* 00308-tls-1.3.patch
|
||
- Add patch to fix Py_Main calls after Py_initialize
|
||
* 00307-allow-to-call-Py_Main-after-Py_Initialize.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 3 15:22:42 UTC 2018 - Matěj Cepl <mcepl@suse.com>
|
||
|
||
- Add -fwrapv to OPTS, which is default for python3 anyway
|
||
See for example https://github.com/zopefoundation/persistent/issues/86
|
||
for bugs which are caused by avoiding it.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 10 11:12:32 UTC 2018 - mcepl@suse.com
|
||
|
||
- Fix ownership of _contextvars, _queue, and _xxtestfuzz
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 3 15:04:48 UTC 2018 - mcepl@suse.com
|
||
|
||
- Switch off LTO for distros with older GCC
|
||
- Fix %files
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 29 14:20:03 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Add dependency over libuuid-devel
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 28 10:42:15 UTC 2018 - mimi.vx@gmail.com
|
||
|
||
- update to python 3.7.0
|
||
Complete overview of changes is available on
|
||
https://docs.python.org/3/whatsnew/3.7.html, these are just
|
||
highlights:
|
||
* PEP 563, postponed evaluation of type annotations.
|
||
* async and await are now reserved keywords.
|
||
* New library modules:
|
||
contextvars: PEP 567 – Context Variables
|
||
dataclasses: PEP 557 – Data Classes
|
||
importlib.resources
|
||
* New built-in features:
|
||
PEP 553, the new breakpoint() function.
|
||
* Python data model improvements:
|
||
PEP 562, customization of access to module attributes.
|
||
PEP 560, core support for typing module and generic types.
|
||
the insertion-order preservation nature of dict objects
|
||
has been declared to be an official part of the Python
|
||
language spec.
|
||
* Significant improvements in the standard library:
|
||
The asyncio module has received new features, significant
|
||
usability and performance improvements.
|
||
The time module gained support for functions with
|
||
nanosecond resolution.
|
||
* CPython implementation improvements:
|
||
Avoiding the use of ASCII as a default text encoding:
|
||
PEP 538, legacy C locale coercion
|
||
PEP 540, forced UTF-8 runtime mode
|
||
PEP 552, deterministic .pycs
|
||
the new development runtime mode
|
||
PEP 565, improved DeprecationWarning handling
|
||
* C API improvements:
|
||
PEP 539, new C API for thread-local storage
|
||
* Documentation improvements:
|
||
PEP 545, Python documentation translations
|
||
New documentation translations: Japanese, French, and Korean.
|
||
- drop python3-sorted_tar.patch
|
||
- drop 0001-allow-for-reproducible-builds-of-python-packages.patch
|
||
- refresh python-3.6.0-multilib-new.patch
|
||
- refresh subprocess-raise-timeout.patch
|
||
* new C API for thread-local storage
|
||
* Deterministic pyc files
|
||
* Built-in breakpoint()
|
||
* Data Classes
|
||
* Core support for typing module and generic types
|
||
* Customization of access to module attributes
|
||
* Postponed evaluation of annotations
|
||
* Time functions with nanosecond resolution
|
||
* Improved DeprecationWarning handling
|
||
* Context Variables
|
||
* Avoiding the use of ASCII as a default text encoding
|
||
(PEP 538, legacy C locale coercion and PEP 540, forced UTF-8 runtime mode)
|
||
* The insertion-order preservation nature of dict objects is now
|
||
an official part of the Python language spec.
