pool/python314
SHA256
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1245486 from devel:languages:python:Factory

Browse Source 
- Update to the fifth development version of 3.14.0:
  - Tools/Demos
    - gh-129248: The iOS test runner now strips the log prefix
      from each line output by the test suite.
    - gh-104400: Fix several bugs in extraction by switching to
      an AST parser in pygettext.
  - Tests
    - gh-129386: Add test.support.reset_code, which can be used
      to reset various bytecode-level optimizations and local
      instrumentation for a function.
    - gh-128474: Disable test_embed test cases that segfault on
      BOLT instrument binaries. The tests are only disabled when
      BOLT is enabled.
    - gh-128003: Add an option --parallel-threads=N to the
      regression test runner that runs individual tests in
      multiple threads in parallel in order to find concurrency
      bugs. Note that most of the test suite is not yet reviewed
      for thread-safety or annotated with @thread_unsafe when
      necessary.
  - Security
    - gh-105704: When using urllib.parse.urlsplit() and
      urllib.parse.urlparse() host parsing would not reject
      domain names containing square brackets ([ and ]). Square
      brackets are only valid for IPv6 and IPvFuture hosts
      according to RFC 3986 Section 3.2.2. (bsc#1236705,
      CVE-2025-0938, gh#python/cpython#105704).
    - gh-126108: Fix a possible NULL pointer dereference in
      PySys_AddWarnOptionUnicode().
    - gh-80222: Fix bug in the folding of quoted strings
      when flattening an email message using a modern email
      policy. Previously when a quoted string was folded so
      that it spanned more than one line, the surrounding
      quotes and internal escapes would be omitted. This could
      theoretically be used to spoof header lines using a
      carefully constructed quoted string if the resulting
      rendered email was transmitted or re-parsed.
    - gh-119511: Fix a potential denial of service in the imaplib
      module. When connecting to a malicious server, it could
      cause an arbitrary amount of memory to be allocated. On
      many systems this is harmless as unused virtual memory is
      only a mapping, but if this hit a virtual address size
      limit it could lead to a MemoryError or other process
      crash. On unusual systems or builds where all allocated
      memory is touched and backed by actual ram or storage
      it could’ve consumed resources doing so until similarly
      crashing.
  - Library
    - gh-129939: Comparison pages with highlighted changes
      generated by the difflib.HtmlDiff class now support dark
      mode.
    - gh-129928: Raise sqlite3.ProgrammingError if a user-defined
      SQL function with invalid number of parameters is
      created. Patch by Erlend Aasland.
    - gh-129583: Update bundled pip to 25.0.1
    - gh-129766: Fix crash in warnings, when calling
      _release_lock() with no existing lock.
    - gh-129005: _pyio.FileIO.readall() now allocates, resizes,
      and fills a data buffer using the same algorithm
      _io.FileIO.readall() uses.
    - gh-129646: Update the locale alias mapping in the locale
      module to match the latest X Org locale alias mapping and
      support new locales in Glibc 2.41.
    - gh-128317: Put CLI calendar highlighting in private class,
      removing highlight_day from public calendar.TextCalendar
      API. Patch by Hugo van Kemenade.
    - gh-129603: Fix bugs where sqlite3.Row objects could
      segfault if their inherited description was set to
      None. Patch by Erlend Aasland.
    - gh-129559: Add bytearray.resize() method so bytearray can
      be efficiently resized in place.
    - gh-129502: Unlikely errors in preparing arguments for
      ctypes callback are now handled in the same way as errors
      raised in the callback of in converting the result of
      the callback – using sys.unraisablehook() instead of
      sys.excepthook() and not setting sys.last_exc and other
      variables.
    - gh-129403: Corrected ValueError message for asyncio.Barrier
      and threading.Barrier.
    - gh-129409: Fix an integer overflow in the csv module when
      writing a data field larger than 2GB.
    - gh-126400: Add a socket timeout keyword argument to
      logging.handlers.SysLogHandler.
    - gh-118761: Always lazy import warnings in threading. Patch
      by Taneli Hukkinen.
    - gh-118761: Improve import time of subprocess by lazy
      importing locale and signal. Patch by Taneli Hukkinen.
    - gh-129346: In sqlite3, handle out-of-memory when creating
      user-defined SQL functions.
    - gh-129005: Optimize _pyio.FileIO.readinto by avoiding
      unnecessary objects and copies using os.readinto().
    - gh-129195: Support reporting call graph information from
      asyncio.staggered.staggered_race().
    - gh-129205: Add os.readinto() to read into a buffer object
      from a file descriptor.
    - gh-128772: Fix pydoc for methods with the __module__
      attribute equal to None.
    - gh-129061: Fix FORCE_COLOR and NO_COLOR when empty
      strings. Patch by Hugo van Kemenade.
    - gh-92897: Scheduled the deprecation of the check_home
      argument of sysconfig.is_python_build() to Python 3.15.
    - gh-129064: Deprecate sysconfig.expand_makefile_vars(),
      in favor of using sysconfig.get_paths() with the vars
      argument.
    - gh-128550: Removed an incorrect optimization relating
      to eager tasks in asyncio.TaskGroup that resulted in
      cancellations being missed.
    - gh-128991: Release the enter frame reference within bdb
      callback
    - gh-118761: Reduce import time of pstats and zipfile by up
      to 20%, by removing unnecessary imports to typing. Patch by
      Bénédikt Tran.
    - gh-128978: Fix a NameError in
      sysconfig.expand_makefile_vars(). Patch by Bénédikt Tran.
    - gh-128961: Fix a crash when setting state on an exhausted
      array.array iterator.
    - gh-128894: Fix
      traceback.TracebackException._format_syntax_error not to
      fail on exceptions with custom metadata.
    - gh-128916: Do not attempt to set SO_REUSEPORT on sockets of
      address families other than AF_INET and AF_INET6, as it is
      meaningless with these address families, and the call with
      fail with Linux kernel 6.12.9 and newer.
    - gh-118761: Improve import time of tomllib by removing
      typing, string, and tomllib._types imports. Patch by Taneli
      Hukkinen.
    - gh-128679: tracemalloc: Fix race conditions when
      tracemalloc.stop() is called by a thread, while other
      threads are tracing memory allocations. Patch by Victor
      Stinner.
    - gh-128891: Add specialized opcodes to opcode.opname.
    - gh-118761: Reduce import time of gettext by up to ten
      times, by importing re on demand. In particular, re is
      no longer implicitly exposed as gettext.re. Patch by Eli
      Schwartz.
    - gh-118761: Reduce the import time of optparse when no help
      text is printed. Patch by Eli Schwartz.
    - gh-128657: Fix possible extra reference when using objects
      returned by hashlib.sha256() under free threading.
