Commit Graph

57 Commits

Author SHA256 Message Date
708a7675a4 Accepting request 915148 from home:fusionfuture:branches:devel:languages:python:Factory
- Update to 3.8.12
  * Complete list of changes is available at
    https://docs.python.org/release/3.8.12/whatsnew/changelog.html
  * Security
    - bpo-42278: Replaced usage of tempfile.mktemp() with
      TemporaryDirectory to avoid a potential race condition.
    - bpo-44394: Update the vendored copy of libexpat to 2.4.1
      (from 2.2.8) to get the fix for the CVE-2013-0340 “Billion
      Laughs” vulnerability. This copy is most used on Windows and
      macOS.
    - bpo-43124: Made the internal putcmd function in smtplib
      sanitize input for presence of \r and \n characters to avoid
      (unlikely) command injection.
    - bpo-36384: ipaddress module no longer accepts any leading
      zeros in IPv4 address strings. Leading zeros are ambiguous
      and interpreted as octal notation by some libraries. For
      example the legacy function socket.inet_aton() treats leading
      zeros as octal notation. glibc implementation of modern
      inet_pton() does not accept any leading zeros. For a while
      the ipaddress module used to accept ambiguous leading zeros.
- Refreshed patch:
  * decimal-3.8.patch

OBS-URL: https://build.opensuse.org/request/show/915148
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=80
2021-08-31 15:13:54 +00:00
db054e258d Accepting request 914696 from home:mcepl:python-libmpdec
- Add decimal-3.8.patch to add building with --with-system-libmpdec
  option (bsc#1189356).

OBS-URL: https://build.opensuse.org/request/show/914696
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=79
2021-08-30 10:14:02 +00:00
24200752c4 Accepting request 914829 from home:Andreas_Schwab:Factory
- test_faulthandler is still problematic under qemu linux-user emulation,
  disable it there
- Reenable profileopt with qemu emulation, test_faulthandler is no longer
  run during profiling

OBS-URL: https://build.opensuse.org/request/show/914829
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=78
2021-08-29 06:01:55 +00:00
59e479a405 Accepting request 911124 from home:fusionfuture:branches:devel:languages:python:Factory
- Update to 3.8.11
  * Security
    - bpo-44022 (boo#1189241): mod:http.client now avoids
      infinitely reading potential HTTP headers after a 100
      Continue status response from the server.
    - bpo-43882: The presence of newline or tab characters in parts
      of a URL could allow some forms of attacks.
      Following the controlling specification for URLs defined by
      WHATWG urllib.parse() now removes ASCII newlines and tabs
      from URLs, preventing such attacks.
    - bpo-42800: Audit hooks are now fired for frame.f_code,
      traceback.tb_frame, and generator code/frame attribute
      access.
  * Core and Builtins
    - bpo-44070: No longer eagerly makes import filenames absolute,
      except for extension modules, which was introduced in 3.8.10.
  * Library
    - bpo-44061: Fix regression in previous release when calling
      pkgutil.iter_modules() with a list of pathlib.Path objects

OBS-URL: https://build.opensuse.org/request/show/911124
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=77
2021-08-10 04:45:47 +00:00
65288618bd - Use versioned python-Sphinx to avoid dependency on other
version of Python (bsc#1183858).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=76
2021-08-02 12:35:59 +00:00
ad0975bae5 - Add bpo44426-complex-keyword-sphinx.patch allowing generating
documentation with Sphinx 4 (bpo#44426).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=73
2021-06-18 23:00:45 +00:00
1419092212 revert
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=72
2021-06-18 21:21:26 +00:00
bab078237e - add 22198.patch to build with Sphinx 4
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=71
2021-06-18 21:11:16 +00:00
2aa8e57714 Accepting request 898393 from home:dirkmueller:Factory
- allow building against sphinx 3.x+

