pool/python312
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Update to 3.12.5:

Browse Source 
- Tests
    - gh-59022: Add tests for pkgutil.extend_path(). Patch by
      Andreas Stocker.
    - gh-99242: os.getloadavg() may throw OSError when
      running regression tests under certain conditions (e.g.
      chroot). This error is now caught and ignored, since
      reporting load average is optional.
    - gh-121084: Fix test_typing random leaks. Clear typing ABC
      caches when running tests for refleaks (-R option): call
      _abc_caches_clear() on typing abstract classes and their
      subclasses. Patch by Victor Stinner.
    - gh-121160: Add a test for
      readline.set_history_length(). Note that this test may fail
      on readline libraries.
    - gh-121200: Fix test_expanduser_pwd2() of
      test_posixpath. Call getpwnam() to get pw_dir, since it
      can be different than getpwall() pw_dir. Patch by Victor
      Stinner.
    - gh-121188: When creating the JUnit XML file, regrtest
      now escapes characters which are invalid in XML, such
      as the chr(27) control character used in ANSI escape
      sequences. Patch by Victor Stinner.
  - Security
    - gh-121957: Fixed missing audit events around interactive
      use of Python, now also properly firing for python -i, as
      well as for python -m asyncio. The event in question is
      cpython.run_stdin.
    - gh-122133: Authenticate the socket connection for the
      socket.socketpair() fallback on platforms where AF_UNIX is

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=60
This commit is contained in:
Matej Cepl 2024-08-07 18:22:59 +00:00 committed by Git OBS Bridge
parent 822e5022b5
commit 31e91ac782
10 changed files with 256 additions and 520 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

