CVE-2023-27043-email-parsing-errors.patch, which rejects
malformed addresses in email.parseaddr() (gh#python/cpython!111116)
Detect email address parsing errors and return empty tuple to
indicate the parsing error (old API). Add an optional 'strict'
parameter to getaddresses() and parseaddr() functions. Patch by
Thomas Dwyer.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=33
- Update to 3.12.2:
- Security
- gh-113659: Skip .pth files with names starting with a dot or
hidden file attribute.
- Core and Builtins
- gh-114887: Changed socket type validation in
create_datagram_endpoint() to accept all non-stream sockets.
This fixes a regression in compatibility with raw sockets.
- gh-114388: Fix a RuntimeWarning emitted when assign an
integer-like value that is not an instance of int to an
attribute that corresponds to a C struct member of type T_UINT
and T_ULONG. Fix a double RuntimeWarning emitted when assign a
negative integer value to an attribute that corresponds to a C
struct member of type T_UINT.
- gh-113703: Fix a regression in the codeop module that was
causing it to incorrectly identify incomplete f-strings. Patch
by Pablo Galindo
- gh-89811: Check for a valid tp_version_tag before performing
bytecode specializations that rely on this value being usable.
- gh-113602: Fix an error that was causing the parser to try to
overwrite existing errors and crashing in the process. Patch by
Pablo Galindo
- gh-113297: Fix segfault in the compiler on with statement with
19 context managers.
- gh-106905: Use per AST-parser state rather than global state to
track recursion depth within the AST parser to prevent potential
race condition due to simultaneous parsing.
- The issue primarily showed up in 3.11 by multithreaded users of
ast.parse(). In 3.12 a change to when garbage collection can be
triggered prevented the race condition from occurring.
- gh-112943: Correctly compute end column offsets for multiline
tokens in the tokenize module. Patch by Pablo Galindo
- gh-112716: Fix SystemError in the import statement and in
__reduce__() methods of builtin types when __builtins__ is not a
dict.
- gh-94606: Fix UnicodeEncodeError when
email.message.get_payload() reads a message with a Unicode
surrogate character and the message content is not well-formed
for surrogateescape encoding. Patch by Sidney Markowitz.
- Library
- gh-114965: Update bundled pip to 24.0
- gh-114959: tarfile no longer ignores errors when trying to
extract a directory on top of a file.
- gh-109475: Fix support of explicit option value “–” in argparse
(e.g. --option=--).
- gh-110190: Fix ctypes structs with array on Windows ARM64
platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by
Diego Russo
- gh-113280: Fix a leak of open socket in rare cases when error
occurred in ssl.SSLSocket creation.
- gh-77749: email.policy.EmailPolicy.fold() now always encodes
non-ASCII characters in headers if utf8 is false.
- gh-114492: Make the result of termios.tcgetattr() reproducible
on Alpine Linux. Previously it could leave a random garbage in
some fields.
- gh-113267: Revert changes in gh-106584 which made calls of
TestResult methods startTest() and stopTest() unbalanced.
- gh-75128: Ignore an OSError in
asyncio.BaseEventLoop.create_server() when IPv6 is available but
the interface cannot actually support it.
- gh-114257: Dismiss the FileNotFound error in
ctypes.util.find_library() and just return None on Linux.
- gh-114328: The tty.setcbreak() and new tty.cfmakecbreak() no
longer clears the terminal input ICRLF flag. This fixes a
regression introduced in 3.12 that no longer matched how OSes
define cbreak mode in their stty(1) manual pages.
- gh-101438: Avoid reference cycle in ElementTree.iterparse. The
iterator returned by ElementTree.iterparse may hold on to a file
descriptor. The reference cycle prevented prompt clean-up of the
file descriptor if the returned iterator was not exhausted.
- gh-104522: OSError raised when run a subprocess now only has
filename attribute set to cwd if the error was caused by a
failed attempt to change the current directory.
- gh-114149: Enum: correctly handle tuple subclasses in custom
__new__.
- gh-109534: Fix a reference leak in
asyncio.selector_events.BaseSelectorEventLoop when SSL
handshakes fail. Patch contributed by Jamie Phan.
- gh-114077: Fix possible OverflowError in
socket.socket.sendfile() when pass count larger than 2 GiB on
32-bit platform.
- gh-114014: Fixed a bug in fractions.Fraction where an invalid
string using d in the decimals part creates a different error
compared to other invalid letters/characters. Patch by Jeremiah
Gabriel Pascual.
- gh-113951: Fix the behavior of tag_unbind() methods of
tkinter.Text and tkinter.Canvas classes with three arguments.
Previously, widget.tag_unbind(tag, sequence, funcid) destroyed
the current binding for sequence, leaving sequence unbound, and
deleted the funcid command. Now it removes only funcid from the
binding for sequence, keeping other commands, and deletes the
funcid command. It leaves sequence unbound only if funcid was
the last bound command.
- gh-113877: Fix tkinter method winfo_pathname() on 64-bit
Windows.
- gh-113661: unittest runner: Don’t exit 5 if tests were skipped.
The intention of exiting 5 was to detect issues where the test
suite wasn’t discovered at all. If we skipped tests, it was
correctly discovered.
- gh-113781: Silence unraisable AttributeError when warnings are
emitted during Python finalization.
- gh-112932: Restore the ability for zipfile to extractall from
zip files with a “/” directory entry in them as is commonly
added to zips by some wiki or bug tracker data exporters.
- gh-113594: Fix UnicodeEncodeError in email when re-fold lines
that contain unknown-8bit encoded part followed by
non-unknown-8bit encoded part.
- gh-113538: In asyncio.StreamReaderProtocol.connection_made(),
there is callback that logs an error if the task wrapping the
“connected callback” fails. This callback would itself fail if
the task was cancelled. Prevent this by checking whether the
task was cancelled first. If so, close the transport but don’t
log an error.
- gh-85567: Fix resource warnings for unclosed files in pickle and
pickletools command line interfaces.
- gh-101225: Increase the backlog for
multiprocessing.connection.Listener objects created by
multiprocessing.manager and multiprocessing.resource_sharer to
significantly reduce the risk of getting a connection refused
error when creating a multiprocessing.connection.Connection to
them.
- gh-113543: Make sure that webbrowser.MacOSXOSAScript sends
webbrowser.open audit event.
- gh-113028: When a second reference to a string appears in the
input to pickle, and the Python implementation is in use, we are
guaranteed that a single copy gets pickled and a single object
is shared when reloaded. Previously, in protocol 0, when a
string contained certain characters (e.g. newline) it resulted
in duplicate objects.
- gh-113421: Fix multiprocessing logger for %(filename)s.
- gh-111784: Fix segfaults in the _elementtree module. Fix first
segfault during deallocation of _elementtree.XMLParser instances
by keeping strong reference to pyexpat module in module state
for capsule lifetime. Fix second segfault which happens in the
same deallocation process by keeping strong reference to
_elementtree module in XMLParser structure for _elementtree
module lifetime.
- gh-113407: Fix import of unittest.mock when CPython is built
without docstrings.
- gh-113320: Fix regression in Python 3.12 where Protocol classes
that were not marked as runtime-checkable would be unnecessarily
introspected, potentially causing exceptions to be raised if the
protocol had problematic members. Patch by Alex Waygood.
- gh-113358: Fix rendering tracebacks for exceptions with a broken
__getattr__.
- gh-113214: Fix an AttributeError during asyncio SSL protocol
aborts in SSL-over-SSL scenarios.
- gh-113246: Update bundled pip to 23.3.2.
- gh-113199: Make http.client.HTTPResponse.read1 and
http.client.HTTPResponse.readline close IO after reading all
data when content length is known. Patch by Illia Volochii.
- gh-113188: Fix shutil.copymode() and shutil.copystat() on
Windows. Previously they worked differenly if dst is a symbolic
link: they modified the permission bits of dst itself rather
than the file it points to if follow_symlinks is true or src is
not a symbolic link, and did not modify the permission bits if
follow_symlinks is false and src is a symbolic link.
- gh-61648: Detect line numbers of properties in doctests.
- gh-112559: signal.signal() and signal.getsignal() no longer call
repr on callable handlers. asyncio.run() and
asyncio.Runner.run() no longer call repr on the task results.
Patch by Yilei Yang.
- gh-110190: Fix ctypes structs with array on PPC64LE platform by
setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo.
- gh-79429: Ignore FileNotFoundError when remove a temporary
directory in the multiprocessing finalizer.
- gh-81194: Fix a crash in socket.if_indextoname() with specific
value (UINT_MAX). Fix an integer overflow in
socket.if_indextoname() on 64-bit non-Windows platforms.
- gh-112343: Improve handling of pdb convenience variables to
avoid replacing string contents.
