python311

pool/python311

SHA256

Fork 1

09c8853139 Remove reverting patch Matej Cepl 2023-12-18 16:25:59 +00:00
cb3301d2cc - Refresh CVE-2023-27043-email-parsing-errors.patch to gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043). - Thus we can remove Revert-gh105127-left-tests.patch, which is now useless. Matej Cepl 2023-12-18 16:25:35 +00:00
8bce36d459 Remove leftover tarfiles Daniel Garcia 2023-12-18 07:14:53 +00:00
a7b11641fe Accepting request 1133399 from home:dgarcia:branches:devel:languages:python:Factory Daniel Garcia 2023-12-15 12:09:56 +00:00
18a62cf507 Accepting request 1128112 from devel:languages:python:Factory Ana Guerrero 2023-11-23 20:38:28 +00:00
dbc72d69e1 Accepting request 1126597 from home:dgarcia:branches:devel:languages:python:Factory Matej Cepl 2023-11-15 12:57:57 +00:00
4b50a8332b Accepting request 1113067 from devel:languages:python:Factory Ana Guerrero 2023-09-25 18:00:36 +00:00
558337c773 characters without truncating the path (bsc#1214693, CVE-2023-41105). Matej Cepl 2023-09-15 11:19:47 +00:00
382f0f4b58 Accepting request 1109225 from devel:languages:python:Factory Ana Guerrero 2023-09-08 19:15:18 +00:00
55316ef9e1 - Update to 3.11.5 (bsc#1214692): - Security - gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith. - Core and Builtins - gh-104432: Fix potential unaligned memory access on C APIs involving returned sequences of char * pointers within the grp and socket modules. These were revealed using a -fsaniziter=alignment build on ARM macOS. Patch by Christopher Chavez. - gh-77377: Ensure that multiprocessing synchronization objects created in a fork context are not sent to a different process created in a spawn context. This changes a segfault into an actionable RuntimeError in the parent process. - gh-106092: Fix a segmentation fault caused by a use-after-free bug in frame_dealloc when the trashcan delays the deallocation of a PyFrameObject. - gh-106719: No longer suppress arbitrary errors in the __annotations__ getter and setter in the type and module types. - gh-106723: Propagate frozen_modules to multiprocessing spawned process interpreters. - gh-105979: Fix crash in _imp.get_frozen_object() due to improper exception handling. - gh-105840: Fix possible crashes when specializing function calls with too many __defaults__. - gh-105588: Fix an issue that could result in crashes when Daniel Garcia 2023-09-06 07:58:19 +00:00
ecfb0312cf Accepting request 1103332 from devel:languages:python:Factory Dominique Leuenberger 2023-08-11 13:55:02 +00:00
f665ac48fe Accepting request 1103305 from home:dirkmueller:Factory Matej Cepl 2023-08-10 13:22:02 +00:00
6abedd0987 Accepting request 1102676 from home:dirkmueller:Factory Matej Cepl 2023-08-07 14:46:39 +00:00
24fe7e4f9e Accepting request 1102237 from devel:languages:python:Factory Dominique Leuenberger 2023-08-06 14:29:15 +00:00
eb7790f0a7 - IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! Matej Cepl 2023-08-03 15:27:34 +00:00
41e7e28995 - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) partially reverting CVE-2023-27043-email-parsing-errors.patch, because of the regression in gh#python/cpython#106669. - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API). (The patch is faulty, gh#python/cpython#106669, but upstream decided not to just revert it). Matej Cepl 2023-08-03 14:58:20 +00:00
de765fc92e Readjust patches Matej Cepl 2023-07-18 15:10:43 +00:00
55fcbed4eb Accepting request 1098691 from devel:languages:python:Factory Matej Cepl 2023-07-14 14:06:49 +00:00
ff02f0908c - (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which detects email address parsing errors and returns empty tuple to indicate the parsing error (old API). Matej Cepl 2023-07-12 15:19:06 +00:00
fdf11aefc4 Accepting request 1096536 from devel:languages:python:Factory Fabian Vogt 2023-07-06 16:27:44 +00:00
f7f28c547b Fix patches Matej Cepl 2023-06-28 19:55:36 +00:00