387
CVE-2024-6923-email-hdr-inject.patch
View File

@ -1,387 +0,0 @@
From e58aec9cbfdebf45ee863eded142358e9e98531d Mon Sep 17 00:00:00 2001
From: Petr Viktorin <encukou@gmail.com>
Date: Wed, 31 Jul 2024 00:19:48 +0200
Subject: [PATCH 1/2] gh-121650: Encode newlines in headers, and verify headers
are sound (GH-122233)
- Encode header parts that contain newlines
Per RFC 2047:
> [...] these encoding schemes allow the
> encoding of arbitrary octet values, mail readers that implement this
> decoding should also ensure that display of the decoded data on the
> recipient's terminal will not cause unwanted side-effects
It seems that the "quoted-word" scheme is a valid way to include
a newline character in a header value, just like we already allow
undecodable bytes or control characters.
They do need to be properly quoted when serialized to text, though.
- Verify that email headers are well-formed
This should fail for custom fold() implementations that aren't careful
about newlines.
Co-authored-by: Bas Bloemsaat <bas@bloemsaat.org>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
(cherry picked from commit 097633981879b3c9de9a1dd120d3aa585ecc2384)
---
Doc/library/email.errors.rst | 7 +++
Doc/library/email.policy.rst | 18 ++++++
Lib/email/_header_value_parser.py | 12 +++-
Lib/email/_policybase.py | 8 +++
Lib/email/errors.py | 4 ++
Lib/email/generator.py | 13 +++-
Lib/test/test_email/test_generator.py | 62 +++++++++++++++++++
Lib/test/test_email/test_policy.py | 26 ++++++++
...-07-27-16-10-41.gh-issue-121650.nf6oc9.rst | 5 ++
9 files changed, 151 insertions(+), 4 deletions(-)
create mode 100644 Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst
diff --git a/Doc/library/email.errors.rst b/Doc/library/email.errors.rst
index 33ab4265116178..f8f43d82a3df2e 100644
--- a/Doc/library/email.errors.rst
+++ b/Doc/library/email.errors.rst
@@ -58,6 +58,13 @@ The following exception classes are defined in the :mod:`email.errors` module:
:class:`~email.mime.nonmultipart.MIMENonMultipart` (e.g.
:class:`~email.mime.image.MIMEImage`).
+
+.. exception:: HeaderWriteError()
+
+ Raised when an error occurs when the :mod:`~email.generator` outputs
+ headers.
+
+
.. exception:: MessageDefect()
This is the base class for all defects found when parsing email messages.
diff --git a/Doc/library/email.policy.rst b/Doc/library/email.policy.rst
index 83feedf728351e..314767d0802a08 100644
--- a/Doc/library/email.policy.rst
+++ b/Doc/library/email.policy.rst
@@ -229,6 +229,24 @@ added matters. To illustrate::
.. versionadded:: 3.6
+
+ .. attribute:: verify_generated_headers
+
+ If ``True`` (the default), the generator will raise
+ :exc:`~email.errors.HeaderWriteError` instead of writing a header
+ that is improperly folded or delimited, such that it would
+ be parsed as multiple headers or joined with adjacent data.
+ Such headers can be generated by custom header classes or bugs
+ in the ``email`` module.
+
+ As it's a security feature, this defaults to ``True`` even in the
+ :class:`~email.policy.Compat32` policy.
+ For backwards compatible, but unsafe, behavior, it must be set to
+ ``False`` explicitly.
+
+ .. versionadded:: 3.13
+
+
The following :class:`Policy` method is intended to be called by code using
the email library to create policy instances with custom settings:
diff --git a/Lib/email/_header_value_parser.py b/Lib/email/_header_value_parser.py
index 7da1bbaf8a80d7..ec2215a5e5f33c 100644
--- a/Lib/email/_header_value_parser.py
+++ b/Lib/email/_header_value_parser.py
@@ -92,6 +92,8 @@
ASPECIALS = TSPECIALS | set("*'%")
ATTRIBUTE_ENDS = ASPECIALS | WSP
EXTENDED_ATTRIBUTE_ENDS = ATTRIBUTE_ENDS - set('%')
+NLSET = {'\n', '\r'}
+SPECIALSNL = SPECIALS | NLSET
def quote_string(value):
return '"'+str(value).replace('\\', '\\\\').replace('"', r'\"')+'"'
@@ -2802,9 +2804,13 @@ def _refold_parse_tree(parse_tree, *, policy):
wrap_as_ew_blocked -= 1
continue
tstr = str(part)
- if part.token_type == 'ptext' and set(tstr) & SPECIALS:
- # Encode if tstr contains special characters.
- want_encoding = True
+ if not want_encoding:
+ if part.token_type == 'ptext':
+ # Encode if tstr contains special characters.
+ want_encoding = not SPECIALSNL.isdisjoint(tstr)
+ else:
+ # Encode if tstr contains newlines.
+ want_encoding = not NLSET.isdisjoint(tstr)
try:
tstr.encode(encoding)
charset = encoding
diff --git a/Lib/email/_policybase.py b/Lib/email/_policybase.py
index 2ec54fbabae83c..5f9aa9fb091fa2 100644
--- a/Lib/email/_policybase.py
+++ b/Lib/email/_policybase.py
@@ -157,6 +157,13 @@ class Policy(_PolicyBase, metaclass=abc.ABCMeta):
message_factory -- the class to use to create new message objects.
If the value is None, the default is Message.
+ verify_generated_headers
+ -- if true, the generator verifies that each header
+ they are properly folded, so that a parser won't
+ treat it as multiple headers, start-of-body, or
+ part of another header.
+ This is a check against custom Header & fold()
+ implementations.
"""
raise_on_defect = False
@@ -165,6 +172,7 @@ class Policy(_PolicyBase, metaclass=abc.ABCMeta):
max_line_length = 78
mangle_from_ = False
message_factory = None
+ verify_generated_headers = True
def handle_defect(self, obj, defect):
"""Based on policy, either raise defect or call register_defect.
diff --git a/Lib/email/errors.py b/Lib/email/errors.py
index 3ad00565549968..02aa5eced6ae46 100644
--- a/Lib/email/errors.py
+++ b/Lib/email/errors.py
@@ -29,6 +29,10 @@ class CharsetError(MessageError):
"""An illegal charset was given."""
+class HeaderWriteError(MessageError):
+ """Error while writing headers."""
+
+
# These are parsing defects which the parser was able to work around.
class MessageDefect(ValueError):
"""Base class for a message defect."""
diff --git a/Lib/email/generator.py b/Lib/email/generator.py
index c8056ad47baa0f..47b9df8f4e6090 100644
--- a/Lib/email/generator.py
+++ b/Lib/email/generator.py
@@ -14,12 +14,14 @@
from copy import deepcopy
from io import StringIO, BytesIO
from email.utils import _has_surrogates
+from email.errors import HeaderWriteError
UNDERSCORE = '_'
NL = '\n' # XXX: no longer used by the code below.
NLCRE = re.compile(r'\r\n|\r|\n')
fcre = re.compile(r'^From ', re.MULTILINE)
+NEWLINE_WITHOUT_FWSP = re.compile(r'\r\n[^ \t]|\r[^ \n\t]|\n[^ \t]')
class Generator:
@@ -222,7 +224,16 @@ def _dispatch(self, msg):
def _write_headers(self, msg):
for h, v in msg.raw_items():
- self.write(self.policy.fold(h, v))