- gh-111615: Fix a regression caused by a fix to gh-93162 whereby
you couldn’t configure a QueueHandler without specifying
handlers.
- gh-111049: Fix crash during garbage collection of the io.BytesIO
buffer object.
- gh-110345: Show the Tcl/Tk patchlevel (rather than version) in
tkinter._test().
- gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now
raises BadZipFile when try to read an entry that overlaps with
other entry or central directory.
- gh-114440: On Windows, closing the connection writer when
cleaning up a broken multiprocessing.Queue queue is now done for
all queues, rather than only in concurrent.futures manager
thread. This can prevent a deadlock when a multiprocessing
worker process terminates without cleaning up. This completes
the backport of patches by Victor Stinner and Serhiy Storchaka.
- gh-38807: Fix race condition in trace. Instead of checking if a
directory exists and creating it, directly call os.makedirs()
with the kwarg exist_ok=True.
- gh-75705: Set unixfrom envelope in mailbox.mbox and
mailbox.MMDF.
- gh-106233: Fix stacklevel in InvalidTZPathWarning during
zoneinfo module import.
- gh-105102: Allow ctypes.Union to be nested in ctypes.Structure
when the system endianness is the opposite of the classes.
- gh-104282: Fix null pointer dereference in
lzma._decode_filter_properties() due to improper handling of BCJ
filters with properties of zero length. Patch by Radislav
Chugunov.
- gh-102512: When os.fork() is called from a foreign thread (aka
_DummyThread), the type of the thread in a child process is
changed to _MainThread. Also changed its name and daemonic
status, it can be now joined.
- bpo-35928: io.TextIOWrapper now correctly handles the decoding
buffer after read() and write().
- bpo-26791: shutil.move() now moves a symlink into a directory
when that directory is the target of the symlink. This provides
the same behavior as the mv shell command. The previous behavior
raised an exception. Patch by Jeffrey Kintscher.
- bpo-36959: Fix some error messages for invalid ISO format string
combinations in strptime() that referred to directives not
contained in the format string. Patch by Gordon P. Hemsley.
- bpo-18060: Fixed a class inheritance issue that can cause
segfaults when deriving two or more levels of subclasses from a
base class of Structure or Union.
- Documentation
- gh-110746: Improved markup for valid options/values for methods
ttk.treeview.column and ttk.treeview.heading, and for Layouts.
- gh-95649: Document that the asyncio module contains code taken
from v0.16.0 of the uvloop project, as well as the required MIT
licensing information.
- Tests
- gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS,
where system tar can include more information in the archive
than shutil.make_archive.
- gh-105089: Fix
test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write
test in AIX by doing a bitwise AND of 0xFFFF on mode , so that
it will be in sync with zinfo.external_attr
- bpo-40648: Test modes that file can get with chmod() on Windows.
- Build
- gh-112305: Fixed the check-clean-src step performed on out of
tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h
files and recommend appropriate source tree cleanup steps to get
a working build again.
- gh-112867: Fix the build for the case that
WITH_PYMALLOC_RADIX_TREE=0 set.
- bpo-11102: The os.major(), os.makedev(), and os.minor()
functions are now available on HP-UX v3.
- bpo-36351: Do not set ipv6type when cross-compiling.
- IDLE
- gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and
‘object’.
- gh-72284: Improve the lists of features, editor key bindings,
and shell key bingings in the IDLE doc.
- gh-113903: Fix rare failure of test.test_idle, in
test_configdialog.
- gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and
3.12.1.
- gh-113269: Fix test_editor hang on macOS Catalina.
- gh-112898: Fix processing unsaved files when quitting IDLE on
macOS.
- gh-103820: Revise IDLE bindings so that events from mouse button
4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not
mistaken for scrolling.
- bpo-13586: Enter the selected text when opening the “Replace”
dialog.
- Tools/Demos
- gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and
multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1.
- gh-115015: Fix a bug in Argument Clinic that generated incorrect
code for methods with no parameters that use the METH_METHOD |
METH_FASTCALL | METH_KEYWORDS calling convention. Only the
positional parameter count was checked; any keyword argument
passed would be silently accepted.
- Refresh patches:
- bpo-31046_ensurepip_honours_prefix.patch
- fix_configure_rst.patch
- no-skipif-doctests.patch
- python-3.3.0b1-fix_date_time_compiler.patch
- python-3.3.0b1-localpath.patch
- python-3.3.0b1-test-posix_fadvise.patch
- skip-test_pyobject_freed_is_freed.patch
- subprocess-raise-timeout.patch
OBS-URL: https://build.opensuse.org/request/show/1145175
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=31
- Update patch fix_configure_rst.patch
- Update to 3.12.1 (CVE-2023-6507, bsc#1217939):
- Core and Builtins
- gh-112125: Fix None.__ne__(None) returning NotImplemented
instead of False
- gh-112625: Fixes a bug where a bytearray object could be
cleared while iterating over an argument in the
bytearray.join() method that could result in reading memory
after it was freed.
- gh-105967: Workaround a bug in Apple’s macOS platform zlib
library where zlib.crc32() and binascii.crc32() could produce
incorrect results on multi-gigabyte inputs. Including when
using zipfile on zips containing large data.
- gh-112356: Stopped erroneously deleting a LOAD_NULL bytecode
instruction when optimized twice.
- gh-111058: Change coro.cr_frame/gen.gi_frame to return None
after the coroutine/generator has been closed. This fixes a bug
where getcoroutinestate() and getgeneratorstate() return the
wrong state for a closed coroutine/generator.
- gh-112388: Fix an error that was causing the parser to try to
overwrite tokenizer errors. Patch by pablo Galindo
- gh-112387: Fix error positions for decoded strings with
backwards tokenize errors. Patch by Pablo Galindo
- gh-112367: Avoid undefined behaviour when using the perf
trampolines by not freeing the code arenas until shutdown.
Patch by Pablo Galindo
- gh-112243: Don’t include comments in f-string debug
expressions. Patch by Pablo Galindo
- gh-112266: Change docstrings of __dict__ and __weakref__.
- gh-111654: Fix runtime crash when some error happens in opcode
LOAD_FROM_DICT_OR_DEREF.
- gh-109181: Speed up Traceback object creation by lazily compute
the line number. Patch by Pablo Galindo
- gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004
codecs read out of bounds
- gh-111366: Fix an issue in the codeop that was causing
SyntaxError exceptions raised in the presence of invalid syntax
to not contain precise error messages. Patch by Pablo Galindo
- gh-111380: Fix a bug that was causing SyntaxWarning to appear
twice when parsing if invalid syntax is encountered later.
Patch by Pablo galindo
- gh-94438: Fix a regression that prevented jumping across is
None and is not None when debugging. Patch by Savannah
Ostrowski.
- gh-110938: Fix error messages for indented blocks with
functions and classes with generic type parameters. Patch by
Pablo Galindo
- gh-109894: Fixed crash due to improperly initialized static
MemoryError in subinterpreter.
- gh-110782: Fix crash when typing.TypeVar is constructed with a
keyword argument. Patch by Jelle Zijlstra.
- gh-110696: Fix incorrect error message for invalid argument
unpacking. Patch by Pablo Galindo
- gh-110543: Fix regression in Python 3.12 where
types.CodeType.replace() would produce a broken code object if
called on a module or class code object that contains a
comprehension. Patch by Jelle Zijlstra.
- gh-110514: Add PY_THROW to sys.setprofile() events
- gh-110455: Guard assert(tstate->thread_id > 0) with #ifndef
HAVE_PTHREAD_STUBS. This allows for for pydebug builds to work
under WASI which (currently) lacks thread support.
- gh-110259: Correctly identify the format spec in f-strings
(with single or triple quotes) that have multiple lines in the
expression part and include a formatting spec. Patch by Pablo
Galindo
- gh-110237: Fix missing error checks for calls to PyList_Append
in _PyEval_MatchClass.
- gh-109889: Fix the compiler’s redundant NOP detection algorithm
to skip over NOPs with no line number when looking for the next
instruction’s lineno.
- gh-109853: sys.path[0] is now set correctly for
subinterpreters.
- gh-105716: Subinterpreters now correctly handle the case where
they have threads running in the background. Before, such
threads would interfere with cleaning up and destroying them,
as well as prevent running another script.
- gh-109793: The main thread no longer exits prematurely when a
subinterpreter is cleaned up during runtime finalization. The
bug was a problem particularly because, when triggered, the
Python process would always return with a 0 exitcode, even if
it failed.
- gh-109596: Fix some tokens in the grammar that were incorrectly
marked as soft keywords. Also fix some repeated rule names and
ensure that repeated rules are not allowed. Patch by Pablo
Galindo
- gh-109351: Fix crash when compiling an invalid AST involving a
named (walrus) expression.
