diff --git a/CVE-2024-12254-unbound-mem-buffering-SelectorSocketTransport.writelines.patch b/CVE-2024-12254-unbound-mem-buffering-SelectorSocketTransport.writelines.patch deleted file mode 100644 index 1b32db3..0000000 --- a/CVE-2024-12254-unbound-mem-buffering-SelectorSocketTransport.writelines.patch +++ /dev/null @@ -1,46 +0,0 @@ -From bfc2e93d755bf496e5ef4cae9609d2823122c909 Mon Sep 17 00:00:00 2001 -From: "J. Nick Koston" -Date: Thu, 5 Dec 2024 10:01:10 -0600 -Subject: [PATCH 01/10] Ensure writelines pauses the protocol if needed - ---- - Lib/asyncio/selector_events.py | 1 - Lib/test/test_asyncio/test_selector_events.py | 12 ++++++++++ - Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst | 1 - 3 files changed, 14 insertions(+) - ---- a/Lib/asyncio/selector_events.py -+++ b/Lib/asyncio/selector_events.py -@@ -1183,6 +1183,7 @@ class _SelectorSocketTransport(_Selector - # If the entire buffer couldn't be written, register a write handler - if self._buffer: - self._loop._add_writer(self._sock_fd, self._write_ready) -+ self._maybe_pause_protocol() - - def can_write_eof(self): - return True ---- a/Lib/test/test_asyncio/test_selector_events.py -+++ b/Lib/test/test_asyncio/test_selector_events.py -@@ -805,6 +805,18 @@ class SelectorSocketTransportTests(test_ - self.assertTrue(self.sock.send.called) - self.assertTrue(self.loop.writers) - -+ def test_writelines_pauses_protocol(self): -+ data = memoryview(b'data') -+ self.sock.send.return_value = 2 -+ self.sock.send.fileno.return_value = 7 -+ -+ transport = self.socket_transport() -+ transport._high_water = 1 -+ transport.writelines([data]) -+ self.assertTrue(self.protocol.pause_writing.called) -+ self.assertTrue(self.sock.send.called) -+ self.assertTrue(self.loop.writers) -+ - @unittest.skipUnless(selector_events._HAS_SENDMSG, 'no sendmsg') - def test_write_sendmsg_full(self): - data = memoryview(b'data') ---- /dev/null -+++ b/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst -@@ -0,0 +1 @@ -+Fixed the :class:`!asyncio.selector_events._SelectorSocketTransport` transport not pausing writes for the protocol when the buffer reaches the high water mark when using :meth:`asyncio.WriteTransport.writelines`. diff --git a/Python-3.12.8.tar.xz b/Python-3.12.8.tar.xz deleted file mode 100644 index f1faca0..0000000 --- a/Python-3.12.8.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c909157bb25ec114e5869124cc2a9c4a4d4c1e957ca4ff553f1edc692101154e -size 20489808 diff --git a/Python-3.12.8.tar.xz.asc b/Python-3.12.8.tar.xz.asc deleted file mode 100644 index ce3a762..0000000 --- a/Python-3.12.8.tar.xz.asc +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmdPZepfFIAAAAAALgAo -aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx -Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6 -YwV2vQ//enP0FhpesVqbIf52CDqRUxRmO29bgW+a4wvRMMcGhMwVhDYKBSXwpI1O -FJDm6y16mjfgVDJ17aU15+NUGqEDEcDj/59LUgOBkbgGkhhi7qPvqG+8YJoTJtFr -0N3dcYwMSJQmN+y+xAWWHhc576KSkASqTG5OcS/n6yTG+zjFkN2Iznp0INQZpSt2 -44YocvRIK0vozabd47JCx5w/txE3nYtsl6nG5VTMeavbWYzgFBJhVSyykLSJxlyU -mJgL0DMspjsUH2ZeYkHqqnuEZkogwJfI3eL2Z4BdVb96hh/s/L4UaSa3GI1a2Tdf -c6UJLGWTqaFFcohIVrGhgckAQRrit7AZCBb/FwTsDXahxau7ECLNpgcRQCWgAXlN -l7SSQkI2snUs5c+mCuBspDvBVxhAWq1VUelkPurQymR/ajGywwXgdGQwmq7BO+Wr -E7fChlwTKLFkQorrzKw7FoL674gTolCHoO/XTDmCNIkEblykSl9mz9FnI2q1C0id -Q+rM1rGo2ubJhthvpKdA5jDpzK6tPqG2xNgV6+xhXl4Bg7w4dhEKIu1vKH4RRBgR -GTf9LSlJMdaDIyWbbuMFpthCrhnmXbK0qe4whQRtip/TB+1qjl1e5gB0kULujApj -RbtxbR50cCDmocM6nae2P1tq0s3jaSs/VemiptexdTilGcm3088= -=2KVU ------END PGP SIGNATURE----- diff --git a/Python-3.12.9.tar.xz b/Python-3.12.9.tar.xz new file mode 100644 index 0000000..7dc0d12 --- /dev/null +++ b/Python-3.12.9.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7220835d9f90b37c006e9842a8dff4580aaca4318674f947302b8d28f3f81112 +size 20502440 diff --git a/Python-3.12.9.tar.xz.asc b/Python-3.12.9.tar.xz.asc new file mode 100644 index 0000000..d024ab7 --- /dev/null +++ b/Python-3.12.9.tar.xz.