+ folded = self.policy.fold(h, v)
+ if self.policy.verify_generated_headers:
+ linesep = self.policy.linesep
+ if not folded.endswith(self.policy.linesep):
+ raise HeaderWriteError(
+ f'folded header does not end with {linesep!r}: {folded!r}')
+ if NEWLINE_WITHOUT_FWSP.search(folded.removesuffix(linesep)):
+ raise HeaderWriteError(
+ f'folded header contains newline: {folded!r}')
+ self.write(folded)
# A blank line always separates headers from body
self.write(self._NL)
diff --git a/Lib/test/test_email/test_generator.py b/Lib/test/test_email/test_generator.py
index bc6f734d4fd0a9..c75a842c33578e 100644
--- a/Lib/test/test_email/test_generator.py
+++ b/Lib/test/test_email/test_generator.py
@@ -6,6 +6,7 @@
from email.generator import Generator, BytesGenerator
from email.headerregistry import Address
from email import policy
+import email.errors
from test.test_email import TestEmailBase, parameterize
@@ -249,6 +250,44 @@ def test_rfc2231_wrapping_switches_to_default_len_if_too_narrow(self):
g.flatten(msg)
self.assertEqual(s.getvalue(), self.typ(expected))
+ def test_keep_encoded_newlines(self):
+ msg = self.msgmaker(self.typ(textwrap.dedent("""\
+ To: nobody
+ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com
+
+ None
+ """)))
+ expected = textwrap.dedent("""\
+ To: nobody
+ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com
+
+ None
+ """)
+ s = self.ioclass()
+ g = self.genclass(s, policy=self.policy.clone(max_line_length=80))
+ g.flatten(msg)
+ self.assertEqual(s.getvalue(), self.typ(expected))
+
+ def test_keep_long_encoded_newlines(self):
+ msg = self.msgmaker(self.typ(textwrap.dedent("""\
+ To: nobody
+ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com
+
+ None
+ """)))
+ expected = textwrap.dedent("""\
+ To: nobody
+ Subject: Bad subject
+ =?utf-8?q?=0A?=Bcc:
+ injection@example.com
+
+ None
+ """)
+ s = self.ioclass()
+ g = self.genclass(s, policy=self.policy.clone(max_line_length=30))
+ g.flatten(msg)
+ self.assertEqual(s.getvalue(), self.typ(expected))
+
class TestGenerator(TestGeneratorBase, TestEmailBase):
@@ -273,6 +312,29 @@ def test_flatten_unicode_linesep(self):
g.flatten(msg)
self.assertEqual(s.getvalue(), self.typ(expected))
+ def test_verify_generated_headers(self):
+ """gh-121650: by default the generator prevents header injection"""
+ class LiteralHeader(str):
+ name = 'Header'
+ def fold(self, **kwargs):
+ return self
+
+ for text in (
+ 'Value\r\nBad Injection\r\n',
+ 'NoNewLine'
+ ):
+ with self.subTest(text=text):
+ message = message_from_string(
+ "Header: Value\r\n\r\nBody",
+ policy=self.policy,
+ )
+
+ del message['Header']
+ message['Header'] = LiteralHeader(text)
+
+ with self.assertRaises(email.errors.HeaderWriteError):
+ message.as_string()
+
class TestBytesGenerator(TestGeneratorBase, TestEmailBase):
diff --git a/Lib/test/test_email/test_policy.py b/Lib/test/test_email/test_policy.py
index c6b9c80efe1b54..baa35fd68e49c5 100644
--- a/Lib/test/test_email/test_policy.py
+++ b/Lib/test/test_email/test_policy.py
@@ -26,6 +26,7 @@ class PolicyAPITests(unittest.TestCase):
'raise_on_defect': False,
'mangle_from_': True,
'message_factory': None,
+ 'verify_generated_headers': True,
}
# These default values are the ones set on email.policy.default.
# If any of these defaults change, the docs must be updated.
@@ -294,6 +295,31 @@ def test_short_maxlen_error(self):
with self.assertRaises(email.errors.HeaderParseError):
policy.fold("Subject", subject)
+ def test_verify_generated_headers(self):
+ """Turning protection off allows header injection"""
+ policy = email.policy.default.clone(verify_generated_headers=False)
+ for text in (
+ 'Header: Value\r\nBad: Injection\r\n',
+ 'Header: NoNewLine'
+ ):
+ with self.subTest(text=text):
+ message = email.message_from_string(
+ "Header: Value\r\n\r\nBody",
+ policy=policy,
+ )
+ class LiteralHeader(str):
+ name = 'Header'
+ def fold(self, **kwargs):
+ return self
+
+ del message['Header']
+ message['Header'] = LiteralHeader(text)
+
+ self.assertEqual(
+ message.as_string(),
+ f"{text}\nBody",
+ )
+
# XXX: Need subclassing tests.
# For adding subclassed objects, make sure the usual rules apply (subclass
# wins), but that the order still works (right overrides left).
diff --git a/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst b/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst
new file mode 100644
index 00000000000000..83dd28d4ac575b
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst
@@ -0,0 +1,5 @@
+:mod:`email` headers with embedded newlines are now quoted on output. The
+:mod:`~email.generator` will now refuse to serialize (write) headers that
+are unsafely folded or delimited; see
+:attr:`~email.policy.Policy.verify_generated_headers`. (Contributed by Bas
+Bloemsaat and Petr Viktorin in :gh:`121650`.)
From 7e3b0413643c574ce42b8a1e2c48a1fb0f45d385 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <encukou@gmail.com>
Date: Fri, 2 Aug 2024 11:28:33 +0200
Subject: [PATCH 2/2] Document changes as made in 3.12.5
---
Doc/library/email.policy.rst | 2 +-
Doc/whatsnew/3.12.rst | 17 +++++++++++++++++
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/Doc/library/email.policy.rst b/Doc/library/email.policy.rst
index 314767d0802a08..51d65dc5ba94ee 100644
--- a/Doc/library/email.policy.rst
+++ b/Doc/library/email.policy.rst
@@ -244,7 +244,7 @@ added matters. To illustrate::
For backwards compatible, but unsafe, behavior, it must be set to
``False`` explicitly.
- .. versionadded:: 3.13
+ .. versionadded:: 3.12.5
The following :class:`Policy` method is intended to be called by code using
diff --git a/Doc/whatsnew/3.12.rst b/Doc/whatsnew/3.12.rst
index 8ed3b3c6f2387c..98d5b7a2c62b73 100644
--- a/Doc/whatsnew/3.12.rst
+++ b/Doc/whatsnew/3.12.rst
@@ -2260,3 +2260,20 @@ ipaddress
* Fixed ``is_global`` and ``is_private`` behavior in ``IPv4Address``,
``IPv6Address``, ``IPv4Network`` and ``IPv6Network``.
+
+
+Notable changes in 3.12.5
+=========================
+
+email
+-----
+
+
+* Headers with embedded newlines are now quoted on output.
+
+ The :mod:`~email.generator` will now refuse to serialize (write) headers
+ that are improperly folded or delimited, such that they would be parsed as
+ multiple headers or joined with adjacent data.
+ If you need to turn this safety feature off,
+ set :attr:`~email.policy.Policy.verify_generated_headers`.
+ (Contributed by Bas Bloemsaat and Petr Viktorin in :gh:`121650`.)