OBS-URL: https://build.opensuse.org/request/show/898393
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=69
2021-06-08 16:39:27 +00:00
c38e8596de - Stop providing "python" symbol (bsc#1185588), which means
python2 currently.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=68
2021-05-21 15:17:16 +00:00
e509746279 - Update to 3.8.10:
- Security
    - bpo-43434: Creating a sqlite3.Connection object now also
      produces a sqlite3.connect auditing event. Previously this
      event was only produced by sqlite3.connect() calls. Patch
      by Erlend E. Aasland.
    - bpo-43472: Ensures interpreter-level audit hooks receive
      the cpython.PyInterpreterState_New event when called
      through the _xxsubinterpreters module.
    - bpo-43075: Fix Regular Expression Denial of Service (ReDoS)
      vulnerability in urllib.request.AbstractBasicAuthHandler.
      The ReDoS-vulnerable regex has quadratic worst-case
      complexity and it allows cause a denial of service when
      identifying crafted invalid RFCs. This ReDoS issue is on
      the client side and needs remote attackers to control the
      HTTP server.
  - Core and Builtins
    - bpo-43105: Importlib now resolves relative paths when
      creating module spec objects from file locations.
    - bpo-42924: Fix bytearray repetition incorrectly copying
      data from the start of the buffer, even if the data is
      offset within the buffer (e.g. after reassigning a slice at
      the start of the bytearray to a shorter byte string).
  - Library
    - bpo-43993: Update bundled pip to 21.1.1.
    - bpo-43937: Fixed the turtle module working with non-default
      root window.
    - bpo-43930: Update bundled pip to 21.1 and setuptools to
      56.0.0
    - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=66
2021-05-05 15:36:38 +00:00
0bcf65704a Accepting request 889802 from home:bnavigator:branches:devel:languages:python:Factory
- Make sure to close the import_failed.map file after the exception
  has been raised in order to avoid ResourceWarnings when the
  failing import is part of a try...except block.

Please sync to the other flavors.

This fixes test suite failures of packages with `-W error` and optional imports.
(e.g. pytest-doctestplus)

OBS-URL: https://build.opensuse.org/request/show/889802
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=65
2021-05-02 17:07:37 +00:00
8d39a136b6 - Update to 3.8.9:
- bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile
    feature of the pydoc module which could be abused to read
    arbitrary files on the disk (directory traversal
    vulnerability). Moreover, even source code of Python modules
    can contain sensitive data like passwords. Vulnerability
    reported by David Schwörer.
  - bpo-43285: ftplib no longer trusts the IP address value
    returned from the server in response to the PASV command by
    default. This prevents a malicious FTP server from using the
    response to probe IPv4 address and port combinations on the
    client network.
  - Code that requires the former vulnerable behavior may set
    a trust_server_pasv_ipv4_address attribute on their
    ftplib.FTP instances to True to re-enable it.
  - bpo-43439: Add audit hooks for gc.get_objects(),
    gc.get_referrers() and gc.get_referents(). Patch by Pablo
    Galindo.
  - bpo-43660: Fix crash that happens when replacing sys.stderr
    with a callable that can remove the object while an exception
    is being printed. Patch by Pablo Galindo.
  - bpo-35883: Python no longer fails at startup with a fatal
    error if a command line argument contains an invalid Unicode
    character. The Py_DecodeLocale() function now escapes byte
    sequences which would be decoded as Unicode characters
    outside the [U+0000; U+10ffff] range.
  - bpo-43406: Fix a possible race condition where
    PyErr_CheckSignals tries to execute a non-Python signal
    handler.
  - bpo-35930: Raising an exception raised in a “future” instance

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=62
2021-04-28 17:38:20 +00:00
988a108da4 Fix changes
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=60
2021-03-11 14:03:10 +00:00
c6090234a8 Fix changes
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=58
2021-02-21 09:51:16 +00:00
73a62948e4 Fix changes
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=57
2021-02-21 09:40:47 +00:00
100371da1e Fix changes ... make obvious removal of patches
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=56
2021-02-21 06:54:11 +00:00
ad17b0295b Fixes changes
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=54
2021-02-20 18:22:09 +00:00
c36a6fcb46 - Update to 3.8.8:
- bpo#42938 (bsc#1181126): Avoid static buffers when computing
    the repr of ctypes.c_double and ctypes.c_longdouble
    values. This issue was assigned CVE-2021-3177.
  - bpo#42967 (bso#1182379): Fix web cache poisoning
    vulnerability by defaulting the query args separator to &,
    and allowing the user to choose a custom separator. This
    issue was assigned CVE-2021-23336.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=53
2021-02-19 16:53:23 +00:00
Steve Kowalik
93edfc4871 Add bug reference
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=51
2021-02-09 01:43:14 +00:00
Steve Kowalik
51990694fa - Add Obsoletes for python3-base when primary interpreter is set to
properly replace it during upgrades.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=50
2021-02-09 01:39:02 +00:00
eecd8bd4f8 Accepting request 869854 from home:bnavigator:branches:devel:languages:python:Factory
- Provide %have_<flavor> for all python flavors
  gh#openSUSE/python-rpm-macros#96
- Add %python3_default and %default_python3 for the primary python3
  flavor