|
||
* Notable performance improvements in many areas.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 17 18:26:42 UTC 2018 - hpj@urpla.net
|
||
|
||
- disable lto with gcc versions below 7 (results in link failures)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 30 15:23:24 UTC 2018 - jengelh@inai.de
|
||
|
||
- Use faster find subcommand execution strategies.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 20 16:17:29 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Do not mention the testsuite disabling in opts as it was moved to
|
||
main pkg so base is test-free
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 17 08:36:08 UTC 2018 - tchvatal@suse.com
|
||
|
||
- As we run in main python package do not generate the pre_checkin
|
||
from both now
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 16 14:11:56 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Move the tests from base to generic package wrt bsc#1088573
|
||
* We still fail the whole distro if python3 is not build
|
||
* The other archs than x86_64 took couple of hours to unblock
|
||
build of other software, this way we work around the issue
|
||
- Some tests are still run in -base for the LTO tweaking, but at
|
||
least it is not run twice
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Mar 31 19:41:12 UTC 2018 - mimi.vx@gmail.com
|
||
|
||
- update to 3.6.5
|
||
* bugfix release
|
||
* see Misc/NEWS for details
|
||
- drop ctypes-pass-by-value.patch
|
||
- drop fix-localeconv-encoding-for-LC_NUMERIC.patch
|
||
- refresh python-3.6.0-multilib-new.patch
|
||
|
||
------------------------------------------------------------------
|
||
Wed Mar 7 09:16:39 UTC 2018 - adam@mizerski.pl
|
||
|
||
- Created %so_major and %so_minor macros
|
||
- Put Tools/gdb/libpython.py script into proper place and ship it with devel
|
||
subpackage.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 20 15:04:56 UTC 2018 - schwab@suse.de
|
||
|
||
- ctypes-pass-by-value.patch: Fix pass by value for structs on aarch64
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 20 14:28:00 UTC 2018 - bwiedemann@suse.com
|
||
|
||
- Add python3-sorted_tar.patch (boo#1081750)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 20 14:08:57 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Drop python3-tk and python3-idle recommends to reduce python3
|
||
always pulling X stack bsc#1081751
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 7 09:10:03 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Add patch to fix glibc 2.27 fail bsc#1079761:
|
||
* fix-localeconv-encoding-for-LC_NUMERIC.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 5 17:14:43 UTC 2018 - normand@linux.vnet.ibm.com
|
||
|
||
- Update skip_random_failing_tests.patch (for PowerPC)
|
||
to avoid test_call_later failure
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 24 14:35:58 UTC 2018 - jmatejek@suse.com
|
||
|
||
- move XML modules and python3-xml provide to python3-base
|
||
(fixes bsc#1077230)
|
||
- move ensurepip to base
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 18 12:31:47 UTC 2018 - normand@linux.vnet.ibm.com
|
||
|
||
- Add skip_random_failing_tests.patch only for PowerPC
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 3 12:18:51 UTC 2018 - jmatejek@suse.com
|
||
|
||
- update to 3.6.4
|
||
* bugfix release, over a hundred bugs fixed
|
||
* see Misc/NEWS for details
|
||
- drop upstreamed python3-ncurses-6.0-accessors.patch
|
||
- drop PYTHONSTARTUP hooks that cause spurious startup errors
|
||
* fixes bsc#1070738
|
||
* the relevant feature (REPL history) is now built into Python itself
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Dec 2 11:11:46 UTC 2017 - dimstar@opensuse.org
|
||
|
||
- Install 2to3-%{python_version} executable (override defattr of
|
||
the -tools package). 2to3 (unversioned) is a symlink and does not
|
||
carry permissions (bsc#1070853).
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 16 11:02:18 UTC 2017 - mimi.vx@gmail.com
|
||
|
||
- move 2to3 to python3-tools package
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 11 13:15:23 UTC 2017 - jmatejek@suse.com
|
||
|
||
- update to 3.6.3
|
||
* bugfix release, over a hundred bugs fixed
|
||
* see Misc/NEWS for details
|
||
- drop upstreamed 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 20 09:54:05 UTC 2017 - dmueller@suse.com
|
||
|
||
- drop python-2.7-libffi-aarch64.patch: this patches the intree
|
||
copy of libffi which is unused/deleted in the line afterwards
|
||
- fix build against system libffi: include flags weren't set
|
||
so it actually used the in-tree libffi headers.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 14 13:23:10 UTC 2017 - vcizek@suse.com
|
||
|
||
- Fix test broken with OpenSSL 1.1 (bsc#1042670)
|
||
* add 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 5 11:47:05 UTC 2017 - jengelh@inai.de
|
||
|
||
- Update RPM group for python documentation.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 31 08:39:31 UTC 2017 - schwab@suse.de
|
||
|
||
- fix missing %{?armsuffix}
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 30 13:41:38 UTC 2017 - jmatejek@suse.com