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmeiX7JfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx +Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6 +YwXTqw//VlGJA5CRDfljMwN9BmG2hdXB1B7Lj0PssuAo4A/lH99gb4DRVDS9LNjr +99WdH/fQQovx6rTbtyJnN8Vh7SSduBi/vOc5n5VOXZB0buqR0l+0wu4m43Slu6xP +fXO349Hr6585lemU8x54TrP756rSVUhy3T+krUuNDL9W1Wrp2yDCpt4tUoEhNXGw +DoYS8MrK/ygLNV/7p2DeMWOHNdbjKNH6rfzl60IAwAp7oANcyoj6Pho960bbeUDo +tb47Pw0WWZv3EuITP6bPa8+Z6dj096cFL3AQJ3ap16OduwiaOsGhqTfe4+kbp6ut +Gp/1HeIHzPbEV0E5K78RWHuzBYgU1oPGiMjlp7WkA7bP2OSTF7nM4EBkiiihk2qx +3d5VF9wpVRJ4AuR/aWcWcMnvD2ziSWfzZM3Z3VLnTaWYpuRkQp8TTiFr1vHqxMYm +p/8AozzBJMfOS6u/Q0WNAdk6x3VB0DXnTAETXQVIrex4DXqX/3WSMWK5/x/OyCh9 +ytdreIQYbv1KvlNQJkgpPb7jlUSXp8t9fHCXt4hszhJgtjwIj/+CuSeAgX0bhopV +XsqOBseDNhATg38mhwBVaeFKGRpxsKdpxcdqSEGKuhXtEI/hJmkpZGw49gy3xWxB +KlgRgKjCPw+BGAIVV9qvdtJzam8a09SKVcslqgF619q0byQoBmo= +=1TbP +-----END PGP SIGNATURE----- diff --git a/Python-3.12.9.tar.xz.sigstore b/Python-3.12.9.tar.xz.sigstore new file mode 100644 index 0000000..1403d92 --- /dev/null +++ b/Python-3.12.9.tar.xz.sigstore @@ -0,0 +1 @@ +{"mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", "verificationMaterial": {"certificate": {"rawBytes": "MIICzDCCAlGgAwIBAgIURTUfXRvqHjmDrUaHk+FetMa/yUIwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwMjA0MTg0NDI1WhcNMjUwMjA0MTg1NDI1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAERw4E88OE+Kka1dO54CLpErUU6fdlwMd6ChuL9rXtu8kq8xC6gbNjsVqN1bFBdDsRe8+EpP7VT7T0X7oto90xb6OCAXAwggFsMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUNGXX3GOz7CXqRAPGCpmWTcOuEbEwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wHwYDVR0RAQH/BBUwE4ERdGhvbWFzQHB5dGhvbi5vcmcwKQYKKwYBBAGDvzABAQQbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMCsGCisGAQQBg78wAQgEHQwbaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tMIGLBgorBgEEAdZ5AgQCBH0EewB5AHcA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGU0kcjwAAABAMASDBGAiEA88w9QbNsdJkrlbcJRDfDc5zN3M9iZTy+FOEmWF4llxYCIQDQOMoLvyJ5epD8bjP4ZJtkawsrINglKoTZbNTVukd7IjAKBggqhkjOPQQDAwNpADBmAjEAjzAEFF4PV7TKUZPtsEg5vPlBqTF6TM9xdnmX8RPXTXdDw+UjhK16cjgbc2PWb4/xAjEA4HgAk8dxEyw4filZ7a7M8XJbZIX5CNlsE8OAz1gVCbtlxYv9BnF0R1GPnZv6pJrM"}, "tlogEntries": [{"logIndex": "168669956", "logId": {"keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="}, "kindVersion": {"kind": "hashedrekord", "version": "0.0.1"}, "integratedTime": "1738694665", "inclusionPromise": {"signedEntryTimestamp": "MEYCIQDVmal6r4YwWZnRFAhkxtBuhC9DkI8edAE3TDtWeATI8QIhANxiG29sGfPL9neccap5pApPdpGNw7HUrcg2f/plSQaL"}, "inclusionProof": {"logIndex": "46765694", "rootHash": "tHDnjyWM1D0S/LMxPKpbA2ARX0nDJAIaiSJkEfAUt80=", "treeSize": "46765695", "hashes": ["MbM4b1IdzMcxrM0M3G0WRC6T9I04Nb9U2Ndsw9Iu8Kg=", "reCjGqzdYRJnPDpm1ah+58Nk8fWzbdDcnQRY4aLgnac=", "ffOkE+U7rrMFDm2qwCD3MfwiTo2njwK9PY4QIryK4yU=", "vfQF1SCq0+eofmO26+YjbYtOmw9myoV+5CV4JF4ZcL0=", "nhUF67tgV9eCOCZ/5rpk46g6Um0PL25g3oTmMl/VkpA=", "SkkhuNxwaCK56utv2d4O0v1RFIcnU5lTVMq89IZtWaE=", "5S8IyLnwlAhLZBEUNH1SaLO2dckc8NKwnGVgAO+3QQI=", "3onlfMyeVMDSIvH0BhkTTMYIWUuOZa+vitTl74eA7yo=", "TgYmpZ2JTTWko4kWZxTIAYkJpJpeOjVCg6ICKYnUS+8=", "PAMmlBIG22MGowjyiChYp5iB6NiTRa0xKI2vnvpExek=", "NS61TOUCaTiUJotPDnr7bTP/1ogKsWSnbgDlk1uvGzM=", "MvEBWaRrd43Pq04mjOFzGW9RiqBSzMBfuFXKBIVtQnc=", "Zse3BPkR/cJv62LvVuiDH+EpgIE5v3V3qXdG8HQFf1A=", "jU9+tgjTIKUYGeU7T7RjqyL+F+gFV9tCdwX2GZ1UtQs=", "vemyaMj0Na1LMjbB/9Dmkq8T+jAb3o+yCESgAayUABU="], "checkpoint": {"envelope": "rekor.sigstore.dev - 1193050959916656506\n46765695\ntHDnjyWM1D0S/LMxPKpbA2ARX0nDJAIaiSJkEfAUt80=\n\n\u2014 rekor.sigstore.dev wNI9ajBFAiEAuCYs8aQChh+nY0StyUwt2eomG176aNsYT003B5N0Z90CIFtuoa7y2G4hHRVQx+lqO60qXMe4RzklsY59A1S70VZP\n"}}, "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI3MjIwODM1ZDlmOTBiMzdjMDA2ZTk4NDJhOGRmZjQ1ODBhYWNhNDMxODY3NGY5NDczMDJiOGQyOGYzZjgxMTEyIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUUNPL2ozUHRyK1QwQU4yVHZMdlpXaVdpSHdmWno2ZDhoaXNWcXpBcWd3SlRRSWdTb1RpSGpScjlWeXN0YW5OTUtCYUhVZnIzUnkxdGovck1UMVFjVVlGTndvPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjZSRU5EUVd4SFowRjNTVUpCWjBsVlVsUlZabGhTZG5GSWFtMUVjbFZoU0dzclJtVjBUV0V2ZVZWSmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFZkMDFxUVRCTlZHY3dUa1JKTVZkb1kwNU5hbFYzVFdwQk1FMVVaekZPUkVreFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZTZHpSRk9EaFBSU3RMYTJFeFpFODFORU5NY0VWeVZWVTJabVJzZDAxa05rTm9kVXdLT1hKWWRIVTRhM0U0ZUVNMloySk9hbk5XY1U0eFlrWkNaRVJ6VW1VNEswVndVRGRXVkRkVU1GZzNiM1J2T1RCNFlqWlBRMEZZUVhkblowWnpUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZPUjFoWUNqTkhUM28zUTFoeFVrRlFSME53YlZkVVkwOTFSV0pGZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDBoM1dVUldVakJTUVZGSUwwSkNWWGRGTkVWU1pFZG9kbUpYUm5wUlNFSTFaRWRvZG1KcE5YWmpiV04zUzFGWlMwdDNXVUpDUVVkRWRucEJRZ3BCVVZGaVlVaFNNR05JVFRaTWVUbG9XVEpPZG1SWE5UQmplVFZ1WWpJNWJtSkhWWFZaTWpsMFRVTnpSME5wYzBkQlVWRkNaemM0ZDBGUlowVklVWGRpQ21GSVVqQmpTRTAyVEhrNWFGa3lUblprVnpVd1kzazFibUl5T1c1aVIxVjFXVEk1ZEUxSlIweENaMjl5UW1kRlJVRmtXalZCWjFGRFFrZ3dSV1YzUWpVS1FVaGpRVE5VTUhkaGMySklSVlJLYWtkU05HTnRWMk16UVhGS1MxaHlhbVZRU3pNdmFEUndlV2RET0hBM2J6UkJRVUZIVlRCclkycDNRVUZCUWtGTlFRcFRSRUpIUVdsRlFUZzRkemxSWWs1elpFcHJjbXhpWTBwU1JHWkVZelY2VGpOTk9XbGFWSGtyUms5RmJWZEdOR3hzZUZsRFNWRkVVVTlOYjB4MmVVbzFDbVZ3UkRoaWFsQTBXa3AwYTJGM2MzSkpUbWRzUzI5VVdtSk9WRloxYTJRM1NXcEJTMEpuWjNGb2EycFBVRkZSUkVGM1RuQkJSRUp0UVdwRlFXcDZRVVVLUmtZMFVGWTNWRXRWV2xCMGMwVm5OWFpRYkVKeFZFWTJWRTA1ZUdSdWJWZzRVbEJZVkZoa1JIY3JWV3BvU3pFMlkycG5ZbU15VUZkaU5DOTRRV3BGUVFvMFNHZEJhemhrZUVWNWR6Um1hV3hhTjJFM1RUaFlTbUphU1ZnMVEwNXNjMFU0VDBGNk1XZFdRMkowYkhoWmRqbENia1l3VWpGSFVHNWFkalp3U25KTkNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19"}], "timestampVerificationData": {}}, "messageSignature": {"messageDigest": {"algorithm": "SHA2_256", "digest": "ciCDXZ+Qs3wAbphCqN/0WAqspDGGdPlHMCuNKPP4ERI="}, "signature": "MEUCIQCO/j3Ptr+T0AN2TvLvZWiWiHwfZz6d8hisVqzAqgwJTQIgSoTiHjRr9VystanNMKBaHUfr3Ry1tj/rMT1QcUYFNwo="}} diff --git a/doc-py38-to-py36.patch b/doc-py38-to-py36.patch index 34125d4..b3ba20f 100644 --- a/doc-py38-to-py36.patch +++ b/doc-py38-to-py36.patch @@ -1,25 +1,59 @@ --- - Doc/conf.py | 8 ++-- - Doc/tools/check-warnings.py | 3 + + Doc/Makefile | 8 ++-- + Doc/conf.py | 16 ++++++++- + Doc/tools/check-warnings.py | 5 +- Doc/tools/extensions/audit_events.py | 54 ++++++++++++++++---------------- Doc/tools/extensions/availability.py | 15 ++++---- - Doc/tools/extensions/c_annotations.py | 37 ++++++++++----------- + Doc/tools/extensions/c_annotations.py | 45 ++++++++++++++++---------- + Doc/tools/extensions/changes.py | 8 +--- Doc/tools/extensions/glossary_search.py | 10 +---- + Doc/tools/extensions/misc_news.py | 14 +++----- Doc/tools/extensions/patchlevel.py | 9 ++--- - 7 files changed, 67 insertions(+), 69 deletions(-) + 10 files changed, 100 insertions(+), 84 deletions(-) +--- a/Doc/Makefile ++++ b/Doc/Makefile +@@ -14,15 +14,15 @@ PAPER = + SOURCES = + DISTVERSION = $(shell $(PYTHON) tools/extensions/patchlevel.py) + REQUIREMENTS = requirements.txt +-SPHINXERRORHANDLING = --fail-on-warning ++SPHINXERRORHANDLING = -W + + # Internal variables. + PAPEROPT_a4 = --define latex_elements.papersize=a4paper + PAPEROPT_letter = --define latex_elements.papersize=letterpaper + +-ALLSPHINXOPTS = --builder $(BUILDER) \ +- --doctree-dir build/doctrees \ +- --jobs $(JOBS) \ ++ALLSPHINXOPTS = -b $(BUILDER) \ ++ -d build/doctrees \ ++ -j $(JOBS) \ + $(PAPEROPT_$(PAPER)) \ + $(SPHINXOPTS) $(SPHINXERRORHANDLING) \ + . build/$(BUILDER) $(SOURCES) --- a/Doc/conf.py +++ b/Doc/conf.py -@@ -85,7 +85,7 @@ today_fmt = '%B %d, %Y' - highlight_language = 'python3' +@@ -10,6 +10,8 @@ import importlib + import os + import sys + ++from sphinx import version_info ++ + # Make our custom extensions available to Sphinx + sys.path.append(os.path.abspath('tools/extensions')) + sys.path.append(os.path.abspath('includes')) +@@ -82,7 +84,7 @@ highlight_language = 'python3' # Minimum version of sphinx required --needs_sphinx = '7.2.6' + # Keep this version in sync with ``Doc/requirements.txt``. +-needs_sphinx = '8.1.3' +needs_sphinx = '4.2.0' # Create table of contents entries for domain objects (e.g. functions, classes, # attributes, etc.). Default is True. -@@ -342,7 +342,7 @@ html_short_title = f'{release} Documenta +@@ -337,7 +339,7 @@ html_short_title = f'{release} Documenta # (See .readthedocs.yml and https://docs.readthedocs.io/en/stable/reference/environment-variables.html) is_deployment_preview = os.getenv("READTHEDOCS_VERSION_TYPE") == "external" repository_url = os.getenv("READTHEDOCS_GIT_CLONE_URL", "") @@ -28,22 +62,23 @@ html_context = { "is_deployment_preview": is_deployment_preview, "repository_url": repository_url or None, -@@ -598,13 +598,13 @@ extlinks_detect_hardcoded_links = True - - if sphinx.version_info[:2] < (8, 1): - # Sphinx 8.1 has in-built CVE and CWE roles. -- extlinks |= { -+ extlinks.update({ - "cve": ( - "https://www.cve.org/CVERecord?id=CVE-%s", - "CVE-%s", - ), - "cwe": ("https://cwe.mitre.org/data/definitions/%s.html", "CWE-%s"), -- } -+ }) +@@ -583,6 +585,16 @@ extlinks = { + } + extlinks_detect_hardcoded_links = True ++if version_info[:2] < (8, 1): ++ # Sphinx 8.1 has in-built CVE and CWE roles. ++ extlinks.update({ ++ "cve": ( ++ "https://www.cve.org/CVERecord?id=CVE-%s", ++ "CVE-%s", ++ ), ++ "cwe": ("https://cwe.mitre.org/data/definitions/%s.html", "CWE-%s"), ++ }) ++ # Options for c_annotations extension # ----------------------------------- + --- a/Doc/tools/check-warnings.py +++ b/Doc/tools/check-warnings.py @@ -228,7 +228,8 @@ def fail_if_regression( @@ -56,6 +91,15 @@ print(" {line}: {msg}".format_map(match)) return -1 return 0 +@@ -316,7 +317,7 @@ def main(argv: list[str] | None = None) + + cwd = str(Path.cwd()) + os.path.sep + files_with_nits = { +- warning.removeprefix(cwd).split(":")[0] ++ (warning[len(cwd):].split(":")[0] if warning.startswith(cwd) else warning.split(":")[0]) + for warning in warnings + if "Doc/" in warning + } --- a/Doc/tools/extensions/audit_events.py +++ b/Doc/tools/extensions/audit_events.py @@ -1,9 +1,6 @@ @@ -210,16 +254,16 @@ from docutils import nodes from sphinx import addnodes -@@ -52,7 +50,7 @@ class Availability(SphinxDirective): +@@ -53,7 +51,7 @@ class Availability(SphinxDirective): optional_arguments = 0 final_argument_whitespace = True - def run(self) -> list[nodes.container]: + def run(self) -> List[nodes.container]: - title = "Availability" + title = sphinx_gettext("Availability") refnode = addnodes.pending_xref( title, -@@ -76,7 +74,7 @@ class Availability(SphinxDirective): +@@ -77,7 +75,7 @@ class Availability(SphinxDirective): return [cnode] @@ -228,7 +272,7 @@ """Parse platform information from arguments Arguments is a comma-separated string of platforms. A platform may -@@ -95,12 +93,13 @@ class Availability(SphinxDirective): +@@ -96,12 +94,13 @@ class Availability(SphinxDirective): platform, _, version = arg.partition(" >= ") if platform.startswith("not "): version = False @@ -244,7 +288,7 @@ logger.warning( "Unknown platform%s or syntax '%s' in '.. availability:: %s', " "see %s:KNOWN_PLATFORMS for a set of known platforms.", -@@ -113,7 +112,7 @@ class Availability(SphinxDirective): +@@ -114,7 +113,7 @@ class Availability(SphinxDirective): return platforms @@ -255,7 +299,7 @@ return { --- a/Doc/tools/extensions/c_annotations.py +++ b/Doc/tools/extensions/c_annotations.py -@@ -9,12 +9,10 @@ Configuration: +@@ -9,22 +9,18 @@ Configuration: * Set ``stable_abi_file`` to the path to stable ABI list. """ @@ -267,9 +311,10 @@ -from typing import TYPE_CHECKING +from typing import Any, Dict, List, TYPE_CHECKING, Union - import sphinx from docutils import nodes -@@ -23,9 +21,7 @@ from sphinx import addnodes + from docutils.statemachine import StringList +-from sphinx import addnodes ++from sphinx import addnodes, version_info from sphinx.locale import _ as sphinx_gettext from sphinx.util.docutils import SphinxDirective @@ -280,7 +325,7 @@ ROLE_TO_OBJECT_TYPE = { "func": "function", -@@ -36,20 +32,20 @@ ROLE_TO_OBJECT_TYPE = { +@@ -35,20 +31,20 @@ ROLE_TO_OBJECT_TYPE = { } @@ -305,7 +350,7 @@ class StableABIEntry: # Role of the object. # Source: Each [item_kind] in stable_abi.toml is mapped to a C Domain role. -@@ -68,7 +64,7 @@ class StableABIEntry: +@@ -67,7 +63,7 @@ class StableABIEntry: struct_abi_kind: str @@ -314,7 +359,7 @@ refcount_data = {} refcounts = refcount_filename.read_text(encoding="utf8") for line in refcounts.splitlines(): -@@ -104,7 +100,7 @@ def read_refcount_data(refcount_filename +@@ -103,7 +99,7 @@ def read_refcount_data(refcount_filename return refcount_data @@ -323,7 +368,7 @@ stable_abi_data = {} with open(stable_abi_file, encoding="utf8") as fp: for record in csv.DictReader(fp): -@@ -128,11 +124,14 @@ def add_annotations(app: Sphinx, doctree +@@ -127,11 +123,14 @@ def add_annotations(app: Sphinx, doctree continue if not par[0].get("ids", None): continue @@ -340,7 +385,7 @@ if ROLE_TO_OBJECT_TYPE[record.role] != objtype: msg = ( f"Object type mismatch in limited API annotation for {name}: " -@@ -239,7 +238,7 @@ def _unstable_api_annotation() -> nodes. +@@ -238,7 +237,7 @@ def _unstable_api_annotation() -> nodes. ) @@ -349,7 +394,7 @@ classes = ["refcount"] if result_refs is None: rc = sphinx_gettext("Return value: Always NULL.") -@@ -259,7 +258,7 @@ class LimitedAPIList(SphinxDirective): +@@ -258,7 +257,7 @@ class LimitedAPIList(SphinxDirective): optional_arguments = 0 final_argument_whitespace = True @@ -358,7 +403,7 @@ state = self.env.domaindata["c_annotations"] content = [ f"* :c:{record.role}:`{record.name}`" -@@ -282,7 +281,7 @@ def init_annotations(app: Sphinx) -> Non +@@ -281,13 +280,23 @@ def init_annotations(app: Sphinx) -> Non ) @@ -367,19 +412,59 @@ app.add_config_value("refcount_file", "", "env", types={str}) app.add_config_value("stable_abi_file", "", "env", types={str}) app.add_directive("limited-api-list", LimitedAPIList) -@@ -294,10 +293,10 @@ def setup(app: Sphinx) -> ExtensionMetad - from sphinx.domains.c import CObject + app.connect("builder-inited", init_annotations) + app.connect("doctree-read", add_annotations) - # monkey-patch C object... -- CObject.option_spec |= { ++ if version_info[:2] < (7, 2): ++ from docutils.parsers.rst import directives ++ from sphinx.domains.c import CObject ++ ++ # monkey-patch C object... + CObject.option_spec.update({ - "no-index-entry": directives.flag, - "no-contents-entry": directives.flag, -- } ++ "no-index-entry": directives.flag, ++ "no-contents-entry": directives.flag, + }) - ++ return { "version": "1.0", + "parallel_read_safe": True, +--- a/Doc/tools/extensions/changes.py ++++ b/Doc/tools/extensions/changes.py +@@ -1,7 +1,5 @@ + """Support for documenting version of changes, additions, deprecations.""" + +-from __future__ import annotations +- + from typing import TYPE_CHECKING + + from sphinx.domains.changeset import ( +@@ -25,7 +23,7 @@ def expand_version_arg(argument: str, re + + + class PyVersionChange(VersionChange): +- def run(self) -> list[Node]: ++ def run(self) -> "list[Node]": + # Replace the 'next' special token with the current development version + self.arguments[0] = expand_version_arg( + self.arguments[0], self.config.release +@@ -43,7 +41,7 @@ class DeprecatedRemoved(VersionChange): + "Deprecated since version %s, removed in version %s" + ) + +- def run(self) -> list[Node]: ++ def run(self) -> "list[Node]": + # Replace the first two arguments (deprecated version and removed version) + # with a single tuple of both versions. + version_deprecated = expand_version_arg( +@@ -73,7 +71,7 @@ class DeprecatedRemoved(VersionChange): + versionlabel_classes[self.name] = "" + + +-def setup(app: Sphinx) -> ExtensionMetadata: ++def setup(app: "Sphinx") -> "ExtensionMetadata": + # Override Sphinx's directives with support for 'next' + app.add_directive("versionadded", PyVersionChange, override=True) + app.add_directive("versionchanged", PyVersionChange, override=True) --- a/Doc/tools/extensions/glossary_search.py +++ b/Doc/tools/extensions/glossary_search.py @@ -1,18 +1,14 @@ @@ -412,6 +497,60 @@ app.connect('doctree-resolved', process_glossary_nodes) app.connect('build-finished', write_glossary_json) +--- a/Doc/tools/extensions/misc_news.py ++++ b/Doc/tools/extensions/misc_news.py +@@ -1,7 +1,5 @@ + """Support for including Misc/NEWS.""" + +-from __future__ import annotations +- + import re + from pathlib import Path + from typing import TYPE_CHECKING +@@ -24,13 +22,13 @@ Python News + +++++++++++ + """ + +-bpo_issue_re: Final[re.Pattern[str]] = re.compile( ++bpo_issue_re: "Final[re.Pattern[str]]" = re.compile( + "(?:issue #|bpo-)([0-9]+)", re.ASCII + ) +-gh_issue_re: Final[re.Pattern[str]] = re.compile( ++gh_issue_re: "Final[re.Pattern[str]]" = re.compile( + "gh-(?:issue-)?([0-9]+)", re.ASCII | re.IGNORECASE + ) +-whatsnew_re: Final[re.Pattern[str]] = re.compile( ++whatsnew_re: "Final[re.Pattern[str]]" = re.compile( + r"^what's new in (.*?)\??$", re.ASCII | re.IGNORECASE | re.MULTILINE + ) + +@@ -42,7 +40,7 @@ class MiscNews(SphinxDirective): + final_argument_whitespace = False + option_spec = {} + +- def run(self) -> list[Node]: ++ def run(self) -> "list[Node]": + # Get content of NEWS file + source, _ = self.get_source_info() + news_file = Path(source).resolve().parent / self.arguments[0] +@@ -54,7 +52,7 @@ class MiscNews(SphinxDirective): + return [nodes.strong(text, text)] + + # remove first 3 lines as they are the main heading +- news_text = news_text.removeprefix(BLURB_HEADER) ++ news_text = news_text[len(BLURB_HEADER):] if news_text.startswith(BLURB_HEADER) else news_text + + news_text = bpo_issue_re.sub(r":issue:`\1`", news_text) + # Fallback handling for GitHub issues +@@ -65,7 +63,7 @@ class MiscNews(SphinxDirective): + return [] + + +-def setup(app: Sphinx) -> ExtensionMetadata: ++def setup(app: "Sphinx") -> "ExtensionMetadata": + app.add_directive("miscnews", MiscNews) + + return { --- a/Doc/tools/extensions/patchlevel.py +++ b/Doc/tools/extensions/patchlevel.py @@ -3,7 +3,7 @@ diff --git a/docs-docutils_014-Sphinx_420.patch b/docs-docutils_014-Sphinx_420.patch index 8d22c50..2ef9053 100644 --- a/docs-docutils_014-Sphinx_420.patch +++ b/docs-docutils_014-Sphinx_420.patch @@ -6,7 +6,7 @@ --- a/Doc/tools/extensions/c_annotations.py +++ b/Doc/tools/extensions/c_annotations.py -@@ -118,7 +118,11 @@ def