OBS-URL: https://build.opensuse.org/request/show/869854
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=49
2021-02-05 23:09:58 +00:00
2b9c6ad870 - Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
  _ctypes/callproc.c, which may lead to remote code execution.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=47
2021-01-30 00:23:36 +00:00
33f76c4544 - (bsc#1180125) We really don't Require python-rpm-macros package.
Unnecessary dependency.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=46
2021-01-06 15:08:25 +00:00
3fab9dc2f0 Fix patches
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=45
2020-12-22 08:46:18 +00:00
00b0633e60 - Update to 3.8.7:
- bugfix release
  - multiple patches realigned:
    - F00102-lib64.patch
    - SUSE-FEDORA-multilib.patch
    - bpo-31046_ensurepip_honours_prefix.patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=44
2020-12-22 08:33:15 +00:00
35d3ee6f8f Accepting request 854402 from home:bnavigator:branches:devel:languages:python:Factory
- Last try before this results in an editwar:
  * remove importlib_resources and importlib-metadata 
    provides/obsoletes
  * import importlib_resources is not the same as
    import importlib.resources, same for metadata
  * The backport packages from PyPI needed for older flavors are
    specified as such for setuptools or in pyproject.toml. If a
    package requires them they typically add them with a python
    version qualifier and the packages have their own version
    numbers.

OBS-URL: https://build.opensuse.org/request/show/854402
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=43
2020-12-10 10:22:04 +00:00
1dff20466e - Add patch sphinx-update-removed-function.patch to no longer call
a now removed function and to make documentation build independent of
  the Sphinx version (bsc#1179630, gh#python/cpython#13236).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=42
2020-12-05 17:29:43 +00:00
ddee5138e4 - Add importlib_resources provide/obsolete as it is integral
part of the lang since 3.7 release

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=41
2020-12-02 10:59:25 +00:00
35dd29ddf6 Accepting request 849807 from home:bnavigator:branches:devel:languages:python
- The Python stdlib >= does not provide importlib_metadata or
  importlib_resources but importlib.metadata and importlib.resources.
  If a package specifically asks for importlib_*, they actually
  require the dedicated package with extended API.

OBS-URL: https://build.opensuse.org/request/show/849807
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=39
2020-11-24 09:10:25 +00:00
ed35b7a69f - Update to 3.8.6, which contains various bug fixes including security
fix of included pip and setuptools (bpo#41490, bsc#1176262,
  CVE-2019-20916). Full list of changes is available at
  https://docs.python.org/release/3.8.6/whatsnew/changelog.html#python-3-8-6
- Revert previous patch, and readd bpo-31046_ensurepip_honours_prefix.patch.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=36
2020-11-09 12:09:08 +00:00
772de6c5cd Accepting request 845109 from home:mcepl:branches:devel:languages:python:Factory
- Replace ensurepip with simple script instructing to install
  packaged pip (bsc#1176262).
- Remove bpo-31046_ensurepip_honours_prefix.patch, which is not
  necessary anymore.

OBS-URL: https://build.opensuse.org/request/show/845109
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=35
2020-11-03 10:37:26 +00:00
Tomáš Chvátal
b0678855e5 Accepting request 840459 from home:dimstar:Factory
- Fix build with RPM 4.16: error: bare words are no longer
  supported, please use "...":  x86 == ppc.

OBS-URL: https://build.opensuse.org/request/show/840459
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=32
2020-10-12 06:51:50 +00:00
Steve Kowalik
4919d1c0ae - This release also fixes CVE-2020-26116 (bsc#1177211).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=31
2020-10-08 08:04:05 +00:00
Tomáš Chvátal
12a99ccde8 Accepting request 837365 from home:dimstar:Factory
- Buildrequire timezone only for general flavor. It's used in this
  flavor for the test suite.

