From 85067059b613bf19120afd75674bca404a71de5a6fa54c5a6db69b9e2a9a9a0a Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 5 May 2021 16:46:47 +0000 Subject: [PATCH] Accepting request 890779 from home:mcepl:branches:devel:languages:python:Factory MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Update to 3.9.5: * Security - bpo-43434: Creating a sqlite3.Connection object now also produces a sqlite3.connect auditing event. Previously this event was only produced by sqlite3.connect() calls. Patch by Erlend E. Aasland. - bpo-43882: The presence of newline or tab characters in parts of a URL could allow some forms of attacks. - Following the controlling specification for URLs defined by WHATWG urllib.parse() now removes ASCII newlines and tabs from URLs, preventing such attacks. - bpo-43472: Ensures interpreter-level audit hooks receive the cpython.PyInterpreterState_New event when called through the _xxsubinterpreters module. - bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4 address strings. Leading zeros are ambiguous and interpreted as octal notation by some libraries. For example the legacy function socket.inet_aton() treats leading zeros as octal notatation. glibc implementation of modern inet_pton() does not accept any leading zeros. For a while the ipaddress module used to accept ambiguous leading zeros. - bpo-43075: Fix Regular Expression Denial of Service (ReDoS) vulnerability in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server. - bpo-42800: Audit hooks are now fired for frame.f_code, traceback.tb_frame, and generator code/frame attribute access. * Core and Builtins - bpo-43105: Importlib now resolves relative paths when creating module spec objects from file locations. - bpo-42924: Fix bytearray repetition incorrectly copying data from the start of the buffer, even if the data is offset within the buffer (e.g. after reassigning a slice at the start of the bytearray to a shorter byte string). * Library - bpo-43993: Update bundled pip to 21.1.1. - bpo-43937: Fixed the turtle module working with non-default root window. - bpo-43930: Update bundled pip to 21.1 and setuptools to 56.0.0 - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now returns a consistent error message when cadata contains no valid certificate. - bpo-43607: urllib can now convert Windows paths with \\?\ prefixes into URL paths. - bpo-43284: platform.win32_ver derives the windows version from sys.getwindowsversion().platform_version which in turn derives the version from kernel32.dll (which can be of a different version than Windows itself). Therefore change the platform.win32_ver to determine the version using the platform module’s _syscmd_ver private function to return an accurate version. - bpo-42248: [Enum] ensure exceptions raised in _missing__ are released - bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 to suppress deprecation warnings. Python requires OpenSSL 1.1.1 APIs. - bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants (OpenSSL 3.0.0) - bpo-43789: OpenSSL 3.0.0: Don’t call the password callback function a second time when first call has signaled an error condition. - bpo-43788: The header files for ssl error codes are now OpenSSL version-specific. Exceptions will now show correct reason and library codes. The make_ssl_data.py script has been rewritten to use OpenSSL’s text file with error codes. - bpo-43655: tkinter dialog windows are now recognized as dialogs by window managers on macOS and X Window. - bpo-43534: turtle.textinput() and turtle.numinput() create now a transient window working on behalf of the canvas window. - bpo-43522: Fix problem with hostname_checks_common_name. OpenSSL does not copy hostflags from struct SSL_CTX to struct SSL. - bpo-42967: Allow bytes separator argument in urllib.parse.parse_qs and urllib.parse.parse_qsl when parsing str query strings. Previously, this raised a TypeError. - bpo-43176: Fixed processing of a dataclass that inherits from a frozen dataclass with no fields. It is now correctly detected as an error. - bpo-41735: Fix thread locks in zlib module may go wrong in rare case. Patch by Ma Lin. - bpo-36470: Fix dataclasses with InitVars and replace(). Patch by Claudiu Popa. - bpo-32745: Fix a regression in the handling of ctypes’ ctypes.c_wchar_p type: embedded null characters would cause a ValueError to be raised. Patch by Zackery Spytz. * Documentation - bpo-43959: The documentation on the PyContextVar C-API was clarified. - bpo-43938: Update dataclasses documentation to express that FrozenInstanceError is derived from AttributeError. - bpo-43755: Update documentation to reflect that unparenthesized lambda expressions can no longer be the expression part in an if clause in comprehensions and generator expressions since Python 3.9. - bpo-43739: Fixing the example code in Doc/extending/extending.rst to declare and initialize the pmodule variable to be of the right type. * Tests - bpo-43961: Fix test_logging.test_namer_rotator_inheritance() on Windows: use os.replace() rather than os.rename(). Patch by Victor Stinner. - bpo-43842: Fix a race condition in the SMTP test of test_logging. Don’t close a file descriptor (socket) from a different thread while asyncore.loop() is polling the file descriptor. Patch by Victor Stinner. - bpo-43811: Tests multiple OpenSSL versions on GitHub Actions. Use ccache to speed up testing. - bpo-43791: OpenSSL 3.0.0: Disable testing of legacy protocols TLS 1.0 and 1.1. Tests are failing with TLSV1_ALERT_INTERNAL_ERROR. - Refreshed patches: - bpo-31046_ensurepip_honours_prefix.patch - python-3.3.0b1-fix_date_time_compiler.patch - Add vendorized files from bluez-devel to enable building support for Bluetooth. OBS-URL: https://build.opensuse.org/request/show/890779 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=66 --- Python-3.9.4.tar.xz | 3 - Python-3.9.4.tar.xz.asc | 16 --- Python-3.9.5.tar.xz | 3 + Python-3.9.5.tar.xz.asc | 16 +++ bluez-devel-vendor.tar.xz | 3 + bpo-31046_ensurepip_honours_prefix.patch | 14 +-- python-3.3.0b1-fix_date_time_compiler.patch | 6 +- python39.changes | 128 ++++++++++++++++++++ python39.spec | 18 ++- 9 files changed, 175 insertions(+), 32 deletions(-) delete mode 100644 Python-3.9.4.tar.xz delete mode 100644 Python-3.9.4.tar.xz.asc create mode 100644 Python-3.9.5.tar.xz create mode 100644 Python-3.9.5.tar.xz.asc create mode 100644 bluez-devel-vendor.tar.xz diff --git a/Python-3.9.4.tar.xz b/Python-3.9.4.tar.xz deleted file mode 100644 index 3da74d5..0000000 --- a/Python-3.9.4.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4b0e6644a76f8df864ae24ac500a51bbf68bd098f6a173e27d3b61cdca9aa134 -size 18900304 diff --git a/Python-3.9.4.tar.xz.asc b/Python-3.9.4.tar.xz.asc deleted file mode 100644 index 7a66b22..0000000 --- a/Python-3.9.4.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmBqBLIACgkQsmmV4xAl -BWgrsRAAl3IcVe/6H6OPH+aRx1C/CeKl8DOqatCji7iiHG4JWQ4WEmKLlWzvFngr -C9enwNF7iCTBtjNsskKGrUPlmuYw9TjHGwAqox6OCHLxuCBpvoa18FKEOQJ43csq -HF98Ednp4Ju7nSi1MioA+VdD9uUbIy0vZa8gmKp2cvRFO2dLAgqsQO1FIniGz+CY -kiU+oURiLnqsEw2WvzJWWGZ70KWGssUmHhVpCsEbbCGVzjyMGqBXmPv9/vQSILOj -j2YH44Gpp5OJsQGsXIP9eyXqgjaj1hRcORpCE2L4RtYKv/V7przjHjkmqLO+aJuu -lZO/thU5YYNlEwHu9X5chwugSIFzvCU4pjU4GUYoH6IEcVZJH6q575uRxbmIE6O1 -rl2io/o7rWWDLpKDTeWCoy3dZ2LrcxIFBLQv3qMNaClT2REL2JX+y10P405dOir3 -GzrMBh79YEHwg5ZUk8wRp6ZhDep3O9hOmygPwouzLTTSkAzB/bXqaOBfWuH46PN0 -B9layfLM1k1OLVARrQf4RxzlEBVl6KFjVFzKAaWNhRYIFEAAmakFRig32E9f+xJ7 -CAjQFgJO3z3Z/FCsR/1so5SIk47Kr8HRZJykPfFzlD2XUnVhcVFBnSl9HIAfZS8A -+XX54oLBlhgq/QYexA3USvUS2QM1iLZ7dgHJUSDeH6BK8K6128I= -=SHwu ------END PGP SIGNATURE----- diff --git a/Python-3.9.5.tar.xz b/Python-3.9.5.tar.xz new file mode 100644 index 0000000..5b0cffb --- /dev/null +++ b/Python-3.9.5.