    - gh-118761: Reduce the import time of csv by up to five
      times, by importing re on demand. In particular, re is no
      more implicitly exposed as csv.re. Patch by Bénédikt Tran.
    - gh-128308: Support the name keyword argument
      for eager tasks in asyncio.loop.create_task(),
      asyncio.create_task() and asyncio.TaskGroup.create_task(),
      by passing on all kwargs to the task factory set by
      asyncio.loop.set_task_factory().
    - gh-118761: Improve the performance of base64.b16decode()
      by up to ten times by more efficiently checking the
      byte-string for hexadecimal digits. Reduce the import
      time of base64 by up to six times, by no longer importing
      re. Patch by Bénédikt Tran, Chris Markiewicz, and Adam
      Turner.
    - gh-128156: When using macOS system libffi, support for
      complex types in ctypes is now checked at runtime (macOS
      10.15 or newer). The types must also be available at build
      time.
    - gh-128636: Fix PyREPL failure when os.environ is
      overwritten with an invalid value.
    - gh-128498: Default to stdout isatty for color detection
      instead of stderr. Patch by Hugo van Kemenade.
    - gh-128384: Add locking to warnings to avoid some
      data races when free-threading is used. Change
      _warnings_runtime_state.mutex to be a recursive mutex
      and expose it to warnings, via the _acquire_lock() and
      _release_lock() functions. The lock is held when filters
      and _filters_version are updated.
    - gh-128509: Add sys._is_immortal() for identifying immortal
      objects at runtime.
    - gh-128479: Fix asyncio.staggered.staggered_race() leaking
      tasks and issuing an unhandled exception.
    - gh-128427: uuid.NIL and uuid.MAX are now available to
      represent the Nil and Max UUID formats as defined by RFC
      9562.
    - gh-91279: zipfile.ZipFile.writestr() now respect
      SOURCE_DATE_EPOCH that distributions can set centrally
      and have build tools consume this in order to produce
      reproducible output.
    - gh-112064: Fix incorrect handling of negative read sizes in
      HTTPResponse.read. Patch by Yury Manushkin.
    - gh-58956: Fixed a frame reference leak in bdb.
    - gh-128131: Completely support random access of uncompressed
      unencrypted read-only zip files obtained by ZipFile.open.
    - gh-127975: Avoid reusing quote types in ast.unparse() if
      not needed.
    - gh-115514: Fix exceptions and incomplete writes after
      asyncio._SelectorTransport is closed before writes are
      completed.
    - gh-121604: Add missing Deprecation warnings for
      importlib.machinery.DEBUG_BYTECODE_SUFFIXES,
      importlib.machinery.OPTIMIZED_BYTECODE_SUFFIXES,
      importlib.machinery.WindowsRegistryFinder,
      importlib.abc.ResourceLoader,
      importlib.abc.SourceLoader.path_mtime().
    - gh-127873: When -E is set, only ignore PYTHON_COLORS
      and not FORCE_COLOR/NO_COLOR/TERM when colourising
      output. Patch by Hugo van Kemenade.
    - gh-125413: Add pathlib.Path.info attribute, which stores
      an object implementing the pathlib.types.PathInfo protocol
      (also new). The object supports querying the file type and
      internally caching stat() results. Path objects generated
      by iterdir() are initialized with file type information
      gleaned from scanning the parent directory.
    - gh-127712: Fix handling of the secure argument of
      logging.handlers.SMTPHandler.
    - gh-127096: Do not recreate unnamed section on every read in
      configparser.ConfigParser. Patch by Andrey Efremov.
    - gh-124369: Deprecate pdb.Pdb.curframe_locals
    - gh-126332: Fix _pyrepl crash when entering a double CTRL-Z
      on an overflowing line.
    - gh-125553: Fix round-trip invariance for backslash
      continuations in tokenize.untokenize().
    - gh-91048: Add asyncio.capture_call_graph() and
      asyncio.print_call_graph() functions.
    - gh-124703: Quitting pdb in inline mode will emit a
      confirmation prompt and exit gracefully now, instead of
      printing an exception traceback.
    - gh-123987: Fixed issue in NamespaceReader where a non-path
      item in a namespace path, such as a sentinel added by an
      editable installer, would break resource loading.
    - gh-119349: Add the ctypes.util.dllist() function to list
      the loaded shared libraries for the current process.
    - gh-55454: Add IMAP4 IDLE support to the imaplib
      module. Patch by Forest.
    - gh-119257: Show tab completions menu below the current
      line, which results in less janky behaviour, and fixes a
      cursor movement bug. Patch by Daniel Hollas
    - gh-101410: Support custom messages for domain errors in the
      math module (math.sqrt(), math.log() and math.atanh() were
      modified as examples). Patch by Charlie Zhao and Sergey B
      Kirpichev.
    - gh-81340: Use os.copy_file_range() in shutil.copy(),
      shutil.copy2(), and shutil.copyfile() functions by
      default. An underlying Linux system call gives filesystems
      an opportunity to implement the use of copy-on-write (in
      case of btrfs and XFS) or server-side copy (in the case of
      NFS.) Patch by Illia Volochii.
    - bpo-27307: Add attribute and item access support to
      string.Formatter in auto-numbering mode, which allows
      format strings like ‘{.name}’ and ‘{[1]}’.
  - IDLE
    - gh-129873: Simplify displaying the IDLE doc by only copying
      the text section of idle.html to idlelib/help.html. Patch
      by Stan Ulbrych.
  - Documentation
    - gh-125722: Require Sphinx 8.1.3 or later to build the
      Python documentation. Patch by Adam Turner.
    - gh-67206: Document that string.printable is not
      printable in the POSIX sense. In particular,
      string.printable.isprintable() returns False. Patch by
      Bénédikt Tran.
  - Core and Builtins
    - gh-100239: Replace the opcode BINARY_SUBSCR and its family
      by BINARY_OP with oparg NB_SUBSCR.
    - gh-129732: Fixed a race in _Py_qsbr_reserve in the free
      threading build.
    - gh-129763: Remove the internal LLTRACE macro (use Py_DEBUG
      instead).
    - gh-129715: Improve JIT performance for generators.
    - gh-129643: Fix thread safety of PyList_Insert() in
      free-threading builds.
    - gh-129668: Fix race condition when raising MemoryError in
      the free threaded build.
    - gh-129643: Fix thread safety of PyList_SetItem() in
      free-threading builds. Patch by Kumar Aditya.
    - gh-128563: Fix an issue where the “lltrace” debug feature
      could have been incorrectly enabled for some frames.
    - gh-129393: On FreeBSD, sys.platform doesn’t contain the
      major version anymore. It is always 'freebsd', instead of
      'freebsd13' or 'freebsd14'.
    - gh-129345: Fix null pointer dereference in syslog.openlog()
      when an audit hook raises an exception.
    - gh-129231: Improve memory layout of JIT traces. Patch by
      Diego Russo
    - gh-129149: Add fast path for medium-size integers in
      PyLong_FromUnsignedLong(), PyLong_FromUnsignedLongLong()
      and PyLong_FromSize_t().
    - gh-129201: The free-threaded version of the cyclic garbage
      collector has been optimized to conditionally use CPU