3
Python-3.12.4.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f6d419a6d8743ab26700801b4908d26d97e8b986e14f95de31b32de2b0e79554
size 20659356

18
Python-3.12.4.tar.xz.asc
View File

@ -1,18 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmZiK0BfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx
Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6
YwXdxg/6A5E54ST8gUxcgC6dsX2mOou/AgtzEiql1azbtK0U6p6v/uZ3JACq4iF2
5SeXCYIq2Aum+f3FcmZ1gPAhCdSaHUl9i5oJvidW2AOz7E3Q81Kutdu+pKfv8Cwr
srhKBij5EQQH8rSLKK5fWDcoYgS26UQnBISrVb8ye5KC+mU1x0ek49jeRjS3ixim
+/jyRK/MStIjQAqeFMzQgathynYM5DtDEu71QATIWQZ/h78mpBCdrQutXMs10zf8
fuXI6RP/vkh7q5IUg2KFZaUavPPPMUKJZnYAaTn3JbNXkASuliEyBDzXPhl+/t17
RxzmlM+foXqxLXmupouRilZE73X7tKI4y1MbFUklFIsZlt+7uyXxAbwIZd3zJQrM
GITttH4tx4q1htZ/G1l6cS99AYUmoZp7rJwgKkiH40W9C+6ye2O2zAk6cEi1796t
RXEUpGupws3/XMofKJ23mE1FGwhcTWvoFgrth5ZM5Ig3A2rb5KIJIbMdEmOOiHV7
CZ62N29fszwdxtErLpEStv5pZdV8zenucC6FtonyLX47v1VOd+3fyw65SvVXlblp
jeXCDWfhZZpnXw5d++y4kTxiQk8VUgTezB8uQ9Z/gNtdvYxWy8SXXcJoFofOCgo2
/nLLzlJyRAoAFAXIgyZqdkG+8ZPWTH/Tfxg9UYKKXMcSYqak2EU=
=x5Pr
-----END PGP SIGNATURE-----

3
Python-3.12.5.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fa8a2e12c5e620b09f53e65bcd87550d2e5a1e2e04bf8ba991dcc55113876397
size 20422396

