diff --git a/Python-3.10.5.tar.xz.asc b/Python-3.10.5.tar.xz.asc deleted file mode 100644 index 4f10f1d..0000000 --- a/Python-3.10.5.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmKd7cEACgkQ/+h0BBaL -2EfE/g/+MM3/BRFoUwEFRF+s0WYh1IxjalHXx+9IjKFYH9xYgz4hkegcU2A6XftC -mNHI9WRZ0tXPCOe/HSL3cmGretOW59Fh1outhzL3xumLAhODMJ5JBQM3/pQ2q/CV -/zvX5nVWjwg4XhlOg6AtIRRdmqjbNesGj4a0laG5l45AzxggAVe/2l/YMvo5aq4s -uTZ8s0EdNkPugVOZBe3bQ6MxkWymUmB0VC86mCuhcNx2uzB2ulyjUHBKUwqRo55N -C7BQUvL+dUNf27aFUBs42D3bjlUijvwf0Nc3BQM95d6WgmIsEOUQj/Tevsdb34DL -zt/slvwiwxJYlIlJP9jmxd6/CuqCdt07ML24/EMv1UUadwyvi5zVhmatuKpACULX -RNZSHy8ksgclc1KszxQfJMOqdbjy4K4Wa9jmh8/URCSOoagkF1opr7n9NXjPARXa -NoZCAbwoBiV9E1F4Fs8AmubI9tLyL9tMYayqF4vQgnSKlYD/Y5bxV7bmYTV6ELXE -m6UurUeCx0kzAvGt9qNx2B2TBoeyMdy12nmiiOAF1CCK76UUXwFFnG+vOlxC1d4U -GSKISTJkNY8dn40RPBpYjhCgbEPJiJbpvh4ryE3EVUQ6sPOBdrt2/xKJq/UprpFf -/rf5gk0BoNLtTp23k+Hh9UeRkji+0PMR0DgVS4DxzV9RUaSMyDY= -=FV1Y ------END PGP SIGNATURE----- diff --git a/Python-3.10.5.tar.xz b/Python-3.10.7.tar.xz similarity index 100% rename from Python-3.10.5.tar.xz rename to Python-3.10.7.tar.xz diff --git a/Python-3.10.7.tar.xz.asc b/Python-3.10.7.tar.xz.asc new file mode 100644 index 0000000..1fc8949 --- /dev/null +++ b/Python-3.10.7.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmMV9eMACgkQ/+h0BBaL +2Ec6FQ//eXrKOb5NoocNPIs9o5Jcbk5jtWxnOp3mqjO8D/LBYc8gwovZMPd+903w +In2QWtPSK22ZWdaR4DqizK9GjBRi+Y/ZEFfh3uiPM0I2/jGkr5BXizRZNdTo3GyB +/OuPiBKBVqMgTSGrpO4M24yUekqGdPfzg614GroWSr/16UVVUQADE8DP+BJCTIbk +v+t+AIYsALR0cUO+uqp2QbWf7N2aF+r08g59Vyb09+Nr2ZfjjINIbHQgRtHv7ZoI +7BsWiGW3qIeY8XxYt1/kWv4yMqaTyABdmdEHeM0vCzeEUpurj5072isGvOpI92N4 +LZ6nK8GR4pBS+OfOB7bgzUTC+tQ48wPQwb9lZTuWfSXGYotVdTXs1zW6o1T+vply +MrMZcsc6Y9o8fX3Mkkv4zT9S6JkXtq/MUTIZ27cZr492DzJNaKBG+NqF22FKR35M +ojLK24YpGyw2PCIlUSiFfAqkGNu53U5rP3N71mh7Ao00nx8WhKj4YAci0tBkfHyw +NYoX4tz7ybiR3zV5kyrmJv4G2x89cgosfHuEL2Lr+Irf3PV5vgjXHteAwu8Egdej +myokqzWEwoqNtrK9JsSYE3bcWmrVU9R/siQnNJXKWj+AkHKG0jMsrIh6iRvQGDhp +Q3Avu3ZQ/K9rreZ4Jk1DHX3BoDvRIFdEjBDAB+b6UUQEGE32nj8= +=O8kG +-----END PGP SIGNATURE----- diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch index e3bb24d..1c1f3a7 100644 --- a/bpo-31046_ensurepip_honours_prefix.patch +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -55,7 +55,7 @@ Co-Authored-By: Xavier de Gaye .. note:: --- a/Lib/ensurepip/__init__.py +++ b/Lib/ensurepip/__init__.py -@@ -113,27 +113,27 @@ def _disable_pip_configuration_settings( +@@ -123,27 +123,27 @@ def _disable_pip_configuration_settings( os.environ['PIP_CONFIG_FILE'] = os.devnull @@ -88,7 +88,7 @@ Co-Authored-By: Xavier de Gaye Note that calling this function will alter both sys.path and os.environ. """ -@@ -183,6 +183,8 @@ def _bootstrap(*, root=None, upgrade=Fal +@@ -193,6 +193,8 @@ def _bootstrap(*, root=None, upgrade=Fal args = ["install", "--no-cache-dir", "--no-index", "--find-links", tmpdir] if root: args += ["--root", root] @@ -97,7 +97,7 @@ Co-Authored-By: Xavier de Gaye if upgrade: args += ["--upgrade"] if user: -@@ -258,6 +260,11 @@ def _main(argv=None): +@@ -268,6 +270,11 @@ def _main(argv=None): help="Install everything relative to this alternate root directory.", ) parser.add_argument( @@ -109,7 +109,7 @@ Co-Authored-By: Xavier de Gaye "--altinstall", action="store_true", default=False, -@@ -276,6 +283,7 @@ def _main(argv=None): +@@ -286,6 +293,7 @@ def _main(argv=None): return _bootstrap( root=args.root, diff --git a/distutils-reproducible-compile.patch b/distutils-reproducible-compile.patch index fd98baa..02f6b90 100644 --- a/distutils-reproducible-compile.patch +++ b/distutils-reproducible-compile.patch @@ -1,9 +1,24 @@ ---- - Lib/distutils/util.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/Lib/distutils/util.py -+++ b/Lib/distutils/util.py +Index: Python-3.10.5/Lib/compileall.py +=================================================================== +--- Python-3.10.5.orig/Lib/compileall.py ++++ Python-3.10.5/Lib/compileall.py +@@ -96,6 +96,12 @@ def compile_dir(dir, maxlevels=None, ddi + maxlevels = sys.getrecursionlimit() + files = _walk_dir(dir, quiet=quiet, maxlevels=maxlevels) + success = True ++ # work around https://github.com/python/cpython/issues/93317 ++ sys.intern('{') ++ sys.intern('{{') ++ sys.intern('}') ++ sys.intern('}}') ++ + if workers != 1 and ProcessPoolExecutor is not None: + # If workers == 0, let ProcessPoolExecutor choose + workers = workers or None +Index: Python-3.10.5/Lib/distutils/util.py +=================================================================== +--- Python-3.10.5.orig/Lib/distutils/util.py ++++ Python-3.10.5/Lib/distutils/util.py @@ -436,7 +436,7 @@ byte_compile(files, optimize=%r, force=% else: from py_compile import compile diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch index 85be030..9d62100 100644 --- a/fix_configure_rst.patch +++ b/fix_configure_rst.patch @@ -29,7 +29,7 @@ Create a Python.framework rather than a traditional Unix install. Optional --- a/Misc/NEWS +++ b/Misc/NEWS -@@ -2370,7 +2370,7 @@ C API +@@ -2783,7 +2783,7 @@ C API ----- - bpo-43795: The list in :ref:`stable-abi-list` now shows the public name diff --git a/import_failed.map b/import_failed.map index 9f01f41..12e5b30 100644 --- a/import_failed.map +++ b/import_failed.map @@ -1,7 +1,7 @@ -python39-curses: curses _curses _curses_panel -python39-dbm: dbm _dbm _gdbm -python39-idle: idlelib -python39-testsuite: test _ctypes_test _testbuffer _testcapi _testinternalcapi _testimportmultiple _testmultiphase xxlimited -python39-tk: tkinter _tkinter -python39-tools: turtledemo -python39: sqlite3 readline _sqlite3 nis +python310-curses: curses _curses _curses_panel +python310-dbm: dbm _dbm _gdbm +python310-idle: idlelib +python310-testsuite: test _ctypes_test _testbuffer _testcapi _testinternalcapi _testimportmultiple _testmultiphase xxlimited +python310-tk: tkinter _tkinter +python310-tools: turtledemo +python310: sqlite3 readline _sqlite3 nis diff --git a/no-skipif-doctests.patch b/no-skipif-doctests.patch index 62758d3..2601c01 100644 --- a/no-skipif-doctests.patch +++ b/no-skipif-doctests.patch @@ -1,16 +1,9 @@ only in patch2: unchanged: ---- a/Doc/conf.py -+++ b/Doc/conf.py -@@ -46,7 +46,7 @@ today_fmt = '%B %d, %Y' - highlight_language = 'python3' - - # Minimum version of sphinx required --needs_sphinx = '1.8' -+needs_sphinx = '1.7.6' - - # Ignore any .rst files in the venv/ directory. - exclude_patterns = ['venv/*', 'README.rst'] +--- + Doc/library/turtle.rst | 82 ------------------------------------------------- + 1 file changed, 82 deletions(-) + --- a/Doc/library/turtle.rst +++ b/Doc/library/turtle.rst @@ -250,7 +250,6 @@ Turtle motion @@ -314,7 +307,7 @@ unchanged: >>> turtle.color("black", "red") >>> turtle.begin_fill() -@@ -1075,7 +1036,6 @@ More drawing control +@@ -1074,7 +1035,6 @@ More drawing control variables to the default values. .. doctest:: @@ -322,7 +315,7 @@ unchanged: >>> turtle.goto(0,-22) >>> turtle.left(100) -@@ -1127,7 +1087,6 @@ Visibility +@@ -1125,7 +1085,6 @@ Visibility drawing observably. .. doctest:: @@ -330,7 +323,7 @@ unchanged: >>> turtle.hideturtle() -@@ -1138,7 +1097,6 @@ Visibility +@@ -1136,7 +1095,6 @@ Visibility Make the turtle visible. .. doctest:: @@ -338,7 +331,7 @@ unchanged: >>> turtle.showturtle() -@@ -1169,7 +1127,6 @@ Appearance +@@ -1167,7 +1125,6 @@ Appearance deal with shapes see Screen method :func:`register_shape`. .. doctest:: @@ -346,7 +339,7 @@ unchanged: >>> turtle.shape() 'classic' -@@ -1195,7 +1152,6 @@ Appearance +@@ -1193,7 +1150,6 @@ Appearance ``resizemode("user")`` is called by :func:`shapesize` when used with arguments. .. doctest:: @@ -354,7 +347,7 @@ unchanged: >>> turtle.resizemode() 'noresize' -@@ -1219,7 +1175,6 @@ Appearance +@@ -1217,7 +1173,6 @@ Appearance of the shapes's outline. .. doctest:: @@ -362,7 +355,7 @@ unchanged: >>> turtle.shapesize() (1.0, 1.0, 1) -@@ -1244,7 +1199,6 @@ Appearance +@@ -1242,7 +1197,6 @@ Appearance heading of the turtle are sheared. .. doctest:: @@ -370,7 +363,7 @@ unchanged: >>> turtle.shape("circle") >>> turtle.shapesize(5,2) -@@ -1261,7 +1215,6 @@ Appearance +@@ -1259,7 +1213,6 @@ Appearance change the turtle's heading (direction of movement). .. doctest:: @@ -378,7 +371,7 @@ unchanged: >>> turtle.reset() >>> turtle.shape("circle") -@@ -1281,7 +1234,6 @@ Appearance +@@ -1279,7 +1232,6 @@ Appearance (direction of movement). .. doctest:: @@ -386,7 +379,7 @@ unchanged: >>> turtle.reset() >>> turtle.shape("circle") -@@ -1307,7 +1259,6 @@ Appearance +@@ -1305,7 +1257,6 @@ Appearance turtle (its direction of movement). .. doctest:: @@ -394,7 +387,7 @@ unchanged: >>> turtle.reset() >>> turtle.shape("circle") -@@ -1336,7 +1287,6 @@ Appearance +@@ -1334,7 +1285,6 @@ Appearance given matrix. .. doctest:: @@ -402,7 +395,7 @@ unchanged: >>> turtle = Turtle() >>> turtle.shape("square") -@@ -1352,7 +1302,6 @@ Appearance +@@ -1350,7 +1300,6 @@ Appearance can be used to define a new shape or components of a compound shape. .. doctest:: @@ -410,7 +403,7 @@ unchanged: >>> turtle.shape("square") >>> turtle.shapetransform(4, -1, 0, 2) -@@ -1377,7 +1326,6 @@ Using events +@@ -1375,7 +1324,6 @@ Using events procedural way: .. doctest:: @@ -418,7 +411,7 @@ unchanged: >>> def turn(x, y): ... left(180) -@@ -1398,7 +1346,6 @@ Using events +@@ -1396,7 +1344,6 @@ Using events ``None``, existing bindings are removed. .. doctest:: @@ -426,7 +419,7 @@ unchanged: >>> class MyTurtle(Turtle): ... def glow(self,x,y): -@@ -1426,7 +1373,6 @@ Using events +@@ -1424,7 +1371,6 @@ Using events mouse-click event on that turtle. .. doctest:: @@ -434,7 +427,7 @@ unchanged: >>> turtle.ondrag(turtle.goto) -@@ -1454,7 +1400,6 @@ Special Turtle methods +@@ -1452,7 +1398,6 @@ Special Turtle methods Return the last recorded polygon. .. doctest:: @@ -442,7 +435,7 @@ unchanged: >>> turtle.home() >>> turtle.begin_poly() -@@ -1474,7 +1419,6 @@ Special Turtle methods +@@ -1472,7 +1417,6 @@ Special Turtle methods turtle properties. .. doctest:: @@ -450,7 +443,7 @@ unchanged: >>> mick = Turtle() >>> joe = mick.clone() -@@ -1487,7 +1431,6 @@ Special Turtle methods +@@ -1485,7 +1429,6 @@ Special Turtle methods return the "anonymous turtle": .. doctest:: @@ -458,7 +451,7 @@ unchanged: >>> pet = getturtle() >>> pet.fd(50) -@@ -1501,7 +1444,6 @@ Special Turtle methods +@@ -1499,7 +1442,6 @@ Special Turtle methods TurtleScreen methods can then be called for that object. .. doctest:: @@ -466,7 +459,7 @@ unchanged: >>> ts = turtle.getscreen() >>> ts -@@ -1519,7 +1461,6 @@ Special Turtle methods +@@ -1517,7 +1459,6 @@ Special Turtle methods ``None``, the undobuffer is disabled. .. doctest:: @@ -474,7 +467,7 @@ unchanged: >>> turtle.setundobuffer(42) -@@ -1529,7 +1470,6 @@ Special Turtle methods +@@ -1527,7 +1468,6 @@ Special Turtle methods Return number of entries in the undobuffer. .. doctest:: @@ -482,7 +475,7 @@ unchanged: >>> while undobufferentries(): ... undo() -@@ -1552,7 +1492,6 @@ below: +@@ -1550,7 +1490,6 @@ below: For example: .. doctest:: @@ -490,7 +483,7 @@ unchanged: >>> s = Shape("compound") >>> poly1 = ((0,0),(10,-5),(0,10),(-10,-5)) -@@ -1563,7 +1502,6 @@ below: +@@ -1561,7 +1500,6 @@ below: 3. Now add the Shape to the Screen's shapelist and use it: .. doctest:: @@ -498,7 +491,7 @@ unchanged: >>> register_shape("myshape", s) >>> shape("myshape") -@@ -1583,7 +1521,6 @@ Most of the examples in this section ref +@@ -1581,7 +1519,6 @@ Most of the examples in this section ref ``screen``. .. doctest:: @@ -506,7 +499,7 @@ unchanged: :hide: >>> screen = Screen() -@@ -1600,7 +1537,6 @@ Window control +@@ -1598,7 +1535,6 @@ Window control Set or return background color of the TurtleScreen. .. doctest:: @@ -514,7 +507,7 @@ unchanged: >>> screen.bgcolor("orange") >>> screen.bgcolor() -@@ -1686,7 +1622,6 @@ Window control +@@ -1690,7 +1626,6 @@ Window control distorted. .. doctest:: @@ -522,7 +515,7 @@ unchanged: >>> screen.reset() >>> screen.setworldcoordinates(-50,-7.5,50,7.5) -@@ -1697,7 +1632,6 @@ Window control +@@ -1701,7 +1636,6 @@ Window control ... left(45); fd(2) # a regular octagon .. doctest:: @@ -530,7 +523,7 @@ unchanged: :hide: >>> screen.reset() -@@ -1719,7 +1653,6 @@ Animation control +@@ -1723,7 +1657,6 @@ Animation control Optional argument: .. doctest:: @@ -538,7 +531,7 @@ unchanged: >>> screen.delay() 10 -@@ -1741,7 +1674,6 @@ Animation control +@@ -1745,7 +1678,6 @@ Animation control :func:`delay`). .. doctest:: @@ -546,7 +539,7 @@ unchanged: >>> screen.tracer(8, 25) >>> dist = 2 -@@ -1778,7 +1710,6 @@ Using screen events +@@ -1782,7 +1714,6 @@ Using screen events must have the focus. (See method :func:`listen`.) .. doctest:: @@ -554,7 +547,7 @@ unchanged: >>> def f(): ... fd(50) -@@ -1799,7 +1730,6 @@ Using screen events +@@ -1803,7 +1734,6 @@ Using screen events must have focus. (See method :func:`listen`.) .. doctest:: @@ -562,7 +555,7 @@ unchanged: >>> def f(): ... fd(50) -@@ -1824,7 +1754,6 @@ Using screen events +@@ -1828,7 +1758,6 @@ Using screen events named ``turtle``: .. doctest:: @@ -570,7 +563,7 @@ unchanged: >>> screen.onclick(turtle.goto) # Subsequently clicking into the TurtleScreen will >>> # make the turtle move to the clicked point. -@@ -1844,7 +1773,6 @@ Using screen events +@@ -1848,7 +1777,6 @@ Using screen events Install a timer that calls *fun* after *t* milliseconds. .. doctest:: @@ -578,7 +571,7 @@ unchanged: >>> running = True >>> def f(): -@@ -1926,7 +1854,6 @@ Settings and special methods +@@ -1930,7 +1858,6 @@ Settings and special methods ============ ========================= =================== .. doctest:: @@ -586,7 +579,7 @@ unchanged: >>> mode("logo") # resets turtle heading to north >>> mode() -@@ -1941,7 +1868,6 @@ Settings and special methods +@@ -1945,7 +1872,6 @@ Settings and special methods values of color triples have to be in the range 0..