From 0cf7e4ca96bb1e62b631edfb80f7e86baec77bb1160760aeedcb8f6dfcff2661 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 28 Apr 2021 16:57:12 +0000 Subject: [PATCH 1/2] =?UTF-8?q?-=20Update=20to=203.9.4:=20=20=20-=20bpo#43?= =?UTF-8?q?710:=20Reverted=20the=20fix=20for=20https://bugs.python.org/iss?= =?UTF-8?q?ue42500=20=20=20=20=20as=20it=20changed=20the=20PyThreadState?= =?UTF-8?q?=20struct=20size=20and=20broke=20the=203.9.x=20ABI=20=20=20=20?= =?UTF-8?q?=20in=20the=203.9.3=20release=20(visible=20on=2032-bit=20platfo?= =?UTF-8?q?rms=20using=20binaries=20=20=20=20=20compiled=20using=20an=20ea?= =?UTF-8?q?rlier=20version=20of=20Python=203.9.x=20headers).=20=20=20-=20b?= =?UTF-8?q?po#26053:=20Fixed=20bug=20where=20the=20pdb=20interactive=20run?= =?UTF-8?q?=20command=20echoed=20=20=20=20=20the=20args=20from=20the=20she?= =?UTF-8?q?ll=20command=20line,=20even=20if=20those=20have=20been=20=20=20?= =?UTF-8?q?=20=20overridden=20at=20the=20pdb=20prompt.=20=20=20-=20bpo#429?= =?UTF-8?q?88=20(bsc#1183374)=20CVE-2021-3426:=20Remove=20the=20getfile=20?= =?UTF-8?q?=20=20=20=20feature=20of=20the=20pydoc=20module=20which=20could?= =?UTF-8?q?=20be=20abused=20to=20read=20=20=20=20=20arbitrary=20files=20on?= =?UTF-8?q?=20the=20disk=20(directory=20traversal=20=20=20=20=20vulnerabil?= =?UTF-8?q?ity).=20Moreover,=20even=20source=20code=20of=20Python=20module?= =?UTF-8?q?s=20=20=20=20=20can=20contain=20sensitive=20data=20like=20passw?= =?UTF-8?q?ords.=20Vulnerability=20=20=20=20=20reported=20by=20David=20Sch?= =?UTF-8?q?w=C3=B6rer.=20=20=20-=20bpo#43285:=20ftplib=20no=20longer=20tru?= =?UTF-8?q?sts=20the=20IP=20address=20value=20=20=20=20=20returned=20from?= =?UTF-8?q?=20the=20server=20in=20response=20to=20the=20PASV=20command=20b?= =?UTF-8?q?y=20=20=20=20=20default.=20This=20prevents=20a=20malicious=20FT?= =?UTF-8?q?P=20server=20from=20using=20the=20=20=20=20=20response=20to=20p?= =?UTF-8?q?robe=20IPv4=20address=20and=20port=20combinations=20on=20the=20?= =?UTF-8?q?=20=20=20=20client=20network.=20Code=20that=20requires=20the=20?= =?UTF-8?q?former=20vulnerable=20=20=20=20=20behavior=20may=20set=20a=20tr?= =?UTF-8?q?ust=5Fserver=5Fpasv=5Fipv4=5Faddress=20attribute=20=20=20=20=20?= =?UTF-8?q?on=20their=20ftplib.FTP=20instances=20to=20True=20to=20re-enabl?= =?UTF-8?q?e=20it.=20=20=20-=20bpo#43439:=20Add=20audit=20hooks=20for=20gc?= =?UTF-8?q?.get=5Fobjects(),=20=20=20=20=20gc.get=5Freferrers()=20and=20gc?= =?UTF-8?q?.get=5Freferents().=20Patch=20by=20Pablo=20=20=20=20=20Galindo.?= =?UTF-8?q?=20=20=20-=20bpo#43660:=20Fix=20crash=20that=20happens=20when?= =?UTF-8?q?=20replacing=20sys.stderr=20=20=20=20=20with=20a=20callable=20t?= =?UTF-8?q?hat=20can=20remove=20the=20object=20while=20an=20exception=20?= =?UTF-8?q?=20=20=20=20is=20being=20printed.=20Patch=20by=20Pablo=20Galind?= =?UTF-8?q?o.=20=20=20-=20bpo#43555:=20Report=20the=20column=20offset=20fo?= =?UTF-8?q?r=20SyntaxError=20for=20=20=20=20=20invalid=20line=20continuati?= =?UTF-8?q?on=20characters.=20Patch=20by=20Pablo=20Galindo.=20=20=20-=20bp?= =?UTF-8?q?o#43517:=20Fix=20misdetection=20of=20circular=20imports=20when?= =?UTF-8?q?=20using?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=62 --- Python-3.9.2.tar.xz | 3 - Python-3.9.2.tar.xz.asc | 16 ----- Python-3.9.4.tar.xz | 3 + Python-3.9.4.tar.xz.asc | 16 +++++ python39.changes | 104 +++++++++++++++++++++++++++ python39.spec | 8 +-- sphinx-update-removed-function.patch | 6 +- 7 files changed, 130 insertions(+), 26 deletions(-) delete mode 100644 Python-3.9.2.tar.xz delete mode 100644 Python-3.9.2.tar.xz.asc create mode 100644 Python-3.9.4.tar.xz create mode 100644 Python-3.9.4.tar.xz.asc diff --git a/Python-3.9.2.tar.xz b/Python-3.9.2.tar.xz deleted file mode 100644 index 72f2344..0000000 --- a/Python-3.9.2.