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0c5a140665436ec3dbfbb79e2dfb6d192655f26ef4a29aeffcb6d1820d716d83 +size 19058600 diff --git a/Python-3.9.5.tar.xz.asc b/Python-3.9.5.tar.xz.asc new file mode 100644 index 0000000..77e2b3f --- /dev/null +++ b/Python-3.9.5.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEE4/8oOcBIslwITevpsmmV4xAlBWgFAmCQIFQACgkQsmmV4xAl +BWi5HRAAhcpdJaRrDp0A/09a6ifg1IPBU8tsZkoMjav4RuDIG0WQLo2xCeds6TEv +RdpV3AgUs3PVb8Y8LHYYFXvOR28ntDfcDScOKkPVL2BYNepP3PI3Ogg/tehZ8BsN +jvyYqHdbQNWcv4P2m8iiOePtDlAVNRuMl384vE5B9QywCH5yG/bRNdTgY/337KFd +2+t2yAhbctmyuzZbNaCjOYzNwQhaNPi6PBSYwtcDuOHbN5KzrGiXhz0KAcm0h82g +8nQMaA4B2pMfm27e4NLubT4oMbE07TWEIH+rnBbZ0ld+nzDdg1ewyBiKqx0qXOlS +ik8C48NBmADQu0No288W2aJ4ZLlWjrQKgh1gcxJZtSI8AWHsqJcwhN5fJTanR3jt +EyIif4e58zUuc+aDSu0gtqVz0Y1ktjyX5sx/7/dM756hiv8FcUN3j+zGH92GEVpc +RxGenFt8RH2TZQhZ/tulI22GXpB50EGqxfEARG2k0f4+UdhBIXhDvQhnlh0uc+/r +cF9Jf3QpAuC8n/DDd8fOp67BkADB6CFuXY6pr0yHs+tjHufd7Nd+H5zs0TI5rsgx +j+rLvhOKx4kYz3M5OajVTqQCq4OvvH0Hc/FRTiZwEBp5N4fC/AfbCRNiH0dNWrx3 +X0DGvVicJLinKaHCmiqrKba7isMTDx0LMRC7YcTKB8rkih7eyhk= +=LkIx +-----END PGP SIGNATURE----- diff --git a/bluez-devel-vendor.tar.xz b/bluez-devel-vendor.tar.xz new file mode 100644 index 0000000..8c61d7a --- /dev/null +++ b/bluez-devel-vendor.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d030d6ff641577625745b435f4a45e9025e11143e60d0bba7dddf53e8bf71941 +size 24976 diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch index 1808e85..72eef97 100644 --- a/bpo-31046_ensurepip_honours_prefix.patch +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -5,11 +5,11 @@ Subject: [PATCH] bpo-31046: ensurepip does not honour the value of $(prefix) Co-Authored-By: Xavier de Gaye --- - Doc/library/ensurepip.rst | 9 +++++++-- - Lib/ensurepip/__init__.py | 18 +++++++++++++----- - Lib/test/test_ensurepip.py | 11 +++++++++++ - Makefile.pre.in | 4 ++-- - .../2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst | 1 + + Doc/library/ensurepip.rst | 9 +++-- + Lib/ensurepip/__init__.py | 18 +++++++--- + Lib/test/test_ensurepip.py | 11 ++++++ + Makefile.pre.in | 4 +- + Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst | 1 5 files changed, 34 insertions(+), 9 deletions(-) create mode 100644 Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst @@ -139,7 +139,7 @@ Co-Authored-By: Xavier de Gaye --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -1253,7 +1253,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni +@@ -1263,7 +1263,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni install|*) ensurepip="" ;; \ esac; \ $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ @@ -148,7 +148,7 @@ Co-Authored-By: Xavier de Gaye fi altinstall: commoninstall -@@ -1263,7 +1263,7 @@ altinstall: commoninstall +@@ -1273,7 +1273,7 @@ altinstall: commoninstall install|*) ensurepip="--altinstall" ;; \ esac; \ $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ diff --git a/python-3.3.0b1-fix_date_time_compiler.patch b/python-3.3.0b1-fix_date_time_compiler.patch index 464447a..a88b0f1 100644 --- a/python-3.3.0b1-fix_date_time_compiler.patch +++ b/python-3.3.0b1-fix_date_time_compiler.patch @@ -1,6 +1,10 @@ +--- + Makefile.pre.in | 7 +++++++ + 1 file changed, 7 insertions(+) + --- a/Makefile.pre.in +++ b/Makefile.pre.in -@@ -772,11 +772,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ +@@ -782,11 +782,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ $(DTRACE_OBJS) \ $(srcdir)/Modules/getbuildinfo.c $(CC) -c $(PY_CORE_CFLAGS) \ diff --git a/python39.changes b/python39.changes index 7c2fce9..0ec11a7 100644 --- a/python39.changes +++ b/python39.changes @@ -1,3 +1,131 @@ +------------------------------------------------------------------- +Wed May 5 15:16:58 UTC 2021 - Matej Cepl + +- Update to 3.9.5: + * Security + - bpo-43434: Creating a sqlite3.Connection object now also + produces a sqlite3.connect auditing event. Previously this + event was only produced by sqlite3.connect() calls. Patch + by Erlend