\ *cmode*. .. doctest:: @@ -594,7 +587,7 @@ unchanged: >>> screen.colormode(1) >>> turtle.pencolor(240, 160, 80) -@@ -1962,7 +1888,6 @@ Settings and special methods +@@ -1966,7 +1892,6 @@ Settings and special methods do with a Tkinter Canvas. .. doctest:: @@ -602,7 +595,7 @@ unchanged: >>> cv = screen.getcanvas() >>> cv -@@ -1974,7 +1899,6 @@ Settings and special methods +@@ -1978,7 +1903,6 @@ Settings and special methods Return a list of names of all currently available turtle shapes. .. doctest:: @@ -610,7 +603,7 @@ unchanged: >>> screen.getshapes() ['arrow', 'blank', 'circle', ..., 'turtle'] -@@ -1998,7 +1922,6 @@ Settings and special methods +@@ -2002,7 +1926,6 @@ Settings and special methods coordinates: Install the corresponding polygon shape. .. doctest:: @@ -618,7 +611,7 @@ unchanged: >>> screen.register_shape("triangle", ((5,-3), (0,5), (-5,-3))) -@@ -2014,7 +1937,6 @@ Settings and special methods +@@ -2018,7 +1941,6 @@ Settings and special methods Return the list of turtles on the screen. .. doctest:: @@ -626,7 +619,7 @@ unchanged: >>> for turtle in screen.turtles(): ... turtle.color("red") -@@ -2076,7 +1998,6 @@ Methods specific to Screen, not inherite +@@ -2080,7 +2002,6 @@ Methods specific to Screen, not inherite center window vertically .. doctest:: @@ -634,7 +627,7 @@ unchanged: >>> screen.setup (width=200, height=200, startx=0, starty=0) >>> # sets window to 200x200 pixels, in upper left of screen -@@ -2092,7 +2013,6 @@ Methods specific to Screen, not inherite +@@ -2096,7 +2017,6 @@ Methods specific to Screen, not inherite Set title of turtle window to *titlestring*. .. doctest:: @@ -642,7 +635,7 @@ unchanged: >>> screen.title("Welcome to the turtle zoo!") -@@ -2163,7 +2083,6 @@ Public classes +@@ -2167,7 +2087,6 @@ Public classes Example: .. doctest:: @@ -650,7 +643,7 @@ unchanged: >>> poly = ((0,0),(10,-5),(0,10),(-10,-5)) >>> s = Shape("compound") -@@ -2510,7 +2429,6 @@ Changes since Python 3.0 +@@ -2514,7 +2433,6 @@ Changes since Python 3.0 .. doctest:: diff --git a/python310.changes b/python310.changes index 57e429c..529a368 100644 --- a/python310.changes +++ b/python310.changes @@ -1,3 +1,280 @@ +------------------------------------------------------------------- +Sun Sep 18 08:48:51 UTC 2022 - Andreas Schwab + +- test-int-timing.patch: gh-96710: Make the test timing more lenient for + the int/str DoS regression test. (#96717) + +------------------------------------------------------------------- +Sun Sep 11 08:32:53 UTC 2022 - Matej Cepl + +- Update to 3.10.7: + - Fix for CVE-2020-10735 (bsc#1203125) Converting between int + and str in bases other than 2 (binary), 4, 8 (octal), 16 + (hexadecimal), or 32 such as base 10 (decimal) now raises + a ValueError if the number of digits in string form is above + a limit to avoid potential denial of service attacks due to + the algorithmic complexity. + - Other bug fixes: + - Fixed a bug that caused _PyCode_GetExtra to return garbage + for negative indexes. + - Fix format string in _PyPegen_raise_error_known_location + that can lead to memory corruption on some 64bit systems. + The function was building a tuple with i (int) instead of + n (Py_ssize_t) for Py_ssize_t arguments. + - Fix misleading contents of error message when converting an + all-whitespace string to float. + - coroutine.throw() now properly initializes the frame.f_back + when resuming a stack of coroutines. This allows e.g. + traceback.print_stack() to work correctly when an exception + (such as CancelledError) is thrown into a coroutine. + - ast.parse() will no longer parse function definitions with + positional-only params when passed feature_version less + than (3, 8). + - Correct conversion of numbers.Rational’s to float. + - Fix a performance regression in logging + TimedRotatingFileHandler. Only check for special files when + the rollover time has passed. + - Fix unused localName parameter in the Attr class in + xml.dom.minidom. + - Update bundled pip to 22.2.2. + - Fail gracefully if EPERM or ENOSYS is raised when loading + crypt methods. This may happen when trying to load MD5 on + a Linux kernel with FIPS enabled. + - Improve discoverability of the higher level + concurrent.futures module by providing clearer links from + the lower level threading and multiprocessing modules. + - Update the default RFC base URL from deprecated + tools.ietf.org to datatracker.ietf.org + - Fix stylesheet not working in Windows CHM htmlhelp docs. + - The documentation now lists which members of C structs are + part of the Limited API/Stable ABI. + - Mitigate the inherent race condition from using + find_unused_port() in testSockName() by trying to find an + unused port a few times before failing. + - Build and test with OpenSSL 1.1.1q + - Document handling of extensions in Save As dialogs. + - Include prompts when saving Shell (interactive input and + output). + +------------------------------------------------------------------- +Wed Aug 17 11:08:56 UTC 2022 - Dirk Müller + +- fix import_failed.map to refer to the python 3.10 package versions + +------------------------------------------------------------------- +Tue Aug 2 17:13:37 UTC 2022 - Matej Cepl + +- Update to 3.10.6: + - gh-87389: http.server: Fix an open redirection vulnerability + in the HTTP server when an URI path starts with //. + Vulnerability discovered, and initial fix proposed, by Hamza + Avvan. (bsc#1202624, CVE-2021-28861) + - gh-92888: Fix memoryview use after free when accessing the + backing buffer in certain cases. + - gh-95355: _PyPegen_Parser_New now properly detects token + memory allocation errors. Patch by Honglin Zhu. + - gh-94938: Fix error detection in some builtin functions when + keyword argument name is an instance of a str subclass with + overloaded __eq__ and __hash__. Previously it could cause + SystemError or other undesired behavior. + - gh-94949: ast.parse() will no longer parse parenthesized + context managers when passed feature_version less than + (3, 9). Patch by Shantanu Jain. + - gh-94947: ast.parse() will no longer parse assignment + expressions when passed feature_version less than + (3, 8). Patch by Shantanu Jain. + - gh-94869: Fix the column offsets for some expressions in + multi-line f-strings ast nodes. Patch by Pablo Galindo. + - gh-91153: Fix an issue where a bytearray item assignment + could crash if it’s resized by the new value’s __index__() + method. + - gh-94329: Compile and run code with unpacking of extremely + large sequences (1000s of elements). Such code failed to + compile. It now compiles and runs correctly. + - gh-94360: Fixed a tokenizer crash when reading encoded + files with syntax errors from stdin with non utf-8 encoded + text. Patch by Pablo Galindo + - gh-94192: Fix error for dictionary literals with invalid + expression as value. + - gh-93964: Strengthened compiler overflow checks to prevent + crashes when compiling very large source files. + - gh-93671: Fix some exponential backtrace case happening with + deeply nested sequence patterns in match statements. Patch by + Pablo Galindo + - gh-93021: Fix the __text_signature__ for __get__() methods + implemented in C. Patch by Jelle Zijlstra. + - gh-92930: Fixed a crash in _pickle.c from mutating + collections during __reduce__ or persistent_id. + - gh-92914: Always round the allocated size for lists up to the + nearest even number. + - gh-92858: Improve error message for some suites with syntax + error before ‘:’ + - gh-95339: Update bundled pip to 22.2.1. + - gh-95045: Fix GC crash when deallocating _lsprof.Profiler by + untracking it before calling any callbacks. Patch by Kumar + Aditya. + - gh-95087: Fix IndexError in parsing invalid date in the email + module. + - gh-95199: Upgrade bundled setuptools to 63.2.0. + - gh-95194: Upgrade bundled pip to 22.2. + - gh-93899: Fix check for existence of os.EFD_CLOEXEC, + os.EFD_NONBLOCK and os.EFD_SEMAPHORE flags on older kernel + versions where these flags are not present. Patch by Kumar + Aditya. + - gh-95166: Fix concurrent.futures.Executor.map() to cancel the + currently waiting on future on an error - e.g. TimeoutError + or KeyboardInterrupt. + - gh-93157: Fix fileinput module didn’t support errors option + when inplace is true. + - gh-94821: Fix binding of unix socket to empty address + on Linux to use an available address from the abstract + namespace, instead of “0”. + - gh-94736: Fix crash when deallocating an instance of a + subclass of _multiprocessing.SemLock. Patch by Kumar Aditya. + - gh-94637: SSLContext.set_default_verify_paths() now releases + the GIL around SSL_CTX_set_default_verify_paths call. The + function call performs I/O and CPU intensive work. + - gh-94510: Re-entrant calls to sys.setprofile() and + sys.settrace() now raise RuntimeError. Patch by Pablo + Galindo. + - gh-92336: Fix bug where linecache.getline() fails on bad + files with UnicodeDecodeError or SyntaxError. It now returns + an empty string as per the documentation. + - gh-89988: Fix memory leak in pickle.Pickler when looking up + dispatch_table. Patch by Kumar Aditya. + - gh-94254: Fixed types of struct module to be immutable. Patch + by Kumar Aditya. + - gh-94245: Fix pickling and copying