      prefetch instructions during the collection. This can
      reduce collection times by making it more likely that
      data is in the CPU cache when it is needed. The prefetch
      instructions are enabled if the number of long-lived
      objects (objects surviving a full collection) exceeds a
      threshold.
    - gh-129093: Fix f-strings such as f'{expr=}' sometimes not
      displaying the full expression when the expression contains
      !=.
    - gh-124363: Treat debug expressions in f-string as raw
      strings. Patch by Pablo Galindo
    - gh-128714: Fix the potential races in get/set dunder
      methods __annotations__, __annotate__ and __type_params__
      for function object, and add related tests.
    - gh-128799: Add frame of except* to traceback when it wraps
      a naked exception.
    - gh-128842: Collect JIT memory stats using pystats. Patch by
      Diego Russo.
    - gh-100239: Specialize BINARY_OP for bitwise logical
      operations on compact ints.
    - gh-128910: Undocumented and unused private C-API functions
      _PyTrash_begin and _PyTrash_end are removed.
    - gh-128807: Add a marking phase to the free-threaded
      GC. This is similar to what was done in gh-126491. Since
      the free-threaded GC does not have generations and is
      not incremental, the marking phase looks for all objects
      reachable from known roots. The roots are objects known to
      not be garbage, like the module dictionary for sys. For
      most programs, this marking phase should make the GC a bit
      faster since typically less work is done per object.
    - gh-100239: Add opcode BINARY_OP_EXTEND which executes a
      pair of functions (guard and specialization functions)
      accessed from the inline cache.
    - gh-128563: A new type of interpreter has been added
      to CPython. This interpreter uses tail calls for its
      instruction handlers. Preliminary benchmark results suggest
      7-11% geometric mean faster on pyperformance (depending
      on platform), and up to 30% faster on Python-intensive
      workloads. This interpreter currently only works on newer
      compilers, such as clang-19. Other compilers will continue
      using the old interpreter. Patch by Ken Jin, with ideas on
      how to implement this in CPython by Mark Shannon, Garret
      Gu, Haoran Xu, and Josh Haberman.
    - gh-126703: Improve performance of iterating over lists and
      tuples by using a freelist for the iterator objects.
    - gh-127953: The time to handle a LINE event in
      sys.monitoring (and sys.settrace) is now independent of the
      number of lines in the code object.
    - gh-128330: Restore terminal control characters on REPL
      exit.
    - gh-128016: Improved the SyntaxWarning message for invalid
      escape sequences to clarify that such sequences will raise
      a SyntaxError in future Python releases. The new message
      also suggests a potential fix, i.e., Did you mean "\\e"?.
    - gh-126004: Fix handling of UnicodeError.start and
      UnicodeError.end values in the codecs.replace_errors()
      error handler. Patch by Bénédikt Tran.
    - gh-126004: Fix handling of UnicodeError.start
      and UnicodeError.end values in the
      codecs.backslashreplace_errors() error handler. Patch by
      Bénédikt Tran.
    - gh-126004: Fix handling of UnicodeError.start
      and UnicodeError.end values in the
      codecs.xmlcharrefreplace_errors() error handler. Patch by
      Bénédikt Tran.
    - gh-127119: Slightly optimize the int deallocator.
    - gh-127349: Fixed the error when resizing terminal in Python
      REPL. Patch by Semyon Moroz.
    - gh-125723: Fix crash with gi_frame.f_locals when generator
      frames outlive their generator. Patch by Mikhail Efimov.
    - gh-126349: Add turtle.fill(), turtle.poly() and
      turtle.no_animation() context managers. Patch by Marie
      Roald and Yngve Mardal Moe.
    - gh-115911: If the current working directory cannot be
      determined due to permissions, then import will no longer
      raise PermissionError. Patch by Alex Willmer.
    - gh-112713: Added support for the Partitioned cookie flag in
      http.cookies.
  - C API
    - gh-129533: Update PyGC_Enable(), PyGC_Disable(),
      PyGC_IsEnabled() to use atomic operation for thread-safety
      at free-threading build. Patch by Donghee Na.
    - gh-89188: Implement PyUnicode_KIND() and PyUnicode_DATA()
      as function, in addition to the macros with the same
      names. The macros rely on C bit fields which have
      compiler-specific layout. Patch by Victor Stinner.
    - gh-91417: Remove PySequence_Fast() from the limited
      C API, since this function has to be used with
      PySequence_Fast_GET_ITEM which never worked in the limited
      C API. Patch by Victor Stinner.
    - gh-128509: Add PyUnstable_IsImmortal() for determining
      whether an object is immortal.
    - gh-129033: Remove _PyInterpreterState_GetConfigCopy() and
      _PyInterpreterState_SetConfig() private functions. Use
      instead PyConfig_Get() and PyConfig_Set(), public C API
      added by PEP 741 “Python Configuration C API”. Patch by
      Victor Stinner.
    - gh-129033: Remove the private _Py_InitializeMain()
      function. It was a provisional API added to Python 3.8 by
      PEP 587. Patch by Victor Stinner.
    - gh-128844: Add PyUnstable_TryIncRef() and
      PyUnstable_EnableTryIncRef() unstable APIs. These
      are helpers for dealing with unowned references in a
      thread-safe way, particularly in the free threading build.
    - gh-128911: Add PyImport_ImportModuleAttr() and
      PyImport_ImportModuleAttrString() helper functions to
      import a module and get an attribute of the module. Patch
      by Victor Stinner.
    - gh-128863: The following private functions are deprecated
      and planned for removal in Python 3.18:
        _PyBytes_Join(): use PyBytes_Join().
        _PyDict_GetItemStringWithError(): use PyDict_GetItemStringRef().
        _PyDict_Pop(): use PyDict_Pop().
        _PyLong_Sign(): use PyLong_GetSign().
        _PyLong_FromDigits() and _PyLong_New(): use PyLongWriter_Create().
        _PyThreadState_UncheckedGet(): use PyThreadState_GetUnchecked().
        _PyUnicode_AsString(): use PyUnicode_AsUTF8().
        _Py_HashPointer(): use Py_HashPointer().
        _Py_fopen_obj(): use Py_fopen().
    The pythoncapi-compat project can be used to get these new
    public functions on Python 3.13 and older. Patch by Victor Stinner.
    - gh-126599: Remove some internal test APIs for the
      experimental JIT compiler.
    - gh-127925: Convert the decimal module to use PEP 757 C API
      (export-import integers), offering some speed-up if the
      integer part of the Decimal instance is small. Patch by
      Sergey B Kirpichev.
  - Build
    - gh-129660: Drop test_embed from PGO training, whose
      contribution in recent versions is considered to be
      ignorable.
    - gh-128902: Fix compile errors with Clang 9 and older due to
      lack of __attribute__((fallthrough)) support.
- Remove upstreamed patches:
    - CVE-2025-0938-sq-brackets-domain-names.patch
    - 314a4-no-SO_REUSEPORT.patch