E. Aasland. + - bpo-43882: The presence of newline or tab characters in + parts of a URL could allow some forms of attacks. + - Following the controlling specification for URLs defined by + WHATWG urllib.parse() now removes ASCII newlines and tabs + from URLs, preventing such attacks. + - bpo-43472: Ensures interpreter-level audit hooks receive + the cpython.PyInterpreterState_New event when called + through the _xxsubinterpreters module. + - bpo-36384: ipaddress module no longer accepts any leading + zeros in IPv4 address strings. Leading zeros are ambiguous + and interpreted as octal notation by some libraries. For + example the legacy function socket.inet_aton() treats + leading zeros as octal notatation. glibc implementation of + modern inet_pton() does not accept any leading zeros. For + a while the ipaddress module used to accept ambiguous + leading zeros. + - bpo-43075: Fix Regular Expression Denial of Service (ReDoS) + vulnerability in urllib.request.AbstractBasicAuthHandler. + The ReDoS-vulnerable regex has quadratic worst-case + complexity and it allows cause a denial of service when + identifying crafted invalid RFCs. This ReDoS issue is on + the client side and needs remote attackers to control the + HTTP server. + - bpo-42800: Audit hooks are now fired for frame.f_code, + traceback.tb_frame, and generator code/frame attribute + access. + * Core and Builtins + - bpo-43105: Importlib now resolves relative paths when + creating module spec objects from file locations. + - bpo-42924: Fix bytearray repetition incorrectly copying + data from the start of the buffer, even if the data is + offset within the buffer (e.g. after reassigning a slice at + the start of the bytearray to a shorter byte string). + * Library + - bpo-43993: Update bundled pip to 21.1.1. + - bpo-43937: Fixed the turtle module working with non-default + root window. + - bpo-43930: Update bundled pip to 21.1 and setuptools to + 56.0.0 + - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now + returns a consistent error message when cadata contains no + valid certificate. + - bpo-43607: urllib can now convert Windows paths with \\?\ + prefixes into URL paths. + - bpo-43284: platform.win32_ver derives the windows version + from sys.getwindowsversion().platform_version which in turn + derives the version from kernel32.dll (which can be of + a different version than Windows itself). Therefore change + the platform.win32_ver to determine the version using the + platform module’s _syscmd_ver private function to return an + accurate version. + - bpo-42248: [Enum] ensure exceptions raised in _missing__ + are released + - bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 + to suppress deprecation warnings. Python requires OpenSSL + 1.1.1 APIs. + - bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants + (OpenSSL 3.0.0) + - bpo-43789: OpenSSL 3.0.0: Don’t call the password callback + function a second time when first call has signaled an + error condition. + - bpo-43788: The header files for ssl error codes are now + OpenSSL version-specific. Exceptions will now show correct + reason and library codes. The make_ssl_data.py script has + been rewritten to use OpenSSL’s text file with error codes. + - bpo-43655: tkinter dialog windows are now recognized as + dialogs by window managers on macOS and X Window. + - bpo-43534: turtle.textinput() and turtle.numinput() create + now a transient window working on behalf of the canvas + window. + - bpo-43522: Fix problem with hostname_checks_common_name. + OpenSSL does not copy hostflags from struct SSL_CTX to + struct SSL. + - bpo-42967: Allow bytes separator argument in + urllib.parse.parse_qs and urllib.parse.parse_qsl when + parsing str query strings. Previously, this raised + a TypeError. + - bpo-43176: Fixed processing of a dataclass that inherits + from a frozen dataclass with no fields. It is now correctly + detected as an