Compare commits
3 Commits
| Author | SHA256 | Date | |
|---|---|---|---|
aa61ff92f2
|
|||
|
2544c41d2e
|
|||
|
39c4b2a029 |
@@ -4,11 +4,11 @@
|
||||
Lib/test/test_xml_etree.py | 10 ++++++++++
|
||||
3 files changed, 17 insertions(+)
|
||||
|
||||
Index: Python-3.15.0a1/Lib/test/test_pyexpat.py
|
||||
Index: Python-3.15.0a3/Lib/test/test_pyexpat.py
|
||||
===================================================================
|
||||
--- Python-3.15.0a1.orig/Lib/test/test_pyexpat.py 2025-10-24 23:53:24.356893960 +0200
|
||||
+++ Python-3.15.0a1/Lib/test/test_pyexpat.py 2025-10-24 23:53:50.136311340 +0200
|
||||
@@ -843,6 +843,10 @@
|
||||
--- Python-3.15.0a3.orig/Lib/test/test_pyexpat.py 2025-12-16 13:26:12.000000000 +0100
|
||||
+++ Python-3.15.0a3/Lib/test/test_pyexpat.py 2025-12-19 02:26:33.964969539 +0100
|
||||
@@ -860,6 +860,10 @@
|
||||
self.assertEqual(started, ['doc'])
|
||||
|
||||
def test_reparse_deferral_disabled(self):
|
||||
@@ -19,10 +19,10 @@ Index: Python-3.15.0a1/Lib/test/test_pyexpat.py
|
||||
started = []
|
||||
|
||||
def start_element(name, _):
|
||||
Index: Python-3.15.0a1/Lib/test/test_sax.py
|
||||
Index: Python-3.15.0a3/Lib/test/test_sax.py
|
||||
===================================================================
|
||||
--- Python-3.15.0a1.orig/Lib/test/test_sax.py 2025-10-24 23:53:24.425039914 +0200
|
||||
+++ Python-3.15.0a1/Lib/test/test_sax.py 2025-10-24 23:53:50.136951370 +0200
|
||||
--- Python-3.15.0a3.orig/Lib/test/test_sax.py 2025-12-16 13:26:12.000000000 +0100
|
||||
+++ Python-3.15.0a3/Lib/test/test_sax.py 2025-12-19 02:26:33.966048947 +0100
|
||||
@@ -1241,6 +1241,9 @@
|
||||
|
||||
self.assertEqual(result.getvalue(), start + b"<doc></doc>")
|
||||
@@ -33,10 +33,10 @@ Index: Python-3.15.0a1/Lib/test/test_sax.py
|
||||
def test_flush_reparse_deferral_disabled(self):
|
||||
result = BytesIO()
|
||||
xmlgen = XMLGenerator(result)
|
||||
Index: Python-3.15.0a1/Lib/test/test_xml_etree.py
|
||||
Index: Python-3.15.0a3/Lib/test/test_xml_etree.py
|
||||
===================================================================
|
||||
--- Python-3.15.0a1.orig/Lib/test/test_xml_etree.py 2025-10-24 23:53:24.855327755 +0200
|
||||
+++ Python-3.15.0a1/Lib/test/test_xml_etree.py 2025-10-24 23:53:50.137646227 +0200
|
||||
--- Python-3.15.0a3.orig/Lib/test/test_xml_etree.py 2025-12-16 13:26:12.000000000 +0100
|
||||
+++ Python-3.15.0a3/Lib/test/test_xml_etree.py 2025-12-19 02:26:33.966681016 +0100
|
||||
@@ -138,6 +138,11 @@
|
||||
return mock.patch.object(cls, "__eq__", autospec=True, wraps=eq)
|
||||
|
||||
@@ -49,7 +49,7 @@ Index: Python-3.15.0a1/Lib/test/test_xml_etree.py
|
||||
def checkwarnings(*filters, quiet=False):
|
||||
def decorator(test):
|
||||
def newtest(*args, **kwargs):
|
||||
@@ -1547,9 +1552,11 @@
|
||||
@@ -1620,9 +1625,11 @@
|
||||
self.assert_event_tags(parser, [('end', 'root')])
|
||||
self.assertIsNone(parser.close())
|
||||
|
||||
@@ -61,7 +61,7 @@ Index: Python-3.15.0a1/Lib/test/test_xml_etree.py
|
||||
def test_simple_xml_chunk_5(self):
|
||||
self.test_simple_xml(chunk_size=5, flush=True)
|
||||
|
||||
@@ -1776,6 +1783,9 @@
|
||||
@@ -1849,6 +1856,9 @@
|
||||
|
||||
self.assert_event_tags(parser, [('end', 'doc')])
|
||||
|
||||
|
||||
@@ -1,367 +0,0 @@
|
||||
From e3b2c85d567b51dd84d1faf83398e97c0bf1eb60 Mon Sep 17 00:00:00 2001
|
||||
From: Serhiy Storchaka <storchaka@gmail.com>
|
||||
Date: Fri, 30 May 2025 22:33:31 +0300
|
||||
Subject: [PATCH 1/2] gh-134873: Fix quadratic complexity in
|
||||
os.path.expandvars()
|
||||
|
||||
---
|
||||
Lib/ntpath.py | 126 +++-------
|
||||
Lib/posixpath.py | 43 +--
|
||||
Lib/test/test_genericpath.py | 21 +
|
||||
Lib/test/test_ntpath.py | 22 +
|
||||
Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-136065.bu337o.rst | 1
|
||||
5 files changed, 97 insertions(+), 116 deletions(-)
|
||||
create mode 100644 Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-134873.bu337o.rst
|
||||
|
||||
Index: Python-3.15.0a1/Lib/ntpath.py
|
||||
===================================================================
|
||||
--- Python-3.15.0a1.orig/Lib/ntpath.py 2025-10-14 12:46:08.000000000 +0200
|
||||
+++ Python-3.15.0a1/Lib/ntpath.py 2025-11-13 18:28:37.445868967 +0100
|
||||
@@ -400,17 +400,23 @@
|
||||
# XXX With COMMAND.COM you can use any characters in a variable name,
|
||||
# XXX except '^|<>='.
|
||||
|
||||
+_varpattern = r"'[^']*'?|%(%|[^%]*%?)|\$(\$|[-\w]+|\{[^}]*\}?)"
|
||||
+_varsub = None
|
||||
+_varsubb = None
|
||||
+
|
||||
def expandvars(path):
|
||||
"""Expand shell variables of the forms $var, ${var} and %var%.
|
||||
|
||||
Unknown variables are left unchanged."""
|
||||
path = os.fspath(path)
|
||||
+ global _varsub, _varsubb
|
||||
if isinstance(path, bytes):
|
||||
if b'$' not in path and b'%' not in path:
|
||||
return path
|
||||
- import string
|
||||
- varchars = bytes(string.ascii_letters + string.digits + '_-', 'ascii')
|
||||
- quote = b'\''
|
||||
+ if not _varsubb:
|
||||
+ import re
|
||||
+ _varsubb = re.compile(_varpattern.encode(), re.ASCII).sub
|
||||
+ sub = _varsubb
|
||||
percent = b'%'
|
||||
brace = b'{'
|
||||
rbrace = b'}'
|
||||
@@ -419,94 +425,44 @@
|
||||
else:
|
||||
if '$' not in path and '%' not in path:
|
||||
return path
|
||||
- import string
|
||||
- varchars = string.ascii_letters + string.digits + '_-'
|
||||
- quote = '\''
|
||||
+ if not _varsub:
|
||||
+ import re
|
||||
+ _varsub = re.compile(_varpattern, re.ASCII).sub
|
||||
+ sub = _varsub
|
||||
percent = '%'
|
||||
brace = '{'
|
||||
rbrace = '}'
|
||||
dollar = '$'
|
||||
environ = os.environ
|
||||
- res = path[:0]
|
||||
- index = 0
|
||||
- pathlen = len(path)
|
||||
- while index < pathlen:
|
||||
- c = path[index:index+1]
|
||||
- if c == quote: # no expansion within single quotes
|
||||
- path = path[index + 1:]
|
||||
- pathlen = len(path)
|
||||
- try:
|
||||
- index = path.index(c)
|
||||
- res += c + path[:index + 1]
|
||||
- except ValueError:
|
||||
- res += c + path
|
||||
- index = pathlen - 1
|
||||
- elif c == percent: # variable or '%'
|
||||
- if path[index + 1:index + 2] == percent:
|
||||
- res += c
|
||||
- index += 1
|
||||
- else:
|
||||
- path = path[index+1:]
|
||||
- pathlen = len(path)
|
||||
- try:
|
||||
- index = path.index(percent)
|
||||
- except ValueError:
|
||||
- res += percent + path
|
||||
- index = pathlen - 1
|
||||
- else:
|
||||
- var = path[:index]
|
||||
- try:
|
||||
- if environ is None:
|
||||
- value = os.fsencode(os.environ[os.fsdecode(var)])
|
||||
- else:
|
||||
- value = environ[var]
|
||||
- except KeyError:
|
||||
- value = percent + var + percent
|
||||
- res += value
|
||||
- elif c == dollar: # variable or '$$'
|
||||
- if path[index + 1:index + 2] == dollar:
|
||||
- res += c
|
||||
- index += 1
|
||||
- elif path[index + 1:index + 2] == brace:
|
||||
- path = path[index+2:]
|
||||
- pathlen = len(path)
|
||||
- try:
|
||||
- index = path.index(rbrace)
|
||||
- except ValueError:
|
||||
- res += dollar + brace + path
|
||||
- index = pathlen - 1
|
||||
- else:
|
||||
- var = path[:index]
|
||||
- try:
|
||||
- if environ is None:
|
||||
- value = os.fsencode(os.environ[os.fsdecode(var)])
|
||||
- else:
|
||||
- value = environ[var]
|
||||
- except KeyError:
|
||||
- value = dollar + brace + var + rbrace
|
||||
- res += value
|
||||
- else:
|
||||
- var = path[:0]
|
||||
- index += 1
|
||||
- c = path[index:index + 1]
|
||||
- while c and c in varchars:
|
||||
- var += c
|
||||
- index += 1
|
||||
- c = path[index:index + 1]
|
||||
- try:
|
||||
- if environ is None:
|
||||
- value = os.fsencode(os.environ[os.fsdecode(var)])
|
||||
- else:
|
||||
- value = environ[var]
|
||||
- except KeyError:
|
||||
- value = dollar + var
|
||||
- res += value
|
||||
- if c:
|
||||
- index -= 1
|
||||
+
|
||||
+ def repl(m):
|
||||
+ lastindex = m.lastindex
|
||||
+ if lastindex is None:
|
||||
+ return m[0]
|
||||
+ name = m[lastindex]
|
||||
+ if lastindex == 1:
|
||||
+ if name == percent:
|
||||
+ return name
|
||||
+ if not name.endswith(percent):
|
||||
+ return m[0]
|
||||
+ name = name[:-1]
|
||||
else:
|
||||
- res += c
|
||||
- index += 1
|
||||
- return res
|
||||
+ if name == dollar:
|
||||
+ return name
|
||||
+ if name.startswith(brace):
|
||||
+ if not name.endswith(rbrace):
|
||||
+ return m[0]
|
||||
+ name = name[1:-1]
|
||||
+
|
||||
+ try:
|
||||
+ if environ is None:
|
||||
+ return os.fsencode(os.environ[os.fsdecode(name)])
|
||||
+ else:
|
||||
+ return environ[name]
|
||||
+ except KeyError:
|
||||
+ return m[0]
|
||||
+
|
||||
+ return sub(repl, path)
|
||||
|
||||
|
||||
# Normalize a path, e.g. A//B, A/./B and A/foo/../B all become A\B.
|
||||
Index: Python-3.15.0a1/Lib/posixpath.py
|
||||
===================================================================
|
||||
--- Python-3.15.0a1.orig/Lib/posixpath.py 2025-10-14 12:46:08.000000000 +0200
|
||||
+++ Python-3.15.0a1/Lib/posixpath.py 2025-11-13 18:28:37.446168939 +0100
|
||||
@@ -285,42 +285,41 @@
|
||||
# This expands the forms $variable and ${variable} only.
|
||||
# Non-existent variables are left unchanged.
|
||||
|
||||
-_varprog = None
|
||||
-_varprogb = None
|
||||
+_varpattern = r'\$(\w+|\{[^}]*\}?)'