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3c2034c54f811448f516668dce09d24008a0716c3a794dd8639b5388cbde247d -size 18889164 diff --git a/Python-3.9.2.tar.xz.asc b/Python-3.9.2.tar.xz.asc deleted file mode 100644 index e71fa64..0000000 --- a/Python-3.9.2.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmAvyCoACgkQsmmV4xAl -BWhP7g//XBDQxNrjEaLSBfGy8tGbNPqlrBAOWsuH02JzvRXnr2gBX2m8TfaUSAnq -8Kzafrpsfw0+7LFoPfrp+YwUO5k2WprovW9Iw+LoUM0d5DABL/gXKwVb0j9i8nRj -uaPLzX9SRnCQQPfYQW/5wRFIm+/aqz4fx93k3Gw0AfeYh9Ka1pUJOCxCvihS47+E -dUeoC6S8SUDrm5lPLj8t1uVVtp8W7GpGMwF5Zn31ThrlUA4V/dTMmqSUXCaAI9Ii -zXditd26EfySKSxps+VQgL7GB778XcIYxlnMYzoqd6SD/pCQgagpFP2nZ1zdZ0/g -qpwgeGE2SK++w8iiOs2Q59tisREU7PHNVtpdILhw9Me892mwxIjl8wDMTZHY8vvU -6OZRI9G8UktpkEcT9FeFgwna2T3T16rEVbrzpteeDLFgqUpt84yXD+pd5W/Oozaj -sfbd7lCFBcdzCQIKa+DGDuJKFPExu8oqGg7Zq25wxLvkNosmHXny9NylE1VIJ5ad -WHadwBeFSFCR7faplO8s+hO/BmT5PcEwIXrz/xVqwf28o/0im63llkE6WUCRW4MU -x/S5uWjB/HSDw2NHLRRc0bLabl30mMCf7J/EkVmm9dsIpmXhn6SLC9YCYjJtIjC7 -ChSQs+U8MgEnwk/un/DELIRUtu+rQZ1GkQnJ4tooaYJlYr/m7Ww= -=s/wm ------END PGP SIGNATURE----- diff --git a/Python-3.9.4.tar.xz b/Python-3.9.4.tar.xz new file mode 100644 index 0000000..3da74d5 --- /dev/null +++ b/Python-3.9.4.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4b0e6644a76f8df864ae24ac500a51bbf68bd098f6a173e27d3b61cdca9aa134 +size 18900304 diff --git a/Python-3.9.4.tar.xz.asc b/Python-3.9.4.tar.xz.asc new file mode 100644 index 0000000..7a66b22 --- /dev/null +++ b/Python-3.9.4.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmBqBLIACgkQsmmV4xAl +BWgrsRAAl3IcVe/6H6OPH+aRx1C/CeKl8DOqatCji7iiHG4JWQ4WEmKLlWzvFngr +C9enwNF7iCTBtjNsskKGrUPlmuYw9TjHGwAqox6OCHLxuCBpvoa18FKEOQJ43csq +HF98Ednp4Ju7nSi1MioA+VdD9uUbIy0vZa8gmKp2cvRFO2dLAgqsQO1FIniGz+CY +kiU+oURiLnqsEw2WvzJWWGZ70KWGssUmHhVpCsEbbCGVzjyMGqBXmPv9/vQSILOj +j2YH44Gpp5OJsQGsXIP9eyXqgjaj1hRcORpCE2L4RtYKv/V7przjHjkmqLO+aJuu +lZO/thU5YYNlEwHu9X5chwugSIFzvCU4pjU4GUYoH6IEcVZJH6q575uRxbmIE6O1 +rl2io/o7rWWDLpKDTeWCoy3dZ2LrcxIFBLQv3qMNaClT2REL2JX+y10P405dOir3 +GzrMBh79YEHwg5ZUk8wRp6ZhDep3O9hOmygPwouzLTTSkAzB/bXqaOBfWuH46PN0 +B9layfLM1k1OLVARrQf4RxzlEBVl6KFjVFzKAaWNhRYIFEAAmakFRig32E9f+xJ7 +CAjQFgJO3z3Z/FCsR/1so5SIk47Kr8HRZJykPfFzlD2XUnVhcVFBnSl9HIAfZS8A ++XX54oLBlhgq/QYexA3USvUS2QM1iLZ7dgHJUSDeH6BK8K6128I= +=SHwu +-----END PGP SIGNATURE----- diff --git a/python39.changes b/python39.changes index 3b5858b..9946f93 100644 --- a/python39.changes +++ b/python39.changes @@ -1,3 +1,107 @@ +------------------------------------------------------------------- +Wed Apr 28 16:39:54 UTC 2021 - Matej Cepl + +- Update to 3.9.4: + - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500 + as it changed the PyThreadState struct size and broke the 3.9.x ABI + in the 3.9.3 release (visible on 32-bit platforms using binaries + compiled using an earlier version of Python 3.9.x headers). + - bpo#26053: Fixed bug where the pdb interactive run command echoed + the args from the shell command line, even if those have been + overridden at the pdb prompt. + - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile + feature of the pydoc module which could be abused to read + arbitrary files on the disk (directory traversal + vulnerability). Moreover, even source code