|
||
|
||
- distutils-reproducible-compile.patch: ensure distutils order files
|
||
before compiling, which works around bsc#1049186
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 17 08:59:05 CEST 2017 - kukuk@suse.de
|
||
|
||
- Add libnsl-devel build requires for glibc obsoleting libnsl
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 3 16:09:26 UTC 2017 - jmatejek@suse.com
|
||
|
||
- update to 3.6.2
|
||
* bugfix release, over a hundred bugs fixed
|
||
* see Misc/NEWS for details
|
||
- drop upstreamed test-socket-aead-kernel49.patch
|
||
- add Provides: python3-typing (fixes bsc#1050653)
|
||
- drop duplicate Provides: python3
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 26 12:10:07 UTC 2017 - jmatejek@suse.com
|
||
|
||
- drop db-devel from requirements
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 20 09:26:52 UTC 2017 - asn@cryptomilk.org
|
||
|
||
- Add missing link to python library in config dir (bsc#1040164)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 23 12:42:59 UTC 2017 - jmatejek@suse.com
|
||
|
||
- update to 3.6.1
|
||
* bugfix release, over a hundred bugs fixed
|
||
* never add import location's parent directory to sys.path
|
||
* switch to git for version control, build changes related to that
|
||
* fix "failed to get random numbers" on old kernels (bsc#1029902)
|
||
* several crashes and memory leaks corrected
|
||
* f-string are no longer accepted as docstrings
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 13 14:04:22 UTC 2017 - jmatejek@suse.com
|
||
|
||
- prevent regenerating AST at build-time more robustly
|
||
- add "--without profileopt" and "--without testsuite" options to python3-base
|
||
to allow short circuiting when working on the package
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Feb 25 20:55:57 UTC 2017 - bwiedemann@suse.com
|
||
|
||
- Add 0001-allow-for-reproducible-builds-of-python-packages.patch
|
||
upstream https://github.com/python/cpython/pull/296
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 8 12:30:20 UTC 2017 - jmatejek@suse.com
|
||
|
||
- reenable test_socket with AEAD patch (test-socket-aead-kernel49.patch)
|
||
- reintroduce %py3_soflags macro (and better named %cpython3_soabi equivalent)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 11 14:57:07 UTC 2017 - jmatejek@suse.com
|
||
|
||
- update to 3.6.0
|
||
* PEP 498 Formated string literals
|
||
* PEP 515 Underscores in numeric literals
|
||
* PEP 526 Syntax for variable annotations
|
||
* PEP 525 Asynchronous generators
|
||
* PEP 530 Asynchronous comprehensions
|
||
* PEP 506 New "secrets" module for safe key generation
|
||
* less memory consumed by dicts
|
||
* dtrace and systemtap support
|
||
* improved asyncio module
|
||
* better defaults for ssl
|
||
* new hashing algorithms in hashlib
|
||
* bytecode format changed to allow more optimizations
|
||
* "async" and "await" are on track to be reserved words
|
||
* StopIteration from generators is deprecated
|
||
* support for openssl < 1.0.2 is deprecated
|
||
* os.urandom now blocks when getrandom() blocks
|
||
* huge number of new features, bugfixes and optimizations
|
||
* see https://docs.python.org/3.6/whatsnew/3.6.html for details
|
||
- rework multilib patch: drop Python-3.5.0-multilib.patch, implement
|
||
upstreamable python-3.6.0-multilib-new.patch
|
||
- refresh python-3.3.0b1-localpath.patch, subprocess-raise-timeout.patch
|
||
- drop upstreamed Python-3.5.1-fix_lru_cache_copying.patch
|
||
- finally drop python-2.6b1-canonicalize2.patch that was not applied in source
|
||
and only kept around in case we needed it in the future. (which we don't, as it seems)
|
||
- update import_failed map and baselibs
|
||
- build ctypes against system libffi
|
||
(buildrequire libffi-devel in python3-base)
|
||
- add new key to keyring (signed by keys already in keyring)
|
||
- introduced common configure section between python3 and python3-base
|
||
- moved pyconfig.h and Makefile to devel subpackage as distutils no longer
|
||
need it at runtime
|
||
- added python-rpm-macros dependency, regenerated macros file, drop macros.python3.py
|
||
because it is not used now
|
||
- improve summaries and descriptions (fixes bsc#917607)
|
||
- enabled Link-Time Optimization, see what happens
|
||
- including skipped_tests.py in pre_checkin.sh run
|
||
- run specs through spec-cleaner, rearrange sections
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 22 17:20:29 UTC 2016 - jmatejek@suse.com
|
||
|
||
- move _hashlib and _ssl modules and tests to python3-base
|
||
- recommend python3
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 15 15:05:23 UTC 2016 - schwab@suse.de
|
||
|
||
- Skip test_asyncio under qemu_user_space_build
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 7 20:38:11 UTC 2016 - toddrme2178@gmail.com
|
||
|
||
- Add Python-3.5.1-fix_lru_cache_copying.patch
|
||
Fix copying the lru_cache() wrapper object.
|
||
Fixes deep-copying lru_cache regression, which worked on
|
||
previous versions of python but fails on python 3.5.
|
||
This fixes a bunch of packages in devel:languages:python3.