|
||||
+_varsub = None
|
||||
+_varsubb = None
|
||||
|
||||
def expandvars(path):
|
||||
"""Expand shell variables of form $var and ${var}. Unknown variables
|
||||
are left unchanged."""
|
||||
path = os.fspath(path)
|
||||
- global _varprog, _varprogb
|
||||
+ global _varsub, _varsubb
|
||||
if isinstance(path, bytes):
|
||||
if b'$' not in path:
|
||||
return path
|
||||
- if not _varprogb:
|
||||
+ if not _varsubb:
|
||||
import re
|
||||
- _varprogb = re.compile(br'\$(\w+|\{[^}]*\})', re.ASCII)
|
||||
- search = _varprogb.search
|
||||
+ _varsubb = re.compile(_varpattern.encode(), re.ASCII).sub
|
||||
+ sub = _varsubb
|
||||
start = b'{'
|
||||
end = b'}'
|
||||
environ = getattr(os, 'environb', None)
|
||||
else:
|
||||
if '$' not in path:
|
||||
return path
|
||||
- if not _varprog:
|
||||
+ if not _varsub:
|
||||
import re
|
||||
- _varprog = re.compile(r'\$(\w+|\{[^}]*\})', re.ASCII)
|
||||
- search = _varprog.search
|
||||
+ _varsub = re.compile(_varpattern, re.ASCII).sub
|
||||
+ sub = _varsub
|
||||
start = '{'
|
||||
end = '}'
|
||||
environ = os.environ
|
||||
- i = 0
|
||||
- while True:
|
||||
- m = search(path, i)
|
||||
- if not m:
|
||||
- break
|
||||
- i, j = m.span(0)
|
||||
- name = m.group(1)
|
||||
- if name.startswith(start) and name.endswith(end):
|
||||
+
|
||||
+ def repl(m):
|
||||
+ name = m[1]
|
||||
+ if name.startswith(start):
|
||||
+ if not name.endswith(end):
|
||||
+ return m[0]
|
||||
name = name[1:-1]
|
||||
try:
|
||||
if environ is None:
|
||||
@@ -328,13 +327,11 @@
|
||||
else:
|
||||
value = environ[name]
|
||||
except KeyError:
|
||||
- i = j
|
||||
+ return m[0]
|
||||
else:
|
||||
- tail = path[j:]
|
||||
- path = path[:i] + value
|
||||
- i = len(path)
|
||||
- path += tail
|
||||
- return path
|
||||
+ return value
|
||||
+
|
||||
+ return sub(repl, path)
|
||||
|
||||
|
||||
# Normalize a path, e.g. A//B, A/./B and A/foo/../B all become A/B.
|
||||
Index: Python-3.15.0a1/Lib/test/test_genericpath.py
|
||||
===================================================================
|
||||
--- Python-3.15.0a1.orig/Lib/test/test_genericpath.py 2025-10-14 12:46:08.000000000 +0200
|
||||
+++ Python-3.15.0a1/Lib/test/test_genericpath.py 2025-11-13 18:28:37.446403609 +0100
|
||||
@@ -9,9 +9,9 @@
|
||||
import sys
|
||||
import unittest
|
||||
import warnings
|
||||
-from test.support import (
|
||||
- is_apple, os_helper, warnings_helper
|
||||
-)
|
||||
+from test import support
|
||||
+from test.support import os_helper
|
||||
+from test.support import warnings_helper
|
||||
from test.support.script_helper import assert_python_ok
|
||||
from test.support.os_helper import FakePath
|
||||
|
||||
@@ -462,6 +462,19 @@
|
||||
os.fsencode('$bar%s bar' % nonascii))
|
||||
check(b'$spam}bar', os.fsencode('%s}bar' % nonascii))
|
||||
|
||||
+ @support.requires_resource('cpu')
|
||||
+ def test_expandvars_large(self):
|
||||
+ expandvars = self.pathmodule.expandvars
|
||||
+ with os_helper.EnvironmentVarGuard() as env:
|
||||
+ env.clear()
|
||||
+ env["A"] = "B"
|
||||
+ n = 100_000
|
||||
+ self.assertEqual(expandvars('$A'*n), 'B'*n)
|
||||
+ self.assertEqual(expandvars('${A}'*n), 'B'*n)
|
||||
+ self.assertEqual(expandvars('$A!'*n), 'B!'*n)
|
||||
+ self.assertEqual(expandvars('${A}A'*n), 'BA'*n)
|
||||
+ self.assertEqual(expandvars('${'*10*n), '${'*10*n)
|
||||
+
|
||||
def test_abspath(self):
|
||||
self.assertIn("foo", self.pathmodule.abspath("foo"))
|
||||
with warnings.catch_warnings():
|
||||
@@ -519,7 +532,7 @@
|
||||
# directory (when the bytes name is used).
|
||||
and sys.platform not in {
|
||||
"win32", "emscripten", "wasi"
|
||||
- } and not is_apple
|
||||
+ } and not support.is_apple
|
||||
):
|
||||
name = os_helper.TESTFN_UNDECODABLE
|
||||
elif os_helper.TESTFN_NONASCII:
|
||||
Index: Python-3.15.0a1/Lib/test/test_ntpath.py
|
||||
===================================================================
|
||||
--- Python-3.15.0a1.orig/Lib/test/test_ntpath.py 2025-10-14 12:46:08.000000000 +0200
|
||||
+++ Python-3.15.0a1/Lib/test/test_ntpath.py 2025-11-13 18:28:55.652664525 +0100
|
||||
@@ -9,7 +9,8 @@
|
||||
import warnings
|
||||
from ntpath import ALL_BUT_LAST, ALLOW_MISSING
|
||||
from test import support
|
||||
-from test.support import TestFailed, cpython_only, os_helper
|
||||
+from test import support
|
||||
+from test.support import os_helper
|
||||
from test.support.os_helper import FakePath
|
||||
from test import test_genericpath
|
||||
from tempfile import TemporaryFile
|
||||
@@ -59,7 +60,7 @@
|
||||
fn = fn.replace("\\", "\\\\")
|
||||
gotResult = eval(fn)
|
||||
if wantResult != gotResult and _norm(wantResult) != _norm(gotResult):
|
||||
- raise TestFailed("%s should return: %s but returned: %s" \
|
||||
+ raise support.TestFailed("%s should return: %s but returned: %s" \
|
||||
%(str(fn), str(wantResult), str(gotResult)))
|
||||
|
||||
# then with bytes
|
||||
@@ -75,7 +76,7 @@
|
||||
warnings.simplefilter("ignore", DeprecationWarning)
|
||||
gotResult = eval(fn)
|
||||
if _norm(wantResult) != _norm(gotResult):
|
||||
- raise TestFailed("%s should return: %s but returned: %s" \
|
||||
+ raise support.TestFailed("%s should return: %s but returned: %s" \
|
||||
%(str(fn), str(wantResult), repr(gotResult)))
|
||||
|
||||
|
||||
@@ -1133,6 +1134,19 @@
|
||||
check('%spam%bar', '%sbar' % nonascii)
|
||||
check('%{}%bar'.format(nonascii), 'ham%sbar' % nonascii)
|
||||
|
||||
+ @support.requires_resource('cpu')
|
||||
+ def test_expandvars_large(self):
|
||||
+ expandvars = ntpath.expandvars
|
||||
+ with os_helper.EnvironmentVarGuard() as env:
|
||||
+ env.clear()
|
||||
+ env["A"] = "B"
|
||||
+ n = 100_000
|
||||
+ self.assertEqual(expandvars('%A%'*n), 'B'*n)
|
||||
+ self.assertEqual(expandvars('%A%A'*n), 'BA'*n)
|
||||
+ self.assertEqual(expandvars("''"*n + '%%'), "''"*n + '%')
|
||||
+ self.assertEqual(expandvars("%%"*n), "%"*n)
|
||||
+ self.assertEqual(expandvars("$$"*n), "$"*n)
|
||||
+
|
||||
def test_expanduser(self):
|
||||
tester('ntpath.expanduser("test")', 'test')
|
||||
|
||||
@@ -1550,7 +1564,7 @@
|
||||
self.assertTrue(os.path.exists(r"\\.\CON"))
|
||||
|
||||
@unittest.skipIf(sys.platform != 'win32', "Fast paths are only for win32")
|
||||
- @cpython_only
|
||||
+ @support.cpython_only
|
||||
def test_fast_paths_in_use(self):
|
||||
# There are fast paths of these functions implemented in posixmodule.c.
|
||||
# Confirm that they are being used, and not the Python fallbacks in
|
||||
Index: Python-3.15.0a1/Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-136065.bu337o.rst
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ Python-3.15.0a1/Misc/NEWS.d/next/Security/2025-05-30-22-33-27.gh-issue-136065.bu337o.rst 2025-11-13 18:28:37.447873576 +0100
|
||||
@@ -0,0 +1 @@
|
||||
+Fix quadratic complexity in :func:`os.path.expandvars`.
|
||||
BIN
Python-3.15.0a1.tar.xz
LFS
BIN
Python-3.15.0a1.tar.xz
LFS
Binary file not shown.
File diff suppressed because one or more lines are too long
BIN
Python-3.15.0a3.tar.xz
LFS
Normal file
BIN
Python-3.15.0a3.tar.xz
LFS
Normal file
Binary file not shown.
