forked from pool/python312
- Update to 3.12.4:
- Security
- gh-118486: os.mkdir() on Windows now accepts mode of 0o700
to restrict the new directory to the current user. This
fixes CVE-2024-4030 affecting tempfile.mkdtemp() in
scenarios where the base temporary directory is more
permissive than the default.
- gh-116741: Update bundled libexpat to 2.6.2
- gh-117233: Detect BLAKE2, SHA3, Shake, & truncated SHA512
support in the OpenSSL-ish libcrypto library at build
time. This allows hashlib to be used with libraries that do
not to support every algorithm that upstream OpenSSL does.
- Core and Builtins
- gh-119821: Fix execution of annotation scopes within
classes when globals is set to a non-dict. Patch by Jelle
Zijlstra.
- gh-118263: Speed up os.path.normpath() with a direct C
call.
- gh-119311: Fix bug where names are unexpectedly mangled in
the bases of generic classes.
- gh-119395: Fix bug where names appearing after a generic
class are mangled as if they are in the generic class.
- gh-118507: Fix os.path.isfile() on Windows for pipes.
- gh-119213: Non-builtin modules built with argument clinic
were crashing if used in a subinterpreter before the main
interpreter. The objects that were causing the problem by
leaking between interpreters carelessly have been fixed.
- gh-119011: Fixes type.__type_params__ to return an empty
tuple instead of a descriptor.
- gh-118997: Fix _Py_ClearImmortal() assertion: use
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=47
This commit is contained in:
Git OBS Bridge
@@ -1,3 +1,226 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Jun 7 10:44:55 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
|
||||
|
||||
- Update to 3.12.4:
|
||||
- Security
|
||||
- gh-118486: os.mkdir() on Windows now accepts mode of 0o700
|
||||
to restrict the new directory to the current user. This
|
||||
fixes CVE-2024-4030 affecting tempfile.mkdtemp() in
|
||||
scenarios where the base temporary directory is more
|
||||
permissive than the default.
|
||||
- gh-116741: Update bundled libexpat to 2.6.2
|
||||
- gh-117233: Detect BLAKE2, SHA3, Shake, & truncated SHA512
|
||||
support in the OpenSSL-ish libcrypto library at build
|
||||
time. This allows hashlib to be used with libraries that do
|
||||
not to support every algorithm that upstream OpenSSL does.
|
||||
- Core and Builtins
|
||||
- gh-119821: Fix execution of annotation scopes within
|
||||
classes when globals is set to a non-dict. Patch by Jelle
|
||||
Zijlstra.
|
||||
- gh-118263: Speed up os.path.normpath() with a direct C
|
||||
call.
|
||||
- gh-119311: Fix bug where names are unexpectedly mangled in
|
||||
the bases of generic classes.
|
||||
- gh-119395: Fix bug where names appearing after a generic
|
||||
class are mangled as if they are in the generic class.
|
||||
- gh-118507: Fix os.path.isfile() on Windows for pipes.
|
||||
- gh-119213: Non-builtin modules built with argument clinic
|
||||
were crashing if used in a subinterpreter before the main
|
||||
interpreter. The objects that were causing the problem by
|
||||
leaking between interpreters carelessly have been fixed.
|
||||
- gh-119011: Fixes type.__type_params__ to return an empty
|
||||
tuple instead of a descriptor.
|
||||
- gh-118997: Fix _Py_ClearImmortal() assertion: use
|
||||
_Py_IsImmortal() to tolerate reference count lower than
|
||||
_Py_IMMORTAL_REFCNT. Fix the assertion for the stable
|
||||
ABI, when a C extension is built with Python 3.11 or
|
||||
lower. Patch by Victor Stinner.
|
||||
- gh-118513: Fix incorrect UnboundLocalError when two
|
||||
comprehensions in the same function both reference the same
|
||||
name, and in one comprehension the name is bound while in
|
||||
the other it’s an implicit global.
|
||||
- gh-118164: Break a loop between the Python implementation
|
||||
of the decimal module and the Python code for integer
|
||||
to string conversion. Also optimize integer to string
|
||||
conversion for values in the range from 9_000 to 135_000
|
||||
decimal digits.
|
||||
- gh-118272: Fix bug where generator.close does not free the
|
||||
generator frame’s locals.
|
||||
- gh-116767: Fix crash in compiler on ‘async with’ that has
|
||||
many context managers.
|
||||
- gh-117894: Prevent agen.aclose() objects being re-used
|
||||
after .throw().
|
||||
- gh-117881: prevent concurrent access to an async generator
|
||||
via athrow().throw() or asend().throw()
|
||||
- gh-115874: Fixed a possible segfault during garbage
|
||||
collection of _asyncio.FutureIter objects
|
||||
- Library
|
||||
- gh-119819: Fix regression to allow logging configuration
|
||||
with multiprocessing queue types.