OBS-URL: https://build.opensuse.org/request/show/1245486
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python314?expand=0&rev=6
This commit is contained in:
Ana Guerrero 2025-02-13 17:39:01 +00:00 committed by Git OBS Bridge
commit 35eb81a93f
8 changed files with 424 additions and 217 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
314a4-no-SO_REUSEPORT.patch
View File

@ -1,94 +0,0 @@
From 1afcfaa5ce01cd949e570bc9035b3a7b6ccdd2be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org>
Date: Fri, 17 Jan 2025 11:46:19 +0100
Subject: [PATCH 1/2] gh-128916: Do not set `SO_REUSEPORT` on non-`AF_INET*`
sockets
Do not attempt to set ``SO_REUSEPORT`` on sockets of address familifies other
than ``AF_INET`` and ``AF_INET6``, as it is meaningless with these address
families, and the call with fail with Linux kernel 6.12.9 and newer.
---
Lib/asyncio/base_events.py | 4 +++-
Lib/socket.py | 4 +++-
Lib/socketserver.py | 7 ++++++-
.../Library/2025-01-17-11-46-16.gh-issue-128916.GEePbO.rst | 3 +++
4 files changed, 15 insertions(+), 3 deletions(-)
create mode 100644 Misc/NEWS.d/next/Library/2025-01-17-11-46-16.gh-issue-128916.GEePbO.rst
diff --git a/Lib/asyncio/base_events.py b/Lib/asyncio/base_events.py
index 6e6e5aaac15caf..85018797db33bb 100644
--- a/Lib/asyncio/base_events.py
+++ b/Lib/asyncio/base_events.py
@@ -1593,7 +1593,9 @@ async def create_server(
if reuse_address:
sock.setsockopt(
socket.SOL_SOCKET, socket.SO_REUSEADDR, True)
- if reuse_port:
+ # Since Linux 6.12.9, SO_REUSEPORT is not allowed
+ # on other address families than AF_INET/AF_INET6.
+ if reuse_port and af in (socket.AF_INET, socket.AF_INET6):
_set_reuseport(sock)
if keep_alive:
sock.setsockopt(
diff --git a/Lib/socket.py b/Lib/socket.py
index be37c24d6174a2..727b0e75f03595 100644
--- a/Lib/socket.py
+++ b/Lib/socket.py
@@ -937,7 +937,9 @@ def create_server(address, *, family=AF_INET, backlog=None, reuse_port=False,
# Fail later on bind(), for platforms which may not
# support this option.
pass
- if reuse_port:
+ # Since Linux 6.12.9, SO_REUSEPORT is not allowed
+ # on other address families than AF_INET/AF_INET6.
+ if reuse_port and family in (AF_INET, AF_INET6):
sock.setsockopt(SOL_SOCKET, SO_REUSEPORT, 1)
if has_ipv6 and family == AF_INET6:
if dualstack_ipv6:
diff --git a/Lib/socketserver.py b/Lib/socketserver.py
index cd028ef1c63b85..35b2723de3babe 100644
--- a/Lib/socketserver.py
+++ b/Lib/socketserver.py
@@ -468,7 +468,12 @@ def server_bind(self):
"""
if self.allow_reuse_address and hasattr(socket, "SO_REUSEADDR"):
self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
- if self.allow_reuse_port and hasattr(socket, "SO_REUSEPORT"):
+ # Since Linux 6.12.9, SO_REUSEPORT is not allowed
+ # on other address families than AF_INET/AF_INET6.
+ if (
+ self.allow_reuse_port and hasattr(socket, "SO_REUSEPORT")
+ and self.address_family in (socket.AF_INET, socket.AF_INET6)
+ ):
self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT, 1)
self.socket.bind(self.server_address)
self.server_address = self.socket.getsockname()
diff --git a/Misc/NEWS.d/next/Library/2025-01-17-11-46-16.gh-issue-128916.GEePbO.rst b/Misc/NEWS.d/next/Library/2025-01-17-11-46-16.gh-issue-128916.GEePbO.rst
new file mode 100644
index 00000000000000..5d13825fb2b6ab
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2025-01-17-11-46-16.gh-issue-128916.GEePbO.rst
@@ -0,0 +1,3 @@
+Do not attempt to set ``SO_REUSEPORT`` on sockets of address familifies
+other than ``AF_INET`` and ``AF_INET6``, as it is meaningless with these
+address families, and the call with fail with Linux kernel 6.12.9 and newer.
From 8f8f0d67742ce151ea9b104ad0396660e2660b09 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org>
Date: Fri, 17 Jan 2025 11:57:41 +0000
Subject: [PATCH 2/2] Apply suggestions from code review
Co-authored-by: Vinay Sajip <vinay_sajip@yahoo.co.uk>
---
.../next/Library/2025-01-17-11-46-16.gh-issue-128916.GEePbO.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Misc/NEWS.d/next/Library/2025-01-17-11-46-16.gh-issue-128916.GEePbO.rst b/Misc/NEWS.d/next/Library/2025-01-17-11-46-16.gh-issue-128916.GEePbO.rst
index 5d13825fb2b6ab..f2db341ef81621 100644
--- a/Misc/NEWS.d/next/Library/2025-01-17-11-46-16.gh-issue-128916.GEePbO.rst
+++ b/Misc/NEWS.d/next/Library/2025-01-17-11-46-16.gh-issue-128916.GEePbO.rst
@@ -1,3 +1,3 @@
-Do not attempt to set ``SO_REUSEPORT`` on sockets of address familifies
+Do not attempt to set ``SO_REUSEPORT`` on sockets of address families
other than ``AF_INET`` and ``AF_INET6``, as it is meaningless with these
address families, and the call with fail with Linux kernel 6.12.9 and newer.

111
CVE-2025-0938-sq-brackets-domain-names.patch
View File

@ -1,111 +0,0 @@
From 6204ab9f989be3841c8c47e1e2cfe6a658fe16d5 Mon Sep 17 00:00:00 2001
From: Seth Michael Larson <seth@python.org>
Date: Tue, 28 Jan 2025 14:09:00 -0600
Subject: [PATCH 1/4] gh-105704: Disallow square brackets ( and ) in domain
names for parsed URLs
---
Lib/test/test_urlparse.py | 37 +++++++++-
Lib/urllib/parse.py | 20 ++++-
Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst | 4 +
3 files changed, 58 insertions(+), 3 deletions(-)
create mode 100644 Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst
--- a/Lib/test/test_urlparse.py
+++ b/Lib/test/test_urlparse.py
@@ -1412,16 +1412,51 @@ class UrlParseTestCase(unittest.TestCase
self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af::2309::fae7:1234]/Path?Query')
self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@[0439:23af:2309::fae7:1234:2342:438e:192.0.2.146]/Path?Query')
self.assertRaises(ValueError, urllib.parse.urlsplit, 'Scheme://user@]v6a.ip[/Path')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]/')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix/')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip]?')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip].suffix?')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]/')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix/')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]?')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix?')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:a1')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:a1')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:1a')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:1a')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[::1].suffix:/')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[::1]:?')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@prefix.[v6a.ip]')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://user@[v6a.ip].suffix')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://[v6a.ip')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip]')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip[')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://]v6a.ip')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix.[v6a.ip')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip].suffix')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip[suffix')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://prefix]v6a.ip')
+ self.assertRaises(ValueError, urllib.parse.urlsplit, 'scheme://v6a.ip[suffix')
def test_splitting_bracketed_hosts(self):
- p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]/path?query')
+ p1 = urllib.parse.urlsplit('scheme://user@[v6a.ip]:1234/path?query')
self.assertEqual(p1.hostname, 'v6a.ip')
self.assertEqual(p1.username, 'user')
self.assertEqual(p1.path, '/path')
+ self.assertEqual(p1.port, 1234)
p2 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7%test]/path?query')
self.assertEqual(p2.hostname, '0439:23af:2309::fae7%test')
self.assertEqual(p2.username, 'user')
self.assertEqual(p2.path, '/path')
+ self.assertIs(p2.port, None)
p3 = urllib.parse.urlsplit('scheme://user@[0439:23af:2309::fae7:1234:192.0.2.146%test]/path?query')
self.assertEqual(p3.hostname, '0439:23af:2309::fae7:1234:192.0.2.146%test')
self.assertEqual(p3.username, 'user')
--- a/Lib/urllib/parse.py
+++ b/Lib/urllib/parse.py
@@ -439,6 +439,23 @@ def _checknetloc(netloc):
raise ValueError("netloc '" + netloc + "' contains invalid " +
"characters under NFKC normalization")
+def _check_bracketed_netloc(netloc):
+ # Note that this function must mirror the splitting
+ # done in NetlocResultMixins._hostinfo().
+ hostname_and_port = netloc.rpartition('@')[2]
+ before_bracket, have_open_br, bracketed = hostname_and_port.partition('[')
+ if have_open_br:
+ # No data is allowed before a bracket.
+ if before_bracket:
+ raise ValueError("Invalid IPv6 URL")
+ hostname, _, port = bracketed.partition(']')
+ # No data is allowed after the bracket but before the port delimiter.
+ if port and not port.startswith(":"):
+ raise ValueError("Invalid IPv6 URL")
+ else:
+ hostname, _, port = hostname_and_port.partition(':')
+ _check_bracketed_host(hostname)
+
# Valid bracketed hosts are defined in
# https://www.rfc-editor.org/rfc/rfc3986#page-49 and https://url.spec.whatwg.org/
def _check_bracketed_host(hostname):
@@ -505,8 +522,7 @@ def _urlsplit(url, scheme=None, allow_fr
(']' in netloc and '[' not in netloc)):
raise ValueError("Invalid IPv6 URL")
if '[' in netloc and ']' in netloc:
- bracketed_host = netloc.partition('[')[2].partition(']')[0]
- _check_bracketed_host(bracketed_host)
+ _check_bracketed_netloc(netloc)
if allow_fragments and '#' in url:
url, fragment = url.split('#', 1)
if '?' in url:
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst
@@ -0,0 +1,4 @@
+When using :func:`urllib.parse.urlsplit` and :func:`urllib.parse.urlparse` host
+parsing would not reject domain names containing square brackets (``[`` and
+``]``). Square brackets are only valid for IPv6 and IPvFuture hosts according to
+`RFC 3986 Section 3.2.2 <https://www.rfc-editor.org/rfc/rfc3986#section-3.2.2>`__.

