Accepting request 890779 from home:mcepl:branches:devel:languages:python:Factory

- Update to 3.9.5: * Security - bpo-43434: Creating a sqlite3.Connection object now also produces a sqlite3.connect auditing event. Previously this event was only produced by sqlite3.connect() calls. Patch by Erlend E. Aasland. - bpo-43882: The presence of newline or tab characters in parts of a URL could allow some forms of attacks. - Following the controlling specification for URLs defined by WHATWG urllib.parse() now removes ASCII newlines and tabs from URLs, preventing such attacks. - bpo-43472: Ensures interpreter-level audit hooks receive the cpython.PyInterpreterState_New event when called through the _xxsubinterpreters module. - bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4 address strings. Leading zeros are ambiguous and interpreted as octal notation by some libraries. For example the legacy function socket.inet_aton() treats leading zeros as octal notatation. glibc implementation of modern inet_pton() does not accept any leading zeros. For a while the ipaddress module used to accept ambiguous leading zeros. - bpo-43075: Fix Regular Expression Denial of Service (ReDoS) vulnerability in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server. - bpo-42800: Audit hooks are now fired for frame.f_code, traceback.tb_frame, and generator code/frame attribute access. * Core and Builtins - bpo-43105: Importlib now resolves relative paths when creating module spec objects from file locations. - bpo-42924: Fix bytearray repetition incorrectly copying data from the start of the buffer, even if the data is offset within the buffer (e.g. after reassigning a slice at the start of the bytearray to a shorter byte string). * Library - bpo-43993: Update bundled pip to 21.1.1. - bpo-43937: Fixed the turtle module working with non-default root window. - bpo-43930: Update bundled pip to 21.1 and setuptools to 56.0.0 - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now returns a consistent error message when cadata contains no valid certificate. - bpo-43607: urllib can now convert Windows paths with \\?\ prefixes into URL paths. - bpo-43284: platform.win32_ver derives the windows version from sys.getwindowsversion().platform_version which in turn derives the version from kernel32.dll (which can be of a different version than Windows itself). Therefore change the platform.win32_ver to determine the version using the platform module’s _syscmd_ver private function to return an accurate version. - bpo-42248: [Enum] ensure exceptions raised in _missing__ are released - bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 to suppress deprecation warnings. Python requires OpenSSL 1.1.1 APIs. - bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants (OpenSSL 3.0.0) - bpo-43789: OpenSSL 3.0.0: Don’t call the password callback function a second time when first call has signaled an error condition. - bpo-43788: The header files for ssl error codes are now OpenSSL version-specific. Exceptions will now show correct reason and library codes. The make_ssl_data.py script has been rewritten to use OpenSSL’s text file with error codes. - bpo-43655: tkinter dialog windows are now recognized as dialogs by window managers on macOS and X Window. - bpo-43534: turtle.textinput() and turtle.numinput() create now a transient window working on behalf of the canvas window. - bpo-43522: Fix problem with hostname_checks_common_name. OpenSSL does not copy hostflags from struct SSL_CTX to struct SSL. - bpo-42967: Allow bytes separator argument in urllib.parse.parse_qs and urllib.parse.parse_qsl when parsing str query strings. Previously, this raised a TypeError. - bpo-43176: Fixed processing of a dataclass that inherits from a frozen dataclass with no fields. It is now correctly detected as an error. - bpo-41735: Fix thread locks in zlib module may go wrong in rare case. Patch by Ma Lin. - bpo-36470: Fix dataclasses with InitVars and replace(). Patch by Claudiu Popa. - bpo-32745: Fix a regression in the handling of ctypes’ ctypes.c_wchar_p type: embedded null characters would cause