of typing.Tuple[()]. + - gh-94207: Made _struct.Struct GC-tracked in order to fix a + reference leak in the _struct module. + - gh-94101: Manual instantiation of ssl.SSLSession objects is + no longer allowed as it lead to misconfigured instances that + crashed the interpreter when attributes where accessed on + them. + - gh-84753: inspect.iscoroutinefunction(), + inspect.isgeneratorfunction(), and + inspect.isasyncgenfunction() now properly return True + for duck-typed function-like objects like instances of + unittest.mock.AsyncMock. + - This makes inspect.iscoroutinefunction() consistent with the + behavior of asyncio.iscoroutinefunction(). Patch by Mehdi + ABAAKOUK. + - gh-83499: Fix double closing of file description in tempfile. + - gh-79512: Fixed names and __module__ value of weakref classes + ReferenceType, ProxyType, CallableProxyType. It makes them + pickleable. + - gh-90494: copy.copy() and copy.deepcopy() now always raise + a TypeError if __reduce__() returns a tuple with length 6 + instead of silently ignore the 6th item or produce incorrect + result. + - gh-90549: Fix a multiprocessing bug where a global named + resource (such as a semaphore) could leak when a child + process is spawned (as opposed to forked). + - gh-79579: sqlite3 now correctly detects DML queries with + leading comments. Patch by Erlend E. Aasland. + - gh-93421: Update sqlite3.Cursor.rowcount when a DML + statement has run to completion. This fixes the row count + for SQL queries like UPDATE ... RETURNING. Patch by Erlend + E. Aasland. + - gh-91810: Suppress writing an XML declaration in open + files in ElementTree.write() with encoding='unicode' and + xml_declaration=None. + - gh-93353: Fix the importlib.resources.as_file() context + manager to remove the temporary file if destroyed late + during Python finalization: keep a local reference to the + os.remove() function. Patch by Victor Stinner. + - gh-83658: Make multiprocessing.Pool raise an exception if + maxtasksperchild is not None or a positive int. + - gh-74696: shutil.make_archive() no longer temporarily changes + the current working directory during creation of standard + .zip or tar archives. + - gh-91577: Move imports in SharedMemory methods to module + level so that they can be executed late in python + finalization. + - bpo-47231: Fixed an issue with inconsistent trailing slashes + in tarfile longname directories. + - bpo-46755: In QueueHandler, clear stack_info from LogRecord + to prevent stack trace from being written twice. + - bpo-46053: Fix OSS audio support on NetBSD. + - bpo-46197: Fix ensurepip environment isolation for subprocess + running pip. + - bpo-45924: Fix asyncio incorrect traceback when future’s + exception is raised multiple times. Patch by Kumar Aditya. + - bpo-34828: sqlite3.Connection.iterdump() now handles + databases that use AUTOINCREMENT in one or more tables. + - gh-94321: Document the PEP 246 style protocol type + sqlite3.PrepareProtocol. + - gh-86128: Document a limitation in ThreadPoolExecutor where + its exit handler is executed before any handlers in atexit. + - gh-61162: Clarify sqlite3 behavior when Using the connection + as a context manager. + - gh-87260: Align sqlite3 argument specs with the actual + implementation. + - gh-86986: The minimum Sphinx version required to build the + documentation is now 3.2. + - gh-88831: Augmented documentation of + asyncio.create_task(). Clarified the need to keep strong + references to tasks and added a code snippet detailing how to + to this. + - bpo-47161: Document that pathlib.PurePath does not collapse + initial double slashes because they denote UNC paths. + - gh-95280: Fix problem with test_ssl test_get_ciphers on + systems that require perfect forward secrecy (PFS) ciphers. + - gh-95212: Make multiprocessing test case + test_shared_memory_recreate parallel-safe. + - gh-91330: Added more tests for dataclasses to cover behavior + with data descriptor-based fields. + - gh-94208: test_ssl is now checking for supported TLS version + and protocols in more tests. + - gh-93951: In test_bdb.StateTestCase.test_skip, avoid + including auxiliary importers. + - gh-93957: Provide nicer error reporting from subprocesses in + test_venv.EnsurePipTest.test_with_pip. + - gh-57539: Increase calendar test coverage for + calendar.LocaleTextCalendar.formatweekday(). + - gh-92886: Fixing tests that fail when running with + optimizations (-O) in test_zipimport.py + - bpo-47016: Create a GitHub Actions workflow for verifying + bundled pip and setuptools. Patch by Illia Volochii and Adam + Turner. + - gh-94841: Fix the possible performance regression of + PyObject_Free() compiled with MSVC version 1932. + - gh-95511: Fix the Shell context menu copy-with-prompts bug of + copying an extra line when one selects whole lines. + - gh-95471: In the Edit menu, move Select All and add a new + separator. + - gh-95411: Enable using IDLE’s module browser with .pyw files. + - gh-89610: Add .pyi as a recognized extension for IDLE on + macOS. This allows opening stub files by double clicking on + them in the Finder. + - gh-94538: Fix Argument Clinic output to custom file + destinations. Patch by Erlend E. Aasland. + - gh-94430: Allow parameters named module and self with custom + C names in Argument Clinic. Patch by Erlend E. Aasland + - gh-94930: Fix SystemError raised when + PyArg_ParseTupleAndKeywords() is used with # in (...) but + without PY_SSIZE_T_CLEAN defined. + - gh-94864: Fix PyArg_Parse* with deprecated format units “u” + and “Z”. It returned 1 (success) when warnings are turned + into exceptions. +- Reapply patches + - bpo-31046_ensurepip_honours_prefix.patch + - fix_configure_rst.patch + - no-skipif-doctests.patch + - skip-test_pyobject_freed_is_freed.patch + +------------------------------------------------------------------- +Sun Jul 31 09:41:30 UTC 2022 - Stephan Kulow + +- Extend distutils-reproducible-compile.patch with a workaround + for non reproducible pyc files issue 93317 + +------------------------------------------------------------------- +Thu Jul 21 14:19:52 UTC 2022 - Matej Cepl + +- Switch from %primary_interpreter to prjconf-defined + %primary_python (gh#openSUSE/python-rpm-macros#127). + ------------------------------------------------------------------- Thu Jun 9 16:43:30 UTC 2022 - Matej Cepl diff --git a/python310.spec b/python310.spec index 7f7da63..72d1ce2 100644 --- a/python310.spec +++ b/python310.spec @@ -36,6 +36,13 @@ %bcond_without general %endif +%define python_pkg_name python310 +%if "%{python_pkg_name}" == "%{primary_python}" +%define primary_interpreter 1 +%else +%define primary_interpreter 0 +%endif + %if 0%{?sle_version} && 0%{?suse_version} < 1550 # Obsoleting previous "latest" Python versions # Next versions will get more lines like for older versions @@ -59,16 +66,8 @@ Obsoletes: python39%{?1:-%{1}} %else %define tarversion %{version} %endif -%define python_pkg_name python310 -# Will provide the python3-* provides -# Will do the /usr/bin/python3 and all the core links -%if 0%{?sle_version} || 0%{?suse_version} < 1550 -%define primary_interpreter 0 -%else -%define primary_interpreter 1 -%endif # We don't process beta signs well -%define folderversion 3.10.5 +%define folderversion 3.10.7 %define tarname Python-%{tarversion} %define sitedir %{_libdir}/python%{python_version} # three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 @@ -104,7 +103,7 @@ Obsoletes: python39%{?1:-%{1}} %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.10.5 +Version: 3.10.7 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 @@ -170,6 +169,8 @@ Patch36: support-expat-CVE-2022-25236-patched.patch # PATCH-FIX-UPSTREAM CVE-2015-20107-mailcap-unsafe-filenames.patch bsc#1198511 mcepl@suse.com # avoid the command injection in the mailcap module. Patch37: CVE-2015-20107-mailcap-unsafe-filenames.patch +# PATCH-FIX-UPSTREAM gh-96710: Make the test timing more lenient for the int/str DoS regression test. (#96717) +Patch38: test-int-timing.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -439,6 +440,7 @@ other applications. %patch35 -p1 %patch36 -p1 %patch37 -p1 +%patch38 -p1 # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac diff --git a/skip-test_pyobject_freed_is_freed.patch b/skip-test_pyobject_freed_is_freed.patch index a13a2da..7be01a7 100644 --- a/skip-test_pyobject_freed_is_freed.patch +++ b/skip-test_pyobject_freed_is_freed.patch @@ -4,7 +4,7 @@ --- a/Lib/test/test_capi.py +++ b/Lib/test/test_capi.py -@@ -794,6 +794,7 @@ class PyMemDebugTests(unittest.TestCase) +@@ -941,6 +941,7 @@ class PyMemDebugTests(unittest.TestCase) def test_pyobject_forbidden_bytes_is_freed(self): self.check_pyobject_is_freed('check_pyobject_forbidden_bytes_is_freed') diff --git a/support-expat-CVE-2022-25236-patched.patch b/support-expat-CVE-2022-25236-patched.patch index e7b3acb..5b26c99 100644 --- a/support-expat-CVE-2022-25236-patched.patch +++ b/support-expat-CVE-2022-25236-patched.patch @@ -23,8 +23,8 @@ Also, test_minidom.py: Support Expat >=2.4.5 Co-authored-by: Sebastian Pipping --- - Lib/test/test_minidom.py | 25 ++++++++++--------------- - 1 file changed, 10 insertions(+), 15 deletions(-) + Lib/test/test_minidom.py | 23 +++++++++-------------- + 1 file changed, 9 insertions(+), 14 deletions(-) create mode 100644 Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst --- a/Lib/test/test_minidom.py @@ -36,8 +36,8 @@ Co-authored-by: Sebastian Pipping -import pyexpat import xml.dom.minidom - from xml.dom.minidom import parse, Node, Document, parseString -@@ -1149,13 +1148,11 @@ class MinidomTest(unittest.TestCase): + from xml.dom.minidom import parse, Attr, Node, Document, parseString +@@ -1163,13 +1162,11 @@ class MinidomTest(unittest.TestCase): # Verify that character decoding errors raise exceptions instead # of crashing @@ -56,7 +56,7 @@ Co-authored-by: Sebastian Pipping b'Comment \xe7a va ? Tr\xe8s bien ?') doc.unlink() -@@ -1617,12 +1614,10 @@ class MinidomTest(unittest.TestCase): +@@ -1631,12 +1628,10 @@ class MinidomTest(unittest.TestCase): self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE) def testExceptionOnSpacesInXMLNSValue(self): diff --git a/test-int-timing.patch b/test-int-timing.patch new file mode 100644 index 0000000..4f7ef27 --- /dev/null +++ b/test-int-timing.patch @@ -0,0 +1,78 @@ +From 11e3548fd1d3445ccde971d613633b58d73c3016 Mon Sep 17 00:00:00 2001 +From: "Gregory P. Smith" +Date: Fri, 9 Sep 2022 12:51:34 -0700 +Subject: [PATCH] gh-96710: Make the test timing more lenient for the int/str + DoS regression test. (#96717) + +A regression would still absolutely fail and even a flaky pass isn't +harmful as it'd fail most of the time across our N system test runs. + +Windows has a low resolution timer and CI systems are prone to odd +timing so this just gives more leeway to avoid flakiness. +--- + Lib/test/test_int.py | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/Lib/test/test_int.py b/Lib/test/test_int.py +index 800c0b006c..c972b8afb4 100644 +--- a/Lib/test/test_int.py ++++ b/Lib/test/test_int.py +@@ -650,7 +650,8 @@ def test_denial_of_service_prevented_int_to_str(self): + self.assertEqual(len(huge_decimal), digits) + # Ensuring that we chose a slow enough conversion to measure. + # It takes 0.1 seconds on a Zen based cloud VM in an opt build. +- if seconds_to_convert < 0.005: ++ # Some OSes have a low res 1/64s timer, skip if hard to measure. ++ if seconds_to_convert < 1/64: + raise unittest.SkipTest('"slow" conversion took only ' + f'{seconds_to_convert} seconds.') + +@@ -662,7 +663,7 @@ def test_denial_of_service_prevented_int_to_str(self): + str(huge_int) + seconds_to_fail_huge = get_time() - start + self.assertIn('conversion', str(err.exception)) +- self.assertLess(seconds_to_fail_huge, seconds_to_convert/8) ++ self.assertLessEqual(seconds_to_fail_huge, seconds_to_convert/2) + + # Now we test that a conversion that would take 30x as long also fails + # in a similarly fast fashion. +@@ -673,7 +674,7 @@ def test_denial_of_service_prevented_int_to_str(self): + str(extra_huge_int) + seconds_to_fail_extra_huge = get_time() - start + self.assertIn('conversion', str(err.exception)) +- self.assertLess(seconds_to_fail_extra_huge, seconds_to_convert/8) ++ self.assertLess(seconds_to_fail_extra_huge, seconds_to_convert/2) + + def test_denial_of_service_prevented_str_to_int(self): + """Regression test: ensure we fail before performing O(N**2) work.""" +@@ -691,7 +692,8 @@ def test_denial_of_service_prevented_str_to_int(self): + seconds_to_convert = get_time() - start + # Ensuring that we chose a slow enough conversion to measure. + # It takes 0.1 seconds on a Zen based cloud VM in an opt build. +- if seconds_to_convert < 0.005: ++ # Some OSes have a low res 1/64s timer, skip if hard to measure. ++ if seconds_to_convert < 1/64: + raise unittest.SkipTest('"slow" conversion took only ' + f'{seconds_to_convert} seconds.') + +@@ -701,7 +703,7 @@ def test_denial_of_service_prevented_str_to_int(self): + int(huge) + seconds_to_fail_huge = get_time() - start + self.assertIn('conversion', str(err.exception)) +- self.assertLess(seconds_to_fail_huge, seconds_to_convert/8) ++ self.assertLessEqual(seconds_to_fail_huge, seconds_to_convert/2) + + # Now we test that a conversion that would take 30x as long also fails + # in a similarly fast fashion. +@@ -712,7 +714,7 @@ def test_denial_of_service_prevented_str_to_int(self): + int(extra_huge) + seconds_to_fail_extra_huge = get_time() - start + self.assertIn('conversion', str(err.exception)) +- self.assertLess(seconds_to_fail_extra_huge, seconds_to_convert/8) ++ self.assertLessEqual(seconds_to_fail_extra_huge, seconds_to_convert/2) + + def test_power_of_two_bases_unlimited(self): + """The limit does not apply to power of 2 bases.""" +-- +2.37.3 +