- gh-109216: Fix possible memory leak in BUILD_MAP.
- gh-109207: Fix a SystemError in __repr__ of symtable entry
object.
- gh-109179: Fix bug where the C traceback display drops notes
from SyntaxError.
- gh-109052: Use the base opcode when comparing code objects to
avoid interference from instrumentation
- gh-88943: Improve syntax error for non-ASCII character that
follows a numerical literal. It now points on the invalid
non-ASCII character, not on the valid numerical literal.
- gh-106931: Statically allocated string objects are now interned
globally instead of per-interpreter. This fixes a situation
where such a string would only be interned in a single
interpreter. Normal string objects are unaffected.
- Library
- gh-79325: Fix an infinite recursion error in
tempfile.TemporaryDirectory() cleanup on Windows.
- gh-112645: Remove deprecation error on passing onerror to
shutil.rmtree().
- gh-112618: Fix a caching bug relating to typing.Annotated.
Annotated[str, True] is no longer identical to Annotated[str,
1].
- gh-112334: Fixed a performance regression in 3.12’s subprocess
on Linux where it would no longer use the fast-path vfork()
system call when it should have due to a logic bug, instead
always falling back to the safe but slower fork().
- Also fixed a related 3.12 security regression: If a value of
extra_groups=[] was passed to subprocess.Popen or related APIs,
the underlying setgroups(0, NULL) system call to clear the
groups list would not be made in the child process prior to
exec(). This has been assigned CVE-2023-6507.
- This was identified via code inspection in the process of fixing
the first bug.
- gh-110190: Fix ctypes structs with array on Arm platform by
setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo.
- gh-112578: Fix a spurious RuntimeWarning when executing the
zipfile module.
- gh-112509: Fix edge cases that could cause a key to be present
in both the __required_keys__ and __optional_keys__ attributes
of a typing.TypedDict. Patch by Jelle Zijlstra.
- gh-112414: Fix regression in Python 3.12 where calling repr() on
a module that had been imported using a custom loader could fail
with AttributeError. Patch by Alex Waygood.
- gh-112358: Revert change to struct.Struct initialization that
broke some cases of subclassing.
- gh-94722: Fix bug where comparison between instances of DocTest
fails if one of them has None as its lineno.
- gh-112105: Make readline.set_completer_delims() work with
libedit
- gh-111942: Fix SystemError in the TextIOWrapper constructor with
non-encodable “errors” argument in non-debug mode.
- gh-109538: Issue warning message instead of having RuntimeError
be displayed when event loop has already been closed at
StreamWriter.__del__().
- gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when
pass invalid arguments, e.g. non-string encoding.
- gh-111460: curses: restore wide character support (including
curses.unget_wch() and get_wch()) on macOS, which was
unavailable due to a regression in Python 3.12.
- gh-103791: contextlib.suppress now supports suppressing
exceptions raised as part of a BaseExceptionGroup, in addition
to the recent support for ExceptionGroup.
- gh-111804: Remove posix.fallocate() under WASI as the underlying
posix_fallocate() is not available in WASI preview2.
- gh-111841: Fix truncating arguments on an embedded null
character in os.putenv() and os.unsetenv() on Windows.
- gh-111541: Fix doctest for SyntaxError not-builtin subclasses.
- gh-110894: Call loop exception handler for exceptions in
client_connected_cb of asyncio.start_server() so that
applications can handle it. Patch by Kumar Aditya.
- gh-111531: Fix reference leaks in bind_class() and bind_all()
methods of tkinter widgets.
- gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and
io.IncrementalNewlineDecoder to io.__all__.
- gh-111342: Fixed typo in math.sumprod().
- gh-68166: Remove mention of not supported “vsapi” element type
in tkinter.ttk.Style.element_create(). Add tests for
element_create() and other ttk.Style methods. Add examples for
element_create() in the documentation.
- gh-75666: Fix the behavior of tkinter widget’s unbind() method
with two arguments. Previously, widget.unbind(sequence, funcid)
destroyed the current binding for sequence, leaving sequence
unbound, and deleted the funcid command. Now it removes only
funcid from the binding for sequence, keeping other commands,
and deletes the funcid command. It leaves sequence unbound only
if funcid was the last bound command.
- gh-79033: Another attempt at fixing
asyncio.Server.wait_closed(). It now blocks until both
conditions are true: the server is closed, and there are no more
active connections. (This means that in some cases where in
3.12.0 this function would incorrectly have returned
immediately, it will now block; in particular, when there are no
active connections but the server hasn’t been closed yet.)
- gh-111295: Fix time not checking for errors when initializing.
- gh-111253: Add error checking during _socket module init.
- gh-111251: Fix _blake2 not checking for errors when
initializing.
- gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly
for empty BytesIO.
- gh-111187: Postpone removal version for
locale.getdefaultlocale() to Python 3.15.
- gh-111159: Fix doctest output comparison for exceptions with
notes.
- gh-110910: Fix invalid state handling in asyncio.TaskGroup and
asyncio.Timeout. They now raise proper RuntimeError if they are
improperly used and are left in consistent state after this.
- gh-111092: Make turtledemo run without default root enabled.
- gh-110488: Fix a couple of issues in
pathlib.PurePath.with_name(): a single dot was incorrectly
considered a valid name, and in PureWindowsPath, a name with an
NTFS alternate data stream, like a:b, was incorrectly considered
invalid.
- gh-110392: Fix tty.setraw() and tty.setcbreak(): previously they
returned partially modified list of the original tty attributes.
tty.cfmakeraw() and tty.cfmakecbreak() now make a copy of the
list of special characters before modifying it.
- gh-110590: Fix a bug in _sre.compile() where TypeError would be
overwritten by OverflowError when the code argument was a list
of non-ints.
- gh-65052: Prevent pdb from crashing when trying to display
undisplayable objects
- gh-110519: Deprecation warning about non-integer number in
gettext now alwais refers to the line in the user code where
gettext function or method is used. Previously it could refer to
a line in gettext code.
- gh-110395: Ensure that select.kqueue() objects correctly appear
as closed in forked children, to prevent operations on an
invalid file descriptor.
- gh-110378: contextmanager() and asynccontextmanager() context
managers now close an invalid underlying generator object that
yields more then one value.
- gh-110365: Fix termios.tcsetattr() bug that was overwritting
existing errors during parsing integers from term list.
- gh-109653: Fix a Python 3.12 regression in the import time of
random. Patch by Alex Waygood.
- gh-110196: Add __reduce__ method to IPv6Address in order to keep
scope_id
- gh-110036: On Windows, multiprocessing Popen.terminate() now
catchs PermissionError and get the process exit code. If the
process is still running, raise again the PermissionError.
Otherwise, the process terminated as expected: store its exit
code. Patch by Victor Stinner.
- gh-110038: Fixed an issue that caused KqueueSelector.select() to
not return all the ready events in some cases when a file
descriptor is registered for both read and write.
- gh-109631: re functions such as re.findall(), re.split(),
re.search() and re.sub() which perform short repeated matches
can now be interrupted by user.
- gh-109747: Improve errors for unsupported look-behind patterns.
Now re.error is raised instead of OverflowError or RuntimeError
for too large width of look-behind pattern.
- gh-109818: Fix reprlib.recursive_repr() not copying
__type_params__ from decorated function.
- gh-109047: concurrent.futures: The executor manager thread now
catches exceptions when adding an item to the call queue. During
Python finalization, creating a new thread can now raise
RuntimeError. Catch the exception and call terminate_broken() in
this case. Patch by Victor Stinner.
- gh-109782: Ensure the signature of os.path.isdir() is identical
on all platforms. Patch by Amin Alaee.
- gh-109590: shutil.which() will prefer files with an extension in
PATHEXT if the given mode includes os.X_OK on win32. If no
PATHEXT match is found, a file without an extension in PATHEXT
can be returned. This change will have shutil.which() act more
similarly to previous behavior in Python 3.11.
- gh-109786: Fix possible reference leaks and crash when re-enter
the __next__() method of itertools.pairwise.
- gh-109593: Avoid deadlocking on a reentrant call to the
multiprocessing resource tracker. Such a reentrant call, though
unlikely, can happen if a GC pass invokes the finalizer for a
multiprocessing object such as SemLock.
- gh-109613: Fix os.stat() and os.DirEntry.stat(): check for
exceptions. Previously, on Python built in debug mode, these
functions could trigger a fatal Python error (and abort the
process) when a function succeeded with an exception set. Patch
by Victor Stinner.
- gh-109375: The pdb alias command now prevents registering
aliases without arguments.