a ValueError to be raised. Patch by Zackery Spytz. * Documentation - bpo-43959: The documentation on the PyContextVar C-API was clarified. - bpo-43938: Update dataclasses documentation to express that FrozenInstanceError is derived from AttributeError. - bpo-43755: Update documentation to reflect that unparenthesized lambda expressions can no longer be the expression part in an if clause in comprehensions and generator expressions since Python 3.9. - bpo-43739: Fixing the example code in Doc/extending/extending.rst to declare and initialize the pmodule variable to be of the right type. * Tests - bpo-43961: Fix test_logging.test_namer_rotator_inheritance() on Windows: use os.replace() rather than os.rename(). Patch by Victor Stinner. - bpo-43842: Fix a race condition in the SMTP test of test_logging. Don’t close a file descriptor (socket) from a different thread while asyncore.loop() is polling the file descriptor. Patch by Victor Stinner. - bpo-43811: Tests multiple OpenSSL versions on GitHub Actions. Use ccache to speed up testing. - bpo-43791: OpenSSL 3.0.0: Disable testing of legacy protocols TLS 1.0 and 1.1. Tests are failing with TLSV1_ALERT_INTERNAL_ERROR. - Refreshed patches: - bpo-31046_ensurepip_honours_prefix.patch - python-3.3.0b1-fix_date_time_compiler.patch - Add vendorized files from bluez-devel to enable building support for Bluetooth. OBS-URL: https://build.opensuse.org/request/show/890779 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=66
2021-05-05 16:46:47 +00:00 · 2021-05-05 16:46:47 +00:00 · 85067059b6
commit 85067059b6
parent ac13143082
9 changed files with 175 additions and 32 deletions
--- a/Python-3.9.4.tar.xz
+++ b/Python-3.9.4.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4b0e6644a76f8df864ae24ac500a51bbf68bd098f6a173e27d3b61cdca9aa134
-size 18900304
--- a/Python-3.9.4.tar.xz.asc
+++ b/Python-3.9.4.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmBqBLIACgkQsmmV4xAl
-BWgrsRAAl3IcVe/6H6OPH+aRx1C/CeKl8DOqatCji7iiHG4JWQ4WEmKLlWzvFngr
-C9enwNF7iCTBtjNsskKGrUPlmuYw9TjHGwAqox6OCHLxuCBpvoa18FKEOQJ43csq
-HF98Ednp4Ju7nSi1MioA+VdD9uUbIy0vZa8gmKp2cvRFO2dLAgqsQO1FIniGz+CY
-kiU+oURiLnqsEw2WvzJWWGZ70KWGssUmHhVpCsEbbCGVzjyMGqBXmPv9/vQSILOj
-j2YH44Gpp5OJsQGsXIP9eyXqgjaj1hRcORpCE2L4RtYKv/V7przjHjkmqLO+aJuu
-lZO/thU5YYNlEwHu9X5chwugSIFzvCU4pjU4GUYoH6IEcVZJH6q575uRxbmIE6O1
-rl2io/o7rWWDLpKDTeWCoy3dZ2LrcxIFBLQv3qMNaClT2REL2JX+y10P405dOir3
-GzrMBh79YEHwg5ZUk8wRp6ZhDep3O9hOmygPwouzLTTSkAzB/bXqaOBfWuH46PN0
-B9layfLM1k1OLVARrQf4RxzlEBVl6KFjVFzKAaWNhRYIFEAAmakFRig32E9f+xJ7
-CAjQFgJO3z3Z/FCsR/1so5SIk47Kr8HRZJykPfFzlD2XUnVhcVFBnSl9HIAfZS8A
-+XX54oLBlhgq/QYexA3USvUS2QM1iLZ7dgHJUSDeH6BK8K6128I=
-=SHwu
-----END PGP SIGNATURE-----
--- a/Python-3.9.5.tar.xz
+++ b/Python-3.9.5.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0c5a140665436ec3dbfbb79e2dfb6d192655f26ef4a29aeffcb6d1820d716d83
+size 19058600
--- a/Python-3.9.5.tar.xz.asc
+++ b/Python-3.9.5.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmCQIFQACgkQsmmV4xAl
+BWi5HRAAhcpdJaRrDp0A/09a6ifg1IPBU8tsZkoMjav4RuDIG0WQLo2xCeds6TEv
+RdpV3AgUs3PVb8Y8LHYYFXvOR28ntDfcDScOKkPVL2BYNepP3PI3Ogg/tehZ8BsN
+jvyYqHdbQNWcv4P2m8iiOePtDlAVNRuMl384vE5B9QywCH5yG/bRNdTgY/337KFd
+2+t2yAhbctmyuzZbNaCjOYzNwQhaNPi6PBSYwtcDuOHbN5KzrGiXhz0KAcm0h82g
+8nQMaA4B2pMfm27e4NLubT4oMbE07TWEIH+rnBbZ0ld+nzDdg1ewyBiKqx0qXOlS
+ik8C48NBmADQu0No288W2aJ4ZLlWjrQKgh1gcxJZtSI8AWHsqJcwhN5fJTanR3jt
+EyIif4e58zUuc+aDSu0gtqVz0Y1ktjyX5sx/7/dM756hiv8FcUN3j+zGH92GEVpc
+RxGenFt8RH2TZQhZ/tulI22GXpB50EGqxfEARG2k0f4+UdhBIXhDvQhnlh0uc+/r
+cF9Jf3QpAuC8n/DDd8fOp67BkADB6CFuXY6pr0yHs+tjHufd7Nd+H5zs0TI5rsgx
+j+rLvhOKx4kYz3M5OajVTqQCq4OvvH0Hc/FRTiZwEBp5N4fC/AfbCRNiH0dNWrx3
+X0DGvVicJLinKaHCmiqrKba7isMTDx0LMRC7YcTKB8rkih7eyhk=
+=LkIx
+-----END PGP SIGNATURE-----
--- a/bluez-devel-vendor.tar.xz
+++ b/bluez-devel-vendor.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d030d6ff641577625745b435f4a45e9025e11143e60d0bba7dddf53e8bf71941
+size 24976
--- a/bpo-31046_ensurepip_honours_prefix.patch
+++ b/bpo-31046_ensurepip_honours_prefix.patch
@ -5,11 +5,11 @@ Subject: [PATCH] bpo-31046: ensurepip does not honour the value of $(prefix)