|
||
See: https://bugs.python.org/issue25447
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jan 24 00:44:08 UTC 2016 - arichardson.kde@gmail.com
|
||
|
||
- Build the docs in .qch format as well
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 9 07:35:20 UTC 2015 - toddrme2178@gmail.com
|
||
|
||
- update to 3.5.1
|
||
* bugfix-only release, dozens of bugs fixed
|
||
- Drop upstreamed Python-3.5.0-_Py_atomic_xxx-symbols.patch
|
||
- "Python3" to "Python 3" in summary
|
||
* This seems cleaner and fixes and rpmlint warning
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 14 20:21:52 UTC 2015 - toddrme2178@gmail.com
|
||
|
||
- Add Python-3.5.0-_Py_atomic_xxx-symbols.patch
|
||
This fixes a build error for many packages that use the Python,
|
||
C-API.
|
||
This patch is already accepted upstream and is slated to appear in
|
||
python 3.5.1.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 29 15:53:24 UTC 2015 - jmatejek@suse.com
|
||
|
||
- update to 3.5.0
|
||
* coroutines with async/await syntax
|
||
* matrix multiplication operator `@`
|
||
* unpacking generalizations
|
||
* new modules `typing` and `zipapp`
|
||
* type annotations
|
||
* .pyo files replaced by custom suffixes for optimization levels in __pycache__
|
||
* support for memory BIO in ssl module
|
||
* performance improvements in several modules
|
||
* and many more
|
||
- removals and behavior changes
|
||
* deprecated `__version__` is removed
|
||
* support for .pyo files was removed
|
||
* system calls are auto-retried on EINTR
|
||
* bare generator expressions in function calls now cause SyntaxError
|
||
(change "f(x for x in i)" to "f((x for x in i))" to fix)
|
||
* removed undocumented `format` member of private `PyMemoryViewObject` struct
|
||
* renamed `PyMemAllocator` to `PyMemAllocatorEx`
|
||
- redefine %dynlib macro to reflect that modules now have arch+os as part of name
|
||
- module `time` is now built-in
|
||
- dropped upstreamed patches:
|
||
python-3.4.1-fix-faulthandler.patch
|
||
python-3.4.3-test-conditional-ssl.patch
|
||
python-fix-short-dh.patch (also dropped dh2048.pem required for this patch)
|
||
- updated patch Python-3.3.0b2-multilib.patch to Python-3.5.0-multilib.patch
|
||
- python-ncurses-6.0-accessors.patch taken from python 2 to fix build failure
|
||
with new gcc + ncurses
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 9 11:51:22 UTC 2015 - dimstar@opensuse.org
|
||
|
||
- Add python3-ncurses-6.0-accessors.patch: Fix build with
|
||
NCurses 6.0 and OPAQUE_WINDOW set to 1.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 24 17:02:08 UTC 2015 - jmatejek@suse.com
|
||
|
||
- improve import_failed hook to do the right thing when invoking
|
||
missing modules with "python3 -m modulename" (boo#942751)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 23 22:08:10 UTC 2015 - fisiu@opensuse.org
|
||
|
||
- Build with --enable-loadable-sqlite-extensions to make it works
|
||
as geospatial database.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 1 07:07:26 UTC 2015 - dimstar@opensuse.org
|
||
|
||
- Fix source list for previous change (add dh2048.pem).
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 24 06:54:30 UTC 2015 - meissner@suse.com
|
||
|
||
- dh2048.pem: added generated 2048 dh parameter set to fix
|
||
ssl test (bsc#935856)
|
||
- python-fix-short-dh.patch: replace the 512 bits dh parameter set
|
||
by 2048 bits to fix build with new openssl 1.0.2c (bsc#935856)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 19 14:59:30 UTC 2015 - schwab@suse.de
|
||
|
||
- ctypes-libffi-aarch64.patch: remove upstreamed patch
|
||
- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for
|
||
aarch64
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 14 10:58:36 UTC 2015 - jmatejek@suse.com
|
||
|
||
- drop the PDF subpackage
|
||
(removes the massive texlive dependency, and most likely nobody is
|
||
using the PDFs anyway)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 14 09:53:29 UTC 2015 - jmatejek@suse.com
|
||
|
||
- python-3.4.3-test-conditional-ssl.patch - restore tests failing because
|
||
test_urllib was unconditionally importing ssl (without really needing it)
|
||
- restore functionality of multilib patch
|
||
- drop libffi-ppc64le.diff because upstream completely changed everything
|
||
yet again (sorry ppc64 folks :| )
|
||
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 1 15:11:21 UTC 2015 - mailaender@opensuse.org
|
||
|
||
- Update to version 3.4.3
|
||
- Drop upstreamed CVE-2014-4650-CGIHTTPServer-traversal.patch
|
||
(bpo#21766)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 25 10:57:28 UTC 2015 - rguenther@suse.com
|
||
|
||
- Add python-3.4.1-fix-faulthandler.patch, upstream patch for bogus
|
||
faulthandler which fails with GCC 5.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jan 11 13:01:30 UTC 2015 - p.drouand@gmail.com
|
||
|
||
- asyncio has been merged in python3 main package; provide and
|
||
obsolete it
|
||
- Remove obsolete AUTHORS section
|
||
- Remove redundant %clean section
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Oct 18 20:14:54 UTC 2014 - crrodriguez@opensuse.org
|
||
|
||
- Only pkgconfig(x11) is required for build, not the whole
|
||
set of packages provided by xorg-x11-devel metapackage.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 13 13:38:20 UTC 2014 - jmatejek@suse.com
|
||
|
||
- add %python3_version rpm macro for Fedora compatibility
|
||
- add missing argument in import_failed, rename Novell Bugzilla
|
||
to SUSE Bugzilla
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 31 17:24:59 UTC 2014 - dimstar@opensuse.org
|
||
|
||
- Rename rpmlintrc to %{name}-rpmlintrc.