1
Python-3.15.0a3.tar.xz.sigstore
Normal file
1
Python-3.15.0a3.tar.xz.sigstore
Normal file
File diff suppressed because one or more lines are too long
@@ -13,11 +13,11 @@ Co-Authored-By: Xavier de Gaye <xdegaye@gmail.com>
|
||||
5 files changed, 37 insertions(+), 9 deletions(-)
|
||||
create mode 100644 Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst
|
||||
|
||||
Index: Python-3.15.0a1/Doc/library/ensurepip.rst
|
||||
Index: Python-3.15.0a3/Doc/library/ensurepip.rst
|
||||
===================================================================
|
||||
--- Python-3.15.0a1.orig/Doc/library/ensurepip.rst 2025-10-14 12:46:08.000000000 +0200
|
||||
+++ Python-3.15.0a1/Doc/library/ensurepip.rst 2025-10-24 23:53:43.587408643 +0200
|
||||
@@ -61,7 +61,11 @@
|
||||
--- Python-3.15.0a3.orig/Doc/library/ensurepip.rst 2025-12-16 13:26:12.000000000 +0100
|
||||
+++ Python-3.15.0a3/Doc/library/ensurepip.rst 2025-12-19 02:25:25.531895542 +0100
|
||||
@@ -65,7 +65,11 @@
|
||||
By default, ``pip`` is installed into the current virtual environment
|
||||
(if one is active) or into the system site packages (if there is no
|
||||
active virtual environment). The installation location can be controlled
|
||||
@@ -30,7 +30,7 @@ Index: Python-3.15.0a1/Doc/library/ensurepip.rst
|
||||
|
||||
.. option:: --root <dir>
|
||||
|
||||
@@ -102,7 +106,7 @@
|
||||
@@ -106,7 +110,7 @@
|
||||
Returns a string specifying the available version of pip that will be
|
||||
installed when bootstrapping an environment.
|
||||
|
||||
@@ -39,7 +39,7 @@ Index: Python-3.15.0a1/Doc/library/ensurepip.rst
|
||||
altinstall=False, default_pip=False, \
|
||||
verbosity=0)
|
||||
|
||||
@@ -112,6 +116,8 @@
|
||||
@@ -116,6 +120,8 @@
|
||||
If *root* is ``None``, then installation uses the default install location
|
||||
for the current environment.
|
||||
|
||||
@@ -48,7 +48,7 @@ Index: Python-3.15.0a1/Doc/library/ensurepip.rst
|
||||
*upgrade* indicates whether or not to upgrade an existing installation
|
||||
of an earlier version of ``pip`` to the available version.
|
||||
|
||||
@@ -132,6 +138,8 @@
|
||||
@@ -136,6 +142,8 @@
|
||||
*verbosity* controls the level of output to :data:`sys.stdout` from the
|
||||
bootstrapping operation.
|
||||
|
||||
@@ -57,10 +57,10 @@ Index: Python-3.15.0a1/Doc/library/ensurepip.rst
|
||||
.. audit-event:: ensurepip.bootstrap root ensurepip.bootstrap
|
||||
|
||||
.. note::
|
||||
Index: Python-3.15.0a1/Lib/ensurepip/__init__.py
|
||||
Index: Python-3.15.0a3/Lib/ensurepip/__init__.py
|
||||
===================================================================
|
||||
--- Python-3.15.0a1.orig/Lib/ensurepip/__init__.py 2025-10-24 23:53:22.118065622 +0200
|
||||
+++ Python-3.15.0a1/Lib/ensurepip/__init__.py 2025-10-24 23:53:43.587899003 +0200
|
||||
--- Python-3.15.0a3.orig/Lib/ensurepip/__init__.py 2025-12-19 02:25:10.205902876 +0100
|
||||
+++ Python-3.15.0a3/Lib/ensurepip/__init__.py 2025-12-19 02:25:25.532348886 +0100
|
||||
@@ -106,27 +106,27 @@
|
||||
os.environ['PIP_CONFIG_FILE'] = os.devnull
|
||||
|
||||
@@ -123,10 +123,10 @@ Index: Python-3.15.0a1/Lib/ensurepip/__init__.py
|
||||
upgrade=args.upgrade,
|
||||
user=args.user,
|
||||
verbosity=args.verbosity,
|
||||
Index: Python-3.15.0a1/Lib/test/test_ensurepip.py
|
||||
Index: Python-3.15.0a3/Lib/test/test_ensurepip.py
|
||||
===================================================================
|
||||
--- Python-3.15.0a1.orig/Lib/test/test_ensurepip.py 2025-10-24 23:53:23.546712597 +0200
|
||||
+++ Python-3.15.0a1/Lib/test/test_ensurepip.py 2025-10-24 23:53:43.588286136 +0200
|
||||
--- Python-3.15.0a3.orig/Lib/test/test_ensurepip.py 2025-12-19 02:25:11.631602338 +0100
|
||||
+++ Python-3.15.0a3/Lib/test/test_ensurepip.py 2025-12-19 02:25:25.532817735 +0100
|
||||
@@ -105,6 +105,17 @@
|
||||
unittest.mock.ANY,
|
||||
)
|
||||
@@ -145,11 +145,11 @@ Index: Python-3.15.0a1/Lib/test/test_ensurepip.py
|
||||
def test_bootstrapping_with_user(self):
|
||||
ensurepip.bootstrap(user=True)
|
||||
|
||||
Index: Python-3.15.0a1/Makefile.pre.in
|
||||
Index: Python-3.15.0a3/Makefile.pre.in
|
||||
===================================================================
|
||||
--- Python-3.15.0a1.orig/Makefile.pre.in 2025-10-24 23:53:39.419910772 +0200
|
||||
+++ Python-3.15.0a1/Makefile.pre.in 2025-10-24 23:53:43.588889640 +0200
|
||||
@@ -2378,7 +2378,7 @@
|
||||
--- Python-3.15.0a3.orig/Makefile.pre.in 2025-12-19 02:25:24.201299566 +0100
|
||||
+++ Python-3.15.0a3/Makefile.pre.in 2025-12-19 02:25:25.533184405 +0100
|
||||
@@ -2389,7 +2389,7 @@
|
||||
install|*) ensurepip="" ;; \
|
||||
esac; \
|
||||
$(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \
|
||||
@@ -158,7 +158,7 @@ Index: Python-3.15.0a1/Makefile.pre.in
|
||||
fi
|
||||
|
||||
.PHONY: altinstall
|
||||
@@ -2389,7 +2389,7 @@
|
||||
@@ -2400,7 +2400,7 @@
|
||||
install|*) ensurepip="--altinstall" ;; \
|
||||
esac; \
|
||||
$(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \
|
||||
@@ -167,9 +167,9 @@ Index: Python-3.15.0a1/Makefile.pre.in
|
||||
fi
|
||||
|
||||
.PHONY: commoninstall
|
||||
Index: Python-3.15.0a1/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst
|
||||
Index: Python-3.15.0a3/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst
|
||||
===================================================================
|
||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||
+++ Python-3.15.0a1/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst 2025-10-24 23:53:43.589498870 +0200
|
||||
+++ Python-3.15.0a3/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst 2025-12-19 02:25:25.534506792 +0100
|
||||
@@ -0,0 +1 @@
|
||||
+A directory prefix can now be specified when using :mod:`ensurepip`.
|
||||
|
||||
@@ -4,17 +4,18 @@ Date: Tue, 23 Sep 2025 10:20:16 +0200
|
||||
Subject: [PATCH 1/2] gh-139257: Support docutils >= 0.22
|
||||
|
||||
---
|
||||
Doc/tools/extensions/pyspecific.py | 12 +++++++++++-
|
||||
1 file changed, 11 insertions(+), 1 deletion(-)
|
||||
Doc/tools/extensions/pyspecific.py | 18 ++++++++++++++++++
|
||||
1 file changed, 18 insertions(+)
|
||||
|
||||
Index: Python-3.15.0a1/Doc/tools/extensions/pyspecific.py
|
||||
Index: Python-3.15.0a3/Doc/tools/extensions/pyspecific.py
|
||||
===================================================================
|
||||
--- Python-3.15.0a1.orig/Doc/tools/extensions/pyspecific.py 2025-10-14 12:46:08.000000000 +0200
|
||||
+++ Python-3.15.0a1/Doc/tools/extensions/pyspecific.py 2025-10-24 23:55:02.700550007 +0200
|
||||
@@ -25,11 +25,21 @@
|
||||
--- Python-3.15.0a3.orig/Doc/tools/extensions/pyspecific.py 2025-12-16 13:26:12.000000000 +0100
|
||||
+++ Python-3.15.0a3/Doc/tools/extensions/pyspecific.py 2025-12-19 02:27:34.493094269 +0100
|
||||
@@ -24,6 +24,24 @@
|
||||
# Used in conf.py and updated here by python/release-tools/run_release.py
|
||||
SOURCE_URI = 'https://github.com/python/cpython/tree/main/%s'
|
||||
|
||||
# monkey-patch reST parser to disable alphabetic and roman enumerated lists
|
||||
+# monkey-patch reST parser to disable alphabetic and roman enumerated lists
|
||||
+def _disable_alphabetic_and_roman(text):
|
||||
+ try:
|
||||
+ # docutils >= 0.22
|
||||
@@ -25,12 +26,13 @@ Index: Python-3.15.0a1/Doc/tools/extensions/pyspecific.py
|
||||
+ return None
|
||||
+
|
||||
+
|
||||
from docutils.parsers.rst.states import Body
|
||||
Body.enum.converters['loweralpha'] = \
|
||||
Body.enum.converters['upperalpha'] = \
|
||||
Body.enum.converters['lowerroman'] = \
|
||||
- Body.enum.converters['upperroman'] = lambda x: None
|
||||
+from docutils.parsers.rst.states import Body
|
||||
+Body.enum.converters['loweralpha'] = \
|
||||
+ Body.enum.converters['upperalpha'] = \
|
||||
+ Body.enum.converters['lowerroman'] = \
|
||||
+ Body.enum.converters['upperroman'] = _disable_alphabetic_and_roman
|
||||
|
||||
|
||||
+
|
||||
+
|
||||
class PyAwaitableMixin(object):
|
||||
def handle_signature(self, sig, signode):
|
||||
ret = super(PyAwaitableMixin, self).handle_signature(sig, signode)
|
||||
|
||||
@@ -2,11 +2,11 @@
|
||||
Makefile.pre.in | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
Index: Python-3.15.0a1/Makefile.pre.in
|
||||
Index: Python-3.15.0a3/Makefile.pre.in
|
||||
===================================================================
|
||||
--- Python-3.15.0a1.orig/Makefile.pre.in 2025-10-14 12:46:08.000000000 +0200
|
||||
+++ Python-3.15.0a1/Makefile.pre.in 2025-10-24 23:53:39.419910772 +0200
|
||||
@@ -1917,6 +1917,11 @@
|
||||
--- Python-3.15.0a3.orig/Makefile.pre.in 2025-12-19 02:26:23.594002103 +0100
|
||||
+++ Python-3.15.0a3/Makefile.pre.in 2025-12-19 02:26:28.185444105 +0100
|
||||
@@ -1926,6 +1926,11 @@
|
||||
-DGITBRANCH="\"`LC_ALL=C $(GITBRANCH)`\"" \
|
||||
-o $@ $(srcdir)/Modules/getbuildinfo.c
|
||||
|
||||
|
||||
@@ -1,3 +1,851 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Dec 19 01:05:54 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
|
||||
|
||||
Update to 3.15.0~a3:
|
||||
- Security
|
||||
- gh-142145: Remove quadratic behavior in xml.minidom node ID
|
||||
cache clearing (CVE-2025-12084, bsc#1254997).