add_annotations(app: Sphinx, doctree +@@ -117,7 +117,11 @@ def add_annotations(app: Sphinx, doctree state = app.env.domaindata["c_annotations"] refcount_data = state["refcount_data"] stable_abi_data = state["stable_abi_data"] @@ -42,7 +42,7 @@ --- a/Doc/tools/extensions/pyspecific.py +++ b/Doc/tools/extensions/pyspecific.py -@@ -26,7 +26,10 @@ from sphinx.domains.python import PyFunc +@@ -25,7 +25,10 @@ from sphinx.domains.python import PyFunc from sphinx.locale import _ as sphinx_gettext from sphinx.util.docutils import SphinxDirective from sphinx.writers.text import TextWriter, TextTranslator diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch index 2ee5323..19cd4f9 100644 --- a/fix_configure_rst.patch +++ b/fix_configure_rst.patch @@ -21,7 +21,7 @@ Create a Python.framework rather than a traditional Unix install. Optional --- a/Misc/NEWS +++ b/Misc/NEWS -@@ -14575,7 +14575,7 @@ C API +@@ -14838,7 +14838,7 @@ C API - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-43795: The list in :ref:`limited-api-list` now shows the public name diff --git a/python312.changes b/python312.changes index 433450a..eab6839 100644 --- a/python312.changes +++ b/python312.changes @@ -1,3 +1,208 @@ +------------------------------------------------------------------- +Wed Feb 5 10:35:26 UTC 2025 - Matej Cepl + +- Update to 3.12.9: + - Tests + - gh-127906: Test the limited C API in test_cppext. Patch by + Victor Stinner. + - gh-127906: Backport test_cext from the main branch. Patch + by Victor Stinner. + - gh-127637: Add tests for the dis command-line + interface. Patch by Bénédikt Tran. + - Security + - gh-105704: When using urllib.parse.urlsplit() and + urllib.parse.urlparse() host parsing would not reject + domain names containing square brackets ([ and ]). Square + brackets are only valid for IPv6 and IPvFuture hosts + according to RFC 3986 Section 3.2.2. (CVE-2025-0938, + bsc#1236705) + - gh-127655: Fixed the + asyncio.selector_events._SelectorSocketTransport + transport not pausing writes for the protocol when + the buffer reaches the high water mark when using + asyncio.WriteTransport.writelines() (CVE-2024-12254, + bsc#1234290). + - gh-126108: Fix a possible NULL pointer dereference in + PySys_AddWarnOptionUnicode(). + - gh-80222: Fix bug in the folding of quoted strings + when flattening an email message using a modern email + policy. Previously when a quoted string was folded so + that it spanned more than one line, the surrounding + quotes and internal escapes would be omitted. This could + theoretically be used to spoof header lines using a + carefully constructed quoted string if the resulting + rendered email was transmitted or re-parsed. + - gh-119511: Fix a potential denial of service in the imaplib + module. When connecting to a malicious server, it could + cause an arbitrary amount of memory to be allocated. On + many systems this is harmless as unused virtual memory is + only a mapping, but if this hit a virtual address size + limit it could lead to a MemoryError or other process + crash. On unusual systems or builds where all allocated + memory is touched and backed by actual ram or storage + it could’ve consumed resources doing so until similarly + crashing. + - Library + - gh-129502: Unlikely errors in preparing arguments for + ctypes callback are now handled in the same way as errors + raised in the callback of in converting the result of + the callback – using sys.unraisablehook() instead of + sys.excepthook() and not setting sys.last_exc and other + variables. + - gh-129403: Corrected ValueError message for asyncio.Barrier + and threading.Barrier. + - gh-129409: Fix an integer overflow in the csv module when + writing a data field larger than 2GB. + - gh-118761: Improve import time of subprocess by lazy + importing locale and signal. Patch by Taneli Hukkinen. + - gh-129346: In sqlite3, handle out-of-memory when creating + user-defined SQL functions. + - gh-128550: Removed an incorrect optimization relating + to eager tasks in asyncio.TaskGroup that resulted in + cancellations being missed. + - gh-128991: Release the enter frame reference within bdb + callback + - gh-128961: Fix a crash when setting state on an exhausted + array.array iterator. + - gh-128916: Do not attempt to set SO_REUSEPORT on sockets of + address families other than AF_INET and AF_INET6, as it is + meaningless with these address families, and the call with + fail with Linux kernel 