|
||
Follow the packaging guidelines.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 23 16:31:02 UTC 2014 - jmatejek@suse.com
|
||
|
||
- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file
|
||
disclosure and directory traversal through URL-encoded characters
|
||
(CVE-2014-4650, bnc#885882)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 22 13:55:57 UTC 2014 - jmatejek@suse.com
|
||
|
||
- drop python-3.4.1-SUSE-ensurepip.patch for compatibility reasons,
|
||
reinstate bundled copies of pip and setuptools
|
||
(fixes bnc#885662)
|
||
- add more files as sources to silence the validator
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 21 11:01:56 UTC 2014 - jmatejek@suse.com
|
||
|
||
- update to 3.4.1
|
||
* bugfix-only release, over 300 bugs fixed
|
||
- drop upstreamed python-3.4.0rc2-sqlite-3.8.4-tests.patch
|
||
- drop upstreamed CVE-2014-2667-mkdir.patch
|
||
- include Python release manager keyring and signature file
|
||
for the source archive (thus renumbering of source files)
|
||
(see https://www.python.org/download/#openpgp-public-keys )
|
||
- move ensurepip to python3, because it transitively requires ssl
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 4 16:21:40 UTC 2014 - jmatejek@suse.com
|
||
|
||
- CVE-2014-2667-mkdir.patch: race condition with reseting umask
|
||
in os.makedirs
|
||
(CVE-2014-2667, bnc#871152)
|
||
- updated multilib patch to include ~/.local/lib64 (bnc#637176)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 26 15:24:46 UTC 2014 - jmatejek@suse.com
|
||
|
||
- raise timeout value for test_subprocess to 10s (might fix
|
||
intermittent build failures in OBS)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 24 17:29:31 UTC 2014 - dmueller@suse.com
|
||
|
||
- remove blacklisting of test_posix on aarch64: qemu bug is fixed
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 17 18:26:58 UTC 2014 - jmatejek@suse.com
|
||
|
||
- update to 3.4.0 final
|
||
- drop upstreamed python-3.4rc2-importlib.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Mar 16 16:33:25 UTC 2014 - schwab@suse.de
|
||
|
||
- Only build with profile-opt if profiling is enabled
|
||
- Update test exclusion lists:
|
||
* test_ctypes no longer fails on arm
|
||
* test_io no longer fails on ppc*
|
||
* test_multiprocessing has been split in multiple tests
|
||
* test_posix and test_signal fail due to qemu bugs
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de
|
||
|
||
- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests,
|
||
adding python-2.7.6-sqlite-3.8.4-tests.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 27 14:08:40 UTC 2014 - jmatejek@suse.com
|
||
|
||
- update to 3.4.0 rc2
|
||
* pre-release bugfixes
|
||
* improvements to asyncio library
|
||
- drop upstreamed tracemalloc_gcov.patch
|
||
- python-3.4rc2-importlib.patch fixes backwards-incompatibility
|
||
in the reworked importlib module that blocks build of vim
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 17 18:45:27 UTC 2014 - jmatejek@suse.com
|
||
|
||
- initial commit of 3.4.0 beta 3
|
||
* new stdlib modules: pathlib, enum, statistics, tracemalloc
|
||
* asynchronous IO with new asyncio module
|
||
* introspection data for builtins
|
||
* subprocesses no longer inherit open file descriptors
|
||
* standardized metadata for packages
|
||
* internal hashing changed to SipHash
|
||
* new pickle protocol
|
||
* improved handling of codecs
|
||
* TLS 1.2 support
|
||
* major speed improvements for internal unicode handling
|
||
* many bugfixes and optimizations
|
||
- see porting guide at:
|
||
http://docs.python.org/3.4/whatsnew/3.4.html#porting-to-python-3-4
|
||
- moved several modules to -testsuite subpackage
|
||
- updated list of binary extensions, refreshed patches
|
||
- tracemalloc_gcov.patch fixes profile-based optimization build
|
||
- updated packages and pre_checkin.sh to use ~-version notation
|
||
for prereleases
|
||
- fix-shebangs part of build process moved to common %prep
|
||
- drop python-3.3.2-no-REUSEPORT.patch (upstreamed)
|
||
- update baselibs for new soname
|
||
|
||
- TODOs:
|
||
* require python-pip, make ensurepip work with zypper
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 4 13:21:26 UTC 2013 - matz@suse.de
|
||
|
||
- add ppc64le (ELFv2) support for libffi copy for ctypes module
|
||
- Adjust Python-3.3.0b2-multilib.patch for ppc64le (make sys.lib be
|
||
"lib64").