|
||||
- gh-42400: Fix buffer overflow in _Py_wrealpath() for paths
|
||||
exceeding MAXPATHLEN bytes by using dynamic memory
|
||||
allocation instead of fixed-size buffer. Patch by Shamil
|
||||
Abdulaev.
|
||||
- gh-119451: Fix a potential memory denial of service in the
|
||||
http.client module. When connecting to a malicious server,
|
||||
it could cause an arbitrary amount of memory to be
|
||||
allocated. This could have led to symptoms including
|
||||
a MemoryError, swapping, out of memory (OOM) killed
|
||||
processes or containers, or even system crashes
|
||||
(CVE-2025-13836, bsc#1254400).
|
||||
- gh-119342: Fix a potential memory denial of service in the
|
||||
plistlib module. When reading a Plist file received from
|
||||
untrusted source, it could cause an arbitrary amount of
|
||||
memory to be allocated. This could have led to symptoms
|
||||
including a MemoryError, swapping, out of memory (OOM)
|
||||
killed processes or containers, or even system crashes
|
||||
(CVE-2025-13837, bsc#1254401).
|
||||
- Library
|
||||
- gh-142754: Add the ownerDocument attribute to
|
||||
xml.dom.minidom elements and attributes created by directly
|
||||
instantiating the Element or Attr class. Note that this way
|
||||
of creating nodes is not supported; creator functions like
|
||||
xml.dom.Document.documentElement() should be used instead.
|
||||
- gh-142594: Fix crash in TextIOWrapper.close() when the
|
||||
underlying buffer’s closed property calls detach().
|
||||
- gh-76007: Deprecate __version__ from ctypes. Patch by Hugo
|
||||
van Kemenade.
|
||||
- gh-76007: Deprecate __version__ from wsgiref.simple_server.
|
||||
Patch by Hugo van Kemenade.
|
||||
- gh-142651: unittest.mock: fix a thread safety issue where
|
||||
Mock.call_count may return inaccurate values when the mock
|
||||
is called concurrently from multiple threads.
|
||||
- gh-76007: Deprecate __version__ from http.server. Patch by
|
||||
Hugo van Kemenade.
|
||||
- gh-138122: Add --subprocesses flag to profiling.sampling
|
||||
CLI to automatically profile subprocesses spawned by the
|
||||
target. When enabled, the profiler monitors for new Python
|
||||
subprocesses and profiles each one separately, writing
|
||||
results to individual output files. This is useful for
|
||||
profiling applications that use multiprocessing,
|
||||
ProcessPoolExecutor, or other subprocess-based parallelism.
|
||||
Patch by Pablo Galindo.
|
||||
- gh-142595: Added type check during initialization of the
|
||||
decimal module to prevent a crash in case of broken stdlib.
|
||||
Patch by Sergey B Kirpichev.
|
||||
- gh-142556: Fix crash when a task gets re-registered during
|
||||
finalization in asyncio. Patch by Kumar Aditya.
|
||||
- gh-138122: Add --mode=exception to the sampling profiler to
|
||||
capture samples only from threads with an active exception,
|
||||
useful for analyzing exception handling overhead. Patch by
|
||||
Pablo Galindo.
|
||||
- gh-142539: traceback: Fix location of carets in
|
||||
SyntaxErrors when the source contains wide characters.
|
||||
- gh-123241: Avoid reference count operations in garbage
|
||||
collection of ctypes objects.
|
||||
- gh-142451: hmac: correctly copy HMAC attributes for objects
|
||||
copied through HMAC.copy(). Patch by Bénédikt Tran.
|
||||
- gh-138122: The profiling.sampling flamegraph profiler now
|
||||
supports inverted flamegraph view that aggregates all leaf
|
||||
nodes. In a standard flamegraph, if a hot function is
|
||||
called from multiple locations, it appears multiple times
|
||||
as separate leaf nodes. In the inverted flamegraph, all
|
||||
occurrences of the same leaf function are merged into
|
||||
a single aggregated node at the root, showing the total
|
||||
hotness of that function in one place. The children of each
|
||||
aggregated node represent its callers, making it easier to
|
||||
identify which functions consume the most CPU time and
|
||||
where they are called from.
|
||||
- gh-112527: The help text for required options in argparse
|
||||
no longer extended with “ (default: None)”.
|
||||
- gh-142438: Fixed a possible leaked GIL in
|
||||
_PySSL_keylog_callback.
|
||||
- gh-138122: Add bytecode-level instruction profiling to the
|
||||
sampling profiler via the new --opcodes flag. When enabled,
|
||||
the profiler captures which bytecode opcode is executing at
|
||||
each sample, including Python 3.11+ adaptive
|
||||
specializations, and visualizes this data in the heatmap,
|
||||
flamegraph, gecko, and live output formats. Patch by Pablo
|
||||
Galindo
|
||||
- gh-142389: Add backtick markup support in argparse
|
||||
description and epilog text to highlight inline code when
|
||||
color output is enabled.
|
||||
- gh-142346: Fix usage formatting for mutually exclusive
|
||||
groups in argparse when they are preceded by positional
|
||||
arguments or followed or intermixed with other optional
|
||||
arguments.
|
||||
- gh-142374: Fix cumulative percentage calculation for
|
||||
recursive functions in the new sampling profiler. When
|
||||
profiling recursive functions, cumulative statistics
|
||||
(cumul%, cumtime) could exceed 100% because each recursive
|
||||
frame in a stack was counted separately. For example,
|
||||
a function recursing 500 times in every sample would show
|
||||
50000% cumulative presence. The fix deduplicates locations
|
||||
within each sample so cumulative stats correctly represent
|
||||
“percentage of samples where this function was on the
|
||||
stack”. Patch by Pablo Galindo.
|
||||
- gh-142315: Pdb can now run scripts from anonymous pipes
|
||||
used in process substitution. Patch by Bartosz Sławecki.
|
||||
- gh-64532: Subparser help now includes required optional
|
||||
arguments from the parent parser in the usage, making it
|
||||
clearer what arguments are needed to run a subcommand.
|
||||
Patch by Savannah Ostrowski.
|
||||
- gh-142207: Fix: profiling.sampling may cause assertion
|
||||
!(has_gil && gil_requested)
|
||||
- gh-142332: Fix usage formatting for positional arguments in
|
||||
mutually exclusive groups in argparse. in argparse.
|
||||
- gh-142282: Fix winreg.QueryValueEx() to not accidentally
|
||||
read garbage buffer under race condition.
|
||||
- gh-142318: Fix typing 'q' at the help of the interactive
|
||||
tachyon profiler exiting the profiler.
|
||||
- gh-75949: Fix argparse to preserve | separators in mutually
|
||||
exclusive groups when the usage line wraps due to length.
|
||||
- gh-142267: Improve argparse performance by caching the
|
||||
formatter used for argument validation.
|
||||
- gh-139862: Remove color parameter from
|
||||
argparse.HelpFormatter constructor. Color is controlled by
|
||||
ArgumentParser.
|
||||
- gh-68552: MisplacedEnvelopeHeaderDefect and Missing header
|
||||
name defects are now correctly passed to the handle_defect
|
||||
method of policy in FeedParser.
|
||||
- gh-142206: The resource tracker in the multiprocessing
|
||||
module can now understand messages from older versions of
|
||||
itself. This avoids issues with upgrading Python while it
|
||||
is running. (Note that such ‘in-place’ upgrades are not
|
||||
tested.)
|
||||
- gh-142214: Fix two regressions in dataclasses in Python
|
||||
3.14.1 related to annotations. An exception is no longer
|
||||
raised if slots=True is used and the __init__ method does
|
||||
not have an __annotate__ attribute (likely because
|
||||
init=False was used). An exception is no longer raised if
|
||||
annotations are requested on the __init__ method and one of
|
||||
the fields is not present in the class annotations. This
|
||||
can occur in certain dynamic scenarios. Patch by Jelle
|
||||
Zijlstra.
|
||||
- gh-142203: Remove the debug_override parameter from
|
||||
importlib.util.cache_from_source() which has been
|
||||
deprecated since Python 3.5.
|
||||
- gh-138122: The _remote_debugging module now implements
|
||||
frame caching in the RemoteUnwinder class to reduce memory
|
||||
reads when profiling remote processes. When
|
||||
cache_frames=True, unchanged portions of the call stack are
|
||||
reused from previous samples, significantly improving
|
||||
profiling performance for deep call stacks.
|
||||
- gh-116738: Fix cmath data race when initializing
|
||||
trigonometric tables with subinterpreters.
|
||||
- gh-141982: Allow pdb to set breakpoints on async functions
|
||||
with function names.
|
||||
- gh-74389: When the stdin being used by a subprocess.Popen
|
||||
instance is closed, this is now ignored in
|
||||
subprocess.Popen.communicate() instead of leaving the class
|
||||
in an inconsistent state.
|
||||
- gh-87512: Fix subprocess.Popen.communicate() timeout
|
||||
handling on Windows when writing large input. Previously,
|
||||
the timeout was ignored during stdin writing, causing the
|
||||
method to block indefinitely if the child process did not
|
||||
consume input quickly. The stdin write is now performed in
|
||||
a background thread, allowing the timeout to be properly
|
||||
enforced.
|
||||
- gh-141939: Add color to all interpolated values in argparse
|
||||
help, like %(default)s or %(choices)s. Patch by Alex
|
||||
Prengère.
|
||||
- gh-141473: When subprocess.Popen.communicate() was called
|
||||
with input and a timeout and is called for a second time
|
||||
after a TimeoutExpired exception before the process has
|
||||
died, it should no longer hang.
|
||||
- gh-141999: Correctly allow KeyboardInterrupt to stop the
|
||||
process when using profiling.sampling.
|
||||
- gh-142006: Fix a bug in the email.policy.default folding
|
||||
algorithm which incorrectly resulted in a doubled newline
|
||||
when a line ending at exactly max_line_length was followed
|
||||
by an unfoldable token.
|
||||
- gh-141968: Remove data copy from re compilation of regexes
|
||||
with large charsets by using bytearray.take_bytes().
|
||||
- gh-141968: Remove data copy from encodings.idna encode()
|
||||
and encode() by using bytearray.take_bytes().
|
||||
- gh-141968: Remove data copy from codecs punycode encoding
|
||||
by using bytearray.take_bytes().
|
||||
- gh-141968: Remove data copy from
|
||||
wave.Wave_read.readframes() and
|
||||
wave.Wave_write.writeframes() by using
|
||||
bytearray.take_bytes().
|
||||
- gh-141968: Remove a data copy from base64.b32decode() and
|
||||
base64.b32encode() by using bytearray.take_bytes().
|
||||
- gh-59000: Fix pdb breakpoint resolution for class methods
|
||||
when the module defining the class is not imported.
|
||||
- gh-116738: Fix thread safety issue with re scanner objects
|
||||
in free-threaded builds.
|
||||
- gh-138122: The profiling.sampling flamegraph profiler now
|
||||
displays thread status statistics showing the percentage of
|
||||
time threads spend holding the GIL, running without the
|
||||
GIL, waiting for the GIL, and performing garbage
|
||||
collection. These statistics help identify GIL contention
|
||||
and thread behavior patterns. When filtering by thread, the
|
||||
display shows per-thread metrics.
|
||||
- gh-141781: Fixed an issue where pdb.line_prefix assignment
|
||||
was ignored if assigned after the module was imported.
|
||||
- gh-141863: Update Streams to use bytearray.take_bytes() for
|
||||
a over 10% performance improvement on pyperformance
|
||||
asyncio_tcp benchmark.
|
||||
- gh-141817: Add socket.IPV6_HDRINCL constant.
|
||||
- gh-105836: Fix asyncio.run_coroutine_threadsafe() leaving
|
||||
underlying cancelled asyncio task running.
|
||||
- gh-141570: Support file-like object raising OSError from
|
||||
fileno() in color detection (_colorize.can_colorize()).
|
||||
This can occur when sys.stdout is redirected.
|
||||
- gh-141679: Add colour to defaults in argparse help. Patch
|
||||
by Hugo van Kemenade.
|
||||
- gh-141686: Break reference cycles created by each call to
|
||||
json.dump() or json.JSONEncoder.iterencode().
|
||||
- gh-141659: Fix bad file descriptor errors from
|
||||
_posixsubprocess on AIX.
|
||||
- gh-141645: Add a new --live mode to the tachyon profiler in
|
||||
profiling.sampling module. This mode consist of a live TUI
|
||||
that displays real-time profiling statistics as the target
|
||||
application runs, similar to top. Patch by Pablo Galindo
|
||||
- gh-141615: Check stdin instead of stdout for use_rawinput
|
||||
in pdb.
|
||||
- gh-69113: Fix doctest to correctly report line numbers for
|
||||
doctests in __test__ dictionary when formatted as
|
||||
triple-quoted strings by finding unique lines in the string
|
||||
and matching them in the source file.
|
||||
- gh-141600: Fix musl version detection on Void Linux.
|
||||
- gh-48752: Add readline.get_pre_input_hook() function to
|
||||
retrieve the current pre-input hook. This allows
|
||||
applications to save and restore the hook without
|
||||
overwriting user settings. Patch by Sanyam Khurana.
|
||||
- gh-141565: Add async-aware profiling to the Tachyon
|
||||
sampling profiler. The profiler now reconstructs and
|
||||
displays async task hierarchies in flamegraphs, making the
|
||||
output more actionable for users. Patch by Savannah
|
||||
Ostrowski and Pablo Galindo Salgado.
|
||||
- gh-60107: Remove a copy from io.RawIOBase.read(). If the
|
||||
underlying I/O class keeps a reference to the mutable
|
||||
memory, raise a BufferError.
|
||||
- gh-116738: Make csv module thread-safe on the free threaded
|
||||
build.
|
||||
- gh-140911: collections: Ensure that the methods
|
||||
UserString.rindex() and UserString.index() accept
|
||||
collections.UserString instances as the sub argument.
|
||||
- gh-140875: Fix handling of unclosed character references
|
||||
(named and numerical) followed by the end of file in
|
||||
html.parser.HTMLParser with convert_charrefs=False.
|
||||
- gh-140677: Add heatmap visualization mode to the Tachyon
|
||||
sampling profiler. The new --heatmap output format provides
|
||||
a line-by-line view showing execution intensity with
|
||||
color-coded samples, inline statistics, and interactive
|
||||
call graph navigation between callers and callees.
|
||||
- gh-139946: Distinguish stdout and stderr when colorizing
|
||||
output in argparse module.
|
||||
- gh-76007: pydoc: Fix DeprecationWarning being raised when
|
||||
generating doc for stdlib modules.
|
||||
- gh-139686: Make importlib.reload no-op for lazy modules.
|
||||
- gh-138697: Fix inferring dest from a single-dash long
|
||||
option in argparse. If a short option and a single-dash
|
||||
long option are passed to add_argument(), dest is now
|
||||
inferred from the single-dash long option.
|
||||
- gh-138525: Add support for single-dash long options and
|
||||
alternate prefix characters in
|
||||
argparse.BooleanOptionalAction.
|
||||
- gh-79986: Add parsing for References and In-Reply-To
|
||||
headers to the email library that parses the header content
|
||||
as lists of message id tokens. This prevents them from
|
||||
being folded incorrectly.
|
||||
- gh-135559: Flag: a dir() on a Flag enumeration now shows
|
||||
non-canonical members. (i.e. aliases).
|
||||
- gh-134453: Fixed subprocess.Popen.communicate() input=
|
||||
handling of memoryview instances that were non-byte shaped
|
||||
on POSIX platforms. Those are now properly cast to a byte
|
||||
shaped view instead of truncating the input. Windows
|
||||
platforms did not have this bug.
|
||||
- gh-127930: Add __all__ to tkinter.simpledialog.
|
||||
- gh-115952: Fix a potential memory denial of service in the
|
||||
pickle module. When reading a pickled data received from
|
||||
untrusted source, it could cause an arbitrary amount of
|
||||
memory to be allocated, even if the code that is allowed to
|
||||
execute is restricted by overriding the find_class()
|
||||
method. This could have led to symptoms including
|
||||
a MemoryError, swapping, out of memory (OOM) killed
|
||||
processes or containers, or even system crashes. bpo-40350:
|
||||
Fix support for namespace packages in modulefinder.
|
||||
- Documentation
|
||||
- gh-141994: xml.sax.handler: Make Documentation of
|
||||
xml.sax.handler.feature_external_ges warn of opening up to
|
||||
external entity attacks. Patch by Sebastian Pipping.
|
||||
- Core and Builtins
|
||||
- gh-134584: Eliminate redundant refcounting from
|
||||
_STORE_ATTR_INSTANCE_VALUE.
|
||||
- gh-142718: JIT: Fix segfault caused by not flushing the
|
||||
stack to memory at side exits.
|
||||
- gh-142737: Tracebacks will be displayed in fallback mode
|
||||
even if io.open() is lost. Previously, this would crash the
|
||||
interpreter. Patch by Bartosz Sławecki.
|
||||
- gh-116738: Make the attributes in bz2 thread-safe on the
|
||||
free threaded build.
|
||||
- gh-134584: Eliminate redundant refcounting from
|
||||
_CALL_LIST_APPEND.
|
||||
- gh-142554: Fix a crash in divmod() when
|
||||
_pylong.int_divmod() does not return a tuple of length two
|
||||
exactly. Patch by Bénédikt Tran.
|
||||
- gh-142531: Fix a free-threaded GC performance regression.
|
||||
If there are many untracked tuples, the GC will run too
|
||||
often, resulting in poor performance. The fix is to include
|
||||
untracked tuples in the “long lived” object count. The
|
||||
number of frozen objects is also now included since the
|
||||
free-threaded GC must scan those too.
|
||||
- gh-142402: Fix reference counting when adjacent literal
|
||||
parts are merged while constructing
|
||||
string.templatelib.Template, preventing the displaced
|
||||
string object from leaking.
|
||||
- gh-116738: Make the attributes in zlib thread-safe on the
|
||||
free threaded build.
|
||||
- gh-142343: Fix SIGILL crash on m68k due to incorrect
|
||||
assembly constraint.
|
||||
- gh-142236: Improve the “Perhaps you forgot a comma?” syntax
|
||||
error for multi-line string concatenations to point to the
|
||||
last string instead of the first, making it easier to
|
||||
locate where the comma is missing. Patch by Pablo Galindo.
|
||||
- gh-142236: Fix incorrect keyword suggestions for syntax
|
||||
errors in traceback. The keyword typo suggestion mechanism
|
||||
would incorrectly suggest replacements when the extracted
|
||||
source code was incomplete rather than containing an actual
|
||||
typo. Patch by Pablo Galindo.
|
||||
- gh-142305: Decrease the size of the generated stencils and
|
||||
the runtime JIT code. Patch by Diego Russo.
|
||||
- gh-135379: Implement a limited form of register allocation
|
||||
known as “top of stack caching” in the JIT. It works by
|
||||
keeping 0-3 of the top items in the stack in registers. The
|
||||
code generator generates multiple versions of those uops
|
||||
that do not escape and are relatively small. During JIT
|
||||
compilation, the copy that produces the least memory
|
||||
traffic is selected, spilling or reloading values when
|
||||
needed.
|
||||
- gh-142276: Fix missing type watcher when promoting
|
||||
attribute loads to constants in the JIT. Patch by Ken Jin.
|
||||
Reproducer by Yuancheng Jiang.
|
||||
- gh-142218: Fix crash when inserting into a split table
|
||||
dictionary with a non str key that matches an existing key.
|
||||
- gh-141976: Check against abstract stack overflow in the JIT
|
||||
optimizer.
|
||||
- gh-97850: Remove all *.load_module() usage and definitions
|
||||
from the import system and importlib. The method has been
|
||||
deprecated in favor of importlib.abc.Loader.exec_module()
|
||||
since Python 3.4.
|
||||
- gh-142048: Fix quadratically increasing garbage collection
|
||||
delays in free-threaded build.
|
||||
- gh-65961: Stop setting __cached__ on modules.
|
||||
- gh-141770: Annotate anonymous mmap usage only when
|
||||
supported by the Linux kernel and if -X dev is used or
|
||||
Python is built in debug mode. Patch by Donghee Na.
|
||||
- gh-142029: Raise ModuleNotFoundError instead of crashing
|
||||
when a nonexistent module is used as a name in
|
||||
_imp.create_builtin().
|
||||
- gh-142029: Raise ValueError instead of crashing when empty
|
||||
string is used as a name in _imp.create_builtin().
|
||||
- gh-141976: Protect against specialization failures in the
|
||||
tracing JIT compiler for performance reasons.
|
||||
- gh-141861: Fix invalid memory read in the ENTER_EXECUTOR
|
||||
instruction.
|
||||
- gh-141930: When importing a module, use Python’s regular
|
||||
file object to ensure that writes to .pyc files are
|
||||
complete or an appropriate error is raised.
|
||||
- gh-138122: Add incomplete sample detection to prevent
|
||||
corrupted profiling data. Each thread state now contains an
|
||||
embedded base frame (sentinel at the bottom of the frame
|
||||
stack) with owner type FRAME_OWNED_BY_INTERPRETER. The
|
||||
profiler validates that stack unwinding terminates at this
|
||||
sentinel frame. Samples that fail to reach the base frame
|
||||
(due to race conditions, memory corruption, or other
|
||||
errors) are now rejected rather than being included as
|
||||
spurious data.
|
||||
- gh-120158: Fix inconsistent state when enabling or
|
||||
disabling monitoring events too many times.
|
||||
- gh-140638: Expose a "candidates" stat in gc.get_stats() and
|
||||
gc.callbacks.
|
||||
- gh-141780: Fix Py_mod_gil with API added in PEP 793:
|
||||
PyModule_FromSlotsAndSpec() and PyModExport hooks
|
||||
- gh-141732: Ensure the __repr__() for ExceptionGroup and
|
||||
BaseExceptionGroup does not change when the exception
|
||||
sequence that was original passed in to its constructor is
|
||||
subsequently mutated.
|
||||
- gh-140638: Expose a "duration" stat in gc.get_stats() and
|
||||
gc.callbacks.
|
||||
- gh-139653: Only raise a RecursionError or trigger a fatal
|
||||
error if the stack pointer is both below the limit pointer
|
||||
and above the stack base. If outside of these bounds assume
|
||||
that it is OK. This prevents false positives when
|
||||
user-space threads swap stacks.
|
||||
- gh-41779: Allowed defining the __dict__ and __weakref__
|
||||
__slots__ for any class.
|
||||
- gh-139103: Improve multithreaded scaling of dataclasses on
|
||||
the free-threaded build.
|
||||
- gh-141589: Change backoff counter to use prime numbers
|
||||
instead of powers of 2. Use only 3 bits for counter and 13
|
||||
bits for value. This allows to support values up to 8191.
|
||||
Patch by Mikhail Efimov.
|
||||
- gh-137007: Fix a bug during JIT compilation failure which
|
||||
caused garbage collection debug assertions to fail.
|
||||
- gh-132657: For the free-threaded build, avoid locking the
|
||||
set object for the __contains__ method.
|
||||
- gh-134584: Eliminate redundant refcounting from
|
||||
_CALL_STR_1.
|
||||
- gh-134584: Eliminate redundant refcounting from
|
||||
_CALL_BUILTIN_O.
|
||||
- gh-134584: Eliminate redundant refcounting from
|
||||
_CALL_TUPLE_1. Patch by Noam Cohen
|
||||
- C API
|
||||
- gh-142589: Fix
|
||||
PyUnstable_Object_IsUniqueReferencedTemporary() handling of
|
||||
tagged ints on the interpreter stack.
|
||||
- gh-142571: PyUnstable_CopyPerfMapFile() now checks that
|
||||
opening the file succeeded before flushing.
|
||||
- gh-142225: Fixed the PyABIInfo_VAR macro.
|
||||
- gh-141049: _PyObject_CallMethodId(), _PyObject_GetAttrId()
|
||||
and _PyUnicode_FromId() are deprecated since 3.15 and will
|
||||
be removed in 3.20. Instead, use
|
||||
PyUnicode_InternFromString() and cache the result in the
|
||||
module state, then call PyObject_CallMethod() or
|
||||
PyObject_GetAttr(). Patch by Victor Stinner.
|
||||
- gh-142163: Fix the HAVE_THREAD_LOCAL macro being defined
|
||||
without the Py_BUILD_CORE macro set after including
|
||||
Python.h.
|
||||
- gh-137422: Fix free threading race condition in
|
||||
PyImport_AddModuleRef(). It was previously possible for two
|
||||
calls to the function return two different objects, only
|
||||
one of which was stored in sys.modules.
|
||||
- gh-141726: Add PyDict_SetDefaultRef() to the Stable ABI.
|
||||
- gh-140042: Removed the sqlite3_shutdown call that could
|
||||
cause closing connections for sqlite when used with
|
||||
multiple sub interpreters.
|
||||
- gh-141070: Add PyUnstable_Object_Dump() to dump an object
|
||||
to stderr. It should only be used for debugging. Patch by
|
||||
Victor Stinner.
|
||||
- gh-139165: Expose the functions Py_SIZE(), Py_IS_TYPE() and
|
||||
Py_SET_SIZE() in the Stable ABI.
|
||||
- Build
|
||||
- gh-131372: Add LDVERSION and EXE to the base_interpreter
|
||||
value of build-details.json.
|
||||
- gh-142454: When calculating the digest of the JIT stencils
|
||||
input, sort the hashed files by filenames before adding
|
||||
their content to the hasher. This ensures deterministic
|
||||
hash input and hence deterministic hash, independent on
|
||||
filesystem order.
|
||||
- gh-131372: build-details.py will only be installed as part
|
||||
of the main install (make install). make altinstall will no
|
||||
longer include it.
|
||||
- gh-142234: Allow --enable-wasm-dynamic-linking for WASI.
|
||||
While CPython doesn’t directly support it so
|
||||
external/downstream users do not have to patch in support
|
||||
for the flag.
|
||||
- gh-142050: Fixed a bug where JIT stencils produced on
|
||||
Windows contained debug data. Patch by Chris Eibl.
|
||||
- gh-141808: Do not generate the jit stencils twice in case
|
||||
of PGO builds on Windows.
|
||||
- gh-141926: RUNSHARED is no longer cleared when
|
||||
cross-compiling. Previously, RUNSHARED was cleared when
|
||||
cross-compiling, which breaks PGO when using
|
||||
--enabled-shared on systems where the cross-compiled
|
||||
CPython is otherwise executable (e.g., via transparent
|
||||
emulation).
|
||||
- gh-141808: When running make clean-retain-profile, keep the
|
||||
generated JIT stencils. That way, the stencils are not
|
||||
generated twice when Profile-guided optimization (PGO) is
|
||||
used. It also allows distributors to supply their own
|
||||
pre-built JIT stencils.
|
||||
- gh-141784: Fix _remote_debugging_module.c compilation on
|
||||
32-bit Linux. Include Python.h before system headers to
|
||||
make sure that _remote_debugging_module.c uses the same
|
||||
types (ABI) than Python. Patch by Victor Stinner.
|
||||
- gh-141172: Update to WASI SDK 29.
|
||||
- gh-139707: Add configure option
|
||||
--with-missing-stdlib-config=FILE allows which distributors
|
||||
to pass a JSON configuration file containing custom error
|
||||
messages for missing standard library modules.
|
||||
- gh-108819: Honor --with-platlibdir in the pure-Python
|
||||
standard library installation path, if PLATLIBDIR doesn’t
|
||||
match the value used in LIBDIR.
|
||||
- Tests
|
||||
- gh-140381: Fix flaky test_profiling tests on i686 and s390x
|
||||
architectures by increasing slow_fibonacci call frequency
|
||||
from every 5th iteration to every 2nd iteration.
|
||||
- gh-140210: Make
|
||||
test_sysconfig.test_parse_makefile_renamed_vars less
|
||||
fragile by clearing the environment variables before
|
||||
parsing the Makefile.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Dec 10 03:48:24 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>
|
||||
|
||||
- Update to 3.15.0~a2:
|
||||
* Tools/Demos
|
||||
+ gh-139198: Remove Tools/scripts/checkpip.py script.
|
||||
+ gh-139188: Remove Tools/tz/zdump.py script.
|
||||
* Tests
|
||||
+ gh-140482: Preserve and restore the state of stty echo as part of the
|
||||
test environment.
|
||||
+ gh-140082: Update python -m test to set FORCE_COLOR=1 when being run
|
||||
with color enabled so that unittest which is run by it with redirected
|
||||
output will output in color.
|
||||
+ gh-136442: Use exitcode 1 instead of 5 if
|
||||
unittest.TestCase.setUpClass() raises an exception
|
||||
* Security
|
||||
+ gh-137836: Add support of the “plaintext” element, RAWTEXT elements
|
||||
“xmp”, “iframe”, “noembed” and “noframes”, and optionally RAWTEXT
|
||||
element “noscript” in html.parser.HTMLParser.
|
||||
+ gh-136063: email.message: ensure linear complexity for legacy HTTP
|
||||
parameters parsing. Patch by Bénédikt Tran.
|
||||
+ gh-136065: Fix quadratic complexity in os.path.expandvars().
|
||||
(CVE-2025-6075, bsc#1252974)
|
||||
* Library
|
||||
+ gh-141497: ipaddress: ensure that the methods IPv4Network.hosts() and
|
||||
IPv6Network.hosts() always return an iterator.
|
||||
+ gh-140938: The statistics.stdev() and statistics.pstdev() functions now
|
||||
raise a ValueError when the input contains an infinity or a NaN.
|
||||
+ gh-124111: Updated Tcl threading configuration in _tkinter to assume
|
||||
that threads are always available in Tcl 9 and later.
|
||||
+ gh-137109: The os.fork and related forking APIs will no longer warn in
|
||||
the common case where Linux or macOS platform APIs return the number of
|
||||
threads in a process and find the answer to be 1 even when a
|
||||
os.register_at_fork() after_in_parent= callback (re)starts a thread.
|
||||
+ gh-141314: Fix assertion failure in io.TextIOWrapper.tell() when
|
||||
reading files with standalone carriage return (\r) line endings.
|
||||
+ gh-141311: Fix assertion failure in io.BytesIO.readinto() and undefined
|
||||
behavior arising when read position is above capcity in io.BytesIO.
|
||||
+ gh-87710: mimetypes: Update mime type for .ai files to application/pdf.
|
||||
+ gh-85524: Update io.FileIO.readall, an implementation of
|
||||
io.RawIOBase.readall(), to follow io.IOBase guidelines and raise
|
||||
io.UnsupportedOperation when a file is in "w" mode rather than OSError
|
||||
+ gh-141141: Fix a thread safety issue with base64.b85decode().
|
||||
+ gh-141018: mimetypes: Update .exe, .dll, .rtf and (when
|
||||
strict=False) .jpg to their correct IANA mime type.
|
||||
+ gh-137969: Fix annotationlib.ForwardRef.evaluate() returning ForwardRef
|
||||
objects which don’t update with new globals.
|
||||
+ gh-75593: Add support of path-like objects and bytes-like objects in
|
||||
wave.open().
|
||||
+ gh-140797: The undocumented re.Scanner class now forbids regular
|
||||
expressions containing capturing groups in its lexicon patterns.
|
||||
Patterns using capturing groups could previously lead to crashes with
|
||||
segmentation fault. Use non-capturing groups (?:…) instead.
|
||||
+ gh-125115: Refactor the pdb parsing issue so positional arguments can
|
||||
pass through intuitively.
|
||||
+ gh-140815: faulthandler now detects if a frame or a code object is
|
||||
invalid or freed. Patch by Victor Stinner.
|
||||
+ gh-100218: Correctly set errno when socket.if_nametoindex() or
|
||||
socket.if_indextoname() raise an OSError. Patch by Bénédikt Tran.
|
||||
+ gh-140734: multiprocessing: fix off-by-one error when checking the
|
||||
length of a temporary socket file path. Patch by Bénédikt Tran.
|
||||
+ gh-140873: Add support of non-descriptor callables in
|
||||
functools.singledispatchmethod().
|
||||
+ gh-140874: Bump the version of pip bundled in ensurepip to version 25.3
|
||||
+ gh-140808: The internal class mailbox._ProxyFile is no longer a
|
||||
parameterized generic.
|
||||
+ gh-140691: In urllib.request, when opening a FTP URL fails because a
|
||||
data connection cannot be made, the control connection's socket is now
|
||||
closed to avoid a ResourceWarning.
|
||||
+ gh-103847: Fix hang when cancelling process created by
|
||||
asyncio.create_subprocess_exec() or asyncio.create_subprocess_shell().
|
||||
+ gh-137821: Convert _json module to use Argument Clinic.
|
||||
+ gh-140790: Initialize all Pdb's instance variables in __init__, remove
|
||||
some hasattr/getattr
|
||||
+ gh-140766: Add enum.show_flag_values() and enum.bin to enum.__all__.
|
||||
+ gh-120057: Add os.reload_environ() to os.__all__.
|
||||
+ gh-140741: Fix profiling.sampling.sample() incorrectly handling a
|
||||
FileNotFoundError or PermissionError.
|
||||
+ gh-140228: Avoid making unnecessary filesystem calls for frozen modules
|
||||
in linecache when the global module cache is not present.
|
||||
+ gh-139946: Error and warning keywords in argparse.ArgumentParser
|
||||
messages are now colorized when color output is enabled, fixing a
|
||||
visual inconsistency in which they remained plain text while other
|
||||
output was colorized.
|
||||
+ gh-140590: Fix arguments checking for functools.partial.__setstate__()
|
||||
that may lead to internal state corruption and crash.
|
||||
+ gh-140634: Fix a reference counting bug in os.sched_param.__reduce__().
|
||||
+ gh-140650: Fix an issue where closing io.BufferedWriter could crash if
|
||||
the closed attribute raised an exception on access or could not be
|
||||
converted to a boolean.
|
||||
+ gh-140601: xml.etree.ElementTree.iterparse() now emits a
|
||||
ResourceWarning when the iterator is not explicitly closed and was
|
||||
opened with a filename.
|
||||
+ gh-140593: xml.parsers.expat: Fix a memory leak that could affect users
|
||||
with ElementDeclHandler() set to a custom element declaration handler.
|
||||
+ gh-140607: Inside io.RawIOBase.read(), validate that the count of bytes
|
||||
returned by io.RawIOBase.readinto() is valid (inside the provided
|
||||
buffer).
|
||||
+ gh-138162: Fix logging.LoggerAdapter with merge_extra=True and without
|
||||
the extra argument.
|
||||
+ gh-140481: Improve error message when trying to iterate a Tk widget,
|
||||
image or font.
|
||||
+ gh-138774: ast.unparse() now generates full source code when handling
|
||||
ast.Interpolation nodes that do not have a specified source.
|
||||
+ gh-140474: Fix memory leak in array.array when creating arrays from an
|
||||
empty str and the u type code.
|
||||
+ gh-140448: Change the default of suggest_on_error to True in
|
||||
argparse.ArgumentParser.
|
||||
+ gh-137530: dataclasses Fix annotations for generated __init__ methods
|
||||
by replacing the annotations that were in-line in the generated source
|
||||
code with __annotate__ functions attached to the methods.
|
||||
+ gh-140348: Fix regression in Python 3.14.0 where using the | operator
|
||||
on a typing.Union object combined with an object that is not a type
|
||||
would raise an error.
|
||||
+ gh-76007: decimal: Deprecate __version__ and replace with
|
||||
decimal.SPEC_VERSION.
|
||||
+ gh-76007: Deprecate __version__ from a imaplib.
|
||||
+ gh-140272: Fix memory leak in the clear() method of the dbm.gnu
|
||||
database.
|
||||
+ gh-129117: unicodedata: Add isxidstart() and isxidcontinue() functions
|
||||
to check whether a character can start or continue a Unicode Standard
|
||||
Annex #31 identifier.
|
||||
+ gh-140251: Colorize the default import statement import asyncio in
|
||||
asyncio REPL.
|
||||
+ gh-140212: Calendar's HTML formatting now accepts year and month as
|
||||
options.
|
||||
+ gh-135801: Improve filtering by module in warnings.warn_explicit() if
|
||||
no module argument is passed
|
||||
+ gh-139707: Improve ModuleNotFoundError error message when a standard
|
||||
library module is missing.
|
||||
+ gh-140120: Fixed a memory leak in hmac when it was using the hacl-star
|
||||
backend.
|
||||
+ gh-140141: The importlib.metadata.PackageNotFoundError traceback raised
|
||||
when importlib.metadata.Distribution.from_name cannot discover a
|
||||
distribution no longer includes a transient StopIteration exception
|
||||
trace.
|
||||
+ gh-140166: mimetypes: Per the IANA assignment, update the MIME type for
|
||||
the .texi and .texinfo file formats to application/texinfo, instead of
|
||||
application/x-texinfo.
|
||||
+ gh-140135: Speed up io.RawIOBase.readall() by using PyBytesWriter API
|
||||
+ gh-136702: encodings: Deprecate passing a non-ascii encoding name to
|
||||
encodings.normalize_encoding() and schedule removal of support for
|
||||
Python 3.17.
|
||||
+ gh-139940: Print clearer error message when using pdb to attach to a
|
||||
non-existing process.
|
||||
+ gh-139462: When a child process in a
|
||||
concurrent.futures.ProcessPoolExecutor terminates abruptly, the
|
||||
resulting traceback will now tell you the PID and exit code of the
|
||||
terminated process. Contributed by Jonathan Berg.
|
||||
+ gh-63161: Fix tokenize.detect_encoding(). Support non-UTF-8 shebang and
|
||||
comments if non-UTF-8 encoding is specified. Detect decoding error for
|
||||
non-UTF-8 encoding. Detect null bytes in source code.
|
||||
+ gh-101828: Fix 'shift_jisx0213', 'shift_jis_2004', 'euc_jisx0213' and
|
||||
'euc_jis_2004' codecs truncating null chars as they were treated as
|
||||
part of multi-character sequences.
|
||||
+ gh-139246: fix: paste zero-width in default repl width is wrong.
|
||||
+ gh-83714: Implement os.statx() on Linux kernel versions 4.11 and later
|
||||
with glibc versions 2.28 and later.
|
||||
+ gh-138891: Fix SyntaxError when inspect.get_annotations(f,
|
||||
eval_str=True) is called on a function annotated with a PEP 646
|
||||
star_expression
|
||||
+ gh-138859: Fix generic type parameterization raising a TypeError when
|
||||
omitting a ParamSpec that has a default which is not a list of types.
|
||||
+ gh-138764: Prevent annotationlib.call_annotate_function() from calling
|
||||
__annotate__ functions that don't support VALUE_WITH_FAKE_GLOBALS in a
|
||||
fake globals namespace with empty globals.
|
||||
+ Make FORWARDREF and STRING annotations fall back to using VALUE
|
||||
annotations in the case that neither their own format, nor
|
||||
VALUE_WITH_FAKE_GLOBALS are supported.
|
||||
+ gh-138775: Use of python -m with base64 has been fixed to detect input
|
||||
from a terminal so that it properly notices EOF.
|
||||
+ gh-98896: Fix a failure in multiprocessing resource_tracker when
|
||||
SharedMemory names contain colons. Patch by Rani Pinchuk.
|
||||
+ gh-138425: Fix partial evaluation of annotationlib.ForwardRef objects
|
||||
which rely on names defined as globals.
|
||||
+ gh-138151: In annotationlib, improve evaluation of forward references
|
||||
to nonlocal variables that are not yet defined when the annotations are
|
||||
initially evaluated.
|
||||
+ gh-69528: The mode attribute of files opened in the 'wb+' mode is now
|
||||
'wb+' instead of 'rb+'.
|
||||
+ gh-137627: Speed up csv.Sniffer.sniff() delimiter detection by up to
|
||||
1.6x.
|
||||
+ gh-55531: encodings: Improve normalize_encoding() performance by
|
||||
implementing the function in C using the private _Py_normalize_encoding
|
||||
which has been modified to make lowercase conversion optional.
|
||||
+ gh-136057: Fixed the bug in pdb and bdb where next and step can't go
|
||||
over the line if a loop exists in the line.
|
||||
+ gh-133390: Support table, index, trigger, view, column, function, and
|
||||
schema completion for sqlite3's command-line interface.
|
||||
+ gh-135307: email: Fix exception in set_content() when encoding text and
|
||||
max_line_length is set to 0 or None (unlimited).
|
||||
+ gh-133789: Fix unpickling of pathlib objects that were pickled in
|
||||
Python 3.13.
|
||||
+ gh-133601: Remove deprecated typing.no_type_check_decorator().
|
||||
+ gh-132686: Add parameters inherit_class_doc and fallback_to_class_doc
|
||||
for inspect.getdoc().
|
||||
+ gh-131116: inspect.getdoc() now correctly returns an inherited
|
||||
docstring on cached_property objects if none is given in a subclass.
|
||||
+ gh-130693: Add support for -nolinestop, and -strictlimits options to
|
||||
tkinter.Text.search(). Also add the tkinter.Text.search_all() method
|
||||
for -all and -overlap options.
|
||||
+ gh-122255: In the linecache module and in the Python implementation of
|
||||
the warnings module, a DeprecationWarning is issued when mod.__loader__
|
||||
differs from mod.__spec__.loader (like in the C implementation of the
|
||||
warnings module).
|
||||
+ gh-121011: math.log() now supports arbitrary large integer-like
|
||||
arguments in the same way as arbitrary large integer arguments.
|
||||
+ gh-119668: Publicly expose and document
|
||||
importlib.machinery.NamespacePath.
|
||||
+ gh-102431: Clarify constraints for "logical" arguments in methods of
|
||||
decimal.Context.
|
||||
+ gh-81313: Add the math.integer module (PEP 791).
|
||||
* Core and Builtins
|
||||
+ gh-141579: Fix sys.activate_stack_trampoline() to properly support the
|
||||
perf_jit backend. Patch by Pablo Galindo.
|
||||
+ gh-114203: Skip locking if object is already locked by two-mutex
|
||||
critical section.
|
||||
+ gh-141528: Suggest using concurrent.interpreters.Interpreter.close()
|
||||
instead of the private _interpreters.destroy function when warning
|
||||
about remaining subinterpreters. Patch by Sergey Miryanov.
|
||||
+ gh-141367: Specialize CALL_LIST_APPEND instruction only for lists, not
|
||||
for list subclasses, to avoid unnecessary deopt.
|
||||
+ gh-141312: Fix the assertion failure in the __setstate__ method of the
|
||||
range iterator when a non-integer argument is passed.
|
||||
+ gh-140643: Add support for <GC> and <native> frames to
|
||||
profiling.sampling output to denote active garbage collection and calls
|
||||
to native code.
|
||||
+ gh-140942: Add .cjs to mimetypes to give CommonJS modules a MIME type
|
||||
of application/node.
|
||||
+ gh-140479: Update JIT compilation to use LLVM 21 at build time.
|
||||
+ gh-140939: Fix memory leak when bytearray or bytes is formated with the
|
||||
%*b format with a large width that results in a MemoryError.
|
||||
+ gh-140260: Fix struct data race in endian table initialization with
|
||||
subinterpreters. Patch by Shamil Abdulaev.
|
||||
+ gh-140530: Fix a reference leak when raise exc from cause fails.
|
||||
+ gh-90344: Replace io.IncrementalNewlineDecoder with non incremental
|
||||
newline decoders in codebase where
|
||||
io.IncrementalNewlineDecoder.decode() was being called once.
|
||||
+ gh-140373: Correctly emit PY_UNWIND event when generator object is
|
||||
closed. Patch by Mikhail Efimov.
|
||||
+ gh-140729: Fix pickling error in the sampling profiler when using
|
||||
concurrent.futures.ProcessPoolExecutor script can not be properly
|
||||
pickled and executed in worker processes.
|
||||
+ gh-131527: Dynamic borrow checking for stackrefs is added to
|
||||
Py_STACKREF_DEBUG mode. Patch by Mikhail Efimov.
|
||||
+ gh-140576: Fixed crash in tokenize.generate_tokens() in case of
|
||||
specific incorrect input. Patch by Mikhail Efimov.
|
||||
+ gh-140544: Speed up accessing interpreter state by caching it in a
|
||||
thread local variable. Patch by Kumar Aditya.
|
||||
+ gh-140551: Fixed crash in dict if dict.clear() is called at the lookup
|
||||
stage. Patch by Mikhail Efimov and Inada Naoki.
|
||||
+ gh-140517: Fixed a reference leak when iterating over the result of
|
||||
map() with strict=True when the input iterables have different lengths.
|
||||
+ gh-133467: Fix race when updating type.__bases__ that could allow a
|
||||
read of type.__base__ to observe an inconsistent value on the free
|
||||
threaded build.
|
||||
+ gh-140471: Fix potential buffer overflow in ast.AST node initialization
|
||||
when encountering malformed _fields containing non-str.
|
||||
+ gh-140443: The logarithm functions (such as math.log10() and
|
||||
math.log()) may now produce slightly different results for extremely
|
||||
large integers that cannot be converted to floats without overflow.
|
||||
These results are generally more accurate, with reduced worst-case
|
||||
error and a tighter overall error distribution.
|
||||
+ gh-140431: Fix a crash in Python's garbage collector due to partially
|
||||
initialized coroutine objects when coroutine origin tracking depth is
|
||||
enabled (sys.set_coroutine_origin_tracking_depth()).
|
||||
+ gh-140476: Optimize PySet_Add() for frozenset in free threaded build.
|
||||
+ gh-140398: Fix memory leaks in readline functions read_init_file(),
|
||||
read_history_file(), write_history_file(), and append_history_file()
|
||||
when PySys_Audit() fails.
|
||||
+ gh-140406: Fix memory leak when an object's __hash__() method returns
|
||||
an object that isn't an int.
|
||||
+ gh-140358: Restore elapsed time and unreachable object count in GC
|
||||
debug output.
|
||||
+ gh-139109: A new tracing frontend for the JIT compiler has been
|
||||
implemented.
|
||||
+ gh-140306: Fix memory leaks in cross-interpreter channel operations and
|
||||
shared namespace handling.
|
||||
+ gh-116738: Make _suggestions module thread-safe on the free threaded
|
||||
build.
|
||||
+ gh-140301: Fix memory leak of PyConfig in subinterpreters.
|
||||
+ gh-140257: Fix data race between interpreter_clear() and take_gil() on
|
||||
eval_breaker during finalization with daemon threads.
|
||||
+ gh-139951: Fixes a regression in GC performance for a growing heap
|
||||
composed mostly of small tuples.
|
||||
+ gh-140253: Wrong placement of a double-star pattern inside a mapping
|
||||
pattern now throws a specialized syntax error.
|
||||
+ gh-140104: Fix a bug with exception handling in the JIT.
|
||||
+ gh-140149: Speed up parsing bytes literals concatenation by using
|
||||
PyBytesWriter API and a single memory allocation (about 3x faster).
|
||||
+ gh-140061: Fixing the checking of whether an object is uniquely
|
||||
referenced to ensure free-threaded compatibility.
|
||||
+ gh-140080: Fix hang during finalization when attempting to call atexit
|
||||
handlers under no memory.
|
||||
+ gh-139871: Update bytearray to use a bytes under the hood as its buffer
|
||||
and add bytearray.take_bytes() to take it out.
|
||||
+ gh-140067: Fix memory leak in sub-interpreter creation.
|
||||
+ gh-139817: Attribute __qualname__ is added to typing.TypeAliasType.
|
||||
+ gh-135801: Many functions related to compiling or parsing Python code,
|
||||
such as compile(), ast.parse(), symtable.symtable(), and
|
||||
importlib.abc.InspectLoader.source_to_code() now allow to specify the
|
||||
module name. It is needed to unambiguous filter syntax warnings by
|
||||
module name.
|
||||
+ gh-139640: ast.parse() no longer emits syntax warnings for
|
||||
return/break/continue in finally (see PEP 765) - they are only emitted
|
||||
during compilation.
|
||||
+ gh-139640: Fix swallowing some syntax warnings in different modules if
|
||||
they accidentally have the same message and are emitted from the same
|
||||
line. Fix duplicated warnings in the finally block.
|
||||
+ gh-139475: Changes in stackref debugging mode when Py_STACKREF_DEBUG is
|
||||
set. We use the same pattern of refcounting for stackrefs as in
|
||||
production build.
|
||||
+ gh-139269: Fix undefined behavior when using unaligned store in JIT's
|
||||
patch_* functions.
|
||||
+ gh-138944: Fix SyntaxError message when invalid syntax appears on the
|
||||
same line as a valid import ... as ... or from ... import ... as ...
|
||||
statement. Patch by Brian Schubert.
|
||||
+ gh-138857: Improve SyntaxError message for case keyword placed outside
|
||||
match body.
|
||||
+ gh-131253: Support the --enable-pystats build option for the
|
||||
free-threaded build.
|
||||
+ gh-136327: Errors when calling functions with invalid values after *
|
||||
and ** now do not include the function name. Patch by Ilia Solin.
|
||||
+ gh-134786: If Py_TPFLAGS_MANAGED_DICT and Py_TPFLAGS_MANAGED_WEAKREF
|
||||
are used, then Py_TPFLAGS_HAVE_GC must be used as well.
|
||||
* C API
|
||||
+ gh-116146: Add a new PyImport_CreateModuleFromInitfunc() C-API for
|
||||
creating a module from a spec and initfunc. Patch by Itamar Oren.
|
||||
+ gh-141042: Make qNaN in PyFloat_Pack2() and PyFloat_Pack4(), if while
|
||||
conversion to a narrower precision floating-point format - the
|
||||
remaining after truncation payload will be zero.
|
||||
+ gh-141004: Py_MATH_El and Py_MATH_PIl are deprecated.
|
||||
+ gh-141004: The Py_INFINITY macro is soft deprecated.
|
||||
+ gh-140556: PEP 793: Add a new entry point for C extension modules,
|
||||
PyModExport_<modulename>.
|
||||
+ gh-140487: Fix Py_RETURN_NOTIMPLEMENTED in limited C API 3.11 and
|
||||
older: don’t treat Py_NotImplemented as immortal.
|
||||
+ gh-140153: Fix Py_REFCNT() definition on limited C API 3.11-3.13.
|
||||
+ gh-139653: Add PyUnstable_ThreadState_SetStackProtection() and
|
||||
PyUnstable_ThreadState_ResetStackProtection() functions to set the
|
||||
stack protection base address and stack protection size of a Python
|
||||
thread state. Patch by Victor Stinner.
|
||||
* Build
|
||||
+ gh-140454: When building the JIT, match the jit_stencils filename
|
||||
expectations in Makefile with the generator script. This avoid needless
|
||||
JIT recompilation during make install.
|
||||
+ gh-140768: Warn when the WASI SDK version doesn’t match what's
|
||||
supported.
|
||||
+ gh-140513: Generate a clear compilation error when _Py_TAIL_CALL_INTERP
|
||||
is enabled but either preserve_none or musttail is not supported.
|
||||
+ gh-140475: Support WASI SDK 25.
|
||||
+ gh-140239: Check statx availability only on Linux (including Android).
|
||||
+ gh-137618: PYTHON_FOR_REGEN now requires Python 3.10 to Python 3.15.
|
||||
- Drop patch CVE-2025-6075-expandvars-perf-degrad.patch, included upstream.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 13 17:13:03 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
|
||||
|
||||
|
||||
@@ -162,8 +162,8 @@
|
||||
# _md5.cpython-38m-x86_64-linux-gnu.so
|
||||
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
|
||||
Name: %{python_pkg_name}%{psuffix}
|
||||
Version: 3.15.0~a1
|
||||
%define tarversion 3.15.0a1
|
||||
Version: 3.15.0~a3
|
||||
%define tarversion 3.15.0a3
|
||||
%define tarname Python-%{tarversion}
|
||||
Release: 0
|
||||
Summary: Python 3 Interpreter
|
||||
@@ -224,9 +224,6 @@ Patch40: fix-test-recursion-limit-15.6.patch
|
||||
Patch41: bsc1243155-sphinx-non-determinism.patch
|
||||
# PATCH-FIX-OPENSUSE gh139257-Support-docutils-0.22.patch gh#python/cpython#139257 daniel.garcia@suse.com
|
||||
Patch42: gh139257-Support-docutils-0.22.patch
|
||||
# PATCH-FIX-UPSTREAM CVE-2025-6075-expandvars-perf-degrad.patch bsc#1252974 mcepl@suse.com
|
||||
# Avoid potential quadratic complexity vulnerabilities in path modules
|
||||
Patch43: CVE-2025-6075-expandvars-perf-degrad.patch
|
||||
#### Python 3.15 DEVELOPMENT PATCHES
|
||||
BuildRequires: autoconf-archive
|
||||
BuildRequires: automake
|
||||
@@ -272,7 +269,7 @@ BuildRequires: python3-python-docs-theme >= 2022.1
|
||||
|
||||
%if %{with experimental_jit}
|
||||
# needed for experimental_jit
|
||||
BuildRequires: clang19 llvm19
|
||||
BuildRequires: clang21 llvm21
|
||||
BuildRequires: llvm
|
||||
%endif
|
||||
|
||||
@@ -577,7 +574,7 @@ export SUSE_VERSION="0%{?suse_version}"
|
||||
export SLE_VERSION="0%{?sle_version}"
|
||||
|
||||
%if %{with doc}
|
||||
TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"`
|
||||
TODAY_DATE=`date -r %{SOURCE0} "+%B %d, %Y"`
|
||||
# TODO use not date of tarball but date of latest patch
|
||||
|
||||
cd Doc
|
||||
@@ -690,6 +687,8 @@ EXCLUDE="$EXCLUDE test_capi"
|
||||
|
||||
# Failing tests on python 3.15
|
||||
EXCLUDE="$EXCLUDE test_regrtest test_sysconfig"
|
||||
# Segfaults on 32 bit
|
||||
EXCLUDE="$EXCLUDE test_profiling"
|
||||
|
||||
# Limit virtual memory to avoid spurious failures
|
||||
if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then
|
||||
@@ -755,7 +754,7 @@ done
|
||||
for library in \
|
||||
array binascii _bisect _bz2 cmath _codecs_* \
|
||||
_csv _ctypes _decimal fcntl grp \
|
||||
_hashlib _heapq _hmac _json _lsprof _lzma math mmap \
|
||||
_hashlib _heapq _hmac _json _lsprof _lzma math mmap _math_integer \
|
||||
_multibytecodec _multiprocessing _pickle _posixshmem \
|
||||
_posixsubprocess _queue _random resource select _ssl _socket \
|
||||
_statistics _struct syslog termios _testbuffer _testimportmultiple \
|
||||
@@ -1088,6 +1087,7 @@ fi
|
||||
%{dynlib _lzma}
|
||||
%{dynlib math}
|
||||
%{dynlib mmap}
|
||||
%{dynlib _math_integer}
|
||||
%{dynlib _multibytecodec}
|
||||
%{dynlib _multiprocessing}
|
||||
%{dynlib _pickle}
|
||||
|
||||
Reference in New Issue
Block a user