b8797f4452 - Update to Python 3.11.4: - gh-103142: The version of OpenSSL used in Windows and Mac installers has been upgraded to 1.1.1u to address CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 fixed previously in 1.1.1t (gh-101727). - gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329 (bsc#1208471). - gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified. - gh-104049: Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler. - gh-103935: trace.__main__ now uses io.open_code() for files to be executed instead of raw open(). - gh-102953: The extraction methods in tarfile, and shutil.unpack_archive(), have a new filter argument that allows limiting tar features than may be surprising or dangerous, such as creating files outside the destination directory. See Extraction filters for details (fixing CVE-2007-4559, bsc#1203750). - Remove upstreamed patches: - CVE-2007-4559-filter-tarfile_extractall.patch Matej Cepl 2023-06-28 19:51:47 +00:00
5760576192 Accepting request 1095626 from devel:languages:python:Factory Dominique Leuenberger 2023-06-28 19:33:11 +00:00
6bf0620e58 Fix changes Matej Cepl 2023-06-27 13:24:40 +00:00
7a2425c221 - Remove obsolete_python_versioned macro again. This mechanism has no business to be in Python 3.11, because we have abolished with it whole interpreter+setuptools+pip product. Python 3.11 should not be replaced by later versions anymore. Matej Cepl 2023-06-26 13:04:00 +00:00
c1b0d9c8f9 Accepting request 1092590 from devel:languages:python:Factory Dominique Leuenberger 2023-06-12 13:36:40 +00:00
d34496b956 Add missing Jira references to the changelog. Matej Cepl 2023-06-05 12:53:40 +00:00
d8e5832ad8 Accepting request 1084262 from devel:languages:python:Factory Dominique Leuenberger 2023-06-03 22:12:15 +00:00
39157872a5 - Add CVE-2007-4559-filter-tarfile_extractall.patch to fix bsc#1203750 (CVE-2007-4559) and implementing "PEP 706 – Filter for tarfile.extractall". Matej Cepl 2023-05-03 10:14:51 +00:00
7cfc036a7d Fix the patch Matej Cepl 2023-05-03 07:07:31 +00:00
f503a46aa9 - Add skip_if_buildbot-extend.patch to avoid the bug altogether (extending what skip_if_buildbot covers). Matej Cepl 2023-05-03 05:42:18 +00:00
e71e638e14 - Add skip-test_freeze_simple_script.patch Matej Cepl 2023-05-02 23:12:23 +00:00
ea266df005 - Add 103213-fetch-CONFIG_ARGS.patch (gh#python/cpython#103053). Matej Cepl 2023-05-02 21:29:28 +00:00
a48f5d0f80 - Why in the world we download from HTTP? Matej Cepl 2023-04-30 18:13:43 +00:00
b323e62899 Ajust patches Matej Cepl 2023-04-27 22:23:56 +00:00
21d42b692c - Update to 3.11.3: - Security - gh-101727: Updated the OpenSSL version used in Windows and macOS binary release builds to 1.1.1t to address CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 per the OpenSSL 2023-02-07 security advisory. - gh-101283: subprocess.Popen now uses a safer approach to find cmd.exe when launching with shell=True. Patch by Eryk Sun, based on a patch by Oleg Iarygin. - Core and Builtins - gh-101975: Fixed stacktop value on tracing entries to avoid corruption on garbage collection. - gh-102701: Fix overflow when creating very large dict. - gh-102416: Do not memoize incorrectly automatically generated loop rules in the parser. Patch by Pablo Galindo. - gh-102356: Fix a bug that caused a crash when deallocating deeply nested filter objects. Patch by Marta Gómez Macías. - gh-102397: Fix segfault from race condition in signal handling during garbage collection. Patch by Kumar Aditya. - gh-102281: Fix potential nullptr dereference and use of uninitialized memory in fileutils. Patch by Max Bachmann. - gh-102126: Fix deadlock at shutdown when clearing thread states if any finalizer tries to acquire the runtime head lock. Patch by Kumar Aditya. - gh-102027: Fix SSE2 and SSE3 detection in _blake2 internal module. Patch by Max Bachmann. - gh-101967: Fix possible segfault in positional_only_passed_as_keyword function, when new list created. - gh-101765: Fix SystemError / segmentation fault in iter Matej Cepl 2023-04-27 22:09:02 +00:00
ccbbaff24e Revert Matej Cepl 2023-03-27 15:07:38 +00:00
8fcb1e736e - Switch off obsoleting previous interpreters. Matej Cepl 2023-03-27 15:03:56 +00:00
77f87ebc37 Accepting request 1069317 from devel:languages:python:Factory Dominique Leuenberger 2023-03-05 19:08:01 +00:00
9f02c1193d Take care of testclinic Matej Cepl 2023-03-03 19:12:38 +00:00
1b24baf605 - Update to 3.11.2: Bug fixes, no changes in API and no security bugs. Matej Cepl 2023-03-03 18:48:38 +00:00
9eb1b9b809 Fix the macro Matej Cepl 2023-03-01 20:52:12 +00:00
339c66ef3e - Add python310 Obsoletes line to obsolete_python_versioned macro. Matej Cepl 2023-03-01 20:51:07 +00:00