OBS-URL: https://build.opensuse.org/request/show/837365
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=30
2020-09-25 10:22:45 +00:00
55230c9110 - Just cleanup and reordering items to synchronize with python39
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=26
2020-09-01 10:16:43 +00:00
43225ab2cb Accepting request 821974 from home:gmbr3:Active
Changelog fix

OBS-URL: https://build.opensuse.org/request/show/821974
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=23
2020-07-21 06:55:47 +00:00
b93d18e6b5 Fix changes
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=22
2020-07-20 19:00:20 +00:00
0c680d8e86 Accepting request 821971 from home:gmbr3:Active
- Update  to version 3.8.5:
  - bpo-39603: Prevent http header injection by rejecting control characters in http.client.putrequest(…).
  - bpo-41295:  a regression in CPython 3.8.4 where defining “__setattr__” in a multi-inheritance setup and calling up the hierarchy chain could fail if builtins/extension types were involved in the base types.
  - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing.
  - bpo-39017: Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907).
  - bpo-37703: Updated Documentation to comprehensively elaborate on the behaviour of gather.cancel()
  - bpo-41302: Enable building Python 3.8 with libmpdec-2.5.0 to ease maintenance for Linux distributions. Patch by Felix Yan.
  - bpo-41300: Save files with non-ascii chars. Fix regression released in 3.9.0b4 and 3.8.4.

OBS-URL: https://build.opensuse.org/request/show/821971
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=21
2020-07-20 18:57:14 +00:00
Tomáš Chvátal
ec8e13b00e - Few minor fixes for the non-primary-interpreter option found
in py3.9

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=20
2020-07-17 06:41:37 +00:00
Tomáš Chvátal
689e6c93a6 Accepting request 821067 from home:gmbr3:testing
- Minor spec file fixes

OBS-URL: https://build.opensuse.org/request/show/821067
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=19
2020-07-15 10:44:04 +00:00
Tomáš Chvátal
b7439f20fa - Fix minor issues found in the staging.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=18
2020-07-15 09:11:27 +00:00
e6ebe7eed4 - Removed OBS_dev-shm.patch: contained in upstream
- Removed bpo40784-Fix-sqlite3-deterministic-test.patch:
  contained in upstream
- Changed bpo-31046_ensurepip_honours_prefix.patch: to be
  compatible with new version

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=17
2020-07-14 20:40:48 +00:00
3249fa98fd - Update to 3.8.4:
- Assignment expressions (PEP-572)
  - Positional-only parameters (PEP-570)
  - Parallel filesystem cache for compiled bytecode files
    (PYTHONPYCACHEPREFIX variable)
  - Debug build uses the same ABI as release build
  - f-strings support = for self-documenting expressions
    and debugging
  - Python Runtime Audit Hooks (PEP-578)
  - Python Initialization Configuration (PEP-587)
  - Vectorcall: a fast calling protocol for CPython (PEP-590)
  - Pickle protocol 5 with out-of-band data buffers (PEP-574)
  - Many other smaller bug fixes

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=16
2020-07-14 20:32:47 +00:00
476451f1a8 Accepting request 820679 from home:gmbr3:Active
- Fix %py3_compile being incorrectly defined

OBS-URL: https://build.opensuse.org/request/show/820679
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=15
2020-07-13 12:13:55 +00:00
Tomáš Chvátal
7091281f60 - Update pre_checkin.sh and regenerate
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=14
2020-07-10 10:55:28 +00:00
Tomáš Chvátal
ab1a9a63ee - Convert few dependencies to their pkgconfig counterparts
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=13
2020-07-10 10:11:54 +00:00
Tomáš Chvátal
8aaa5524f2 - Remove release requirement on libpython, it is not really needed
to be equal as the abi changes with versions

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=12
2020-07-10 10:09:11 +00:00
Tomáš Chvátal
ecb58de0d6 - Add provides python3-bla on all the subpkgs in case we are
primary provider of the functionality

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=11
2020-07-10 10:08:24 +00:00
Tomáš Chvátal
f935fec56c - Remove unversioned files from devel subpkg too
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=10
2020-07-10 10:02:45 +00:00