 Co-Authored-By: Xavier de Gaye <xdegaye@gmail.com>
 ---
- Doc/library/ensurepip.rst                      |  9 +++++++--
- Lib/ensurepip/__init__.py                      | 18 +++++++++++++-----
- Lib/test/test_ensurepip.py                     | 11 +++++++++++
- Makefile.pre.in                                |  4 ++--
- .../2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst   |  1 +
+ Doc/library/ensurepip.rst                                       |    9 +++--
+ Lib/ensurepip/__init__.py                                       |   18 +++++++---
+ Lib/test/test_ensurepip.py                                      |   11 ++++++
+ Makefile.pre.in                                                 |    4 +-
+ Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst |    1 
 5 files changed, 34 insertions(+), 9 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst

@ -139,7 +139,7 @@ Co-Authored-By: Xavier de Gaye <xdegaye@gmail.com>
 
 --- a/Makefile.pre.in
 +++ b/Makefile.pre.in
-@@ -1253,7 +1253,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni
+@@ -1263,7 +1263,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni
 			install|*) ensurepip="" ;; \
 		esac; \
 		$(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \
@ -148,7 +148,7 @@ Co-Authored-By: Xavier de Gaye <xdegaye@gmail.com>
 	fi
 
 altinstall: commoninstall
-@@ -1263,7 +1263,7 @@ altinstall: commoninstall
+@@ -1273,7 +1273,7 @@ altinstall: commoninstall
 			install|*) ensurepip="--altinstall" ;; \
 		esac; \
 		$(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \
--- a/python-3.3.0b1-fix_date_time_compiler.patch
+++ b/python-3.3.0b1-fix_date_time_compiler.patch
@ -1,6 +1,10 @@
+---
+ Makefile.pre.in |    7 +++++++
+ 1 file changed, 7 insertions(+)
+
 --- a/Makefile.pre.in
 +++ b/Makefile.pre.in
-@@ -772,11 +772,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \
+@@ -782,11 +782,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \
 		$(DTRACE_OBJS) \
 		$(srcdir)/Modules/getbuildinfo.c
 	$(CC) -c $(PY_CORE_CFLAGS) \
--- a/python39.changes
+++ b/python39.changes
@ -1,3 +1,131 @@
+-------------------------------------------------------------------
+Wed May  5 15:16:58 UTC 2021 - Matej Cepl <mcepl@suse.com>
+
+- Update to 3.9.5:
+  * Security
+    - bpo-43434: Creating a sqlite3.Connection object now also
+      produces a sqlite3.connect auditing event. Previously this
+      event was only produced by sqlite3.connect() calls. Patch
+      by Erlend E. Aasland.
+    - bpo-43882: The presence of newline or tab characters in
+      parts of a URL could allow some forms of attacks.
+    - Following the controlling specification for URLs defined by
+      WHATWG urllib.parse() now removes ASCII newlines and tabs
+      from URLs, preventing such attacks.
+    - bpo-43472: Ensures interpreter-level audit hooks receive
+      the cpython.PyInterpreterState_New event when called
+      through the _xxsubinterpreters module.
+    - bpo-36384: ipaddress module no longer accepts any leading
+      zeros in IPv4 address strings. Leading zeros are ambiguous
+      and interpreted as octal notation by some libraries. For
+      example the legacy function socket.inet_aton() treats
+      leading zeros as octal notatation. glibc implementation of
+      modern inet_pton() does not accept any leading zeros. For
+      a while the ipaddress module used to accept ambiguous
+      leading zeros.
+    - bpo-43075: Fix Regular Expression Denial of Service (ReDoS)
+      vulnerability in urllib.request.AbstractBasicAuthHandler.
+      The ReDoS-vulnerable regex has quadratic worst-case
+      complexity and it allows cause a denial of service when
+      identifying crafted invalid RFCs. This ReDoS issue is on
+      the client side and needs remote attackers to control the
+      HTTP server.
+    - bpo-42800: Audit hooks are now fired for frame.f_code,
+      traceback.tb_frame, and generator code/frame attribute
+      access.
+  * Core and Builtins
+    - bpo-43105: Importlib now resolves relative paths when
+      creating module spec objects from file locations.
+    - bpo-42924: Fix bytearray repetition incorrectly copying
+      data from the start of the buffer, even if the data is
+      offset within the buffer (e.g. after reassigning a slice at
+      the start of the bytearray to a shorter byte string).
+  * Library