error. + - bpo-41735: Fix thread locks in zlib module may go wrong in + rare case. Patch by Ma Lin. + - bpo-36470: Fix dataclasses with InitVars and replace(). + Patch by Claudiu Popa. + - bpo-32745: Fix a regression in the handling of ctypes’ + ctypes.c_wchar_p type: embedded null characters would cause + a ValueError to be raised. Patch by Zackery Spytz. + * Documentation + - bpo-43959: The documentation on the PyContextVar C-API was + clarified. + - bpo-43938: Update dataclasses documentation to express that + FrozenInstanceError is derived from AttributeError. + - bpo-43755: Update documentation to reflect that + unparenthesized lambda expressions can no longer be the + expression part in an if clause in comprehensions and + generator expressions since Python 3.9. + - bpo-43739: Fixing the example code in + Doc/extending/extending.rst to declare and initialize the + pmodule variable to be of the right type. + * Tests + - bpo-43961: Fix + test_logging.test_namer_rotator_inheritance() on Windows: + use os.replace() rather than os.rename(). Patch by Victor + Stinner. + - bpo-43842: Fix a race condition in the SMTP test of + test_logging. Don’t close a file descriptor (socket) from + a different thread while asyncore.loop() is polling the + file descriptor. Patch by Victor Stinner. + - bpo-43811: Tests multiple OpenSSL versions on GitHub + Actions. Use ccache to speed up testing. + - bpo-43791: OpenSSL 3.0.0: Disable testing of legacy + protocols TLS 1.0 and 1.1. Tests are failing with + TLSV1_ALERT_INTERNAL_ERROR. +- Refreshed patches: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch +- Add vendorized files from bluez-devel to enable building support for + Bluetooth. + ------------------------------------------------------------------- Sun May 2 09:20:06 UTC 2021 - Ben Greiner diff --git a/python39.spec b/python39.spec index 3400257..384acf7 100644 --- a/python39.spec +++ b/python39.spec @@ -53,7 +53,7 @@ # Will do the /usr/bin/python3 and all the core links %define primary_interpreter 0 # We don't process beta signs well -%define folderversion 3.9.4 +%define folderversion 3.9.5 %define tarname Python-%{tarversion} %define sitedir %{_libdir}/python%{python_version} # three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 @@ -88,7 +88,7 @@ %bcond_without profileopt %endif Name: %{python_pkg_name}%{psuffix} -Version: 3.9.4 +Version: 3.9.5 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 @@ -104,6 +104,12 @@ Source10: pre_checkin.sh Source11: skipped_tests.py Source19: idle3.desktop Source20: idle3.appdata.xml +# content of bluez-devel: +# 1. sudo zypper --pkg-cache-dir /tmp install -f -d --no-recommends bluez-devel +# 2. rpm2cpio /tmp/*/*/bluez-devel-*.rpm|cpio -idu +# 3. mkdir Vendor && mv usr/include/* Vendor/ +# 4. tar cJf bluez-devel-vendor.tar.xz Vendor/ +Source21: bluez-devel-vendor.tar.xz Source99: https://www.python.org/static/files/pubkeys.txt#/python.keyring # The following files are not used in the build. # They are listed here to work around missing functionality in rpmbuild, @@ -402,6 +408,9 @@ rm -r Modules/expat # drop duplicate README from site-packages rm Lib/site-packages/README.txt +# Add vendored bluez-devel files +tar xvf %{SOURCE21} + %build %if %{with doc} TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"` @@ -427,6 +436,8 @@ autoreconf -fvi sed -e 's/-fprofile-correction//' -i Makefile.pre.in %endif +export CFLAGS="%{optflags} -IVendor/" + %configure \ --with-platlibdir=%{_lib} \ --docdir=%{_docdir}/python \ @@ -488,9 +499,6 @@ EXCLUDE="$EXCLUDE test_multiprocessing_forkserver test_multiprocessing_spawn tes # done have any such interface breaking the uuid module. EXCLUDE="$EXCLUDE test_uuid" -# TEMPORARILY EXCLUDE test_capi bpo#37169 -EXCLUDE="$EXCLUDE test_capi" - # Limit virtual memory to avoid spurious failures if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then ulimit -v 10000000 || :