- gh-107219: Fix a race condition in concurrent.futures. When a
process in the process pool was terminated abruptly (while the
future was running or pending), close the connection write end.
If the call queue is blocked on sending bytes to a worker
process, closing the connection write end interrupts the send,
so the queue can be closed. Patch by Victor Stinner.
- gh-50644: Attempts to pickle or create a shallow or deep copy of
codecs streams now raise a TypeError. Previously, copying failed
with a RecursionError, while pickling produced wrong results
that eventually caused unpickling to fail with a RecursionError.
- gh-108987: Fix _thread.start_new_thread() race condition. If a
thread is created during Python finalization, the newly spawned
thread now exits immediately instead of trying to access freed
memory and lead to a crash. Patch by Victor Stinner.
- gh-108791: Improved error handling in pdb command line
interface, making it produce more concise error messages.
- gh-105829: Fix concurrent.futures.ProcessPoolExecutor deadlock
- gh-106584: Fix exit code for unittest if all tests are skipped.
Patch by Egor Eliseev.
- gh-102956: Fix returning of empty byte strings after seek in
zipfile module
- gh-84867: unittest.TestLoader no longer loads test cases from
exact unittest.TestCase and unittest.FunctionTestCase classes.
- gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup,
which now no longer dereferences symlinks when working around
file system permission errors.
- gh-73561: Omit the interface scope from an IPv6 address when
used as Host header by http.client.
- gh-86826: zipinfo now supports the full range of values in the
TZ string determined by RFC 8536 and detects all invalid
formats. Both Python and C implementations now raise exceptions
of the same type on invalid data.
- bpo-43153: On Windows, tempfile.TemporaryDirectory previously
masked a PermissionError with NotADirectoryError during
directory cleanup. It now correctly raises PermissionError if
errors are not ignored. Patch by Andrei Kulakov and Ken Jin.
- bpo-35332: The shutil.rmtree() function now ignores errors when
calling os.close() when ignore_errors is True, and os.close() no
longer retried after error.
- bpo-41422: Fixed memory leaks of pickle.Pickler and
pickle.Unpickler involving cyclic references via the internal
memo mapping.
- bpo-40262: The ssl.SSLSocket.recv_into() method no longer
requires the buffer argument to implement __len__ and supports
buffers with arbitrary item size.
- Documentation
- gh-111699: Relocate smtpd deprecation notice to its own section
rather than under locale in What’s New in Python 3.12 document
- gh-108826: dis module command-line interface is now mentioned in
documentation. Test- s
- gh-112769: The tests now correctly compare zlib version when
zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For
example zlib-ng defines the version as 1.3.0.zlib-ng.
- gh-110367: Make regrtest --verbose3 option compatible with
--huntrleaks -jN options. The ./python -m test -j1 -R 3:3
--verbose3 command now works as expected. Patch by Victor
Stinner.
- gh-111165: Remove no longer used functions run_unittest() and
run_doctest() from the test.support module.
- gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment
variable is defined: use the variable value as the random seed.
Patch by Victor Stinner.
- gh-110995: test_gdb: Fix detection of gdb built without Python
scripting support. Patch by Victor Stinner.
- gh-110918: Test case matching patterns specified by options
--match, --ignore, --matchfile and --ignorefile are now tested
in the order of specification, and the last match determines
whether the test case be run or ignored.
- gh-110647: Fix test_stress_modifying_handlers() of test_signal.
Patch by Victor Stinner.
- gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make
distclean” instead of “make clean” in the copied source
directory to remove also the “python” program. Patch by Victor
Stinner.
- gh-110167: Fix a deadlock in test_socket when server fails with
a timeout but the client is still running in its thread. Don’t
hold a lock to call cleanup functions in doCleanups(). One of
the cleanup function waits until the client completes, whereas
the client could deadlock if it called addCleanup() in such
situation. Patch by Victor Stinner.
- gh-110388: Add tests for tty.
- gh-81002: Add tests for termios.
- gh-110267: Add tests for pickling and copying PyStructSequence
objects. Patched by Xuehai Pan.
- gh-110031: Skip test_threading tests using thread+fork if Python
is built with Address Sanitizer (ASAN). Patch by Victor Stinner.
- gh-110088: Fix test_asyncio timeouts: don’t measure the maximum
duration, a test should not measure a CI performance. Only
measure the minimum duration when a task has a timeout or delay.
Add CLOCK_RES to test_asyncio.utils. Patch by Victor Stinner.
- gh-109974: Fix race conditions in test_threading lock tests.
Wait until a condition is met rather than using time.sleep()
with a hardcoded number of seconds. Patch by Victor Stinner.
- gh-110033: Fix test_interprocess_signal() of test_signal. Make
sure that the subprocess.Popen object is deleted before the test
raising an exception in a signal handler. Otherwise,
Popen.__del__() can get the exception which is logged as
Exception ignored in: ... and the test fails. Patch by Victor
Stinner.
- gh-109594: Fix test_timeout() of
test_concurrent_futures.test_wait. Remove the future which may
or may not complete depending if it takes longer than the
timeout ot not. Keep the second future which does not complete
before wait() timeout. Patch by Victor Stinner.
- gh-109972: Split test_gdb.py file into a test_gdb package made
of multiple tests, so tests can now be run in parallel. Patch by
Victor Stinner.
- gh-103053: Skip test_freeze_simple_script() of
test_tools.test_freeze if Python is built with ./configure
--enable-optimizations, which means with Profile Guided
Optimization (PGO): it just makes the test too slow. The freeze
tool is tested by many other CIs with other (faster) compiler
flags. Patch by Victor Stinner.
- gh-109580: Skip test_perf_profiler if Python is built with ASAN,
MSAN or UBSAN sanitizer. Python does crash randomly in this test
on such build. Patch by Victor Stinner.
- gh-104736: Fix test_gdb on Python built with LLVM clang 16 on
Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt”
command output to detect when gdb fails to retrieve the
traceback. For example, skip a test if Backtrace stopped: frame
did not save the PC is found. Patch by Victor Stinner.
- gh-108927: Fixed order dependence in running tests in the same
process when a test that has submodules (e.g. test_importlib)
follows a test that imports its submodule (e.g.
test_importlib.util) and precedes a test (e.g. test_unittest or
test_compileall) that uses that submodule.
- Build
- gh-112088: Add Tools/build/regen-configure.sh script to
regenerate the configure with an Ubuntu container image. The
quay.io/tiran/cpython_autoconf:271 container image
(tiran/cpython_autoconf) is no longer used. Patch by Victor
Stinner.
- gh-111046: For wasi-threads, memory is now exported to fix
compatibility issues with some wasm runtimes.
- gh-103053: “make check-clean-src” now also checks if the
“python” program is found in the source directory: fail with an
error if it does exist. Patch by Victor Stinner.
- gh-109191: Fix compile error when building with recent versions
of libedit.
- IDLE
- bpo-35668: Add docstrings to the IDLE debugger module. Fix two
bugs: initialize Idb.botframe (should be in Bdb); in
Idb.in_rpc_code, check whether prev_frame is None before trying
to use it. Greatly expand test_debugger.
- C API
- gh-106560: Fix redundant declarations in the public C API.
Declare PyBool_Type and PyLong_Type only once. Patch by Victor
Stinner.
- gh-112438: Fix support of format units “es”, “et”, “es#”, and
“et#” in nested tuples in PyArg_ParseTuple()-like functions.
- gh-109521: PyImport_GetImporter() now sets RuntimeError if it
fails to get sys.path_hooks or sys.path_importer_cache or they
are not list and dict correspondingly. Previously it could
return NULL without setting error in obscure cases, crash or
raise SystemError if these attributes have wrong type.
OBS-URL: https://build.opensuse.org/request/show/1133398
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=11
- Update to 3.12.1 (CVE-2023-6507, bsc#1217939):
- Core and Builtins
- gh-112125: Fix None.__ne__(None) returning NotImplemented
instead of False
- gh-112625: Fixes a bug where a bytearray object could be
cleared while iterating over an argument in the
bytearray.join() method that could result in reading memory
after it was freed.
- gh-105967: Workaround a bug in Apple’s macOS platform zlib
library where zlib.crc32() and binascii.crc32() could produce
incorrect results on multi-gigabyte inputs. Including when
using zipfile on zips containing large data.
- gh-112356: Stopped erroneously deleting a LOAD_NULL bytecode
instruction when optimized twice.
- gh-111058: Change coro.cr_frame/gen.gi_frame to return None
after the coroutine/generator has been closed. This fixes a bug
where getcoroutinestate() and getgeneratorstate() return the
wrong state for a closed coroutine/generator.