+    - bpo-43993: Update bundled pip to 21.1.1.
+    - bpo-43937: Fixed the turtle module working with non-default
+      root window.
+    - bpo-43930: Update bundled pip to 21.1 and setuptools to
+      56.0.0
+    - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now
+      returns a consistent error message when cadata contains no
+      valid certificate.
+    - bpo-43607: urllib can now convert Windows paths with \\?\
+      prefixes into URL paths.
+    - bpo-43284: platform.win32_ver derives the windows version
+      from sys.getwindowsversion().platform_version which in turn
+      derives the version from kernel32.dll (which can be of
+      a different version than Windows itself). Therefore change
+      the platform.win32_ver to determine the version using the
+      platform module’s _syscmd_ver private function to return an
+      accurate version.
+    - bpo-42248: [Enum] ensure exceptions raised in _missing__
+      are released
+    - bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1
+      to suppress deprecation warnings. Python requires OpenSSL
+      1.1.1 APIs.
+    - bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants
+      (OpenSSL 3.0.0)
+    - bpo-43789: OpenSSL 3.0.0: Don’t call the password callback
+      function a second time when first call has signaled an
+      error condition.
+    - bpo-43788: The header files for ssl error codes are now
+      OpenSSL version-specific. Exceptions will now show correct
+      reason and library codes. The make_ssl_data.py script has
+      been rewritten to use OpenSSL’s text file with error codes.
+    - bpo-43655: tkinter dialog windows are now recognized as
+      dialogs by window managers on macOS and X Window.
+    - bpo-43534: turtle.textinput() and turtle.numinput() create
+      now a transient window working on behalf of the canvas
+      window.
+    - bpo-43522: Fix problem with hostname_checks_common_name.
+      OpenSSL does not copy hostflags from struct SSL_CTX to
+      struct SSL.
+    - bpo-42967: Allow bytes separator argument in
+      urllib.parse.parse_qs and urllib.parse.parse_qsl when
+      parsing str query strings. Previously, this raised
+      a TypeError.
+    - bpo-43176: Fixed processing of a dataclass that inherits
+      from a frozen dataclass with no fields. It is now correctly
+      detected as an error.
+    - bpo-41735: Fix thread locks in zlib module may go wrong in
+      rare case. Patch by Ma Lin.
+    - bpo-36470: Fix dataclasses with InitVars and replace().
+      Patch by Claudiu Popa.
+    - bpo-32745: Fix a regression in the handling of ctypes’
+      ctypes.c_wchar_p type: embedded null characters would cause
+      a ValueError to be raised. Patch by Zackery Spytz.
+  * Documentation
+    - bpo-43959: The documentation on the PyContextVar C-API was
+      clarified.
+    - bpo-43938: Update dataclasses documentation to express that
+      FrozenInstanceError is derived from AttributeError.
+    - bpo-43755: Update documentation to reflect that
+      unparenthesized lambda expressions can no longer be the
+      expression part in an if clause in comprehensions and
+      generator expressions since Python 3.9.
+    - bpo-43739: Fixing the example code in
+      Doc/extending/extending.rst to declare and initialize the
+      pmodule variable to be of the right type.
+  * Tests
+    - bpo-43961: Fix
+      test_logging.test_namer_rotator_inheritance() on Windows:
+      use os.replace() rather than os.rename(). Patch by Victor
+      Stinner.
+    - bpo-43842: Fix a race condition in the SMTP test of
+      test_logging. Don’t close a file descriptor (socket) from
+      a different thread while asyncore.loop() is polling the
+      file descriptor. Patch by Victor Stinner.
+    - bpo-43811: Tests multiple OpenSSL versions on GitHub
+      Actions. Use ccache to speed up testing.
+    - bpo-43791: OpenSSL 3.0.0: Disable testing of legacy
+      protocols TLS 1.0 and 1.1. Tests are failing with
+      TLSV1_ALERT_INTERNAL_ERROR.
+- Refreshed patches:
+  - bpo-31046_ensurepip_honours_prefix.patch
+  - python-3.3.0b1-fix_date_time_compiler.patch
+- Add vendorized files from bluez-devel to enable building support for
+  Bluetooth.
+
 -------------------------------------------------------------------
 Sun May  2 09:20:06 UTC 2021 - Ben Greiner <code@bnavigator.de>

