python-interpreters/python312
SHA256
7
0
Fork 0
forked from pool/python312
Code Pull Requests Activity

Accepting request 1244005 from devel:languages:python:Factory

Browse Source 
- Update to 3.12.9:
  - Tests
    - gh-127906: Test the limited C API in test_cppext. Patch by
      Victor Stinner.
    - gh-127906: Backport test_cext from the main branch. Patch
      by Victor Stinner.
    - gh-127637: Add tests for the dis command-line
      interface. Patch by Bénédikt Tran.
  - Security
    - gh-105704: When using urllib.parse.urlsplit() and
      urllib.parse.urlparse() host parsing would not reject
      domain names containing square brackets ([ and ]). Square
      brackets are only valid for IPv6 and IPvFuture hosts
      according to RFC 3986 Section 3.2.2. (CVE-2025-0938,
      bsc#1236705)
    - gh-127655: Fixed the
      asyncio.selector_events._SelectorSocketTransport
      transport not pausing writes for the protocol when
      the buffer reaches the high water mark when using
      asyncio.WriteTransport.writelines() (CVE-2024-12254,
      bsc#1234290).
    - gh-126108: Fix a possible NULL pointer dereference in
      PySys_AddWarnOptionUnicode().
    - gh-80222: Fix bug in the folding of quoted strings
      when flattening an email message using a modern email
      policy. Previously when a quoted string was folded so
      that it spanned more than one line, the surrounding
      quotes and internal escapes would be omitted. This could
      theoretically be used to spoof header lines using a
      carefully constructed quoted string if the resulting

OBS-URL: https://build.opensuse.org/request/show/1244005
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=28
This commit is contained in:
Dominique Leuenberger
2025-02-09 18:58:58 +00:00
committed by Git OBS Bridge
parent c4b3c6583b 32717178fc
commit b45169abf8
11 changed files with 428 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
CVE-2024-12254-unbound-mem-buffering-SelectorSocketTransport.writelines.patch
View File

@@ -1,46 +0,0 @@
From bfc2e93d755bf496e5ef4cae9609d2823122c909 Mon Sep 17 00:00:00 2001
From: "J. Nick Koston" <nick@koston.org>
Date: Thu, 5 Dec 2024 10:01:10 -0600
Subject: [PATCH 01/10] Ensure writelines pauses the protocol if needed
---
Lib/asyncio/selector_events.py | 1
Lib/test/test_asyncio/test_selector_events.py | 12 ++++++++++
Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst | 1
3 files changed, 14 insertions(+)
--- a/Lib/asyncio/selector_events.py
+++ b/Lib/asyncio/selector_events.py
@@ -1183,6 +1183,7 @@ class _SelectorSocketTransport(_Selector
# If the entire buffer couldn't be written, register a write handler
if self._buffer:
self._loop._add_writer(self._sock_fd, self._write_ready)
+ self._maybe_pause_protocol()
def can_write_eof(self):
return True
--- a/Lib/test/test_asyncio/test_selector_events.py
+++ b/Lib/test/test_asyncio/test_selector_events.py
@@ -805,6 +805,18 @@ class SelectorSocketTransportTests(test_
self.assertTrue(self.sock.send.called)
self.assertTrue(self.loop.writers)
+ def test_writelines_pauses_protocol(self):
+ data = memoryview(b'data')
+ self.sock.send.return_value = 2
+ self.sock.send.fileno.return_value = 7
+
+ transport = self.socket_transport()
+ transport._high_water = 1
+ transport.writelines([data])
+ self.assertTrue(self.protocol.pause_writing.called)
+ self.assertTrue(self.sock.send.called)
+ self.assertTrue(self.loop.writers)
+
@unittest.skipUnless(selector_events._HAS_SENDMSG, 'no sendmsg')
def test_write_sendmsg_full(self):
data = memoryview(b'data')
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2024-12-05-21-35-19.gh-issue-127655.xpPoOf.rst
@@ -0,0 +1 @@
+Fixed the :class:`!asyncio.selector_events._SelectorSocketTransport` transport not pausing writes for the protocol when the buffer reaches the high water mark when using :meth:`asyncio.WriteTransport.writelines`.

BIN
Python-3.12.8.tar.xz (Stored with Git LFS)
View File

Binary file not shown.