|
||
- added patches:
|
||
* libffi-ppc64le.diff
|
||
-------------------------------------------------------------------
|
||
Tue Dec 3 09:51:43 UTC 2013 - adrian@suse.de
|
||
|
||
- add ppc64le rules
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 22 13:17:23 UTC 2013 - speilicke@suse.com
|
||
|
||
- Add python-3.3.3-skip-distutils-test_sysconfig_module.patch:
|
||
+ Disable global and distutils sysconfig comparison test, we deviate
|
||
from the default depending on optflags
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 19 14:28:41 UTC 2013 - jmatejek@suse.com
|
||
|
||
- update to 3.3.3
|
||
* bugfix-only release
|
||
* many SSL-related fixes
|
||
* upstream fix for CVE-2013-4238
|
||
* upstream fixes for CVE-2013-1752
|
||
- move example module xxlimited to python3-testsuite
|
||
- drop CVE-2013-4238_py33.patch - it is upstreamed
|
||
- remove --with-wide-unicode config option, it is now the default
|
||
(and only) choice
|
||
- don't touch anything between make and makeinstall
|
||
- drop python-3.2b2-buildtime-generate.patch - the issue was caused
|
||
by touching things between make and makeinstall
|
||
- link pycache entries for import_failed hooks properly
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 15 17:44:08 UTC 2013 - crrodriguez@opensuse.org
|
||
|
||
- build with -DOPENSSL_LOAD_CONF for the same reasons
|
||
described in the python2 package.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 16 11:35:15 UTC 2013 - jmatejek@suse.com
|
||
|
||
- handle NULL bytes in certain fields of SSL certificates
|
||
(CVE-2013-4238, bnc#834601)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 8 14:54:49 UTC 2013 - dvaleev@suse.com
|
||
|
||
- Exclue test_faulthandler from tests on powerpc due to bnc#831629
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 13 15:05:34 UTC 2013 - jmatejek@suse.com
|
||
|
||
- update to 3.3.2
|
||
* bugfix-only release
|
||
* fixes several regressions introduced in 3.3.1
|
||
- switch to xz compression
|
||
- move _lzma module to python3-base
|
||
- python-3.3.2-no-REUSEPORT.patch to fix build on kernels without SO_REUSEPORT
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 29 22:32:43 UTC 2013 - schwab@suse.de
|
||
|
||
- Readd missing bits from ctypes-libffi-aarch64.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Apr 13 07:56:51 UTC 2013 - idonmez@suse.com
|
||
|
||
- Update to version 3.3.1
|
||
* Fix the –enable-profiling configure switch.
|
||
* In IDLE, close the replace dialog after it is used.
|
||
- Too many bugfixes to list here,
|
||
see See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS
|
||
- Refresh Python-3.3.0b2-multilib.patch
|
||
- Refresh python-3.2b2-buildtime-generate.patch
|
||
- Drop upstream patches: ctypes-libffi-aarch64.patch,
|
||
python-3.2.3rc2-pypirc-secure.patch, python-3.3.0-getdents64.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 8 11:25:30 UTC 2013 - speilicke@suse.com
|
||
|
||
- Exclude sqlite/test and tk/test directories from the respective
|
||
sub-packages. These are owned by the testsuite sub-package already
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 5 12:59:20 UTC 2013 - idonmez@suse.com
|
||
|
||
- Add Source URL, see https://en.opensuse.org/title=SourceUrls
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 3 15:36:04 UTC 2013 - jmatejek@suse.com
|
||
|
||
- remove spurious modification of python-3.3.0b1-localpath.patch
|
||
that would force installation into /usr/local.