- gh-112388: Fix an error that was causing the parser to try to
overwrite tokenizer errors. Patch by pablo Galindo
- gh-112387: Fix error positions for decoded strings with
backwards tokenize errors. Patch by Pablo Galindo
- gh-112367: Avoid undefined behaviour when using the perf
trampolines by not freeing the code arenas until shutdown.
Patch by Pablo Galindo
- gh-112243: Don’t include comments in f-string debug
expressions. Patch by Pablo Galindo
- gh-112266: Change docstrings of __dict__ and __weakref__.
- gh-111654: Fix runtime crash when some error happens in opcode
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=29
- Update to the final release of 3.12.0:
Python 3.12 is the latest stable release of the Python
programming language, with a mix of changes to the language and
the standard library. The library changes focus on cleaning up
deprecated APIs, usability, and correctness. Of note, the
distutils package has been removed from the standard library.
Filesystem support in os and pathlib has seen a number of
improvements, and several modules have better performance.
The language changes focus on usability, as f-strings have had
many limitations removed and ‘Did you mean …’ suggestions
continue to improve. The new type parameter syntax and type
statement improve ergonomics for using generic types and type
aliases with static type checkers.
This article doesn’t attempt to provide a complete
specification of all new features, but instead gives
a convenient overview. For full details, you should refer to
the documentation, such as the Library Reference and Language
Reference. If you want to understand the complete
implementation and design rationale for a change, refer to the
PEP for a particular new feature; but note that PEPs usually
are not kept up-to-date once a feature has been fully
implemented.
- New syntax features:
- PEP 695, type parameter syntax and the type statement
- New grammar features:
- PEP 701, f-strings in the grammar
- Interpreter improvements:
- PEP 684, a unique per-interpreter GIL
- PEP 669, low impact monitoring
- Improved ‘Did you mean …’ suggestions for NameError,
ImportError, and SyntaxError exceptions
- Python data model improvements:
- PEP 688, using the buffer protocol from Python
- Significant improvements in the standard library:
- The pathlib.Path class now supports subclassing
- The os module received several improvements for Windows
support
- A command-line interface has been added to the sqlite3
module
- isinstance() checks against runtime-checkable protocols
enjoy a speed up of between two and 20 times
- The asyncio package has had a number of performance
improvements, with some benchmarks showing a 75% speed
up.
- A command-line interface has been added to the uuid
module
- Due to the changes in PEP 701, producing tokens via the
tokenize module is up to up to 64% faster.
- Security improvements:
- Replace the builtin hashlib implementations of SHA1,
SHA3, SHA2-384, SHA2-512, and MD5 with formally verified
code from the HACL* project. These builtin
implementations remain as fallbacks that are only used
when OpenSSL does not provide them.
- C API improvements:
- PEP 697, unstable C API tier
- PEP 683, immortal objects
- CPython implementation improvements:
- PEP 709, comprehension inlining
- CPython support for the Linux perf profiler
- Implement stack overflow protection on supported
platforms
- New typing features:
- PEP 692, using TypedDict to annotate **kwargs
- PEP 698, typing.override() decorator
- Important deprecations, removals or restrictions:
- PEP 623: Remove wstr from Unicode objects in Python’s
C API, reducing the size of every str object by at least
8 bytes.
- PEP 632: Remove the distutils package. See the migration
guide for advice replacing the APIs it provided. The
third-party Setuptools package continues to provide
distutils, if you still require it in Python 3.12 and
beyond.
- gh-95299: Do not pre-install setuptools in virtual
environments created with venv. This means that
distutils, setuptools, pkg_resources, and easy_install
will no longer available by default; to access these run
pip install setuptools in the activated virtual
environment.
- The asynchat, asyncore, and imp modules have been
removed, along with several unittest.TestCase method
aliases.
- Refresh bluez-devel-vendor.tar.xz from bluez-devel 5.69-1.1.
OBS-URL: https://build.opensuse.org/request/show/1114870
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=9
Python 3.12 is the latest stable release of the Python
programming language, with a mix of changes to the language and
the standard library. The library changes focus on cleaning up
deprecated APIs, usability, and correctness. Of note, the
distutils package has been removed from the standard library.
Filesystem support in os and pathlib has seen a number of
improvements, and several modules have better performance.
The language changes focus on usability, as f-strings have had
many limitations removed and ‘Did you mean …’ suggestions
continue to improve. The new type parameter syntax and type
statement improve ergonomics for using generic types and type
aliases with static type checkers.
This article doesn’t attempt to provide a complete
specification of all new features, but instead gives
a convenient overview. For full details, you should refer to
the documentation, such as the Library Reference and Language
Reference. If you want to understand the complete
implementation and design rationale for a change, refer to the
PEP for a particular new feature; but note that PEPs usually
are not kept up-to-date once a feature has been fully
implemented.
- New syntax features:
- PEP 695, type parameter syntax and the type statement
- New grammar features:
- PEP 701, f-strings in the grammar
- Interpreter improvements:
- PEP 684, a unique per-interpreter GIL
- PEP 669, low impact monitoring
- Improved ‘Did you mean …’ suggestions for NameError,
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=25
- Update to 3.12.0rc3:
- Core and Builtins
- gh-109496: On a Python built in debug mode, Py_DECREF() now
calls _Py_NegativeRefcount() if the object is a dangling pointer
to deallocated memory: memory filled with 0xDD “dead byte” by
the debug hook on memory allocators. The fix is to check the
reference count before checking for _Py_IsImmortal(). Patch by
Victor Stinner.
- gh-109371: Deopted instructions correctly for tool
initialization and modified the incorrect assertion in
instrumentation, when a previous tool already sets INSTRUCTION
events
- gh-105658: Fix bug where the line trace of an except block
ending with a conditional includes an excess event with the line
of the conditional expression.
- gh-109219: Fix compiling type param scopes that use a name which
is also free in an inner scope.
- gh-109341: Fix crash when compiling an invalid AST involving a
ast.TypeAlias.
- gh-109195: Fix source location for the LOAD_* instruction
preceding a LOAD_SUPER_ATTR to load the super global (or
shadowing variable) so that it encompasses only the name super
and not the following parentheses.
- gh-109118: Disallow nested scopes (lambdas, generator
expressions, and comprehensions) within PEP 695 annotation
scopes that are nested within classes.
- gh-109114: Relax the detection of the error message for invalid
lambdas inside f-strings to not search for arbitrary replacement
fields to avoid false positives. Patch by Pablo Galindo
- gh-109118: Fix interpreter crash when a NameError is raised
inside the type parameters of a generic class.
- gh-108976: Fix crash that occurs after de-instrumenting a code
object in a monitoring callback.
- gh-108732: Make iteration variables of module- and class-scoped
comprehensions visible to pdb and other tools that use
frame.f_locals again.
- gh-108959: Fix caret placement for error locations for subscript
and binary operations that involve non-semantic parentheses and
spaces. Patch by Pablo Galindo
- Library
- gh-108682: Enum: require names=() or type=... to create an empty
enum using the functional syntax.
- gh-108843: Fix an issue in ast.unparse() when unparsing
f-strings containing many quote types.
- Documentation
- gh-102823: Document the return type of x // y when x and y have
type float.
- Tests
- gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a
longer key: FIPS mode requires at least of at least 112 bits.
The previous key was only 32 bits. Patch by Victor Stinner.
- gh-104736: Fix test_gdb on Python built with LLVM clang 16 on
Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt”
command output to detect when gdb fails to retrieve the
traceback. For example, skip a test if Backtrace stopped: frame
did not save the PC is found. Patch by Victor Stinner.
- gh-109237: Fix test_site.test_underpth_basic() when the working
directory contains at least one non-ASCII character: encode the
._pth file to UTF-8 and enable the UTF-8 Mode to use UTF-8 for
the child process stdout. Patch by Victor Stinner.
- gh-109230: Fix test_pyexpat.test_exception(): it can now be run
from a directory different than Python source code directory.
Before, the test failed in this case. Skip the test if
Modules/pyexpat.c source is not available. Skip also the test on
Python implementations other than CPython. Patch by Victor
Stinner.
- gh-109015: Fix test_asyncio, test_imaplib and test_socket tests
on FreeBSD if the TCP blackhole is enabled (sysctl
net.inet.tcp.blackhole). Skip the few tests which failed with
ETIMEDOUT which such non standard configuration. Currently, the
FreeBSD GCP image enables TCP and UDP blackhole (sysctl
net.inet.tcp.blackhole=2 and sysctl net.inet.udp.blackhole=1).
Patch by Victor Stinner.
- gh-91960: Skip test_gdb if gdb is unable to retrieve Python
frame objects: if a frame is <optimized out>. When Python is
built with “clang -Og”, gdb can fail to retrive the frame
parameter of _PyEval_EvalFrameDefault(). In this case, tests
like py_bt() are likely to fail. Without getting access to
Python frames, python-gdb.py is mostly clueless on retrieving
the Python traceback. Moreover, test_gdb is no longer skipped on
macOS if Python is built with Clang. Patch by Victor Stinner.