3
Python-3.14.0a4.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c24f07881873c1d460228795ca6ca8c99130e30c773c91463d30d7ea8ff0e70b
size 22798932

1
Python-3.14.0a4.tar.xz.sigstore
View File

@ -1 +0,0 @@
{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzzCCAlWgAwIBAgIUTNqrmr/M2mihtEwN8O2FyM2q1q4wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwMTE0MTYwMTUwWhcNMjUwMTE0MTYxMTUwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXFyDvDOdj/YAUw6VwCbccPuaGXVlONd/+yU2w6pjOucN7XNrKQzRc2p0B87e6fBJNtrvoQskKm5g5RZRNIaTraOCAXQwggFwMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQU+FemmqqSGkLeHpehmVT+O/2VD1MwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHQYDVR0RAQH/BBMwEYEPaHVnb0BweXRob24ub3JnMCwGCisGAQQBg78wAQEEHmh0dHBzOi8vZ2l0aHViLmNvbS9sb2dpbi9vYXV0aDAuBgorBgEEAYO/MAEIBCAMHmh0dHBzOi8vZ2l0aHViLmNvbS9sb2dpbi9vYXV0aDCBiwYKKwYBBAHWeQIEAgR9BHsAeQB3AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABlGWMvxkAAAQDAEgwRgIhAMdC5GErGZYgWadLhCcmCxR3wAZ8jSVhTikA8HyIMUjKAiEAjZQMpnwoXgxNEXGAs8J/Myxxp5Lky719397l9nhdPk8wCgYIKoZIzj0EAwMDaAAwZQIxAMcST1Hx0VxHs8dH4fVNnJHRqHV70g4gWXOUahXOh86pLbvOOsGqM3w8o3kUhjO7oAIwRCZiVhDjDq59iDX6/IO7mG/gwNXBVqKSPdcYRS6l/SxM3JRORz8QCQK3HtM5TPvm"}, "tlogEntries": [{"logIndex": "162324179", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1736870510", "inclusionPromise": {"signedEntryTimestamp": "MEQCIAXgFU1gThdT0mhc6q0AXzD3bBXTiacgiLtvj81gdZF4AiBN9qUrwxowhsD9xRkTFuRk/l7pkEkkF84mJouMltHlqw=="}, "inclusionProof": {"logIndex": "40419917", "rootHash": "sQcmJqkpVAfxguDGAn46H0Jx7wI/seLoX5hw8YAhpzE=", "treeSize": "40419918", "hashes": ["qjl0o9LTqPs1qAydDqJeuEjAe7m0r28edbu6YhwigVs=", "ld8TM/ZFyvOEsuFo6tzdkPMu1WXFFF7FkLeePNxTZgQ=", "msMDMUPWOxenW8+fKcA9KtYwJh+qOm8eJ6hD6qMLxgo=", "HB3n8ruKgQ4/hsnPPqqgZqgqrIY+bil6MZEN48iQf5o=", "s4485wmLHDIJ3Uz0cZtlQJMaGl/NcoVYyRSxf8iaGF0=", "ipeSaii1joKqXMjR8vQt0JqN3F2T64mYFe55cZTSE7k=", "Zh8tfYPsaKKLrwZBF7ddhto+2SATy+XV9dtLPctNAlU=", "GVSyTNVOEKppJTUqz+nM5IM0FJ34fKBEIv5VAyJ7Dv4=", "tlaG/ckV5gypfBxP4OGlhhoLQ/VcEe+s4IdoNM+5CJk=", "LxTVSFPuriQ2RUI8Dbu2hz4wzAG1G271/Jivqrd1etw=", "vemyaMj0Na1LMjbB/9Dmkq8T+jAb3o+yCESgAayUABU="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n40419918\nsQcmJqkpVAfxguDGAn46H0Jx7wI/seLoX5hw8YAhpzE=\n\n\u2014 rekor.sigstore.dev wNI9ajBGAiEAv+PVAciPszI4zlpSunN4bfTvMqVTy5p62XGhyX7jQwACIQCNHJdBqkgiBk7OICiGqlcnklnK9wf4okEYP4iC2UpSUQ==\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJjMjRmMDc4ODE4NzNjMWQ0NjAyMjg3OTVjYTZjYThjOTkxMzBlMzBjNzczYzkxNDYzZDMwZDdlYThmZjBlNzBiIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUUROejA2OHVmUE1tRUNZL3JldUdNSGRBbUhoazc1MHNaNHdTKytsY1g1Z0xRSWdLdzN1S1oydm9Jd2FMSWk1dFl3d2JBOUZUaFVHK05NUDViYmwyS0xSYXZjPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZla05EUVd4WFowRjNTVUpCWjBsVlZFNXhjbTF5TDAweWJXbG9kRVYzVGpoUE1rWjVUVEp4TVhFMGQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDFVUlRCTlZGbDNUVlJWZDFkb1kwNU5hbFYzVFZSRk1FMVVXWGhOVkZWM1YycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZZUm5sRWRrUlBaR292V1VGVmR6WldkME5pWTJOUWRXRkhXRlpzVDA1a0x5dDVWVElLZHpad2FrOTFZMDQzV0U1eVMxRjZVbU15Y0RCQ09EZGxObVpDU2s1MGNuWnZVWE5yUzIwMVp6VlNXbEpPU1dGVWNtRlBRMEZZVVhkblowWjNUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlVyUm1WdENtMXhjVk5IYTB4bFNIQmxhRzFXVkN0UEx6SldSREZOZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoUldVUldVakJTUVZGSUwwSkNUWGRGV1VWUVlVaFdibUl3UW5kbFdGSnZZakkwZFdJelNtNU5RM2RIUTJselIwRlJVVUpuTnpoM1FWRkZSUXBJYldnd1pFaENlazlwT0haYU1td3dZVWhXYVV4dFRuWmlVemx6WWpKa2NHSnBPWFpaV0ZZd1lVUkJkVUpuYjNKQ1owVkZRVmxQTDAxQlJVbENRMEZOQ2todGFEQmtTRUo2VDJrNGRsb3liREJoU0ZacFRHMU9kbUpUT1hOaU1tUndZbWs1ZGxsWVZqQmhSRU5DYVhkWlMwdDNXVUpDUVVoWFpWRkpSVUZuVWprS1FraHpRV1ZSUWpOQlRqQTVUVWR5UjNoNFJYbFplR3RsU0Vwc2JrNTNTMmxUYkRZME0ycDVkQzgwWlV0amIwRjJTMlUyVDBGQlFVSnNSMWROZG5oclFRcEJRVkZFUVVWbmQxSm5TV2hCVFdSRE5VZEZja2RhV1dkWFlXUk1hRU5qYlVONFVqTjNRVm80YWxOV2FGUnBhMEU0U0hsSlRWVnFTMEZwUlVGcVdsRk5DbkJ1ZDI5WVozaE9SVmhIUVhNNFNpOU5lWGg0Y0RWTWEzazNNVGt6T1Rkc09XNW9aRkJyT0hkRFoxbEpTMjlhU1hwcU1FVkJkMDFFWVVGQmQxcFJTWGdLUVUxalUxUXhTSGd3Vm5oSWN6aGtTRFJtVms1dVNraFNjVWhXTnpCbk5HZFhXRTlWWVdoWVQyZzRObkJNWW5aUFQzTkhjVTB6ZHpodk0ydFZhR3BQTndwdlFVbDNVa05hYVZab1JHcEVjVFU1YVVSWU5pOUpUemR0Unk5bmQwNVlRbFp4UzFOUVpHTlpVbE0yYkM5VGVFMHpTbEpQVW5vNFVVTlJTek5JZEUwMUNsUlFkbTBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0="}]}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "wk8HiBhzwdRgIoeVymyoyZEw4wx3PJFGPTDX6o/w5ws="}, "signature": "MEUCIQDNz068ufPMmECY/reuGMHdAmHhk750sZ4wS++lcX5gLQIgKw3uKZ2voIwaLIi5tYwwbA9FThUG+NMP5bbl2KLRavc="}}