|
||||
- gh-89727: Fix issue with shutil.rmtree() where a
|
||||
RecursionError is raised on deep directory trees.
|
||||
- gh-89727: Partially fix issue with shutil.rmtree()
|
||||
where a RecursionError is raised on deep directory
|
||||
trees. A recursion error is no longer raised when
|
||||
rmtree.avoids_symlink_attacks is false.
|
||||
- gh-119118: Fix performance regression in the tokenize
|
||||
module by caching the line token attribute and calculating
|
||||
the column offset more efficiently.
|
||||
- gh-89727: Fix issue with os.fwalk() where a RecursionError
|
||||
was raised on deep directory trees by adjusting the
|
||||
implementation to be iterative instead of recursive.
|
||||
- gh-113892: Now, the method sock_connect of
|
||||
asyncio.ProactorEventLoop raises a ValueError if given
|
||||
socket is not in non-blocking mode, as well as in other
|
||||
loop implementations.
|
||||
- gh-119174: Fix high DPI causes turtledemo(turtle-graphics
|
||||
examples) windows blurry Patch by Wulian233 and Terry Jan
|
||||
Reedy
|
||||
- gh-118643: Fix an AttributeError in the email module
|
||||
when re-fold a long address list. Also fix more cases of
|
||||
incorrect encoding of the address separator in the address
|
||||
list.
|
||||
- gh-58933: Make pdb return to caller frame correctly when
|
||||
f_trace of the caller frame is not set
|
||||
- gh-118868: Fixed issue where kwargs were no longer passed
|
||||
to the logging handler QueueHandler
|
||||
- gh-118164: The Python implementation of the decimal
|
||||
module could appear to hang in relatively small power
|
||||
cases (like 2**117) if context precision was set to a
|
||||
very high value. A different method to check for exactly
|
||||
representable results is used now that doesn’t rely on
|
||||
computing 10**precision (which could be effectively too
|
||||
large to compute).
|
||||
- gh-118404: Fix inspect.signature() for non-comparable
|
||||
callables.
|
||||
- gh-118314: Fix an edge case in binascii.a2b_base64() strict
|
||||
mode, where excessive padding is not detected when no
|
||||
padding is necessary.
|
||||
- gh-118042: Fix an unraisable exception in
|
||||
telnetlib.Telnet.__del__() when the __init__() method was
|
||||
not called.
|
||||
- gh-118221: Fix a bug where sqlite3.iterdump() could fail if
|
||||
a custom row factory was used. Patch by Erlend Aasland.
|
||||
- gh-118013: Fix regression introduced in gh-103193 that
|
||||
meant that calling inspect.getattr_static() on an instance
|
||||
would cause a strong reference to that instance’s class to
|
||||
persist in an internal cache in the inspect module. This
|
||||
caused unexpected memory consumption if the class was
|
||||
dynamically created, the class held strong references to
|
||||
other objects which took up a significant amount of memory,
|
||||
and the cache contained the sole strong reference to the
|
||||
class. The fix for the regression leads to a slowdown
|
||||
in getattr_static(), but the function should still be
|
||||
significantly faster than it was in Python 3.11. Patch by
|
||||
Alex Waygood.
|
||||
- gh-90848: Fixed unittest.mock.create_autospec() to
|
||||
configure parent mock with keyword arguments.
|
||||
- gh-118168: Fix incorrect argument substitution when
|
||||
typing.Unpack is used with the builtin tuple. typing.Unpack
|
||||
now raises TypeError when used with certain invalid
|
||||
types. Patch by Jelle Zijlstra.
|
||||
- gh-118033: Fix dataclasses.dataclass() not creating a
|
||||
__weakref__ slot when subclassing typing.Generic.
|
||||
- gh-117535: Do not try to get the source line for made up
|
||||
file name “sys” in warnings.
|
||||
- gh-114053: Fix erroneous NameError when calling
|
||||
typing.get_type_hints() on a class that made use of PEP 695
|
||||
type parameters in a module that had from __future__ import
|
||||
annotations at the top of the file. Patch by Alex Waygood.
|
||||
- gh-117995: Don’t raise DeprecationWarning when a
|
||||
sequence of parameters is used to bind indexed, nameless
|
||||
placeholders. See also gh-100668.
|
||||
- gh-80361: Fix TypeError in
|
||||
email.message.Message.get_payload() when the charset is RFC
|
||||
2231 encoded.
|
||||
- gh-86650: Fix IndexError when parse some emails with
|
||||
invalid Message-ID (including one-off addresses generated
|
||||
by Microsoft Outlook).
|
||||
- gh-117691: Improve the error messages emitted by tarfile
|
||||
deprecation warnings relating to PEP 706. If a filter
|
||||
argument is not provided to extract() or extractall, the
|
||||
deprecation warning now points to the line in the user’s
|
||||
code where the relevant function was called. Patch by Alex
|
||||
Waygood.