18
Python-3.12.5.tar.xz.asc Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmayiFtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx
Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6
YwUr4g//VyVs9tvbtiSp8pGe8f1gYErEw54r124sL/CBuNii8Irts1j5ymGxcm+l
hshPK5UlqRnhd5dCJWFTvLTXa5Ko2R1L3JyyxfGd1hmDuMhrWsDHijI0R7L/mGM5
6X2LTaadBVNvk8HaNKvR8SEWvo68rdnOuYElFA9ir7uqwjO26ZWz9FfH80YDGwo8
Blef2NYw8rNhiaZMFV0HYV7D+YyUAZnFNfW8M7Fd4oskUyj1tD9J89T9FFLYN09d
BcCIf+EdiEfqRpKxH89bW2g52kDrm4jYGONtpyF8eruyS3YwYSbvbuWioBYKmlxC
s51mieXz6G325GTZnmPxLek3ywPv6Gil9y0wH3fIr2BsWsmXust4LBpjDGt56Fy6
seokGBg8xzsBSk3iEqNoFmNsy/QOiuCcDejX4XqBDNodOlETQPJb07TkTI2iOmg9
NG4Atiz1HvGVxK68UuK9IIcNHyaWUmH8h4VQFGvc6KV6feP5Nm21Y12PZ5XIqJBO
Y8M/VJIJ5koaNPQfnBbbI5YBkUr4BVpIXIpY5LM/L5sUo2C3R7hMi0VGK88HGfSQ
KV4JmZgf6RMBNmrWY12sryS1QQ6q3P110GTUGQWB3sxxNbhmfcrK+4viqHc83yDz
ifmk33HuqaQGU7OzUMHeNcoCJIPo3H1FpoHOn9wLLCtA1pT+as4=
=t0Rk
-----END PGP SIGNATURE-----

37
bso1227999-reproducible-builds.patch
View File

@ -1,37 +0,0 @@
From ac2b8869724d7a57d9b5efbdce2f20423214e8bb Mon Sep 17 00:00:00 2001
From: "Bernhard M. Wiedemann" <bwiedemann@suse.de>
Date: Tue, 16 Jul 2024 21:39:33 +0200
Subject: [PATCH] Allow to override build date with SOURCE_DATE_EPOCH
to make builds reproducible.
See https://reproducible-builds.org/ for why this is good
and https://reproducible-builds.org/specs/source-date-epoch/
for the definition of this variable.
---
Doc/conf.py | 3 ++-
Doc/library/functions.rst | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
--- a/Doc/conf.py
+++ b/Doc/conf.py
@@ -316,7 +316,8 @@ html_context = {
}
# This 'Last updated on:' timestamp is inserted at the bottom of every page.
-html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime())
+html_time = int(os.environ.get('SOURCE_DATE_EPOCH', time.time()))
+html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime(html_time))
# Path to find HTML templates.
templates_path = ['tools/templates']
--- a/Doc/library/functions.rst
+++ b/Doc/library/functions.rst
@@ -1356,7 +1356,7 @@ are always available. They are listed h
(where :func:`open` is declared), :mod:`os`, :mod:`os.path`, :mod:`tempfile`,
and :mod:`shutil`.
- .. audit-event:: open file,mode,flags open
+ .. audit-event:: open path,mode,flags open
The ``mode`` and ``flags`` arguments may have been modified or inferred from
the original call.