3
Python-3.14.0a5.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:74e83f26de1e4fb9eef1b56492cff92508834bb71ac13f5c580438ce9f093682
size 22859900

1
Python-3.14.0a5.tar.xz.sigstore Normal file
View File

File diff suppressed because one or more lines are too long

418
python314.changes
View File

@ -1,3 +1,421 @@
-------------------------------------------------------------------
Wed Feb 12 21:20:43 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
- Update to the fifth development version of 3.14.0:
- Tools/Demos
- gh-129248: The iOS test runner now strips the log prefix
from each line output by the test suite.
- gh-104400: Fix several bugs in extraction by switching to
an AST parser in pygettext.
- Tests
- gh-129386: Add test.support.reset_code, which can be used
to reset various bytecode-level optimizations and local
instrumentation for a function.
- gh-128474: Disable test_embed test cases that segfault on
BOLT instrument binaries. The tests are only disabled when
BOLT is enabled.
- gh-128003: Add an option --parallel-threads=N to the
regression test runner that runs individual tests in
multiple threads in parallel in order to find concurrency
bugs. Note that most of the test suite is not yet reviewed
for thread-safety or annotated with @thread_unsafe when
necessary.
- Security
- gh-105704: When using urllib.parse.urlsplit() and
urllib.parse.urlparse() host parsing would not reject
domain names containing square brackets ([ and ]). Square
brackets are only valid for IPv6 and IPvFuture hosts
according to RFC 3986 Section 3.2.2. (bsc#1236705,
CVE-2025-0938, gh#python/cpython#105704).
- gh-126108: Fix a possible NULL pointer dereference in
PySys_AddWarnOptionUnicode().
- gh-80222: Fix bug in the folding of quoted strings
when flattening an email message using a modern email
policy. Previously when a quoted string was folded so
that it spanned more than one line, the surrounding
quotes and internal escapes would be omitted. This could
theoretically be used to spoof header lines using a
carefully constructed quoted string if the resulting
rendered email was transmitted or re-parsed.
- gh-119511: Fix a potential denial of service in the imaplib
module. When connecting to a malicious server, it could
cause an arbitrary amount of memory to be allocated. On
many systems this is harmless as unused virtual memory is
only a mapping, but if this hit a virtual address size
limit it could lead to a MemoryError or other process
crash. On unusual systems or builds where all allocated
memory is touched and backed by actual ram or storage
it couldve consumed resources doing so until similarly
crashing.
- Library
- gh-129939: Comparison pages with highlighted changes
generated by the difflib.HtmlDiff class now support dark
mode.
- gh-129928: Raise sqlite3.ProgrammingError if a user-defined
SQL function with invalid number of parameters is
created. Patch by Erlend Aasland.
- gh-129583: Update bundled pip to 25.0.1
- gh-129766: Fix crash in warnings, when calling
_release_lock() with no existing lock.
- gh-129005: _pyio.FileIO.readall() now allocates, resizes,
and fills a data buffer using the same algorithm
_io.FileIO.readall() uses.
- gh-129646: Update the locale alias mapping in the locale
module to match the latest X Org locale alias mapping and
support new locales in Glibc 2.41.
- gh-128317: Put CLI calendar highlighting in private class,
removing highlight_day from public calendar.TextCalendar
API. Patch by Hugo van Kemenade.
- gh-129603: Fix bugs where sqlite3.Row objects could
segfault if their inherited description was set to
None. Patch by Erlend Aasland.
- gh-129559: Add bytearray.resize() method so bytearray can
be efficiently resized in place.
- gh-129502: Unlikely errors in preparing arguments for
ctypes callback are now handled in the same way as errors
raised in the callback of in converting the result of
the callback using sys.unraisablehook() instead of
sys.excepthook() and not setting sys.last_exc and other
variables.
- gh-129403: Corrected ValueError message for asyncio.Barrier
and threading.Barrier.
- gh-129409: Fix an integer overflow in the csv module when
writing a data field larger than 2GB.
- gh-126400: Add a socket timeout keyword argument to
logging.handlers.SysLogHandler.
- gh-118761: Always lazy import warnings in threading. Patch
by Taneli Hukkinen.
- gh-118761: Improve import time of subprocess by lazy
importing locale and signal. Patch by Taneli Hukkinen.
- gh-129346: In sqlite3, handle out-of-memory when creating
user-defined SQL functions.
- gh-129005: Optimize _pyio.FileIO.readinto by avoiding
unnecessary objects and copies using os.readinto().
- gh-129195: Support reporting call graph information from
asyncio.staggered.staggered_race().
- gh-129205: Add os.readinto() to read into a buffer object
from a file descriptor.
- gh-128772: Fix pydoc for methods with the __module__
attribute equal to None.
- gh-129061: Fix FORCE_COLOR and NO_COLOR when empty
strings. Patch by Hugo van Kemenade.
- gh-92897: Scheduled the deprecation of the check_home
argument of sysconfig.is_python_build() to Python 3.15.
- gh-129064: Deprecate sysconfig.expand_makefile_vars(),
in favor of using sysconfig.get_paths() with the vars
argument.
- gh-128550: Removed an incorrect optimization relating
to eager tasks in asyncio.TaskGroup that resulted in
cancellations being missed.
- gh-128991: Release the enter frame reference within bdb
callback
- gh-118761: Reduce import time of pstats and zipfile by up
to 20%, by removing unnecessary imports to typing. Patch by
Bénédikt Tran.
- gh-128978: Fix a NameError in
sysconfig.expand_makefile_vars(). Patch by Bénédikt Tran.
- gh-128961: Fix a crash when setting state on an exhausted
array.array iterator.
- gh-128894: Fix
traceback.TracebackException._format_syntax_error not to
fail on exceptions with custom metadata.
- gh-128916: Do not attempt to set SO_REUSEPORT on sockets of
address families other than AF_INET and AF_INET6, as it is
meaningless with these address families, and the call with
fail with Linux kernel 6.12.9 and newer.
- gh-118761: Improve import time of tomllib by removing
typing, string, and tomllib._types imports. Patch by Taneli
Hukkinen.
- gh-128679: tracemalloc: Fix race conditions when
tracemalloc.stop() is called by a thread, while other
threads are tracing memory allocations. Patch by Victor
Stinner.
- gh-128891: Add specialized opcodes to opcode.opname.
- gh-118761: Reduce import time of gettext by up to ten
times, by importing re on demand. In particular, re is
no longer implicitly exposed as gettext.re. Patch by Eli
Schwartz.
- gh-118761: Reduce the import time of optparse when no help
text is printed. Patch by Eli Schwartz.
- gh-128657: Fix possible extra reference when using objects
returned by hashlib.sha256() under free threading.
- gh-118761: Reduce the import time of csv by up to five
times, by importing re on demand. In particular, re is no
more implicitly exposed as csv.re. Patch by Bénédikt Tran.
- gh-128308: Support the name keyword argument
for eager tasks in asyncio.loop.create_task(),
asyncio.create_task() and asyncio.TaskGroup.create_task(),
by passing on all kwargs to the task factory set by
asyncio.loop.set_task_factory().
- gh-118761: Improve the performance of base64.b16decode()
by up to ten times by more efficiently checking the
byte-string for hexadecimal digits. Reduce the import
time of base64 by up to six times, by no longer importing
re. Patch by Bénédikt Tran, Chris Markiewicz, and Adam
Turner.
- gh-128156: When using macOS system libffi, support for
complex types in ctypes is now checked at runtime (macOS
10.15 or newer). The types must also be available at build
time.
- gh-128636: Fix PyREPL failure when os.environ is
overwritten with an invalid value.
- gh-128498: Default to stdout isatty for color detection
instead of stderr. Patch by Hugo van Kemenade.
- gh-128384: Add locking to warnings to avoid some
data races when free-threading is used. Change
_warnings_runtime_state.mutex to be a recursive mutex
and expose it to warnings, via the _acquire_lock() and
_release_lock() functions. The lock is held when filters
and _filters_version are updated.
- gh-128509: Add sys._is_immortal() for identifying immortal
objects at runtime.
- gh-128479: Fix asyncio.staggered.staggered_race() leaking
tasks and issuing an unhandled exception.
- gh-128427: uuid.NIL and uuid.MAX are now available to
represent the Nil and Max UUID formats as defined by RFC
9562.
- gh-91279: zipfile.ZipFile.writestr() now respect
SOURCE_DATE_EPOCH that distributions can set centrally
and have build tools consume this in order to produce
reproducible output.
- gh-112064: Fix incorrect handling of negative read sizes in
HTTPResponse.read. Patch by Yury Manushkin.
- gh-58956: Fixed a frame reference leak in bdb.
- gh-128131: Completely support random access of uncompressed
unencrypted read-only zip files obtained by ZipFile.open.
- gh-127975: Avoid reusing quote types in ast.unparse() if
not needed.
- gh-115514: Fix exceptions and incomplete writes after
asyncio._SelectorTransport is closed before writes are
completed.
- gh-121604: Add missing Deprecation warnings for
importlib.machinery.DEBUG_BYTECODE_SUFFIXES,
importlib.machinery.OPTIMIZED_BYTECODE_SUFFIXES,
importlib.machinery.WindowsRegistryFinder,
importlib.abc.ResourceLoader,
importlib.abc.SourceLoader.path_mtime().
- gh-127873: When -E is set, only ignore PYTHON_COLORS
and not FORCE_COLOR/NO_COLOR/TERM when colourising
output. Patch by Hugo van Kemenade.
- gh-125413: Add pathlib.Path.info attribute, which stores
an object implementing the pathlib.types.PathInfo protocol
(also new). The object supports querying the file type and
internally caching stat() results. Path objects generated
by iterdir() are initialized with file type information
gleaned from scanning the parent directory.
- gh-127712: Fix handling of the secure argument of
logging.handlers.SMTPHandler.
- gh-127096: Do not recreate unnamed section on every read in