|
||
this fixes bnc#809831
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 28 18:38:51 UTC 2013 - jmatejek@suse.com
|
||
|
||
- replace broken movetogetdents64.diff patch with a correct one
|
||
from upstream repo (python-3.3.0-getdents64.patch)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 1 07:42:21 UTC 2013 - dmueller@suse.com
|
||
|
||
- add ctypes-libffi-aarch64.patch:
|
||
* import aarch64 support for libffi in _ctypes module
|
||
- add aarch64 to the list of lib64 based archs
|
||
- add movetogetdents64.diff:
|
||
* port to getdents64, as SYS_getdents is not implemented everywhere
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 26 08:57:55 UTC 2013 - saschpe@suse.de
|
||
|
||
- /etc/rpm/macros.python3 is no %config, it is not meant to be changed
|
||
by users.
|
||
- Add rpmlintrc with some obvious filters
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 28 18:14:39 UTC 2013 - jmatejek@suse.com
|
||
|
||
- update baselibs for new version of libpython3
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 29 17:02:37 UTC 2012 - jmatejek@suse.com
|
||
|
||
- fix include path in macros (bnc#787526)
|
||
- implement failed import handlers for modules that live in
|
||
subpackages - e.g. "import ssl" will now throw a sensible error
|
||
message telling you to install "python3"
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 28 17:02:07 UTC 2012 - jmatejek@suse.com
|
||
|
||
- merge python3-xml into python3
|
||
- merge python3-2to3 library into python3-base
|
||
and the 2to3 binary into python3-devel
|
||
(python3-devel is now in conflict with python-2to3, which
|
||
will be dropped)
|
||
- enable --with-system-expat for python3, making the xml modules
|
||
(and thus python3) depend on expat
|
||
- reconfigure tests to disable network and GUI resources, which
|
||
the upstream apparently thought is a good idea to enable by default.
|
||
this fixes build failures in Factory
|
||
- add lzma-devel to build the _lzma module
|
||
- moved %dynlib macro definition to common section
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Nov 5 20:01:46 UTC 2012 - coolo@suse.com
|
||
|
||
- buildrequire timezone for the test suite
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 29 18:21:45 UTC 2012 - dmueller@suse.com
|
||
|
||
- disable more checks for qemu builds as they use syscalls not
|
||
implemented yet
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 25 08:14:36 UTC 2012 - Rene.vanPaassen@gmail.com
|
||
|
||
- exclude test_math for SLE 11; math library fails on negative
|
||
gamma function values close to integers and 0, probably
|
||
due to imprecision in -lm on SLE_11_SP2.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 16 12:15:34 UTC 2012 - coolo@suse.com
|
||
|
||
- buildrequire libbz2-devel explicitly
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 8 14:33:08 UTC 2012 - jmatejek@suse.com
|
||
|
||
- remove distutils.cfg (bnc#658604)
|
||
* this changes default prefix for distutils to /usr
|
||
* see ML for details:
|
||
http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 1 08:53:03 UTC 2012 - idonmez@suse.com
|
||
|
||
- Update to final 3.3.0 release
|
||
* See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 27 12:35:01 UTC 2012 - idonmez@suse.com
|
||
|
||
- Correct dependency for python3-testsuite,
|
||
python3-tkinter -> python3-tk
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 23 13:08:11 UTC 2012 - jmatejek@suse.com
|
||
|
||
- update to 3.3.0 RC1
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 3 12:09:34 UTC 2012 - jmatejek@suse.com
|
||
|
||
- update to 3.3.0 beta 1
|
||
* flexible string representation, no longer distinguishing
|
||
between wide and narrow Unicode builds
|
||
* importlib-based import system
|
||
* virtualenv support in core
|
||
* namespace packages
|
||
* explicit Unicode literals for easier porting
|
||
* key-sharing dict implementation reduces memory footprint
|
||
of OO code
|
||
* hash randomization on by default
|
||
* many other new bugfixes and features, check NEWS for details
|
||
|
||
- pre_checkin.sh now autofills various version strings in specs
|
||
- ship hashlib's fallback modules - those uselessly take up space
|
||
when real _hashlib.so from python3 is present, but the space wasted
|
||
is only 114kB and it provides python3-base with a working hashlib
|
||
module.
|
||
(also, this fixes bnc#743787)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 27 09:02:41 UTC 2012 - dvaleev@suse.com
|
||
|
||
- skip test_io on ppc
|
||
- drop test_io ppc patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 28 07:57:58 UTC 2012 - saschpe@suse.de
|
||
|
||
- Satisfy source_validator by uncommenting an otherwise unused "Patch"
|
||
line
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 12 15:39:08 UTC 2012 - adrian@suse.de
|
||
|
||
- fix logic of checks exclusion
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 18 11:50:27 UTC 2012 - idonmez@suse.com
|
||
|
||
- update to 3.2.3
|
||
* No changes since rc2
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 29 15:44:33 UTC 2012 - jmatejek@suse.com
|
||
|
||
- update to 3.2.3rc2
|
||
* fixes several security issues:
|
||
* CVE-2012-0845, bnc#747125
|
||
* CVE-2012-1150, bnc#751718
|
||
* CVE-2011-4944, bnc#754447
|
||
* CVE-2011-3389, bnc#754677
|
||
- fix for insecure .pypirc (CVE-2011-4944, bnc#754447)
|
||
- disable test_gdb because it is broken by our gdb
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 16 12:33:12 UTC 2012 - dvaleev@suse.com
|
||
|
||
- skip broken test_io test on ppc
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 18 15:49:47 UTC 2012 - jmatejek@suse.com
|
||
|
||
- update to 3.2.2
|
||
* bugfix-only release
|
||
* reports "linux2" as sys.platform regardless of Linux kernel
|
||
- added pre_checkin.sh to copy common spec sections to python3.spec
|
||
- added PACKAGING-NOTES with some helpful info for packagers
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Dec 25 13:25:01 UTC 2011 - idonmez@suse.com
|
||
|
||
- Use system ffi, included one is broken see
|
||
http://bugs.python.org/issue11729 and
|
||
http://bugs.python.org/issue12081
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Dec 9 17:19:55 UTC 2011 - jmatejek@suse.com
|
||
|
||
- license.opensuse.org-compatible license headers
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Dec 2 16:46:44 UTC 2011 - coolo@suse.com
|
||
|
||
- add automake as buildrequire to avoid implicit dependency
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 24 12:42:25 UTC 2011 - agraf@suse.com
|
||
|
||
- fix ARM build (exclude some test cases which break for us)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 16 17:02:22 UTC 2011 - termim@gmail.com
|
||
|
||
- use sysconfig module to get py3_incdir, py3_abiflags,
|
||
py3_soflags, python3_sitelib and python3_sitearch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 18 16:22:31 UTC 2011 - jmatejek@novell.com
|
||
|
||
- update to 3.2.1
|
||
* bugfix-only release, no major changes
|
||
- fix build on linux3 platform
|
||
- remove upstreamed pybench patch
|
||
- install /usr/lib directories in all cases to prevent spurious
|
||
"directory not owned" in dependent packages
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 15 14:16:38 UTC 2011 - jmatejek@novell.com
|
||
|
||
- replaced dynamic so version with manual so version, because
|
||
autobuild does not support autogeneration
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 24 13:39:06 UTC 2011 - jmatejek@novell.com
|
||
|
||
- generate macros.python3 at compile-time with fixed values
|
||
- don't include bogus values in pyconfig.h, as they can break
|
||
third-party packages (bnc#673071)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 17 12:52:51 UTC 2011 - jmatejek@novell.com
|
||
|
||
- added Obsoletes: python3 < 3.1 so that the transition from
|
||
non-split to split packages goes smoothly
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 13 12:38:19 UTC 2011 - jmatejek@novell.com
|
||
|
||
- fixed RPM macros to use python3 instead of python
|
||
- updated to build --with-wide-unicode (for compatibility with
|
||
fedora and our own python 2.x series)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 21 03:39:25 UTC 2011 - termim@gmail.com
|
||
|
||
- fix python3-base build failure due to pybench.py crash by
|
||
python-3.2-pybench.patch
|
||
- move pyconfig.h from python3-devel to python3-base package to
|
||
make python3-base functional again
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 23 04:26:28 UTC 2011 - termim@gmail.com
|
||
|
||
- update to python 3.2
|
||
* stable ABI, ABI-tagged .so files
|
||
* concurrent.futures and many other new or upgraded modules
|
||
* PYC repository directories ( __pycache__ )
|
||
* python WSGI 1.0.1
|
||
* Unicode 6.0.0 support
|
||
* a great number of bugfixes and assorted improvements
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 8 19:42:17 CET 2011 - matejcik@suse.cz
|
||
|
||
- update to python 3.2 RC2
|
||
- renamed python3-demo to python3-tools, because the demo part
|
||
became much smaller than the tools part
|
||
- added rpm macros
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 18 14:13:04 UTC 2011 - jmatejek@novell.com
|
||
|
||
- update to python 3.2 beta 2, see NEWS for details
|
||
- split off -base package with less dependencies, and a shlib-policy
|
||
compliant libpython3 package
|
||
- mostly rewritten the spec file with more detailed comments
|
||
- cleaned up lists of patches
|
||
|