of Python modules + can contain sensitive data like passwords. Vulnerability + reported by David Schwörer. + - bpo#43285: ftplib no longer trusts the IP address value + returned from the server in response to the PASV command by + default. This prevents a malicious FTP server from using the + response to probe IPv4 address and port combinations on the + client network. Code that requires the former vulnerable + behavior may set a trust_server_pasv_ipv4_address attribute + on their ftplib.FTP instances to True to re-enable it. + - bpo#43439: Add audit hooks for gc.get_objects(), + gc.get_referrers() and gc.get_referents(). Patch by Pablo + Galindo. + - bpo#43660: Fix crash that happens when replacing sys.stderr + with a callable that can remove the object while an exception + is being printed. Patch by Pablo Galindo. + - bpo#43555: Report the column offset for SyntaxError for + invalid line continuation characters. Patch by Pablo Galindo. + - bpo#43517: Fix misdetection of circular imports when using + from pkg.mod import attr, which caused false positives in + non-trivial multi-threaded code. + - bpo#35883: Python no longer fails at startup with a fatal + error if a command line argument contains an invalid Unicode + character. The Py_DecodeLocale() function now escapes byte + sequences which would be decoded as Unicode characters + outside the [U+0000; U+10ffff] range. + - bpo#43406: Fix a possible race condition where + PyErr_CheckSignals tries to execute a non-Python signal + handler. + - bpo#42500: Improve handling of exceptions near recursion + limit. Converts a number of Fatal Errors in RecursionErrors. + - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query + and fragment in the URL of the server. + - bpo#35930: Raising an exception raised in a “future” instance + will create reference cycles. + - bpo#43577: Fix deadlock when using ssl.SSLContext debug + callback with ssl.SSLContext.sni_callback(). + - bpo#43521: ast.unparse can now render NaNs and empty sets. + - bpo#43423: subprocess.communicate() no longer raises an + IndexError when there is an empty stdout or stderr IO buffer + during a timeout on Windows. + - bpo#27820: Fixed long-standing bug of smtplib.SMTP where + doing AUTH LOGIN with initial_response_ok=False will fail. + The cause is that SMTP.auth_login _always_ returns a password + if provided with a challenge string, thus non-compliant with + the standard for AUTH LOGIN. Also fixes bug with the test for + smtpd. + - bpo#43332: Improves the networking efficiency of http.client + when using a proxy via set_tunnel(). Fewer small send calls + are made during connection setup. + - bpo#43399: Fix ElementTree.extend not working on iterators + when using the Python implementation + - bpo#43316: The python -m gzip command line application now + properly fails when detecting an unsupported extension. It + exits with a non-zero exit code and prints an error message + to stderr. + - bpo#43260: Fix TextIOWrapper can not flush internal buffer + forever after very large text is written. + - bpo#42782: Fail fast in shutil.move() to avoid creating + destination directories on failure. + - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn + introduced in Python 3.7. + - bpo#43199: Answer “Why is there no goto?” in the Design and + History FAQ. + - bpo#43407: Clarified that a result from time.monotonic(), + time.perf_counter(), time.process_time(), or + time.thread_time() can be compared with the result from any + following