18
Python-3.12.8.tar.xz.asc
View File

@@ -1,18 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmdPZepfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx
Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6
YwV2vQ//enP0FhpesVqbIf52CDqRUxRmO29bgW+a4wvRMMcGhMwVhDYKBSXwpI1O
FJDm6y16mjfgVDJ17aU15+NUGqEDEcDj/59LUgOBkbgGkhhi7qPvqG+8YJoTJtFr
0N3dcYwMSJQmN+y+xAWWHhc576KSkASqTG5OcS/n6yTG+zjFkN2Iznp0INQZpSt2
44YocvRIK0vozabd47JCx5w/txE3nYtsl6nG5VTMeavbWYzgFBJhVSyykLSJxlyU
mJgL0DMspjsUH2ZeYkHqqnuEZkogwJfI3eL2Z4BdVb96hh/s/L4UaSa3GI1a2Tdf
c6UJLGWTqaFFcohIVrGhgckAQRrit7AZCBb/FwTsDXahxau7ECLNpgcRQCWgAXlN
l7SSQkI2snUs5c+mCuBspDvBVxhAWq1VUelkPurQymR/ajGywwXgdGQwmq7BO+Wr
E7fChlwTKLFkQorrzKw7FoL674gTolCHoO/XTDmCNIkEblykSl9mz9FnI2q1C0id
Q+rM1rGo2ubJhthvpKdA5jDpzK6tPqG2xNgV6+xhXl4Bg7w4dhEKIu1vKH4RRBgR
GTf9LSlJMdaDIyWbbuMFpthCrhnmXbK0qe4whQRtip/TB+1qjl1e5gB0kULujApj
RbtxbR50cCDmocM6nae2P1tq0s3jaSs/VemiptexdTilGcm3088=
=2KVU
-----END PGP SIGNATURE-----

BIN
Python-3.12.9.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

18
Python-3.12.9.tar.xz.asc Normal file
View File

@@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmeiX7JfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx
Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6
YwXTqw//VlGJA5CRDfljMwN9BmG2hdXB1B7Lj0PssuAo4A/lH99gb4DRVDS9LNjr
99WdH/fQQovx6rTbtyJnN8Vh7SSduBi/vOc5n5VOXZB0buqR0l+0wu4m43Slu6xP
fXO349Hr6585lemU8x54TrP756rSVUhy3T+krUuNDL9W1Wrp2yDCpt4tUoEhNXGw
DoYS8MrK/ygLNV/7p2DeMWOHNdbjKNH6rfzl60IAwAp7oANcyoj6Pho960bbeUDo
tb47Pw0WWZv3EuITP6bPa8+Z6dj096cFL3AQJ3ap16OduwiaOsGhqTfe4+kbp6ut
Gp/1HeIHzPbEV0E5K78RWHuzBYgU1oPGiMjlp7WkA7bP2OSTF7nM4EBkiiihk2qx
3d5VF9wpVRJ4AuR/aWcWcMnvD2ziSWfzZM3Z3VLnTaWYpuRkQp8TTiFr1vHqxMYm
p/8AozzBJMfOS6u/Q0WNAdk6x3VB0DXnTAETXQVIrex4DXqX/3WSMWK5/x/OyCh9
ytdreIQYbv1KvlNQJkgpPb7jlUSXp8t9fHCXt4hszhJgtjwIj/+CuSeAgX0bhopV
XsqOBseDNhATg38mhwBVaeFKGRpxsKdpxcdqSEGKuhXtEI/hJmkpZGw49gy3xWxB
KlgRgKjCPw+BGAIVV9qvdtJzam8a09SKVcslqgF619q0byQoBmo=
=1TbP
-----END PGP SIGNATURE-----

1
Python-3.12.9.tar.xz.sigstore Normal file
View File

File diff suppressed because one or more lines are too long

223
doc-py38-to-py36.patch
View File

@@ -1,25 +1,59 @@
---
Doc/conf.py | 8 ++--
Doc/tools/check-warnings.py | 3 +
Doc/Makefile | 8 ++--
Doc/conf.py | 16 ++++++++-
Doc/tools/check-warnings.py | 5 +-
Doc/tools/extensions/audit_events.py | 54 ++++++++++++++++----------------
Doc/tools/extensions/availability.py | 15 ++++----
Doc/tools/extensions/c_annotations.py | 37 ++++++++++-----------
Doc/tools/extensions/c_annotations.py | 45 ++++++++++++++++----------
Doc/tools/extensions/changes.py | 8 +---
Doc/tools/extensions/glossary_search.py | 10 +----
Doc/tools/extensions/misc_news.py | 14 +++-----
Doc/tools/extensions/patchlevel.py | 9 ++---
7 files changed, 67 insertions(+), 69 deletions(-)
10 files changed, 100 insertions(+), 84 deletions(-)
--- a/Doc/Makefile
+++ b/Doc/Makefile
@@ -14,15 +14,15 @@ PAPER =
SOURCES =
DISTVERSION = $(shell $(PYTHON) tools/extensions/patchlevel.py)
REQUIREMENTS = requirements.txt
-SPHINXERRORHANDLING = --fail-on-warning
+SPHINXERRORHANDLING = -W
# Internal variables.
PAPEROPT_a4 = --define latex_elements.papersize=a4paper
PAPEROPT_letter = --define latex_elements.papersize=letterpaper
-ALLSPHINXOPTS = --builder $(BUILDER) \
- --doctree-dir build/doctrees \
- --jobs $(JOBS) \
+ALLSPHINXOPTS = -b $(BUILDER) \
+ -d build/doctrees \
+ -j $(JOBS) \
$(PAPEROPT_$(PAPER)) \
$(SPHINXOPTS) $(SPHINXERRORHANDLING) \
. build/$(BUILDER) $(SOURCES)
--- a/Doc/conf.py
+++ b/Doc/conf.py
@@ -85,7 +85,7 @@ today_fmt = '%B %d, %Y'
highlight_language = 'python3'
@@ -10,6 +10,8 @@ import importlib
import os
import sys
+from sphinx import version_info
+
# Make our custom extensions available to Sphinx
sys.path.append(os.path.abspath('tools/extensions'))
sys.path.append(os.path.abspath('includes'))
@@ -82,7 +84,7 @@ highlight_language = 'python3'
# Minimum version of sphinx required
-needs_sphinx = '7.2.6'
# Keep this version in sync with ``Doc/requirements.txt``.
-needs_sphinx = '8.1.3'
+needs_sphinx = '4.2.0'
# Create table of contents entries for domain objects (e.g. functions, classes,
# attributes, etc.). Default is True.
@@ -342,7 +342,7 @@ html_short_title = f'{release} Documenta
@@ -337,7 +339,7 @@ html_short_title = f'{release} Documenta
# (See .readthedocs.yml and https://docs.readthedocs.io/en/stable/reference/environment-variables.html)
is_deployment_preview = os.getenv("READTHEDOCS_VERSION_TYPE") == "external"
repository_url = os.getenv("READTHEDOCS_GIT_CLONE_URL", "")
@@ -28,22 +62,23 @@
html_context = {
"is_deployment_preview": is_deployment_preview,
"repository_url": repository_url or None,
@@ -598,13 +598,13 @@ extlinks_detect_hardcoded_links = True
@@ -583,6 +585,16 @@ extlinks = {
}
extlinks_detect_hardcoded_links = True
if sphinx.version_info[:2] < (8, 1):
# Sphinx 8.1 has in-built CVE and CWE roles.
- extlinks |= {
+if version_info[:2] < (8, 1):
+ # Sphinx 8.1 has in-built CVE and CWE roles.
+ extlinks.update({
"cve": (
"https://www.cve.org/CVERecord?id=CVE-%s",
"CVE-%s",
),
"cwe": ("https://cwe.mitre.org/data/definitions/%s.html", "CWE-%s"),
- }
+ "cve": (
+ "https://www.cve.org/CVERecord?id=CVE-%s",
+ "CVE-%s",
+ ),
+ "cwe": ("https://cwe.mitre.org/data/definitions/%s.html", "CWE-%s"),
+ })
+
# Options for c_annotations extension
# -----------------------------------
--- a/Doc/tools/check-warnings.py
+++ b/Doc/tools/check-warnings.py
@@ -228,7 +228,8 @@ def fail_if_regression(
@@ -56,6 +91,15 @@
print(" {line}: {msg}".format_map(match))
return -1
return 0
@@ -316,7 +317,7 @@ def main(argv: list[str] | None = None)
cwd = str(Path.cwd()) + os.path.sep
files_with_nits = {
- warning.removeprefix(cwd).split(":")[0]
+ (warning[len(cwd):].split(":")[0] if warning.startswith(cwd) else warning.split(":")[0])
for warning in warnings
if "Doc/" in warning
}
--- a/Doc/tools/extensions/audit_events.py
+++ b/Doc/tools/extensions/audit_events.py
@@ -1,9 +1,6 @@
@@ -210,16 +254,16 @@
from docutils import nodes
from sphinx import addnodes
@@ -52,7 +50,7 @@ class Availability(SphinxDirective):
@@ -53,7 +51,7 @@ class Availability(SphinxDirective):
optional_arguments = 0
final_argument_whitespace = True
- def run(self) -> list[nodes.container]:
+ def run(self) -> List[nodes.container]:
title = "Availability"
title = sphinx_gettext("Availability")
refnode = addnodes.pending_xref(
title,
@@ -76,7 +74,7 @@ class Availability(SphinxDirective):
@@ -77,7 +75,7 @@ class Availability(SphinxDirective):
return [cnode]
@@ -228,7 +272,7 @@
"""Parse platform information from arguments
Arguments is a comma-separated string of platforms. A platform may
@@ -95,12 +93,13 @@ class Availability(SphinxDirective):
@@ -96,12 +94,13 @@ class Availability(SphinxDirective):
platform, _, version = arg.partition(" >= ")
if platform.startswith("not "):
version = False
@@ -244,7 +288,7 @@
logger.warning(
"Unknown platform%s or syntax '%s' in '.. availability:: %s', "
"see %s:KNOWN_PLATFORMS for a set of known platforms.",
@@ -113,7 +112,7 @@ class Availability(SphinxDirective):
@@ -114,7 +113,7 @@ class Availability(SphinxDirective):
return platforms
@@ -255,7 +299,7 @@
return {
--- a/Doc/tools/extensions/c_annotations.py
+++ b/Doc/tools/extensions/c_annotations.py
@@ -9,12 +9,10 @@ Configuration:
@@ -9,22 +9,18 @@ Configuration:
* Set ``stable_abi_file`` to the path to stable ABI list.
"""
@@ -267,9 +311,10 @@
-from typing import TYPE_CHECKING
+from typing import Any, Dict, List, TYPE_CHECKING, Union
import sphinx
from docutils import nodes
@@ -23,9 +21,7 @@ from sphinx import addnodes
from docutils.statemachine import StringList
-from sphinx import addnodes
+from sphinx import addnodes, version_info
from sphinx.locale import _ as sphinx_gettext
from sphinx.util.docutils import SphinxDirective
@@ -280,7 +325,7 @@
ROLE_TO_OBJECT_TYPE = {
"func": "function",
@@ -36,20 +32,20 @@ ROLE_TO_OBJECT_TYPE = {
@@ -35,20 +31,20 @@ ROLE_TO_OBJECT_TYPE = {
}
@@ -305,7 +350,7 @@
class StableABIEntry:
# Role of the object.
# Source: Each [item_kind] in stable_abi.toml is mapped to a C Domain role.
@@ -68,7 +64,7 @@ class StableABIEntry:
@@ -67,7 +63,7 @@ class StableABIEntry:
struct_abi_kind: str
@@ -314,7 +359,7 @@
refcount_data = {}
refcounts = refcount_filename.read_text(encoding="utf8")
for line in refcounts.splitlines():
@@ -104,7 +100,7 @@ def read_refcount_data(refcount_filename
@@ -103,7 +99,7 @@ def read_refcount_data(refcount_filename
return refcount_data
@@ -323,7 +368,7 @@
stable_abi_data = {}
with open(stable_abi_file, encoding="utf8") as fp:
for record in csv.DictReader(fp):
@@ -128,11 +124,14 @@ def add_annotations(app: Sphinx, doctree
@@ -127,11 +123,14 @@ def add_annotations(app: Sphinx, doctree
continue
if not par[0].get("ids", None):
continue
@@ -340,7 +385,7 @@
if ROLE_TO_OBJECT_TYPE[record.role] != objtype:
msg = (
f"Object type mismatch in limited API annotation for {name}: "
@@ -239,7 +238,7 @@ def _unstable_api_annotation() -> nodes.
@@ -238,7 +237,7 @@ def _unstable_api_annotation() -> nodes.
)
@@ -349,7 +394,7 @@
classes = ["refcount"]
if result_refs is None:
rc = sphinx_gettext("Return value: Always NULL.")
@@ -259,7 +258,7 @@ class LimitedAPIList(SphinxDirective):
@@ -258,7 +257,7 @@ class LimitedAPIList(SphinxDirective):
optional_arguments = 0
final_argument_whitespace = True
@@ -358,7 +403,7 @@
state = self.env.domaindata["c_annotations"]
content = [
f"* :c:{record.role}:`{record.name}`"
@@ -282,7 +281,7 @@ def init_annotations(app: Sphinx) -> Non
@@ -281,13 +280,23 @@ def init_annotations(app: Sphinx) -> Non
)
@@ -367,19 +412,59 @@
app.add_config_value("refcount_file", "", "env", types={str})
app.add_config_value("stable_abi_file", "", "env", types={str})
app.add_directive("limited-api-list", LimitedAPIList)
@@ -294,10 +293,10 @@ def setup(app: Sphinx) -> ExtensionMetad
from sphinx.domains.c import CObject
app.connect("builder-inited", init_annotations)
app.connect("doctree-read", add_annotations)
# monkey-patch C object...
- CObject.option_spec |= {
+ if version_info[:2] < (7, 2):
+ from docutils.parsers.rst import directives
+ from sphinx.domains.c import CObject
+
+ # monkey-patch C object...
+ CObject.option_spec.update({
"no-index-entry": directives.flag,
"no-contents-entry": directives.flag,
- }
+ "no-index-entry": directives.flag,
+ "no-contents-entry": directives.flag,
+ })
+
return {
"version": "1.0",
"parallel_read_safe": True,
--- a/Doc/tools/extensions/changes.py
+++ b/Doc/tools/extensions/changes.py
@@ -1,7 +1,5 @@
"""Support for documenting version of changes, additions, deprecations."""
-from __future__ import annotations
-
from typing import TYPE_CHECKING
from sphinx.domains.changeset import (
@@ -25,7 +23,7 @@ def expand_version_arg(argument: str, re
class PyVersionChange(VersionChange):
- def run(self) -> list[Node]:
+ def run(self) -> "list[Node]":
# Replace the 'next' special token with the current development version
self.arguments[0] = expand_version_arg(
self.arguments[0], self.config.release
@@ -43,7 +41,7 @@ class DeprecatedRemoved(VersionChange):
"Deprecated since version %s, removed in version %s"
)
- def run(self) -> list[Node]:
+ def run(self) -> "list[Node]":
# Replace the first two arguments (deprecated version and removed version)
# with a single tuple of both versions.
version_deprecated = expand_version_arg(
@@ -73,7 +71,7 @@ class DeprecatedRemoved(VersionChange):
versionlabel_classes[self.name] = ""
-def setup(app: Sphinx) -> ExtensionMetadata:
+def setup(app: "Sphinx") -> "ExtensionMetadata":
# Override Sphinx's directives with support for 'next'
app.add_directive("versionadded", PyVersionChange, override=True)
app.add_directive("versionchanged", PyVersionChange, override=True)
--- a/Doc/tools/extensions/glossary_search.py
+++ b/Doc/tools/extensions/glossary_search.py
@@ -1,18 +1,14 @@
@@ -412,6 +497,60 @@
app.connect('doctree-resolved', process_glossary_nodes)
app.connect('build-finished', write_glossary_json)
--- a/Doc/tools/extensions/misc_news.py
+++ b/Doc/tools/extensions/misc_news.py
@@ -1,7 +1,5 @@
"""Support for including Misc/NEWS."""
-from __future__ import annotations
-
import re
from pathlib import Path
from typing import TYPE_CHECKING
@@ -24,13 +22,13 @@ Python News
+++++++++++
"""
-bpo_issue_re: Final[re.Pattern[str]] = re.compile(
+bpo_issue_re: "Final[re.Pattern[str]]" = re.compile(
"(?:issue #|bpo-)([0-9]+)", re.ASCII
)
-gh_issue_re: Final[re.Pattern[str]] = re.compile(
+gh_issue_re: "Final[re.Pattern[str]]" = re.compile(
"gh-(?:issue-)?([0-9]+)", re.ASCII | re.IGNORECASE
)
-whatsnew_re: Final[re.Pattern[str]] = re.compile(
+whatsnew_re: "Final[re.Pattern[str]]" = re.compile(
r"^what's new in (.*?)\??$", re.ASCII | re.IGNORECASE | re.MULTILINE
)
@@ -42,7 +40,7 @@ class MiscNews(SphinxDirective):
final_argument_whitespace = False
option_spec = {}
- def run(self) -> list[Node]:
+ def run(self) -> "list[Node]":
# Get content of NEWS file
source, _ = self.get_source_info()
news_file = Path(source).resolve().parent / self.arguments[0]
@@ -54,7 +52,7 @@ class MiscNews(SphinxDirective):
return [nodes.strong(text, text)]
# remove first 3 lines as they are the main heading
- news_text = news_text.removeprefix(BLURB_HEADER)
+ news_text = news_text[len(BLURB_HEADER):] if news_text.startswith(BLURB_HEADER) else news_text
news_text = bpo_issue_re.sub(r":issue:`\1`", news_text)
# Fallback handling for GitHub issues
@@ -65,7 +63,7 @@ class MiscNews(SphinxDirective):
return []
-def setup(app: Sphinx) -> ExtensionMetadata:
+def setup(app: "Sphinx") -> "ExtensionMetadata":
app.add_directive("miscnews", MiscNews)
return {
--- a/Doc/tools/extensions/patchlevel.py
+++ b/Doc/tools/extensions/patchlevel.py
@@ -3,7 +3,7 @@

4
docs-docutils_014-Sphinx_420.patch
View File

@@ -6,7 +6,7 @@
--- a/Doc/tools/extensions/c_annotations.py
+++ b/Doc/tools/extensions/c_annotations.py
@@ -118,7 +118,11 @@ def add_annotations(app: Sphinx, doctree
@@ -117,7 +117,11 @@ def add_annotations(app: Sphinx, doctree
state = app.env.domaindata["c_annotations"]
refcount_data = state["refcount_data"]
stable_abi_data = state["stable_abi_data"]
@@ -42,7 +42,7 @@
--- a/Doc/tools/extensions/pyspecific.py
+++ b/Doc/tools/extensions/pyspecific.py
@@ -26,7 +26,10 @@ from sphinx.domains.python import PyFunc
@@ -25,7 +25,10 @@ from sphinx.domains.python import PyFunc
from sphinx.locale import _ as sphinx_gettext
from sphinx.util.docutils import SphinxDirective
from sphinx.writers.text import TextWriter, TextTranslator

2
fix_configure_rst.patch
View File

@@ -21,7 +21,7 @@
Create a Python.framework rather than a traditional Unix install. Optional
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -14575,7 +14575,7 @@ C API
@@ -14838,7 +14838,7 @@ C API
- bpo-40939: Removed documentation for the removed ``PyParser_*`` C API.
- bpo-43795: The list in :ref:`limited-api-list` now shows the public name

214
python312.changes
View File

@@ -1,3 +1,208 @@
-------------------------------------------------------------------
Wed Feb 5 10:35:26 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
- Update to 3.12.9:
- Tests
- gh-127906: Test the limited C API in test_cppext. Patch by
Victor Stinner.
- gh-127906: Backport test_cext from the main branch. Patch
by Victor Stinner.
- gh-127637: Add tests for the dis command-line
interface. Patch by Bénédikt Tran.
- Security
- gh-105704: When using urllib.parse.urlsplit() and
urllib.parse.urlparse() host parsing would not reject
domain names containing square brackets ([ and ]). Square
brackets are only valid for IPv6 and IPvFuture hosts
according to RFC 3986 Section 3.2.2. (CVE-2025-0938,
bsc#1236705)
- gh-127655: Fixed the
asyncio.selector_events._SelectorSocketTransport
transport not pausing writes for the protocol when
the buffer reaches the high water mark when using
asyncio.WriteTransport.writelines() (CVE-2024-12254,
bsc#1234290).
- gh-126108: Fix a possible NULL pointer dereference in
PySys_AddWarnOptionUnicode().
- gh-80222: Fix bug in the folding of quoted strings
when flattening an email message using a modern email
policy. Previously when a quoted string was folded so
that it spanned more than one line, the surrounding
quotes and internal escapes would be omitted. This could
theoretically be used to spoof header lines using a
carefully constructed quoted string if the resulting
rendered email was transmitted or re-parsed.
- gh-119511: Fix a potential denial of service in the imaplib
module. When connecting to a malicious server, it could
cause an arbitrary amount of memory to be allocated. On
many systems this is harmless as unused virtual memory is
only a mapping, but if this hit a virtual address size
limit it could lead to a MemoryError or other process
crash. On unusual systems or builds where all allocated
memory is touched and backed by actual ram or storage
it couldve consumed resources doing so until similarly
crashing.
- Library
- gh-129502: Unlikely errors in preparing arguments for
ctypes callback are now handled in the same way as errors
raised in the callback of in converting the result of
the callback using sys.unraisablehook() instead of
sys.excepthook() and not setting sys.last_exc and other
variables.
- gh-129403: Corrected ValueError message for asyncio.Barrier
and threading.Barrier.
- gh-129409: Fix an integer overflow in the csv module when
writing a data field larger than 2GB.
- gh-118761: Improve import time of subprocess by lazy
importing locale and signal. Patch by Taneli Hukkinen.
- gh-129346: In sqlite3, handle out-of-memory when creating
user-defined SQL functions.
- gh-128550: Removed an incorrect optimization relating
to eager tasks in asyncio.TaskGroup that resulted in
cancellations being missed.
- gh-128991: Release the enter frame reference within bdb
callback
- gh-128961: Fix a crash when setting state on an exhausted
array.array iterator.
- gh-128916: Do not attempt to set SO_REUSEPORT on sockets of
address families other than AF_INET and AF_INET6, as it is
meaningless with these address families, and the call with
fail with Linux kernel 6.12.9 and newer.
- gh-128679: Fix tracemalloc.stop() race condition. Fix
tracemalloc to support calling tracemalloc.stop() in
one thread, while another thread is tracing memory
allocations. Patch by Victor Stinner.
- gh-128562: Fix possible conflicts in generated tkinter
widget names if the widget class name ends with a digit.
- gh-128552: Fix cyclic garbage introduced
by asyncio.loop.create_task() and
asyncio.TaskGroup.create_task() holding a reference to the
created task if it is eager.
- gh-128479: Fix asyncio.staggered.staggered_race() leaking
tasks and issuing an unhandled exception.
- gh-88834: Unify the instance check for typing.Union and
types.UnionType: Union now uses the instance checks against
its parameters instead of the subclass checks.
- gh-128302: Fix
xml.dom.xmlbuilder.DOMEntityResolver.resolveEntity(), which
was broken by the Python 3.0 transition.
- gh-128302: Allow xml.dom.xmlbuilder.DOMParser.parse()
to correctly handle xml.dom.xmlbuilder.DOMInputSource
instances that only have a systemId attribute set.
- gh-112064: Fix incorrect handling of negative read sizes in
HTTPResponse.read. Patch by Yury Manushkin.
- gh-58956: Fixed a frame reference leak in bdb.
- gh-128131: Completely support random access of uncompressed
unencrypted read-only zip files obtained by ZipFile.open.
- gh-127975: Avoid reusing quote types in ast.unparse() if
not needed.
- gh-128014: Fix resetting the default window icon by passing
default='' to the tkinter method wm_iconbitmap().
- gh-115514: Fix exceptions and incomplete writes after
asyncio._SelectorTransport is closed before writes are
completed.
- gh-41872: Fix quick extraction of module docstrings from
a file in pydoc. It now supports docstrings with single
quotes, escape sequences, raw string literals, and other
Python syntax.
- gh-126742: Fix support of localized error messages reported
by dlerror(3) and gdbm_strerror in ctypes and dbm.gnu
functions respectively. Patch by Bénédikt Tran.
- gh-127870: Detect recursive calls in ctypes _as_parameter_
handling. Patch by Victor Stinner.
- gh-127847: Fix the position when doing interleaved seeks
and reads in uncompressed, unencrypted zip files returned
by zipfile.ZipFile.open().
- gh-127732: The platform module now correctly detects
Windows Server 2025.
- gh-93312: Include <sys/pidfd.h> to get os.PIDFD_NONBLOCK
constant. Patch by Victor Stinner.
- gh-83662: Add missing __class_getitem__ method to the
Python implementation of functools.partial(), to make it
compatible with the C version. This is mainly relevant for
alternative Python implementations like PyPy and GraalPy,
because CPython will usually use the C-implementation of
that function.
- gh-127586: multiprocessing.pool.Pool now properly restores
blocked signal handlers of the parent thread when creating
processes via either spawn or forkserver.
- gh-98188: Fix an issue in
email.message.Message.get_payload() where data cannot be
decoded if the Content Transfer Encoding mechanism contains
trailing whitespaces or additional junk text. Patch by Hui
Liu.
- gh-127257: In ssl, system call failures that OpenSSL
reports using ERR_LIB_SYS are now raised as OSError.
- gh-126775: Make linecache.checkcache() thread safe and GC
re-entrancy safe.
- gh-58956: Fixed a bug in pdb where sometimes the breakpoint
wont trigger if it was set on a function which is already
in the call stack.
- gh-123401: The http.cookies module now supports parsing
obsolete RFC 850 date formats, in accordance with RFC 9110
requirements. Patch by Nano Zheng.
- gh-123085: In a bare call to importlib.resources.files(),
ensure the callers frame is properly detected when
importlib.resources is itself available as a compiled
module only (no source).
- gh-122431: readline.append_history_file() now raises a
ValueError when given a negative value.
- Documentation
- gh-125722: Require Sphinx 8.1.3 or later to build the
Python documentation. Patch by Adam Turner.
- gh-67206: Document that string.printable is not
printable in the POSIX sense. In particular,
string.printable.isprintable() returns False. Patch by
Bénédikt Tran.
- Core and Builtins
- gh-129345: Fix null pointer dereference in syslog.openlog()
when an audit hook raises an exception.
- gh-129093: Fix f-strings such as f'{expr=}' sometimes not
displaying the full expression when the expression contains
!=.
- gh-124363: Treat debug expressions in f-string as raw
strings. Patch by Pablo Galindo
- gh-128799: Add frame of except* to traceback when it wraps
a naked exception.
- gh-128078: Fix a SystemError when using anext() with a
default tuple value. Patch by Bénédikt Tran.
- gh-128079: Fix a bug where except* does not properly check
the return value of an ExceptionGroups split() function,
leading to a crash in some cases. Now when split() returns
an invalid object, except* raises a TypeError with the
original raised ExceptionGroup object chained to it.
- gh-127903: Objects/unicodeobject.c: fix a crash on DEBUG
builds in _copy_characters when there is nothing to copy.
- gh-127599: Fix statistics for increments of object
reference counts (in particular, when a reference count was
increased by more than 1 in a single operation).
- gh-111609: Respect end_offset in SyntaxError subclasses.
- gh-126862: Fix a possible overflow when a class inherits
from an absurd number of super-classes. Reported by Valery
Fedorenko. Patch by Bénédikt Tran.
- gh-117195: Avoid assertion failure for debug builds when
calling object.__sizeof__(1)
- C API
- gh-126554: Fix error handling in ctypes.CDLL objects which
could result in a crash in rare situations.
- gh-107249: Implement the Py_UNUSED macro for Windows MSVC
compiler. Patch by Victor Stinner.
- Build
- gh-129539: Dont redefine EX_OK when the system has the
sysexits.h header.
- gh-128472: Skip BOLT optimization of functions using
computed gotos, fixing errors on build with LLVM 19.
- gh-123925: Fix building the curses module on platforms with
libncurses but without libncursesw.
- gh-128321: Set LIBS instead of LDFLAGS when checking if
sqlite3 library functions are available. This fixes the
ordering of linked libraries during checks, which was
incorrect when using a statically linked libsqlite3.
- Remove upstreamed patches:
- CVE-2024-12254-unbound-mem-buffering-SelectorSocketTransport.writelines.patch
- Add doc-py38-to-py36.patch to make documentation buildable on
SLE with older Sphinx.
-------------------------------------------------------------------
Mon Jan 27 09:02:35 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
@@ -368,6 +573,15 @@ Thu Oct 24 16:09:00 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
path names provided when creating a virtual environment
(bsc#1232241, CVE-2024-9287)
-------------------------------------------------------------------
Thu Oct 24 16:09:00 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
path names provided when creating a virtual environment
(bsc#1232241, CVE-2024-9287)
- Update doc-py38-to-py36.patch to include str.removeprefix
replacement.
-------------------------------------------------------------------
Tue Oct 1 15:32:06 UTC 2024 - Matej Cepl <mcepl@cepl.eu>

14
python312.spec
View File

@@ -118,16 +118,17 @@
# _md5.cpython-38m-x86_64-linux-gnu.so
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
Name: %{python_pkg_name}%{psuffix}
Version: 3.12.8
Version: 3.12.9
Release: 0
Summary: Python 3 Interpreter
License: Python-2.0
URL: https://www.python.org/
Source0: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz
Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.asc
Source2: baselibs.conf
Source3: README.SUSE
Source4: externally_managed.in
Source2: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.sigstore
Source3: baselibs.conf
Source4: README.SUSE
Source5: externally_managed.in
Source7: macros.python3
Source8: import_failed.py
Source9: import_failed.map
@@ -190,9 +191,6 @@ Patch41: docs-docutils_014-Sphinx_420.patch
# PATCH-FIX-SLE doc-py38-to-py36.patch mcepl@suse.com
# Make documentation extensions working with Python 3.6
Patch44: doc-py38-to-py36.patch
# PATCH-FIX-UPSTREAM CVE-2024-12254-unbound-mem-buffering-SelectorSocketTransport.writelines.patch bsc#1234290 mcepl@suse.com
# prevents exhaustion of memory
Patch45: CVE-2024-12254-unbound-mem-buffering-SelectorSocketTransport.writelines.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@@ -757,7 +755,7 @@ rm %{buildroot}%{_bindir}/2to3
# documentation
export PDOCS=%{buildroot}%{_docdir}/%{name}
install -d -m 755 $PDOCS
install -c -m 644 %{SOURCE3} $PDOCS/
install -c -m 644 %{SOURCE4} $PDOCS/
install -c -m 644 README.rst $PDOCS/
# tools