6.12.9 and newer. + - gh-128679: Fix tracemalloc.stop() race condition. Fix + tracemalloc to support calling tracemalloc.stop() in + one thread, while another thread is tracing memory + allocations. Patch by Victor Stinner. + - gh-128562: Fix possible conflicts in generated tkinter + widget names if the widget class name ends with a digit. + - gh-128552: Fix cyclic garbage introduced + by asyncio.loop.create_task() and + asyncio.TaskGroup.create_task() holding a reference to the + created task if it is eager. + - gh-128479: Fix asyncio.staggered.staggered_race() leaking + tasks and issuing an unhandled exception. + - gh-88834: Unify the instance check for typing.Union and + types.UnionType: Union now uses the instance checks against + its parameters instead of the subclass checks. + - gh-128302: Fix + xml.dom.xmlbuilder.DOMEntityResolver.resolveEntity(), which + was broken by the Python 3.0 transition. + - gh-128302: Allow xml.dom.xmlbuilder.DOMParser.parse() + to correctly handle xml.dom.xmlbuilder.DOMInputSource + instances that only have a systemId attribute set. + - gh-112064: Fix incorrect handling of negative read sizes in + HTTPResponse.read. Patch by Yury Manushkin. + - gh-58956: Fixed a frame reference leak in bdb. + - gh-128131: Completely support random access of uncompressed + unencrypted read-only zip files obtained by ZipFile.open. + - gh-127975: Avoid reusing quote types in ast.unparse() if + not needed. + - gh-128014: Fix resetting the default window icon by passing + default='' to the tkinter method wm_iconbitmap(). + - gh-115514: Fix exceptions and incomplete writes after + asyncio._SelectorTransport is closed before writes are + completed. + - gh-41872: Fix quick extraction of module docstrings from + a file in pydoc. It now supports docstrings with single + quotes, escape sequences, raw string literals, and other + Python syntax. + - gh-126742: Fix support of localized error messages reported + by dlerror(3) and gdbm_strerror in ctypes and dbm.gnu + functions respectively. Patch by Bénédikt Tran. + - gh-127870: Detect recursive calls in ctypes _as_parameter_ + handling. Patch by Victor Stinner. + - gh-127847: Fix the position when doing interleaved seeks + and reads in uncompressed, unencrypted zip files returned + by zipfile.ZipFile.open(). + - gh-127732: The platform module now correctly detects + Windows Server 2025. + - gh-93312: Include to get os.PIDFD_NONBLOCK + constant. Patch by Victor Stinner. + - gh-83662: Add missing __class_getitem__ method to the + Python implementation of functools.partial(), to make it + compatible with the C version. This is mainly relevant for + alternative Python implementations like PyPy and GraalPy, + because CPython will usually use the C-implementation of + that function. + - gh-127586: multiprocessing.pool.Pool now properly restores + blocked signal handlers of the parent thread when creating + processes via either spawn or forkserver. + - gh-98188: Fix an issue in + email.message.Message.get_payload() where data cannot be + decoded if the Content Transfer Encoding mechanism contains + trailing whitespaces or additional junk text. Patch by Hui + Liu. + - gh-127257: In ssl, system call failures that OpenSSL + reports using ERR_LIB_SYS are now raised as OSError. + - gh-126775: Make linecache.checkcache() thread safe and GC + re-entrancy safe. + - gh-58956: Fixed a bug in pdb where sometimes the breakpoint + won’t trigger if it was set on a function which is already + in the call stack. + - gh-123401: The http.cookies module now supports parsing + obsolete RFC 850 date formats, in accordance with RFC 9110 + requirements. Patch by Nano Zheng. + - gh-123085: In a bare call to importlib.resources.files(), + ensure the caller’s frame is properly detected when + importlib.resources is itself available as a compiled + module only (no source). + - gh-122431: readline.append_history_file() now raises a + ValueError when given a negative value. + - Documentation + - gh-125722: Require Sphinx 8.1.3 or later to build the + Python documentation. Patch by Adam Turner. + - gh-67206: Document that string.printable is not + printable in the POSIX sense. In particular, + string.printable.isprintable() returns False. Patch by + Bénédikt Tran. + - Core and Builtins + - gh-129345: Fix null pointer dereference in syslog.openlog() + when an audit hook raises an exception. + - gh-129093: Fix f-strings such as f'{expr=}' sometimes not + displaying the full expression when the expression contains + !