c9f46254f9 Accepting request 1067032 from devel:languages:python:Factory Dominique Leuenberger 2023-02-22 14:21:14 +00:00
1c719478cb - Add provides for readline and sqlite3 to the main Python package. Matej Cepl 2023-02-21 13:49:09 +00:00
34212ca5cf Accepting request 1061556 from devel:languages:python:Factory Dominique Leuenberger 2023-01-28 17:44:01 +00:00
0a8a28caaa Accepting request 1061231 from home:kukuk:branches:devel:languages:python:Factory Matej Cepl 2023-01-27 13:46:48 +00:00
dd8a3056e1 Accepting request 1060927 from devel:languages:python:Factory Dominique Leuenberger 2023-01-25 16:44:36 +00:00
d7b979c1e0 Accepting request 1060635 from home:dirkmueller:Factory Matej Cepl 2023-01-25 13:27:45 +00:00
d185756768 Accepting request 1059550 from devel:languages:python:Factory Dominique Leuenberger 2023-01-19 15:44:25 +00:00
b37cda8bf5 - Don't fail on Sphinx build warnings. - For jsc#PED-1570, providing Python 3.11 for SLE-15-SP5. Matej Cepl 2023-01-19 10:07:22 +00:00
a044f5c557 Accepting request 1041729 from devel:languages:python:Factory Dominique Leuenberger 2022-12-09 12:18:00 +00:00
6c436c7abc - Update to 3.11.1: - python -m http.server no longer allows terminal control characters sent within a garbage request to be printed to the stderr server lo This is done by changing the http.server BaseHTTPRequestHandler .log_message method to replace control characters with a \xHH hex escape before printin - Avoid publishing list of active per-interpreter audit hooks via the gc module - The IDNA codec decoder used on DNS hostnames by socket or asyncio related name resolution functions no longer involves a quadratic algorithm. This prevents a potential CPU denial of service if an out-of-spec excessive length hostname involving bidirectional characters were decoded. Some protocols such as urllib http 3xx redirects potentially allow for an attacker to supply such a name (CVE-2022-45061). - Update bundled libexpat to 2.5.0 - Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. Issue reported and initial fix by Caleb Shortt. Patch by Victor Stinner. - Fix a crash when an object which does not have a dictionary frees its instance values. - Fix a bug in the tokenizer that could cause infinite recursion when showing syntax warnings that happen in the first line of the source. Patch by Pablo Galindo - Fix an issue that could cause frames to be visible to Python code as they are being torn down, possibly leading to memory corruption or hard crashes of the interpreter. - Fix a reference bug in _imp.create_builtin() after the Matej Cepl 2022-12-08 15:05:06 +00:00
95751a5895 Accepting request 1034963 from devel:languages:python:Factory Dominique Leuenberger 2022-11-10 13:23:05 +00:00
03d1be1616 - Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding extremely long domain names. Matej Cepl 2022-11-09 18:37:56 +00:00
c6df50684c revert Matej Cepl 2022-11-04 15:18:41 +00:00
ba06f07184 - Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid CVE-2022-42919 (bsc#1204886) avoiding Linux specific local privilege escalation via the multiprocessing forkserver start method. Matej Cepl 2022-11-04 15:00:28 +00:00
5b218ea9e3 Accepting request 1031405 from devel:languages:python:Factory Dominique Leuenberger 2022-10-27 11:54:25 +00:00
403af99cf1 Accepting request 1031401 from home:mcepl:branches:devel:languages:python:Factory Matej Cepl 2022-10-26 21:24:53 +00:00
6f939f9b60 Accepting request 1003848 from devel:languages:python:Factory Dominique Leuenberger 2022-09-15 20:59:58 +00:00
d8ac67fc2d - Update to 3.11.0rc2: - Converting between int and str in bases other than 2 (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number of digits in string form is above a limit to avoid potential denial of service attacks due to the algorithmic complexity. This is a mitigation for CVE-2020-10735. This new limit can be configured or disabled by environment variable, command line flag, or sys APIs. See the integer string conversion length limitation documentation. The default limit is 4300 digits in string form. - Fix case of undefined behavior in ceval.c - Do not expose KeyWrapper in _functools. - Ensure that tracing, sys.setrace(), is turned on immediately. In pre-release versions of 3.11, some tracing events might have been lost when turning on tracing in a __del__ method or interrupt. - Fix use after free in trace refs build mode. Patch by Kumar Aditya. - When loading a file with invalid UTF-8 inside a multi-line string, a correct SyntaxError is emitted. - Make sure that incomplete frames do not show up in tracemalloc traces. - Remove two cases of undefined behavior, by adding NULL checks. - Fix possible NULL pointer dereference in _PyThread_CurrentFrames. Patch by Kumar Aditya. - Fix AttributeError missing name and obj attributes in object.