64
docs-docutils_014-Sphinx_420.patch
View File

@ -1,32 +1,32 @@
---
Doc/tools/extensions/c_annotations.py | 6 +++++-
Doc/tools/extensions/glossary_search.py | 12 ++++++++++--
Doc/tools/extensions/pyspecific.py | 13 ++++++++++---
3 files changed, 25 insertions(+), 6 deletions(-)
Doc/tools/extensions/pyspecific.py | 5 ++++-
3 files changed, 19 insertions(+), 4 deletions(-)
--- a/Doc/tools/extensions/c_annotations.py
+++ b/Doc/tools/extensions/c_annotations.py
@@ -84,7 +84,11 @@ class Annotations:
self.stable_abi_data[name] = record
def add_annotations(self, app, doctree):
- for node in doctree.findall(addnodes.desc_content):
+ try:
+ findall = doctree.findall
+ except AttributeError:
+ findall = doctree.traverse
+ for node in findall(addnodes.desc_content):
par = node.parent
if par['domain'] != 'c':
continue
@@ -118,7 +118,11 @@ def add_annotations(app: Sphinx, doctree
state = app.env.domaindata["c_annotations"]
refcount_data = state["refcount_data"]
stable_abi_data = state["stable_abi_data"]
- for node in doctree.findall(addnodes.desc_content):
+ try:
+ findall = doctree.findall
+ except AttributeError:
+ findall = doctree.traverse
+ for node in findall(addnodes.desc_content):
par = node.parent
if par["domain"] != "c":
continue
--- a/Doc/tools/extensions/glossary_search.py
+++ b/Doc/tools/extensions/glossary_search.py
@@ -25,8 +25,16 @@ def process_glossary_nodes(app, doctree,
terms = {}
@@ -30,8 +30,16 @@ def process_glossary_nodes(
else:
terms = app.env.glossary_terms = {}
- for node in doctree.findall(glossary):
- for glossary_item in node.findall(definition_list_item):
- for glossary_item in node.findall(nodes.definition_list_item):
+ try:
+ findall = doctree.findall
+ except AttributeError:
@ -37,8 +37,8 @@
+ except AttributeError:
+ node_findall = node.traverse
+ for glossary_item in node_findall(definition_list_item):
term = glossary_item[0].astext().lower()
definition = glossary_item[1]
term = glossary_item[0].astext()
definition = glossary_item[-1]
--- a/Doc/tools/extensions/pyspecific.py
+++ b/Doc/tools/extensions/pyspecific.py
@ -54,25 +54,3 @@
ISSUE_URI = 'https://bugs.python.org/issue?@action=redirect&bpo=%s'
@@ -604,7 +607,11 @@ def parse_monitoring_event(env, sig, sig
def process_audit_events(app, doctree, fromdocname):
- for node in doctree.findall(audit_event_list):
+ try:
+ findall = doctree.findall
+ except AttributeError:
+ findall = doctree.traverse
+ for node in findall(audit_event_list):
break
else:
return
@@ -663,7 +670,7 @@ def process_audit_events(app, doctree, f
body += row
- for node in doctree.findall(audit_event_list):
+ for node in findall(audit_event_list):
node.replace_self(table)

14
fix_configure_rst.patch
View File

@ -3,10 +3,8 @@
Misc/NEWS | 2 +-
2 files changed, 1 insertion(+), 3 deletions(-)
Index: Python-3.12.4/Doc/using/configure.rst
===================================================================
--- Python-3.12.4.orig/Doc/using/configure.rst
+++ Python-3.12.4/Doc/using/configure.rst
--- a/Doc/using/configure.rst
+++ b/Doc/using/configure.rst
@@ -640,13 +640,11 @@ macOS Options
See ``Mac/README.rst``.
@ -21,11 +19,9 @@ Index: Python-3.12.4/Doc/using/configure.rst
.. option:: --enable-framework=INSTALLDIR
Create a Python.framework rather than a traditional Unix install. Optional
Index: Python-3.12.4/Misc/NEWS
===================================================================
--- Python-3.12.4.orig/Misc/NEWS
+++ Python-3.12.4/Misc/NEWS
@@ -13734,7 +13734,7 @@ C API
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -13832,7 +13832,7 @@ C API
- bpo-40939: Removed documentation for the removed ``PyParser_*`` C API.
- bpo-43795: The list in :ref:`limited-api-list` now shows the public name