--- a/python39.spec
+++ b/python39.spec
@ -53,7 +53,7 @@
 # Will do the /usr/bin/python3 and all the core links
 %define         primary_interpreter 0
 # We don't process beta signs well
-%define         folderversion 3.9.4
+%define         folderversion 3.9.5
 %define         tarname    Python-%{tarversion}
 %define         sitedir         %{_libdir}/python%{python_version}
 # three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149
@ -88,7 +88,7 @@
 %bcond_without profileopt
 %endif
 Name:           %{python_pkg_name}%{psuffix}
-Version:        3.9.4
+Version:        3.9.5
 Release:        0
 Summary:        Python 3 Interpreter
 License:        Python-2.0
@ -104,6 +104,12 @@ Source10:       pre_checkin.sh
 Source11:       skipped_tests.py
 Source19:       idle3.desktop
 Source20:       idle3.appdata.xml
+# content of bluez-devel:
+# 1. sudo zypper --pkg-cache-dir /tmp install -f -d --no-recommends bluez-devel
+# 2. rpm2cpio /tmp/*/*/bluez-devel-*.rpm|cpio -idu
+# 3. mkdir Vendor && mv usr/include/* Vendor/
+# 4. tar cJf bluez-devel-vendor.tar.xz Vendor/
+Source21:       bluez-devel-vendor.tar.xz
 Source99:       https://www.python.org/static/files/pubkeys.txt#/python.keyring
 # The following files are not used in the build.
 # They are listed here to work around missing functionality in rpmbuild,
@ -402,6 +408,9 @@ rm -r Modules/expat
 # drop duplicate README from site-packages
 rm Lib/site-packages/README.txt

+# Add vendored bluez-devel files
+tar xvf %{SOURCE21}
+
 %build
 %if %{with doc}
 TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"`
@ -427,6 +436,8 @@ autoreconf -fvi
 sed -e 's/-fprofile-correction//' -i Makefile.pre.in
 %endif

+export CFLAGS="%{optflags} -IVendor/"
+
 %configure \
    --with-platlibdir=%{_lib} \
    --docdir=%{_docdir}/python \
@ -488,9 +499,6 @@ EXCLUDE="$EXCLUDE test_multiprocessing_forkserver test_multiprocessing_spawn tes
 # done have any such interface breaking the uuid module.
 EXCLUDE="$EXCLUDE test_uuid"

-# TEMPORARILY EXCLUDE test_capi bpo#37169
-EXCLUDE="$EXCLUDE test_capi"
-
 # Limit virtual memory to avoid spurious failures
 if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then
  ulimit -v 10000000 || :