__getattribute__(). Patch by Philip Georgi. - Loading a file with invalid UTF-8 will now report the broken Matej Cepl 2022-09-15 09:14:50 +00:00
d52b13e86c Accepting request 1001451 from devel:languages:python:Factory Dominique Leuenberger 2022-09-07 09:05:45 +00:00
d9d021447f Accepting request 1001307 from openSUSE:Factory:RISCV Markéta Machová 2022-09-06 12:03:43 +00:00
fcee49126a Accepting request 999586 from devel:languages:python:Factory Dominique Leuenberger 2022-08-28 11:12:30 +00:00
3931fb9f09 - fix import_failed.map to refer to the python 3.11 package versions Matej Cepl 2022-08-20 21:31:49 +00:00
93d3c08eeb - Update to 3.11.0rc1: - Core and Builtins - Update code object hashing and equality to consider all debugging and exception handling tables. This fixes an issue where certain non-identical code objects could be “deduplicated” during compilation. - _PyPegen_Parser_New now properly detects token memory allocation errors. Patch by Honglin Zhu. - Run Python code in tracer/profiler function at full speed. Fixes slowdown in earlier versions of 3.11. - Emit a warning in debug mode if an object does not call PyObject_GC_UnTrack() before deallocation. Patch by Pablo Galindo. - Prevented crashes in the AST constructor when compiling some absurdly long expressions like "+0"*1000000. RecursionError is now raised instead. Patch by Pablo Galindo - ast.AST node positions are now validated when provided to compile() and other related functions. If invalid positions are detected, a ValueError will be raised. - Fix error detection in some builtin functions when keyword argument name is an instance of a str subclass with overloaded __eq__ and __hash__. Previously it could cause SystemError or other undesired behavior. - Library - Update bundled pip to 22.2.2. - Fix asyncio.TaskGroup to propagate exception when asyncio.CancelledError was replaced with another exception by a context manger. Patch by Kumar Aditya and Guido van Rossum. Matej Cepl 2022-08-20 14:25:45 +00:00
7c5df48558 Accepting request 991283 from devel:languages:python:Factory Richard Brown 2022-07-28 18:58:07 +00:00
a867744a23 - Update to 3.11.0b5: - Core and Builtins - gh-93351: ast.AST node positions are now validated when provided to compile() and other related functions. If invalid positions are detected, a ValueError will be raised. - gh-94438: Fix an issue that caused extended opcode arguments and some conditional pops to be ignored when calculating valid jump targets for assignments to the f_lineno attribute of frame objects. In some cases, this could cause inconsistent internal state, resulting in a hard crash of the interpreter. - gh-95060: Undocumented PyCode_Addr2Location function now properly returns when addrq argument is less than zero. - gh-95113: Replace all EXTENDED_ARG_QUICK instructions with basic EXTENDED_ARG instructions in unquickened code. Consumers of non-adaptive bytecode should be able to handle extended arguments the same way they were handled in CPython 3.10 and older. - gh-91409: Fix incorrect source location info caused by certain optimizations in the bytecode compiler. - gh-94036: Fix incorrect source location info for some multi-line attribute accesses and method calls. - gh-94739: Allow jumping within, out of, and across exception handlers in the debugger. - gh-94949: ast.parse() will no longer parse parenthesized context managers when passed feature_version less than (3, 9). Patch by Shantanu Jain. - gh-94947: ast.parse() will no longer parse assignment expressions when passed feature_version less than (3, Matej Cepl 2022-07-26 10:43:57 +00:00
cdbc2f881d Accepting request 990681 from devel:languages:python:Factory Richard Brown 2022-07-22 17:21:33 +00:00