call to the same function - not just the next + immediate call. + - bpo#27646: Clarify that ‘yield from ’ works with any + iterable, not just iterators. + - bpo#36346: Update some deprecated unicode APIs which are + documented as “will be removed in 4.0” to “3.12”. See PEP 623 + for detail. + - bpo#37945: Fix test_getsetlocale_issue1813() of test_locale: + skip the test if setlocale() fails. Patch by Victor Stinner. + - bpo#41561: Add workaround for Ubuntu’s custom OpenSSL + security level policy. + - bpo#43288: Fix test_importlib to correctly skip Unicode file + tests if the fileystem does not support them. + - bpo#43617: Improve configure.ac: Check for presence of + autoconf-archive package and remove our copies of M4 macros. + - bpo#42225: Document that IDLE can fail on Unix either from + misconfigured IP masquerage rules or failure displaying + complex colored (non-ascii) characters. + - bpo#43283: Document why printing to IDLE’s Shell is often + slower than printing to a system terminal and that it can be + made faster by pre-formatting a single string before + printing. + ------------------------------------------------------------------- Fri Feb 19 16:58:38 UTC 2021 - Matej Cepl diff --git a/python39.spec b/python39.spec index 769e4ce..18e9793 100644 --- a/python39.spec +++ b/python39.spec @@ -53,7 +53,7 @@ # Will do the /usr/bin/python3 and all the core links %define primary_interpreter 0 # We don't process beta signs well -%define folderversion 3.9.2 +%define folderversion 3.9.4 %define tarname Python-%{tarversion} %define sitedir %{_libdir}/python%{python_version} # three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 @@ -88,7 +88,7 @@ %bcond_without profileopt %endif Name: %{python_pkg_name}%{psuffix} -Version: 3.9.2 +Version: 3.9.4 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 @@ -378,9 +378,9 @@ other applications. %patch25 -p1 %patch29 -p1 %patch32 -p1 -# %%if 0%%{?suse_version} <= 1500 +%if 0%{?suse_version} <= 1500 %patch33 -p1 -# %%endif +%endif # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac diff --git a/sphinx-update-removed-function.patch b/sphinx-update-removed-function.patch index 181f758..9c607c8 100644 --- a/sphinx-update-removed-function.patch +++ b/sphinx-update-removed-function.patch @@ -1,10 +1,10 @@ --- - Doc/tools/extensions/pyspecific.py | 6 ++++++ - 1 file changed, 6 insertions(+) + Doc/tools/extensions/pyspecific.py | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) --- a/Doc/tools/extensions/pyspecific.py +++ b/Doc/tools/extensions/pyspecific.py -@@ -361,7 +361,12 @@ class DeprecatedRemoved(Directive): +@@ -362,7 +362,12 @@ class DeprecatedRemoved(Directive): translatable=False) node.append(para) env = self.state.document.settings.env From 40e9d587639131ba40f56cc52127f97f7b75ff081f8bb1e27204094135a2ce98 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 28 Apr 2021 17:28:00 +0000 Subject: [PATCH 2/2] Add BR autoconf-archive OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=63 --- python39.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/python39.spec b/python39.spec index 18e9793..3400257 100644 --- a/python39.spec +++ b/python39.spec @@ -136,6 +136,7 @@ Patch32: sphinx-update-removed-function.patch # PATCH-FIX-SLE no-skipif-doctests.patch jsc#SLE-13738 mcepl@suse.com # SLE-15 version of Sphinx doesn't know about skipif directive in doctests. Patch33: no-skipif-doctests.patch +BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes BuildRequires: gmp-devel