224
python312.changes
View File

@ -1,9 +1,214 @@
-------------------------------------------------------------------
Wed Aug 7 18:05:57 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
- Update to 3.12.5:
- Tests
- gh-59022: Add tests for pkgutil.extend_path(). Patch by
Andreas Stocker.
- gh-99242: os.getloadavg() may throw OSError when
running regression tests under certain conditions (e.g.
chroot). This error is now caught and ignored, since
reporting load average is optional.
- gh-121084: Fix test_typing random leaks. Clear typing ABC
caches when running tests for refleaks (-R option): call
_abc_caches_clear() on typing abstract classes and their
subclasses. Patch by Victor Stinner.
- gh-121160: Add a test for
readline.set_history_length(). Note that this test may fail
on readline libraries.
- gh-121200: Fix test_expanduser_pwd2() of
test_posixpath. Call getpwnam() to get pw_dir, since it
can be different than getpwall() pw_dir. Patch by Victor
Stinner.
- gh-121188: When creating the JUnit XML file, regrtest
now escapes characters which are invalid in XML, such
as the chr(27) control character used in ANSI escape
sequences. Patch by Victor Stinner.
- Security
- gh-121957: Fixed missing audit events around interactive
use of Python, now also properly firing for python -i, as
well as for python -m asyncio. The event in question is
cpython.run_stdin.
- gh-122133: Authenticate the socket connection for the
socket.socketpair() fallback on platforms where AF_UNIX is
not available like Windows.
- Patch by Gregory P. Smith <greg@krypto.org> and Seth Larson
<seth@python.org>. Reported by Ellie <el@horse64.org>
- Library
- gh-122744: Bump the version of pip bundled in ensurepip to
version 24.2.
- gh-122334: Fix crash when importing ssl after the main
interpreter restarts.
- gh-87320: In code.InteractiveInterpreter, handle exceptions
caused by calling a non-default sys.excepthook(). Before,
the exception bubbled up to the caller, ending the REPL.
- gh-122400: Handle ValueErrors raised by os.stat() in
filecmp.dircmp and filecmp.cmpfiles(). Patch by Bénédikt
Tran.
- gh-122311: Fix some error messages in pickle.
- gh-121650: email headers with embedded newlines are
now quoted on output. The generator will now refuse to
serialize (write) headers that are unsafely folded or
delimited; see verify_generated_headers. (Contributed by
Bas Bloemsaat and Petr Viktorin in gh-121650; bsc#1228780,
CVE-2024-6923).
- gh-122332: Fixed segfault with asyncio.Task.get_coro() when
using an eager task factory.
- gh-122170: Handle ValueErrors raised by os.stat() in
linecache. Patch by Bénédikt Tran.
- gh-121723: Make logging.config.dictConfig() accept any
object implementing the Queue public API. See the queue
configuration section for details. Patch by Bénédikt Tran.
- gh-82951: Serializing objects with complex __qualname__
(such as unbound methods and nested classes) by name no
longer involves serializing parent objects by value in
pickle protocols < 4.
- gh-120930: Fixed a bug introduced by gh-92081 that added an
incorrect extra blank to encoded words occurring in wrapped
headers.
- gh-121474: Fix missing sanity check for parties arg in
threading.Barrier constructor. Patch by Clinton Christian
(pygeek).
- gh-121025: Improve the __repr__() of
functools.partialmethod. Patch by Bénédikt Tran.
- gh-121018: Fixed issues where
argparse.ArgumentParser.parse_args() did not honor
exit_on_error=False. Based on patch by Ben Hsing.
- gh-119614: Fix truncation of strings with embedded null
characters in some internal operations in tkinter.
- gh-120910: When reading installed files from an egg, use
relative_to(walk_up=True) to honor files installed outside
of the installation root.
- gh-101830: Accessing the tkinter objects string
representation no longer converts the underlying Tcl object
to a string on Windows.
- gh-120811: Fix possible memory leak in
contextvars.Context.run().
- gh-120769: Make empty line in pdb repeats the last command
even when the command is from cmdqueue.
- gh-120732: Fix name passing to unittest.mock.Mock object
when using unittest.mock.create_autospec().
- gh-120495: Fix incorrect exception handling in Tab
Nanny. Patch by Wulian233.
- gh-120343: Fix column offset reporting for tokens that come
after multiline f-strings in the tokenize module.
- gh-119600: Fix unittest.mock.patch() to not read attributes
of the target when new_callable is set. Patch by Robert
Collins.
- gh-120289: Fixed the use-after-free issue in cProfile by
disallowing disable() and clear() in external timers.
- gh-114053: Fix edge-case bug where typing.get_type_hints()
would produce incorrect results if type parameters in a
class scope were overridden by assignments in a class scope
and from __future__ import annotations semantics were
enabled. Patch by Alex Waygood.
- gh-114053: Fix erroneous NameError when calling
inspect.get_annotations() with eval_str=True` on a class
that made use of PEP 695 type parameters in a module that
had from __future__ import annotations at the top of the
file. Patch by Alex Waygood.
- gh-120268: Prohibit passing None to pure-Python
datetime.date.fromtimestamp() to achieve consistency with
C-extension implementation.
- gh-120244: Fix memory leak in re.sub() when the replacement
string contains backreferences.
- gh-120211: Fix tkinter.ttk with Tcl/Tk 9.0.
- gh-71587: Fix crash in C version of
datetime.datetime.strptime() when called again on the
restarted interpreter.
- gh-117983: Defer the threading import in importlib.util
until lazy loading is used.
- gh-119698: Fix symtable.Class.get_methods() and document
its behaviour. Patch by Bénédikt Tran.
- gh-120121: Add concurrent.futures.InvalidStateError to
modules __all__.