configparser.ConfigParser. Patch by Andrey Efremov.
- gh-124369: Deprecate pdb.Pdb.curframe_locals
- gh-126332: Fix _pyrepl crash when entering a double CTRL-Z
on an overflowing line.
- gh-125553: Fix round-trip invariance for backslash
continuations in tokenize.untokenize().
- gh-91048: Add asyncio.capture_call_graph() and
asyncio.print_call_graph() functions.
- gh-124703: Quitting pdb in inline mode will emit a
confirmation prompt and exit gracefully now, instead of
printing an exception traceback.
- gh-123987: Fixed issue in NamespaceReader where a non-path
item in a namespace path, such as a sentinel added by an
editable installer, would break resource loading.
- gh-119349: Add the ctypes.util.dllist() function to list
the loaded shared libraries for the current process.
- gh-55454: Add IMAP4 IDLE support to the imaplib
module. Patch by Forest.
- gh-119257: Show tab completions menu below the current
line, which results in less janky behaviour, and fixes a
cursor movement bug. Patch by Daniel Hollas
- gh-101410: Support custom messages for domain errors in the
math module (math.sqrt(), math.log() and math.atanh() were
modified as examples). Patch by Charlie Zhao and Sergey B
Kirpichev.
- gh-81340: Use os.copy_file_range() in shutil.copy(),
shutil.copy2(), and shutil.copyfile() functions by
default. An underlying Linux system call gives filesystems
an opportunity to implement the use of copy-on-write (in
case of btrfs and XFS) or server-side copy (in the case of
NFS.) Patch by Illia Volochii.
- bpo-27307: Add attribute and item access support to
string.Formatter in auto-numbering mode, which allows
format strings like {.name} and {[1]}.
- IDLE
- gh-129873: Simplify displaying the IDLE doc by only copying
the text section of idle.html to idlelib/help.html. Patch
by Stan Ulbrych.
- Documentation
- gh-125722: Require Sphinx 8.1.3 or later to build the
Python documentation. Patch by Adam Turner.
- gh-67206: Document that string.printable is not
printable in the POSIX sense. In particular,
string.printable.isprintable() returns False. Patch by
Bénédikt Tran.
- Core and Builtins
- gh-100239: Replace the opcode BINARY_SUBSCR and its family
by BINARY_OP with oparg NB_SUBSCR.
- gh-129732: Fixed a race in _Py_qsbr_reserve in the free
threading build.
- gh-129763: Remove the internal LLTRACE macro (use Py_DEBUG
instead).
- gh-129715: Improve JIT performance for generators.
- gh-129643: Fix thread safety of PyList_Insert() in
free-threading builds.
- gh-129668: Fix race condition when raising MemoryError in
the free threaded build.
- gh-129643: Fix thread safety of PyList_SetItem() in
free-threading builds. Patch by Kumar Aditya.
- gh-128563: Fix an issue where the “lltrace” debug feature
could have been incorrectly enabled for some frames.
- gh-129393: On FreeBSD, sys.platform doesnt contain the
major version anymore. It is always 'freebsd', instead of
'freebsd13' or 'freebsd14'.
- gh-129345: Fix null pointer dereference in syslog.openlog()
when an audit hook raises an exception.
- gh-129231: Improve memory layout of JIT traces. Patch by
Diego Russo
- gh-129149: Add fast path for medium-size integers in
PyLong_FromUnsignedLong(), PyLong_FromUnsignedLongLong()
and PyLong_FromSize_t().
- gh-129201: The free-threaded version of the cyclic garbage
collector has been optimized to conditionally use CPU
prefetch instructions during the collection. This can
reduce collection times by making it more likely that
data is in the CPU cache when it is needed. The prefetch
instructions are enabled if the number of long-lived
objects (objects surviving a full collection) exceeds a
threshold.
- gh-129093: Fix f-strings such as f'{expr=}' sometimes not
displaying the full expression when the expression contains
!=.
- gh-124363: Treat debug expressions in f-string as raw
strings. Patch by Pablo Galindo
- gh-128714: Fix the potential races in get/set dunder
methods __annotations__, __annotate__ and __type_params__
for function object, and add related tests.
- gh-128799: Add frame of except* to traceback when it wraps
a naked exception.
- gh-128842: Collect JIT memory stats using pystats. Patch by
Diego Russo.
- gh-100239: Specialize BINARY_OP for bitwise logical
operations on compact ints.
- gh-128910: Undocumented and unused private C-API functions
_PyTrash_begin and _PyTrash_end are removed.
- gh-128807: Add a marking phase to the free-threaded
GC. This is similar to what was done in gh-126491. Since
the free-threaded GC does not have generations and is
not incremental, the marking phase looks for all objects
reachable from known roots. The roots are objects known to
not be garbage, like the module dictionary for sys. For
most programs, this marking phase should make the GC a bit
faster since typically less work is done per object.
- gh-100239: Add opcode BINARY_OP_EXTEND which executes a
pair of functions (guard and specialization functions)
accessed from the inline cache.
- gh-128563: A new type of interpreter has been added
to CPython. This interpreter uses tail calls for its
instruction handlers. Preliminary benchmark results suggest
7-11% geometric mean faster on pyperformance (depending
on platform), and up to 30% faster on Python-intensive
workloads. This interpreter currently only works on newer
compilers, such as clang-19. Other compilers will continue
using the old interpreter. Patch by Ken Jin, with ideas on
how to implement this in CPython by Mark Shannon, Garret
Gu, Haoran Xu, and Josh Haberman.
- gh-126703: Improve performance of iterating over lists and
tuples by using a freelist for the iterator objects.
- gh-127953: The time to handle a LINE event in
sys.monitoring (and sys.settrace) is now independent of the
number of lines in the code object.
- gh-128330: Restore terminal control characters on REPL
exit.
- gh-128016: Improved the SyntaxWarning message for invalid
escape sequences to clarify that such sequences will raise
a SyntaxError in future Python releases. The new message
also suggests a potential fix, i.e., Did you mean "\\e"?.
- gh-126004: Fix handling of UnicodeError.start and
UnicodeError.end values in the codecs.replace_errors()
error handler. Patch by Bénédikt Tran.
- gh-126004: Fix handling of UnicodeError.start
and UnicodeError.end values in the
codecs.backslashreplace_errors() error handler. Patch by
Bénédikt Tran.
- gh-126004: Fix handling of UnicodeError.start
and UnicodeError.end values in the
codecs.xmlcharrefreplace_errors() error handler. Patch by
Bénédikt Tran.
- gh-127119: Slightly optimize the int deallocator.
- gh-127349: Fixed the error when resizing terminal in Python
REPL. Patch by Semyon Moroz.
- gh-125723: Fix crash with gi_frame.f_locals when generator
frames outlive their generator. Patch by Mikhail Efimov.
- gh-126349: Add turtle.fill(), turtle.poly() and
turtle.no_animation() context managers. Patch by Marie
Roald and Yngve Mardal Moe.
- gh-115911: If the current working directory cannot be
determined due to permissions, then import will no longer
raise PermissionError. Patch by Alex Willmer.
- gh-112713: Added support for the Partitioned cookie flag in
http.cookies.
- C API
- gh-129533: Update PyGC_Enable(), PyGC_Disable(),
PyGC_IsEnabled() to use atomic operation for thread-safety
at free-threading build. Patch by Donghee Na.
- gh-89188: Implement PyUnicode_KIND() and PyUnicode_DATA()
as function, in addition to the macros with the same
names. The macros rely on C bit fields which have
compiler-specific layout. Patch by Victor Stinner.
- gh-91417: Remove PySequence_Fast() from the limited
C API, since this function has to be used with
PySequence_Fast_GET_ITEM which never worked in the limited
C API. Patch by Victor Stinner.
- gh-128509: Add PyUnstable_IsImmortal() for determining
whether an object is immortal.
- gh-129033: Remove _PyInterpreterState_GetConfigCopy() and
_PyInterpreterState_SetConfig() private functions. Use
instead PyConfig_Get() and PyConfig_Set(), public C API
added by PEP 741 “Python Configuration C API”. Patch by
Victor Stinner.
- gh-129033: Remove the private _Py_InitializeMain()
function. It was a provisional API added to Python 3.8 by
PEP 587. Patch by Victor Stinner.
- gh-128844: Add PyUnstable_TryIncRef() and
PyUnstable_EnableTryIncRef() unstable APIs. These
are helpers for dealing with unowned references in a
thread-safe way, particularly in the free threading build.
- gh-128911: Add PyImport_ImportModuleAttr() and
PyImport_ImportModuleAttrString() helper functions to
import a module and get an attribute of the module. Patch
by Victor Stinner.
- gh-128863: The following private functions are deprecated
and planned for removal in Python 3.18:
_PyBytes_Join(): use PyBytes_Join().
_PyDict_GetItemStringWithError(): use PyDict_GetItemStringRef().
_PyDict_Pop(): use PyDict_Pop().
_PyLong_Sign(): use PyLong_GetSign().
_PyLong_FromDigits() and _PyLong_New(): use PyLongWriter_Create().
_PyThreadState_UncheckedGet(): use PyThreadState_GetUnchecked().
_PyUnicode_AsString(): use PyUnicode_AsUTF8().
_Py_HashPointer(): use Py_HashPointer().
_Py_fopen_obj(): use Py_fopen().
The pythoncapi-compat project can be used to get these new
public functions on Python 3.13 and older. Patch by Victor Stinner.
- gh-126599: Remove some internal test APIs for the
experimental JIT compiler.
- gh-127925: Convert the decimal module to use PEP 757 C API
(export-import integers), offering some speed-up if the
integer part of the Decimal instance is small. Patch by
Sergey B Kirpichev.
- Build
- gh-129660: Drop test_embed from PGO training, whose
contribution in recent versions is considered to be
ignorable.
- gh-128902: Fix compile errors with Clang 9 and older due to
lack of __attribute__((fallthrough)) support.
- Remove upstreamed patches:
- CVE-2025-0938-sq-brackets-domain-names.patch
- 314a4-no-SO_REUSEPORT.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Feb 4 14:43:13 UTC 2025 - Matej Cepl <mcepl@cepl.eu> Tue Feb 4 14:43:13 UTC 2025 - Matej Cepl <mcepl@cepl.eu>