- gh-108962: Skip test_tempfile.test_flags() if chflags() fails
with “OSError: [Errno 45] Operation not supported” (ex: on
FreeBSD 13). Patch by Victor Stinner.
- gh-108851: Fix test_tomllib recursion tests for WASI buildbots:
reduce the recursion limit and compute the maximum nested
array/dict depending on the current available recursion limit.
Patch by Victor Stinner.
- gh-108851: Add get_recursion_available() and
get_recursion_depth() functions to the test.support module.
Patch by Victor Stinner.
- gh-108834: Add --fail-rerun option option to regrtest: if a test
failed when then passed when rerun in verbose mode, exit the
process with exit code 2 (error), instead of exit code 0
(success). Patch by Victor Stinner.
- gh-108834: Rename regrtest --verbose2 option (-w) to --rerun.
Keep --verbose2 as a deprecated alias. Patch by Victor Stinner.
- gh-108834: When regrtest reruns failed tests in verbose mode
(./python -m test --rerun), tests are now rerun in fresh worker
processes rather than being executed in the main process. If a
test does crash or is killed by a timeout, the main process can
detect and handle the killed worker process. Tests are rerun in
parallel if the -jN option is used to run tests in parallel.
Patch by Victor Stinner.
- gh-103186: Suppress and assert expected RuntimeWarnings in
test_sys_settrace.py
- Build
- gh-108740: Fix a race condition in make regen-all. The
deepfreeze.c source and files generated by Argument Clinic are
now generated or updated before generating “global objects”.
Previously, some identifiers may miss depending on the order in
which these files were generated. Patch by Victor Stinner.
- Python 3.12.0 release candidate 2:
- Security
- gh-108310: Fixed an issue where instances of ssl.SSLSocket were
vulnerable to a bypass of the TLS handshake and included
protections (like certificate verification) and treating sent
unencrypted data as if it were post-handshake TLS encrypted
data. Security issue reported as CVE-2023-40217 by Aapo Oksman.
Patch by Gregory P. Smith.
- gh-107774: PEP 669 specifies that
sys.monitoring.register_callback will generate an audit event.
Pre-releases of Python 3.12 did not generate the audit event.
This is now fixed.
- Core and Builtins
- gh-108520: Fix
multiprocessing.synchronize.SemLock.__setstate__() to properly
initialize multiprocessing.synchronize.SemLock._is_fork_ctx.
This fixes a regression when passing a SemLock accross nested
processes.
- Rename multiprocessing.synchronize.SemLock.is_fork_ctx to
multiprocessing.synchronize.SemLock._is_fork_ctx to avoid
exposing it as public API.
- gh-108654: Restore locals shadowed by an inlined comprehension
if the comprehension raises an exception.
- gh-108487: Change an assert that would cause a spurious crash in
a devious case that should only trigger deoptimization.
- gh-106176: Use a WeakValueDictionary to track the lists
containing the modules each thread is currently importing. This
helps avoid a reference leak from keeping the list around longer
than necessary. Weakrefs are used as GC can’t interrupt the
cleanup.
- gh-107901: Fix missing line number on JUMP_BACKWARD at the end
of a for loop.
- gh-108390: Raise an exception when setting a non-local event
(RAISE, EXCEPTION_HANDLED, etc.) in
sys.monitoring.set_local_events.
- Fixes crash when tracing in recursive calls to Python classes.
- gh-91051: Fix abort / segfault when using all eight type watcher
slots, on platforms where char is signed by default.
- gh-107724: In pre-release versions of 3.12, up to rc1, the
sys.monitoring callback function for the PY_THROW event was
missing the third, exception argument. That is now fixed.
- gh-107080: Trace refs builds (--with-trace-refs) were crashing
when used with isolated subinterpreters. The problematic global
state has been isolated to each interpreter. Other fixing the
crashes, this change does not affect users.
- gh-77377: Ensure that multiprocessing synchronization objects
created in a fork context are not sent to a different process
created in a spawn context. This changes a segfault into an
actionable RuntimeError in the parent process.
- Library
- gh-108469: ast.unparse() now supports new f-string syntax
introduced in Python 3.12. Note that the f-string quotes are
reselected for simplicity under the new syntax. (Patch by Steven
Sun)
- gh-108682: Enum: raise TypeError if super().__new__() is called
from a custom __new__.
- gh-108295: Fix crashes related to use of weakrefs on
typing.TypeVar.
- gh-64662: Fix support for virtual tables in
sqlite3.Connection.iterdump(). Patch by Aviv Palivoda.
- gh-108111: Fix a regression introduced in gh-101251 for 3.12,
resulting in an incorrect offset calculation in
gzip.GzipFile.seek().
- gh-105736: Harmonized the pure Python version of OrderedDict
with the C version. Now, both versions set up their internal
state in __new__. Formerly, the pure Python version did the set
up in __init__.
- gh-108083: Fix bugs in the constructor of sqlite3.Connection and
sqlite3.Connection.close() where exceptions could be leaked.
Patch by Erlend E. Aasland.
- gh-107963: Fix multiprocessing.set_forkserver_preload() to check
the given list of modules names. Patch by Dong-hee Na.
- gh-106242: Fixes os.path.normpath() to handle embedded null
characters without truncating the path.
- gh-107913: Fix possible losses of errno and winerror values in
OSError exceptions if they were cleared or modified by the
cleanup code before creating the exception object.
- gh-107845: tarfile.data_filter() now takes the location of
symlinks into account when determining their target, so it will
no longer reject some valid tarballs with
LinkOutsideDestinationError.
- gh-107805: Fix signatures of module-level generated functions in
turtle.
- gh-107715: Fix doctest.DocTestFinder.find() in presence of class
names with special characters. Patch by Gertjan van Zwieten.
- gh-100814: Passing a callable object as an option value to a
Tkinter image now raises the expected TclError instead of an
AttributeError.
- gh-106684: Close asyncio.StreamWriter when it is not closed by
application leading to memory leaks. Patch by Kumar Aditya.
- gh-107396: tarfiles; Fixed use before assignment of
self.exception for gzip decompression
- gh-106052: re module: fix the matching of possessive quantifiers
in the case of a subpattern containing backtracking.
- gh-100061: Fix a bug that causes wrong matches for regular
expressions with possessive qualifier.
- gh-99203: Restore following CPython <= 3.10.5 behavior of
shutil.make_archive(): do not create an empty archive if
root_dir is not a directory, and, in that case, raise
FileNotFoundError or NotADirectoryError regardless of format
choice. Beyond the brought-back behavior, the function may now
also raise these exceptions in dry_run mode.
- Documentation
- gh-105052: Update timeit doc to specify that time in seconds is just the default.
- Tests
- gh-89392: Removed support of test_main() function in tests. They
now always use normal unittest test runner.
- gh-108388: Convert test_concurrent_futures to a package of 7
sub-tests. Patch by Victor Stinner.
- gh-108388: Split test_multiprocessing_fork,
test_multiprocessing_forkserver and test_multiprocessing_spawn
into test packages. Each package is made of 4 sub-tests:
processes, threads, manager and misc. It allows running more
tests in parallel and so reduce the total test duration. Patch
by Victor Stinner.
- gh-105776: Fix test_cppext when the C compiler command -std=c11
option: remove -std= options from the compiler command. Patch by
Victor Stinner.
- gh-107178: Add the C API test for functions in the Mapping
Protocol, the Sequence Protocol and some functions in the Object
Protocol.
- Build
- gh-63760: Fix Solaris build: no longer redefine the
gethostname() function. Solaris defines the function since 2005.
Patch by Victor Stinner, original patch by Jakub Kulík.
- gh-107814: When calling find_python.bat with -q it did not
properly silence the output of nuget. That is now fixed.
- Windows
- gh-107565: Update Windows build to use OpenSSL 3.0.10.
- gh-106242: Fixes realpath() to behave consistently when passed a
path containing an embedded null character on Windows. In strict
mode, it now raises OSError instead of the unexpected
ValueError, and in non-strict mode will make the path absolute.
- gh-106844: Fix integer overflow and truncating by the null
character in _winapi.LCMapStringEx() which affects
ntpath.normcase().
- macOS
- gh-107565: Update macOS installer to use OpenSSL 3.0.10.
- Tools/Demos
- gh-107565: Update multissltests and GitHub CI workflows to use
OpenSSL 1.1.1v, 3.0.10, and 3.1.2.
- gh-95065: Argument Clinic now supports overriding automatically
generated signature by using directive @text_signature.