- gh-112672: Support building tkinter with Tcl 9.0.
- gh-65454: unittest.mock.Mock.attach_mock() no longer
triggers a call to a PropertyMock being attached.
- gh-81936: help() and showtopic() methods now respect a
configured output argument to pydoc.Helper and not use the
pager in such cases. Patch by Enrico Tröger.
- gh-119577: The DeprecationWarning emitted when testing
the truth value of an xml.etree.ElementTree.Element now
describes unconditionally returning True in a future
version rather than raising an exception in Python 3.14.
- gh-119506: Fix io.TextIOWrapper.write() method breaks
internal buffer when the method is called again during
flushing internal buffer.
- gh-119189: When using the ** operator or pow() with
Fraction as the base and an exponent that is not rational,
a float, or a complex, the fraction is no longer converted
to a float.
- gh-105623: Fix performance degradation in
logging.handlers.RotatingFileHandler. Patch by Craig
Robson.
- bpo-39324: Add mime type mapping for .md <-> text/markdown
- IDLE
- gh-122482: Change About IDLE to direct users to
discuss.python.org instead of the now unused idle-dev email
and mailing list.
- gh-78889: Stop Shell freezes by blocking user access to
non-method sys.stdout.shell attributes, which are all
private.
- gh-120104: Fix padding in config and search dialog windows
in IDLE.
- Documentation
- gh-121749: Fix documentation for PyModule_AddObjectRef().
- gh-120012: Clarify the behaviours of
multiprocessing.Queue.empty() and
multiprocessing.SimpleQueue.empty() on closed queues. Patch
by Bénédikt Tran.
- gh-121871: Documentation HTML varies from timestamp. Patch by
Bernhard M. Wiedemann (bsc#1227999).
- Core and Builtins
- gh-122208: Dictionary watchers now only deliver the
PyDict_EVENT_ADDED event when the insertion is in a known
good state to succeed.
- gh-122300: Preserve AST nodes for f-string with
single-element format specifiers. Patch by Pablo Galindo
- gh-122029: Emit c_call events in sys.setprofile() when a
PyMethodObject pointing to a PyCFunction is called.
- gh-122026: Fix a bug that caused the tokenizer to not
correctly identify mismatched parentheses inside f-strings
in some situations. Patch by Pablo Galindo
- gh-121657: Improve the SyntaxError message if the user
tries to use yield from outside a function.
- gh-117482: Unexpected slot wrappers are no longer created
for builtin static types in subinterpreters.
- gh-121439: Allow tuples of length 20 in the freelist to be
reused.
- gh-121130: Fix f-strings with debug expressions in format
specifiers. Patch by Pablo Galindo
- gh-120722: Correctly set the bytecode position on return
instructions within lambdas. Patch by Jelle Zijlstra.
- gh-120384: Fix an array out of bounds crash in
list_ass_subscript, which could be invoked via some
specificly tailored input: including concurrent
modification of a list object, where one thread assigns a
slice and another clears it.
- gh-120380: Fix Python implementation of pickle.Pickler for
bytes and bytearray objects when using protocol version
5. Patch by Bénédikt Tran.
- gh-93691: Fix source locations of instructions generated
for the iterator of a for statement.
- gh-120198: Fix a crash when multiple threads read and write
to the same __class__ of an object concurrently.
- gh-120298: Fix use-after free in list_richcompare_impl
which can be invoked via some specificly tailored evil
input.
- gh-119666: Fix a compiler crash in the case where two
comprehensions in class scope both reference __class__.
- bpo-24766: Fix handling of doc argument to subclasses of
property.
- Build
- gh-120671: Fix failing configure tests due to a missing
space when appending to CFLAGS.
- gh-115983: Skip building test modules that must be built as
shared under WASI.
-------------------------------------------------------------------
Wed Aug 7 13:40:44 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
- Add CVE-2024-6923-email-hdr-inject.patch to prevent email
header injection due to unquoted newlines (bsc#1228780,
CVE-2024-6923).
- %{profileopt} variable is set according to the variable
%{do_profiling} (bsc#1227999)
- Update bluez-devel-vendor.tar.xz
@ -14,19 +219,6 @@ Mon Jul 22 21:20:55 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
- Remove %suse_update_desktop_file macro as it is not useful any
more.
-------------------------------------------------------------------
Thu Jul 18 22:37:07 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999
adding reproducibility patches from gh#python/cpython!121872
and gh#python/cpython!121883.
-------------------------------------------------------------------
Mon Jul 15 12:14:05 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
-------------------------------------------------------------------
Thu Jul 4 16:04:05 UTC 2024 - Matej Cepl <mcepl@cepl.eu>

8
python312.spec
View File

@ -110,7 +110,7 @@
# _md5.cpython-38m-x86_64-linux-gnu.so
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
Name: %{python_pkg_name}%{psuffix}
Version: 3.12.4
Version: 3.12.5
Release: 0
Summary: Python 3 Interpreter
License: Python-2.0
@ -186,12 +186,6 @@ Patch40: fix-test-recursion-limit-15.6.patch
# PATCH-FIX-SLE docs-docutils_014-Sphinx_420.patch bsc#[0-9]+ mcepl@suse.com
# related to gh#python/cpython#119317
Patch41: docs-docutils_014-Sphinx_420.patch
# PATCH-FIX-UPSTREAM CVE-2024-6923-email-hdr-inject.patch bsc#1228780 mcepl@suse.com
# prevent email header injection, patch from gh#python/cpython!122608
Patch42: CVE-2024-6923-email-hdr-inject.patch
# PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 mcepl@suse.com
# reproducibility patches
Patch43: bso1227999-reproducible-builds.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes