5d2f502703
Accepting request 1200888 from devel:languages:python:Factory
Ana Guerrero2024-09-26 16:52:41 +00:00
c75ef22ae5
- Add doc-py38-to-py36.patch making building documentation compatible with Python 3.6, which runs Sphinx on SLE.
Matej Cepl2024-09-13 17:10:18 +00:00
10154267fc
- Update to 3.12.6: - Tests - gh-101525: Skip test_gdb if the binary is relocated by BOLT. Patch by Donghee Na. - Security - gh-123678: Upgrade libexpat to 2.6.3 - gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX, and GNU sparse headers (bsc#1230227, CVE-2024-6232). - Library - gh-123270: Applied a more surgical fix for malformed payloads in zipfile.Path causing infinite loops (gh-122905) without breaking contents using legitimate characters (bsc#1229704, CVE-2024-8088). - gh-123213: xml.etree.ElementTree.Element.extend() and Element assignment no longer hide the internal exception if an erronous generator is passed. Patch by Bar Harel. - gh-85110: Preserve relative path in URL without netloc in urllib.parse.urlunsplit() and urllib.parse.urlunparse(). - gh-123067: Fix quadratic complexity in parsing "-quoted cookie values with backslashes by http.cookies (bsc#1229596, CVE-2024-7592) - gh-122903: zipfile.Path.glob now correctly matches directories instead of silently omitting them. - gh-122905: zipfile.Path objects now sanitize names from the zipfile. - gh-122695: Fixed double-free when using gc.get_referents() with a freed asyncio.Future iterator. - gh-116263: logging.handlers.RotatingFileHandler no longer rolls over empty log files.
Matej Cepl2024-09-07 21:56:48 +00:00
456c5f3ff6
- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid failing test_sendfile_close_peer_in_the_middle_of_receiving tests on Linux >= 6.10 (GH-120227).
Matej Cepl2024-09-02 10:08:57 +00:00
4aab29ff15
- Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent malformed payload to cause infinite loops in zipfile.Path (bsc#1229704, CVE-2024-8088).
Matej Cepl2024-08-29 12:59:16 +00:00
31e91ac782
- Update to 3.12.5: - Tests - gh-59022: Add tests for pkgutil.extend_path(). Patch by Andreas Stocker. - gh-99242: os.getloadavg() may throw OSError when running regression tests under certain conditions (e.g. chroot). This error is now caught and ignored, since reporting load average is optional. - gh-121084: Fix test_typing random leaks. Clear typing ABC caches when running tests for refleaks (-R option): call _abc_caches_clear() on typing abstract classes and their subclasses. Patch by Victor Stinner. - gh-121160: Add a test for readline.set_history_length(). Note that this test may fail on readline libraries. - gh-121200: Fix test_expanduser_pwd2() of test_posixpath. Call getpwnam() to get pw_dir, since it can be different than getpwall() pw_dir. Patch by Victor Stinner. - gh-121188: When creating the JUnit XML file, regrtest now escapes characters which are invalid in XML, such as the chr(27) control character used in ANSI escape sequences. Patch by Victor Stinner. - Security - gh-121957: Fixed missing audit events around interactive use of Python, now also properly firing for python -i, as well as for python -m asyncio. The event in question is cpython.run_stdin. - gh-122133: Authenticate the socket connection for the socket.socketpair() fallback on platforms where AF_UNIX is
Matej Cepl2024-08-07 18:22:59 +00:00
822e5022b5
- Remove %suse_update_desktop_file macro as it is not useful any more.
Matej Cepl2024-08-07 18:04:39 +00:00
1df7c73f9c
Update bluez-devel-vendor.tar.xz
Matej Cepl2024-08-07 15:02:10 +00:00
e52f34b4c1
- Add CVE-2024-6923-email-hdr-inject.patch to prevent email header injection due to unquoted newlines (bsc#1228780, CVE-2024-6923). - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999) - Update bluez-devel-vendor.tar.xz
Matej Cepl2024-08-07 15:01:40 +00:00
ff39bb892f
- Remove %suse_update_desktop_file macro as it is not useful any more.
Matej Cepl2024-07-22 21:31:13 +00:00
0790b98fac
permissive than the default (bsc#1227152).
Matej Cepl2024-07-10 05:44:28 +00:00
4b714bca06
- Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378).
Matej Cepl2024-07-04 18:31:02 +00:00
bde1a4521f
Accepting request 1184846 from home:dgarcia:usr-local-cpython
Matej Cepl2024-07-04 13:16:57 +00:00
26b708641e
Accepting request 1183433 from home:Andreas_Schwab:Factory
Matej Cepl2024-06-26 20:11:23 +00:00
4bca3b2589
- Add docs-docutils_014-Sphinx_420.patch make building docs compatible with Sphinx 4_2_0 and docutils 0.14.
Matej Cepl2024-06-26 20:10:05 +00:00
5465cd240f
- gh-113171 (bsc#1226448, CVE-2024-4032): Fixed various false positives and false negatives in
Matej Cepl2024-06-25 22:06:54 +00:00
b385491107
Accepting request 1183151 from home:Andreas_Schwab:riscv:python
Matej Cepl2024-06-25 16:08:01 +00:00
7a215a300e
- Update to 3.12.4: - Security - gh-118486: os.mkdir() on Windows now accepts mode of 0o700 to restrict the new directory to the current user. This fixes CVE-2024-4030 affecting tempfile.mkdtemp() in scenarios where the base temporary directory is more permissive than the default. - gh-116741: Update bundled libexpat to 2.6.2 - gh-117233: Detect BLAKE2, SHA3, Shake, & truncated SHA512 support in the OpenSSL-ish libcrypto library at build time. This allows hashlib to be used with libraries that do not to support every algorithm that upstream OpenSSL does. - Core and Builtins - gh-119821: Fix execution of annotation scopes within classes when globals is set to a non-dict. Patch by Jelle Zijlstra. - gh-118263: Speed up os.path.normpath() with a direct C call. - gh-119311: Fix bug where names are unexpectedly mangled in the bases of generic classes. - gh-119395: Fix bug where names appearing after a generic class are mangled as if they are in the generic class. - gh-118507: Fix os.path.isfile() on Windows for pipes. - gh-119213: Non-builtin modules built with argument clinic were crashing if used in a subinterpreter before the main interpreter. The objects that were causing the problem by leaking between interpreters carelessly have been fixed. - gh-119011: Fixes type.__type_params__ to return an empty tuple instead of a descriptor. - gh-118997: Fix _Py_ClearImmortal() assertion: use
Matej Cepl2024-06-07 10:51:44 +00:00
5aec8eeba8
Accepting request 1168659 from devel:languages:python:Factory
Ana Guerrero2024-04-23 16:55:03 +00:00
781fdc451d
Accepting request 1168530 from home:dgarcia:branches:devel:languages:python:Factory
Matej Cepl2024-04-17 21:21:31 +00:00
e62ac867bc
- Update to 3.12.3: - Security¶ - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425, bsc#1219559) by adding five new methods: xml.etree.ElementTree.XMLParser.flush() xml.etree.ElementTree.XMLPullParser.flush() xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() xml.sax.expatreader.ExpatParser.flush() - gh-115399: Update bundled libexpat to 2.6.0 (bsc#1222075) - gh-115243: Fix possible crashes in collections.deque.index() when the deque is concurrently modified. - gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the certificate store, when the ssl.SSLContext is shared across multiple threads. - Core and Builtins - gh-109120: Added handle of incorrect star expressions, e.g f(3, *). Patch by Grigoryev Semyon - gh-99108: Updated the hashlib built-in HACL* project C code from upstream that we use for many implementations when they are not present via OpenSSL in a given build. This also avoids the rare potential for a C symbol name one definition rule linking issue. - gh-116735: For INSTRUMENTED_CALL_FUNCTION_EX, set arg0 to sys.monitoring.MISSING instead of None for CALL event. - gh-113964: Starting new threads and process creation through os.fork() are now only prevented once all non-daemon threads exit.
Matej Cepl2024-04-10 14:51:57 +00:00
aa6257f71a
Accepting request 1157646 from devel:languages:python:Factory
Ana Guerrero2024-03-14 16:42:38 +00:00
ded1f6d8f3
Accepting request 1155683 from home:pmonrealgonzalez:branches:devel:languages:python:Factory
Matej Cepl2024-03-06 21:50:49 +00:00
2a55620864
- (bsc#1219666, CVE-2023-6597) Add CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from gh#python/cpython!99930) fixing symlink bug in cleanup of tempfile.TemporaryDirectory.
Matej Cepl2024-02-29 21:00:39 +00:00
6fb45ea97f
Accepting request 1148455 from devel:languages:python:Factory
Ana Guerrero2024-02-22 19:55:26 +00:00
87dab76d59
- Switch to %%autopatch. Let’s try it as an experiment, and if we need conditional patch, we should put condition inside of it. - Remove double definition of /usr/bin/idle%%{version} in %%files.
Matej Cepl2024-02-20 22:10:13 +00:00
858e326499
Accepting request 1146839 from devel:languages:python:Factory
Ana Guerrero2024-02-15 19:59:19 +00:00
e7723bea01
Accepting request 1146789 from home:dgarcia:branches:devel:languages:python:Factory
Matej Cepl2024-02-15 12:59:08 +00:00
3e5f9031be
- (bsc#1210638, CVE-2023-27043) Add CVE-2023-27043-email-parsing-errors.patch, which rejects malformed addresses in email.parseaddr() (gh#python/cpython!111116) Detect email address parsing errors and return empty tuple to indicate the parsing error (old API). Add an optional 'strict' parameter to getaddresses() and parseaddr() functions. Patch by Thomas Dwyer.
Matej Cepl2024-02-12 13:35:44 +00:00
43433c648f
Accepting request 1145177 from devel:languages:python:Factory
Ana Guerrero2024-02-09 22:52:00 +00:00
120d8db339
Accepting request 1145175 from home:dgarcia:branches:devel:languages:python:Factory
Matej Cepl2024-02-08 12:49:08 +00:00
ec28b63cd7
Accepting request 1133398 from devel:languages:python:Factory
Ana Guerrero2023-12-15 20:50:03 +00:00
08ae864ead
- Update patch fix_configure_rst.patch - Update to 3.12.1 (CVE-2023-6507, bsc#1217939): - Core and Builtins - gh-112125: Fix None.__ne__(None) returning NotImplemented instead of False - gh-112625: Fixes a bug where a bytearray object could be cleared while iterating over an argument in the bytearray.join() method that could result in reading memory after it was freed. - gh-105967: Workaround a bug in Apple’s macOS platform zlib library where zlib.crc32() and binascii.crc32() could produce incorrect results on multi-gigabyte inputs. Including when using zipfile on zips containing large data. - gh-112356: Stopped erroneously deleting a LOAD_NULL bytecode instruction when optimized twice. - gh-111058: Change coro.cr_frame/gen.gi_frame to return None after the coroutine/generator has been closed. This fixes a bug where getcoroutinestate() and getgeneratorstate() return the wrong state for a closed coroutine/generator. - gh-112388: Fix an error that was causing the parser to try to overwrite tokenizer errors. Patch by pablo Galindo - gh-112387: Fix error positions for decoded strings with backwards tokenize errors. Patch by Pablo Galindo - gh-112367: Avoid undefined behaviour when using the perf trampolines by not freeing the code arenas until shutdown. Patch by Pablo Galindo - gh-112243: Don’t include comments in f-string debug expressions. Patch by Pablo Galindo - gh-112266: Change docstrings of __dict__ and __weakref__. - gh-111654: Fix runtime crash when some error happens in opcode
Daniel Garcia2023-12-15 10:49:52 +00:00
bed78a368a
Accepting request 1126824 from devel:languages:python:Factory
Ana Guerrero2023-11-16 19:29:17 +00:00
d6f2a15b17
- Remove F00251-change-user-install-location.patch, that patch breaks the python-rpm-macros usage with multibuild
Daniel Garcia2023-11-16 10:03:01 +00:00
772909188b
Accepting request 1114870 from devel:languages:python:Factory
Ana Guerrero2023-10-04 20:30:53 +00:00
ddd6994ad4
- Update to the final release of 3.12.0: Python 3.12 is the latest stable release of the Python programming language, with a mix of changes to the language and the standard library. The library changes focus on cleaning up deprecated APIs, usability, and correctness. Of note, the distutils package has been removed from the standard library. Filesystem support in os and pathlib has seen a number of improvements, and several modules have better performance. The language changes focus on usability, as f-strings have had many limitations removed and ‘Did you mean …’ suggestions continue to improve. The new type parameter syntax and type statement improve ergonomics for using generic types and type aliases with static type checkers. This article doesn’t attempt to provide a complete specification of all new features, but instead gives a convenient overview. For full details, you should refer to the documentation, such as the Library Reference and Language Reference. If you want to understand the complete implementation and design rationale for a change, refer to the PEP for a particular new feature; but note that PEPs usually are not kept up-to-date once a feature has been fully implemented. - New syntax features: - PEP 695, type parameter syntax and the type statement - New grammar features: - PEP 701, f-strings in the grammar - Interpreter improvements: - PEP 684, a unique per-interpreter GIL - PEP 669, low impact monitoring - Improved ‘Did you mean …’ suggestions for NameError,
Matej Cepl2023-10-02 17:22:36 +00:00
209f1cd767
Accepting request 1112487 from devel:languages:python:Factory
Ana Guerrero2023-09-21 20:13:43 +00:00
64144183a9
- Update to 3.12.0rc3: - Core and Builtins - gh-109496: On a Python built in debug mode, Py_DECREF() now calls _Py_NegativeRefcount() if the object is a dangling pointer to deallocated memory: memory filled with 0xDD “dead byte” by the debug hook on memory allocators. The fix is to check the reference count before checking for _Py_IsImmortal(). Patch by Victor Stinner. - gh-109371: Deopted instructions correctly for tool initialization and modified the incorrect assertion in instrumentation, when a previous tool already sets INSTRUCTION events - gh-105658: Fix bug where the line trace of an except block ending with a conditional includes an excess event with the line of the conditional expression. - gh-109219: Fix compiling type param scopes that use a name which is also free in an inner scope. - gh-109341: Fix crash when compiling an invalid AST involving a ast.TypeAlias. - gh-109195: Fix source location for the LOAD_* instruction preceding a LOAD_SUPER_ATTR to load the super global (or shadowing variable) so that it encompasses only the name super and not the following parentheses. - gh-109118: Disallow nested scopes (lambdas, generator expressions, and comprehensions) within PEP 695 annotation scopes that are nested within classes. - gh-109114: Relax the detection of the error message for invalid lambdas inside f-strings to not search for arbitrary replacement fields to avoid false positives. Patch by Pablo Galindo - gh-109118: Fix interpreter crash when a NameError is raised
Daniel Garcia2023-09-20 07:52:20 +00:00
2604aa82df
- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED!
Matej Cepl2023-08-03 15:27:58 +00:00
b5061de09f
- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) partially reverting CVE-2023-27043-email-parsing-errors.patch, because of the regression in gh#python/cpython#106669.
Matej Cepl2023-08-03 15:06:43 +00:00
d1e027307e
- gh-issue-102988: CVE-2023-27043 (bsc#1210638): Prevent
Matej Cepl2023-07-11 22:31:39 +00:00
372e582b7e
- Update to 3.12.0b4: - gh-issue-102988: CVE-2023-27043: Prevent :func:email.utils.parseaddr and :func:email.utils.getaddresses from returning the realname portion of an invalid RFC2822 email header in the email address portion of the 2-tuple returned after being parsed by :class:email._parseaddr.AddressList. - gh-issue-106396: When the format specification of an f-string expression is empty, the parser now generates an empty :class:ast.JoinedStr node for it instead of an one-element :class:ast.JoinedStr with an empty string :class:ast.Constant. - gh-issue-106145: Make `end_lineno and end_col_offset required on type_param ast nodes. - gh-issue-105979: Fix crash in :func:!_imp.get_frozen_object due to improper exception handling. - gh-issue-98931: Ensure custom :exc:SyntaxError error messages are raised for invalid imports with multiple targets. Patch by Pablo Galindo - gh-issue-105908: Fixed bug where :gh:99111 breaks future import barry_as_FLUFL in the Python REPL. - gh-issue-105340: Include the comprehension iteration variable in locals() inside a module- or class-scope comprehension. - gh-issue-105486: Change the repr of ParamSpec list of args in types.GenericAlias. - gh-issue-101006: Improve error handling when read :mod:marshal data. - gh-issue-106524: Fix crash in :func:!_sre.template` with templates containing invalid group indices.
Matej Cepl2023-07-11 22:30:57 +00:00
a91ccfd104
- Update to 3.12.0b3: - gh-103142: The version of OpenSSL used in Windows and Mac installers has been upgraded to 1.1.1u to address CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 fixed previously in 1.1.1t (gh-101727). - gh-102153: urllib.parse.urlsplit() now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329. - gh-99889: Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified. - gh-104049: Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler. - gh-103935: trace.__main__ now uses io.open_code() for files to be executed instead of raw open(). - gh-102953: The extraction methods in tarfile, and shutil.unpack_archive(), have a new filter argument that allows limiting tar features than may be surprising or dangerous, such as creating files outside the destination directory. See Extraction filters for details. - Remove upstreamed patches: - 00398-fix-stack-overwrite-on-32-bit-in-perf-map-test-harness-gh-104811-104823.patch
Matej Cepl2023-06-28 20:08:16 +00:00
Ana Guerrero
Matej Cepl
Dominique Leuenberger
Daniel Garcia