- C API
- gh-107916: C API functions PyErr_SetFromErrnoWithFilename(),
PyErr_SetExcFromWindowsErrWithFilename() and
PyErr_SetFromWindowsErrWithFilename() save now the error code
before calling PyUnicode_DecodeFSDefault().
- gh-107915: Such C API functions as PyErr_SetString(),
PyErr_Format(), PyErr_SetFromErrnoWithFilename() and many others
no longer crash or ignore errors if it failed to format the
error message or decode the filename. Instead, they keep a
corresponding error.
- gh-107810: Improve DeprecationWarning for uses of PyType_Spec
with metaclasses that have custom tp_new.
OBS-URL: https://build.opensuse.org/request/show/1112487
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=8
- Core and Builtins
- gh-109496: On a Python built in debug mode, Py_DECREF() now
calls _Py_NegativeRefcount() if the object is a dangling pointer
to deallocated memory: memory filled with 0xDD “dead byte” by
the debug hook on memory allocators. The fix is to check the
reference count before checking for _Py_IsImmortal(). Patch by
Victor Stinner.
- gh-109371: Deopted instructions correctly for tool
initialization and modified the incorrect assertion in
instrumentation, when a previous tool already sets INSTRUCTION
events
- gh-105658: Fix bug where the line trace of an except block
ending with a conditional includes an excess event with the line
of the conditional expression.
- gh-109219: Fix compiling type param scopes that use a name which
is also free in an inner scope.
- gh-109341: Fix crash when compiling an invalid AST involving a
ast.TypeAlias.
- gh-109195: Fix source location for the LOAD_* instruction
preceding a LOAD_SUPER_ATTR to load the super global (or
shadowing variable) so that it encompasses only the name super
and not the following parentheses.
- gh-109118: Disallow nested scopes (lambdas, generator
expressions, and comprehensions) within PEP 695 annotation
scopes that are nested within classes.
- gh-109114: Relax the detection of the error message for invalid
lambdas inside f-strings to not search for arbitrary replacement
fields to avoid false positives. Patch by Pablo Galindo
- gh-109118: Fix interpreter crash when a NameError is raised
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=23
- Refresh all patches
- Drop Revert-gh105127-left-tests.patch, in upstream now
- Update to 3.12.0rc1:
- Reverted the :mod:`email.utils` security improvement change
released in 3.12beta4 that unintentionally caused
:mod:`email.utils.getaddresses` to fail to parse email addresses
with a comma in the quoted name field. See :gh:`106669`.
- Start initializing ob_digit during creation of
:c:type:`PyLongObject` objects. Patch by Illia Volochii.
- Increase C recursion limit for functions other than the main
interpreter from 800 to 1500. This should allow functions like
list.__repr__ and json.dumps to handle all the inputs that they
could prior to 3.12
- Fix potential unaligned memory access on C APIs involving returned
sequences of char * pointers within the :mod:`grp` and
:mod:`socket` modules. These were revealed using a
-fsaniziter=alignment build on ARM macOS. Patch by Christopher
Chavez.
- Add the exception as the third argument to PY_UNIND callbacks in
sys.monitoring. This makes the PY_UNWIND callback consistent with
the other exception hanlding callbacks.
- Raise a ValueError when a monitoring callback funtion returns
DISABLE for events that cannot be disabled locally.
- Add a RERAISE event to sys.monitoring, which occurs when an
exception is reraised, either explicitly by a plain raise
statement, or implicitly in an except or finally block.
- Unsupported modules now always fail to be imported.
- Fix classmethod-style :func:`super` method calls (i.e., where the
second argument to :func:`super`, or the implied second argument
drawn from self/cls in the case of zero-arg super, is a type) when
the target of the call is not a classmethod.
- Python no longer crashes due an infrequent race when initialzing
per-interpreter interned strings. The crash would manifest when
the interpreter was finalized.
- Python no longer crashes due to an infrequent race in setting
Py_FileSystemDefaultEncoding and Py_FileSystemDefaultEncodeErrors
(both deprecated), when simultaneously initializing two isolated
subinterpreters. Now they are only set during runtime
initialization.
- Fix a segmentation fault caused by a use-after-free bug in
frame_dealloc when the trashcan delays the deallocation of a
PyFrameObject.
- No longer suppress arbitrary errors in the __annotations__ getter
and setter in the type and module types.
- Propagate frozen_modules to multiprocessing spawned process
interpreters.
- Prevent out-of-bounds memory access during mmap.find() calls.
- Seems that in some conditions, OpenSSL will return
SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification
verification has failed, but the error parameters will still
contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are
now detecting this situation and raising the appropiate
ssl.SSLCertVerificationError. Patch by Pablo Galindo
- Fix :func:`types.get_original_bases` to only return
:attr:`!__orig_bases__` if it is present on cls directly. Patch by
James Hilton-Balfe.
- Prevent memory leak and use-after-free when using pointers to
pointers with ctypes
- Make :func:`gettext.pgettext` search plural definitions when
translation is not found.
- Document behavior of :func:`shutil.disk_usage` for non-mounted
filesystems on Unix.
- Do not report MultipartInvariantViolationDefect defect when the
:class:`email.parser.Parser` class is used to parse emails with
headersonly=True.
- Fix invalid result from :meth:`PurePath.relative_to` method when
attempting to walk a ".." segment in other with walk_up enabled. A
:exc:`ValueError` exception is now raised in this case.
- Fix potential missing NULL check of d2i_SSL_SESSION result in
_ssl.c.
- Update the bundled copy of pip to version 23.2.1.
- Fixed several bugs in zipfile.Path, including: in Path.match`,
Windows separators are no longer honored (and never were meant to
be); Fixed ``name/suffix/suffixes/stem operations when no filename
is present and the Path is not at the root of the zipfile;
Reworked glob for performance and more correct matching behavior.
- Add __copy__ and __deepcopy__ in :mod:`enum`
- Revert a change to :func:`colorsys.rgb_to_hls` that caused
division by zero for certain almost-white inputs. Patch by Terry
Jan Reedy.
- Instances of :class:`typing.TypeVar`, :class:`typing.ParamSpec`,
:class:`typing.ParamSpecArgs`, :class:`typing.ParamSpecKwargs`,
and :class:`typing.TypeVarTuple` once again support weak
references, fixing a regression introduced in Python 3.12.0 beta
1. Patch by Jelle Zijlstra.
- Detect possible memory allocation failure in the libtommath
function :c:func:`mp_init` used by the _tkinter module.
- Fix crash when calling repr with a manually constructed SignalDict
object. Patch by Charlie Zhao.
- Change the default return value of
:meth:`http.client.HTTPConnection.get_proxy_response_headers` to
be None and not {}.
- Ensure gettext(msg) retrieve translations even if a plural form
exists. In other words: gettext(msg) == ngettext(msg, '', 1).
- Add documentation for :c:type:`PyInterpreterConfig` and
:c:func:`Py_NewInterpreterFromConfig`. Also clarify some of the
nearby docs relative to per-interpreter GIL.
- Document the :mod:`curses` module variables :const:`~curses.LINES`
and :const:`~curses.COLS`.
- Add a number of standard external names to nitpick_ignore.
- Add documentation on how to localize the :mod:`argparse` module.
- test_logging: Fix test_udp_reconnection() by increasing the
timeout from 100 ms to 5 minutes (LONG_TIMEOUT). Patch by Victor
Stinner.
- test_capi: Fix test_no_FatalError_infinite_loop() to no longer
write a coredump, by using test.support.SuppressCrashReport. Patch
by Victor Stinner.
- Avoid creating a reference to the test object in
:meth:`~unittest.TestResult.collectedDurations`.
- Moved tests for zipfile.Path into Lib/test/test_zipfile/_path.
Made zipfile._path a package.
- Check for linux/limits.h before including it in
Modules/posixmodule.c.
- Detect MPI compilers in :file:`configure`.
- Add experimental wasi-threads support. Patch by Takashi Yamamoto.
- Update Windows build to use OpenSSL 3.0.9
- Update macOS installer to use OpenSSL 3.0.9.
- Fix bugs in the Argument Clinic destination <name> clear command;
the destination buffers would never be cleared, and the
destination directive parser would simply continue to the fault
handler after processing the command. Patch by Erlend E. Aasland.
- freeze now fetches CONFIG_ARGS from the original CPython instance
the Makefile uses to call utility scripts. Patch by Ijtaba
Hussain.
- :c:func:`PyModule_AddObjectRef` is now only available in the
limited API version 3.10 or later.