10
python314.spec
View File

@ -157,8 +157,8 @@
# _md5.cpython-38m-x86_64-linux-gnu.so # _md5.cpython-38m-x86_64-linux-gnu.so
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
Name: %{python_pkg_name}%{psuffix} Name: %{python_pkg_name}%{psuffix}
Version: 3.14.0~a4 Version: 3.14.0~a5
%define tarversion 3.14.0a4 %define tarversion 3.14.0a5
%define tarname Python-%{tarversion} %define tarname Python-%{tarversion}
Release: 0 Release: 0
Summary: Python 3 Interpreter Summary: Python 3 Interpreter
@ -216,12 +216,6 @@ Patch39: CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch
# PATCH-FIX-OPENSUSE fix-test-recursion-limit-15.6.patch gh#python/cpython#115083 # PATCH-FIX-OPENSUSE fix-test-recursion-limit-15.6.patch gh#python/cpython#115083
# Skip some failing tests in test_compile for i586 arch in 15.6. # Skip some failing tests in test_compile for i586 arch in 15.6.
Patch40: fix-test-recursion-limit-15.6.patch Patch40: fix-test-recursion-limit-15.6.patch
# PATCH-FIX-UPSTREAM CVE-2025-0938-sq-brackets-domain-names.patch bsc#1236705 mcepl@suse.com
# functions `urllib.parse.urlsplit` and `urlparse` accept domain names including square brackets
Patch41: CVE-2025-0938-sq-brackets-domain-names.patch
# PATCH-FIX-UPSTREAM 314a4-no-SO_REUSEPORT.patch gh#python/cpython#128916 mcepl@suse.com
# changes in kernel break Python tests
Patch42: 314a4-no-SO_REUSEPORT.patch
#### Python 3.14 DEVELOPMENT PATCHES #### Python 3.14 DEVELOPMENT PATCHES
BuildRequires: autoconf-archive BuildRequires: autoconf-archive
BuildRequires: automake BuildRequires: automake