=. + - gh-124363: Treat debug expressions in f-string as raw + strings. Patch by Pablo Galindo + - gh-128799: Add frame of except* to traceback when it wraps + a naked exception. + - gh-128078: Fix a SystemError when using anext() with a + default tuple value. Patch by Bénédikt Tran. + - gh-128079: Fix a bug where except* does not properly check + the return value of an ExceptionGroup’s split() function, + leading to a crash in some cases. Now when split() returns + an invalid object, except* raises a TypeError with the + original raised ExceptionGroup object chained to it. + - gh-127903: Objects/unicodeobject.c: fix a crash on DEBUG + builds in _copy_characters when there is nothing to copy. + - gh-127599: Fix statistics for increments of object + reference counts (in particular, when a reference count was + increased by more than 1 in a single operation). + - gh-111609: Respect end_offset in SyntaxError subclasses. + - gh-126862: Fix a possible overflow when a class inherits + from an absurd number of super-classes. Reported by Valery + Fedorenko. Patch by Bénédikt Tran. + - gh-117195: Avoid assertion failure for debug builds when + calling object.__sizeof__(1) + - C API + - gh-126554: Fix error handling in ctypes.CDLL objects which + could result in a crash in rare situations. + - gh-107249: Implement the Py_UNUSED macro for Windows MSVC + compiler. Patch by Victor Stinner. + - Build + - gh-129539: Don’t redefine EX_OK when the system has the + sysexits.h header. + - gh-128472: Skip BOLT optimization of functions using + computed gotos, fixing errors on build with LLVM 19. + - gh-123925: Fix building the curses module on platforms with + libncurses but without libncursesw. + - gh-128321: Set LIBS instead of LDFLAGS when checking if + sqlite3 library functions are available. This fixes the + ordering of linked libraries during checks, which was + incorrect when using a statically linked libsqlite3. +- Remove upstreamed patches: + - CVE-2024-12254-unbound-mem-buffering-SelectorSocketTransport.writelines.patch +- Add doc-py38-to-py36.patch to make documentation buildable on + SLE with older Sphinx. + ------------------------------------------------------------------- Mon Jan 27 09:02:35 UTC 2025 - Daniel Garcia @@ -368,6 +573,15 @@ Thu Oct 24 16:09:00 UTC 2024 - Matej Cepl path names provided when creating a virtual environment (bsc#1232241, CVE-2024-9287) +------------------------------------------------------------------- +Thu Oct 24 16:09:00 UTC 2024 - Matej Cepl + +- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote + path names provided when creating a virtual environment + (bsc#1232241, CVE-2024-9287) +- Update doc-py38-to-py36.patch to include str.removeprefix + replacement. + ------------------------------------------------------------------- Tue Oct 1 15:32:06 UTC 2024 - Matej Cepl diff --git a/python312.spec b/python312.spec index 0764181..e793bc9 100644 --- a/python312.spec +++ b/python312.spec @@ -118,16 +118,17 @@ # _md5.cpython-38m-x86_64-linux-gnu.so %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so Name: %{python_pkg_name}%{psuffix} -Version: 3.12.8 +Version: 3.12.9 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 URL: https://www.python.org/ Source0: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.asc -Source2: baselibs.conf -Source3: README.SUSE -Source4: externally_managed.in +Source2: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.sigstore +Source3: baselibs.conf +Source4: README.SUSE +Source5: externally_managed.in Source7: macros.python3 Source8: import_failed.py Source9: import_failed.map @@ -190,9 +191,6 @@ Patch41: docs-docutils_014-Sphinx_420.patch # PATCH-FIX-SLE doc-py38-to-py36.patch mcepl@suse.com # Make documentation extensions working with Python 3.6 Patch44: doc-py38-to-py36.patch -# PATCH-FIX-UPSTREAM CVE-2024-12254-unbound-mem-buffering-SelectorSocketTransport.writelines.patch bsc#1234290 mcepl@suse.com -# prevents exhaustion of memory -Patch45: CVE-2024-12254-unbound-mem-buffering-SelectorSocketTransport.writelines.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -757,7 +755,7 @@ rm %{buildroot}%{_bindir}/2to3 # documentation export PDOCS=%{buildroot}%{_docdir}/%{name} install -d -m 755 $PDOCS -install -c -m 644 %{SOURCE3} $PDOCS/ +install -c -m 644 %{SOURCE4} $PDOCS/ install -c -m 644 README.rst $PDOCS/ # tools