ebc3127ec8 Restore %primary_interpreter Matej Cepl 2022-07-21 15:15:28 +00:00
3978a4fb6f - Switch from %primary_interpreter to prjconf-defined %primary_python (gh#openSUSE/python-rpm-macros#127). Matej Cepl 2022-07-21 14:25:26 +00:00
817af8a82b Accepting request 989232 from devel:languages:python:Factory Dominique Leuenberger 2022-07-15 11:52:33 +00:00
6af5b9f2b3 - Update to 3.11.0b4: - Fixes many bugs and adds following more significant changes - Security - gh-68966: The deprecated mailcap module now refuses to inject Coreunsafe text (filenames, MIME types, parameters) into shell Corecommands. Instead of using such text, it will warn and act Coreas if a match was not found (or for test commands, as if the Coretest failed). and Builtins - gh-93516: Lazily create a table mapping bytecode offsets to line numbers to speed up calculation of line numbers when tracing. - gh-93461: importlib.invalidate_caches() now drops entries from sys.path_importer_cache with a relative path as name. This solves a caching issue when a process changes its current working directory. - FileFinder no longer inserts a dot in the path, e.g. /egg/./spam is now /egg/spam. Library - gh-93896: Fix asyncio.run() and unittest.IsolatedAsyncioTestCase to always the set event loop as it was done in Python 3.10 and earlier. Patch by Kumar Aditya. - gh-94101: Manual instantiation of ssl.SSLSession objects is no longer allowed as it lead to misconfigured instances that crashed the interpreter when attributes where accessed on them. - gh-83658: Make multiprocessing.Pool raise an exception if maxtasksperchild is not None or a positive int. - gh-61162: Clarify sqlite3 behavior when Using the connection as a context manager. Matej Cepl 2022-07-14 16:01:58 +00:00
ec126cfe78 Accepting request 980978 from devel:languages:python:Factory Dominique Leuenberger 2022-06-06 09:10:39 +00:00
b3dd13aabb Fix changelog Matej Cepl 2022-06-06 06:24:48 +00:00
f224cc3c2d - Update to 3.11.0b2: - many small updates Matej Cepl 2022-05-31 20:57:46 +00:00
eff536f20e We require more recent Sphinx Matej Cepl 2022-05-18 09:35:06 +00:00
9c0a8f3c4c - Add patch support-expat-245.patch: * Support Expat >= 2.4.4 (jsc#SLE-21253) Matej Cepl 2022-05-17 22:11:07 +00:00
f037c0629d Accepting request 977835 from devel:languages:python:Factory Dominique Leuenberger 2022-05-18 11:13:27 +00:00
bf95b5f221 - Fix building with system-expat (gh#python/cpython#92875). Nope, it didn't work, worked around it. Matej Cepl 2022-05-17 18:43:45 +00:00
6534561f49 Fix changelog Matej Cepl 2022-05-17 17:43:59 +00:00
634ab7609b Fix building with system-expat (gh#python/cpython#92875). Matej Cepl 2022-05-17 17:43:33 +00:00
ae07cf4ccf Adjust patches Matej Cepl 2022-05-10 19:17:52 +00:00
2b3a992a89 Fix SPEC Matej Cepl 2022-05-10 19:14:07 +00:00
42e2453f80 Fix missing item in %%files. Matej Cepl 2022-05-10 17:19:41 +00:00
1c968d4121 - Refresh bluez-devel-vendor.tar.xz - Fix files and handling of new modules. Matej Cepl 2022-05-10 16:49:16 +00:00
5e1455c810 Readjust patches. Matej Cepl 2022-05-10 11:17:42 +00:00
887681833e Rename files to comply with the name of the package Matej Cepl 2022-05-09 15:17:36 +00:00
4cbd00e948 Fix baselibs.conf Matej Cepl 2022-05-09 15:13:18 +00:00
62ccbe2ed8 - Update to pre-release version 3.11.0b1: - PEP 657 – Include Fine-Grained Error Locations in Tracebacks - PEP 654 – Exception Groups and except* - PEP 673 – Self Type - PEP 646 – Variadic Generics - PEP 680– tomllib: Support for Parsing TOML in the Standard Library - PEP 675– Arbitrary Literal String Type - PEP 655– Marking individual TypedDict items as required or potentially-missing - bpo-46752– Introduce task groups to asyncio - The Faster Cpython Project is already yielding some exciting results. Python 3.11 is up to 10-60% faster than Python 3.10. On average, we measured a 1.22x speedup on the standard benchmark suite. See https://docs.python.org/3.11/whatsnew/3.11.html#faster-cpython for details. Matej Cepl 2022-05-09 15:12:55 +00:00
4861b77003 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=2 Matej Cepl 2022-05-09 15:04:49 +00:00

Commit Graph Select branches Hide Pull Requests devel factory Mono Color

Commit Graph

Select branches

Hide Pull Requests

devel

factory