OBS-URL: https://build.opensuse.org/request/show/1102652
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=19
- Update to 3.12.0b4:
- gh-issue-102988: CVE-2023-27043 (bsc#1210638): Prevent
:func:`email.utils.parseaddr` and
:func:`email.utils.getaddresses` from returning the realname
portion of an invalid RFC2822 email header in the email
address portion of the 2-tuple returned after being parsed by
:class:`email._parseaddr.AddressList`.
- gh-issue-106396: When the format specification of an
f-string expression is empty, the parser now generates an
empty :class:`ast.JoinedStr` node for it instead of an
one-element :class:`ast.JoinedStr` with an empty string
:class:`ast.Constant`.
- gh-issue-106145: Make ``end_lineno`` and ``end_col_offset``
required on ``type_param`` ast nodes.
- gh-issue-105979: Fix crash in :func:`!_imp.get_frozen_object`
due to improper exception handling.
- gh-issue-98931: Ensure custom :exc:`SyntaxError` error
messages are raised for invalid imports with multiple
targets. Patch by Pablo Galindo
- gh-issue-105908: Fixed bug where :gh:`99111` breaks future
import ``barry_as_FLUFL`` in the Python REPL.
- gh-issue-105340: Include the comprehension iteration
variable in ``locals()`` inside a module- or class-scope
comprehension.
- gh-issue-105486: Change the repr of ``ParamSpec`` list of
args in ``types.GenericAlias``.
- gh-issue-101006: Improve error handling when read
:mod:`marshal` data.
- gh-issue-106524: Fix crash in :func:`!_sre.template` with
templates containing invalid group indices.
- gh-issue-106510: Improve debug output for atomic groups in
regular expressions.
- gh-issue-106503: Fix ref cycle in
:class:`!asyncio._SelectorSocketTransport` by removing
``_write_ready`` in ``close``.
- gh-issue-105497: Fix flag mask inversion when unnamed flags
exist.
- gh-issue-90876: Prevent :mod:`multiprocessing.spawn` from
failing to *import* in environments where ``sys.executable``
is ``None``. This regressed in 3.11 with the addition of
support for path-like objects in multiprocessing.
- gh-issue-106292: Check for an instance-dict
cached value in the :meth:`__get__` method of
:func:`functools.cached_property`. This better matches the
pre-3.12 behavior and improves compatibility for users
subclassing :func:`functools.cached_property` and adding a
:meth:`__set__` method.
- gh-issue-106330: Fix incorrect matching of empty paths in
:meth:`pathlib.PurePath.match`. This bug was introduced in
Python 3.12.0 beta 1.
- gh-issue-102541: Make pydoc.doc catch bad module ImportError
when output stream is not None.
- gh-issue-106152: Added PY_THROW event hook for
:mod:`cProfile` for generators
- gh-issue-106075: Added `asyncio.taskgroups.__all__` to
`asyncio.__all__` for export in star imports.
- gh-issue-105987: Fix crash due to improper reference counting
in :mod:`asyncio` eager task factory internal routines.
- gh-issue-105974: Fix bug where a :class:`typing.Protocol`
class that had one or more non-callable members would
raise :exc:`TypeError` when :func:`issubclass` was called
against it, even if it defined a custom ``__subclasshook__``
method. The behaviour in Python 3.11 and lower -- which has
now been restored -- was not to raise :exc:`TypeError` in
these situations if a custom ``__subclasshook__`` method was
defined. Patch by Alex Waygood.
- gh-issue-96145: Reverted addition of ``json.AttrDict``.
- gh-issue-105497: Fix flag inversion when alias/mask members
exist.
- gh-issue-104554: Add RTSPS scheme support in urllib.parse
- gh-issue-94777: Fix hanging :mod:`multiprocessing`
``ProcessPoolExecutor`` when a child process crashes while
data is being written in the call queue.
- gh-issue-106232: Make timeit doc command lines compatible
with Windows by using double quotes for arguments. This
works on linux and macOS also.
- gh-issue-101634: When running the Python test suite with
``-jN`` option, if a worker stdout cannot be decoded from
the locale encoding report a failed testn so the exitcode is
non-zero. Patch by Victor Stinner.
- gh-issue-106118: Fix compilation for platforms without
:data:`!O_CLOEXEC`. The issue was introduced with Python
3.12b1 in :gh:`103295`. Patch by Erlend Aasland.
- gh-issue-104692: Include ``commoninstall`` as a prerequisite
for ``bininstall``
This ensures that ``commoninstall`` is completed before
``bininstall`` is started when parallel builds are used (``make
-j install``), and so the ``python3`` symlink is only installed
after all standard library modules are installed.
- gh-issue-106359: Argument Clinic now explicitly forbids
"kwarg splats" in function calls used as annotations.
- gh-issue-105227: The new :c:func:`PyType_GetDict` provides
the dictionary for the given type object that is normally
exposed by ``cls.__dict__``. Normally it's sufficient to
use :c:member:`~PyTypeObject.tp_dict`, but for the static
builtin types :c:member:`!tp_dict` is now always ``NULL``.
:c:func:`!PyType_GetDict()` provides the correct dict object
instead.
OBS-URL: https://build.opensuse.org/request/show/1098684
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=4
- gh-issue-102988: CVE-2023-27043: Prevent
:func:`email.utils.parseaddr` and
:func:`email.utils.getaddresses` from returning the realname
portion of an invalid RFC2822 email header in the email
address portion of the 2-tuple returned after being parsed by
:class:`email._parseaddr.AddressList`.
- gh-issue-106396: When the format specification of an
f-string expression is empty, the parser now generates an
empty :class:`ast.JoinedStr` node for it instead of an
one-element :class:`ast.JoinedStr` with an empty string
:class:`ast.Constant`.
- gh-issue-106145: Make ``end_lineno`` and ``end_col_offset``
required on ``type_param`` ast nodes.
- gh-issue-105979: Fix crash in :func:`!_imp.get_frozen_object`
due to improper exception handling.
- gh-issue-98931: Ensure custom :exc:`SyntaxError` error
messages are raised for invalid imports with multiple
targets. Patch by Pablo Galindo
- gh-issue-105908: Fixed bug where :gh:`99111` breaks future
import ``barry_as_FLUFL`` in the Python REPL.
- gh-issue-105340: Include the comprehension iteration
variable in ``locals()`` inside a module- or class-scope
comprehension.
- gh-issue-105486: Change the repr of ``ParamSpec`` list of
args in ``types.GenericAlias``.
- gh-issue-101006: Improve error handling when read
:mod:`marshal` data.
- gh-issue-106524: Fix crash in :func:`!_sre.template` with
templates containing invalid group indices.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=12
- Update to 3.12.0b3:
- gh-103142: The version of OpenSSL used in Windows and
Mac installers has been upgraded to 1.1.1u to address
CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
fixed previously in 1.1.1t (gh-101727).
- gh-102153: urllib.parse.urlsplit() now strips leading C0
control and space characters following the specification for
URLs defined by WHATWG in response to CVE-2023-24329.
- gh-99889: Fixed a security in flaw in uu.decode() that could
allow for directory traversal based on the input if no
out_file was specified.
- gh-104049: Do not expose the local on-disk
location in directory indexes produced by
http.client.SimpleHTTPRequestHandler.
- gh-103935: trace.__main__ now uses io.open_code() for files
to be executed instead of raw open().
- gh-102953: The extraction methods in tarfile, and
shutil.unpack_archive(), have a new filter argument that
allows limiting tar features than may be surprising or
dangerous, such as creating files outside the destination
directory. See Extraction filters for details.
- Remove upstreamed patches:
- 00398-fix-stack-overwrite-on-32-bit-in-perf-map-test-harness-gh-104811-104823.patch
OBS-URL: https://build.opensuse.org/request/show/1096094
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=3
- gh-103142: The version of OpenSSL used in Windows and
Mac installers has been upgraded to 1.1.1u to address
CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
fixed previously in 1.1.1t (gh-101727).
- gh-102153: urllib.parse.urlsplit() now strips leading C0
control and space characters following the specification for
URLs defined by WHATWG in response to CVE-2023-24329.
- gh-99889: Fixed a security in flaw in uu.decode() that could
allow for directory traversal based on the input if no
out_file was specified.
- gh-104049: Do not expose the local on-disk
location in directory indexes produced by
http.client.SimpleHTTPRequestHandler.
- gh-103935: trace.__main__ now uses io.open_code() for files
to be executed instead of raw open().
- gh-102953: The extraction methods in tarfile, and
shutil.unpack_archive(), have a new filter argument that
allows limiting tar features than may be surprising or
dangerous, such as creating files outside the destination
directory. See Extraction filters for details.
- Remove upstreamed patches:
- 00398-fix-stack-overwrite-on-32-bit-in-perf-map-test-harness-gh-104811-104823.patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=9
Dominique Leuenberger
Ana Guerrero