|
||||
- gh-77102: site module now parses .pth file with UTF-8
|
||||
first, and locale encoding if UnicodeDecodeError
|
||||
happened. It supported only locale encoding before.
|
||||
- gh-117692: Fixes a bug when doctest.DocTestFinder was
|
||||
failing on wrapped builtin_function_or_method.
|
||||
- gh-117566: ipaddress.IPv6Address.is_loopback() will now
|
||||
return True for IPv4-mapped loopback addresses, i.e.
|
||||
addresses in the ::ffff:127.0.0.0/104 address space.
|
||||
- gh-117503: Fix support of non-ASCII user names in bytes
|
||||
paths in os.path.expanduser() on Posix.
|
||||
- gh-117313: Only treat '\n', '\r' and '\r\n' as line
|
||||
separators in re-folding the email messages. Preserve
|
||||
control characters '\v', '\f', '\x1c', '\x1d' and '\x1e'
|
||||
and Unicode line separators '\x85', '\u2028' and '\u2029'
|
||||
as is.
|
||||
- gh-113171: Fixed various false positives and false
|
||||
negatives in
|
||||
ipaddress.IPv4Address.is_private (see these docs for details)
|
||||
ipaddress.IPv4Address.is_global
|
||||
ipaddress.IPv6Address.is_private
|
||||
ipaddress.IPv6Address.is_global
|
||||
Also in the corresponding ipaddress.IPv4Network and
|
||||
ipaddress.IPv6Network attributes.
|
||||
- gh-103956: Fix lack of newline characters in trace module
|
||||
output when line tracing is enabled but source code line
|
||||
for current frame is not available.
|
||||
- gh-92081: Fix missing spaces in email headers when the
|
||||
spaces are mixed with encoded 8-bit characters.
|
||||
- gh-103194: Prepare Tkinter for C API changes in Tcl 8.7/9.0
|
||||
to avoid _tkinter.Tcl_Obj being unexpectedly returned
|
||||
instead of bool, str, bytearray, or int.
|
||||
- gh-87106: Fixed handling in inspect.Signature.bind() of
|
||||
keyword arguments having the same name as positional-only
|
||||
arguments when a variadic keyword argument (e.g. **kwargs)
|
||||
is present.
|
||||
- bpo-45767: Fix integer conversion in os.major(),
|
||||
os.minor(), and os.makedev(). Support device numbers larger
|
||||
than 2**63-1. Support non-existent device number (NODEV).
|
||||
- bpo-40943: Fix several IndexError when parse emails with
|
||||
truncated Message-ID, address, routes, etc, e.g. example@.
|
||||
- bpo-30988: Fix parsing of emails with invalid address
|
||||
headers having a leading or trailing dot. Patch by tsufeki.
|
||||
- gh-67693: Fix urllib.parse.urlunparse() and
|
||||
urllib.parse.urlunsplit() for URIs with path starting with
|
||||
multiple slashes and no authority. Based on patch by Ashwin
|
||||
Ramaswami.
|
||||
- bpo-15010: unittest.TestLoader.discover() now saves the
|
||||
original value of unittest.TestLoader._top_level_dir and
|
||||
restores it at the end of the call.
|
||||
- Documentation
|
||||
- gh-117928: The minimum Sphinx version required for the
|
||||
documentation is now 6.2.1.
|
||||
- gh-91565: Changes to documentation files and config
|
||||
outputs to reflect the new location for reporting bugs -
|
||||
i.e. GitHub rather than bugs.python.org.
|
||||
- Tests
|
||||
- gh-119050: regrtest test runner: Add XML support to the
|
||||
refleak checker (-R option). Patch by Victor Stinner.
|
||||
- IDLE
|
||||
- bpo-34774: Use user-selected color theme for Help => IDLE
|
||||
Doc.
|
||||
- C API
|
||||
- gh-119585: Fix crash when a thread state that was
|
||||
created by PyGILState_Ensure() calls a destructor that
|
||||
during PyThreadState_Clear() that calls back into
|
||||
PyGILState_Ensure() and PyGILState_Release(). This
|
||||
might occur when in the free-threaded build or when
|
||||
using thread-local variables whose destructors call
|
||||
PyGILState_Ensure().
|
||||
- gh-117534: Improve validation logic in the C implementation
|
||||
of datetime.fromisoformat() to better handle invalid
|
||||
years. Patch by Vlad Efanov.
|
||||
- Updated patches:
|
||||
- CVE-2023-6597-TempDir-cleaning-symlink.patch
|
||||
- bpo-31046_ensurepip_honours_prefix.patch
|
||||
- fix_configure_rst.patch
|
||||
- python-3.3.0b1-fix_date_time_compiler.patch
|
||||
- subprocess-raise-timeout.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 15 10:31:32 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user