forked from pool/python39
Accepting request 890779 from home:mcepl:branches:devel:languages:python:Factory
- Update to 3.9.5:
* Security
- bpo-43434: Creating a sqlite3.Connection object now also
produces a sqlite3.connect auditing event. Previously this
event was only produced by sqlite3.connect() calls. Patch
by Erlend E. Aasland.
- bpo-43882: The presence of newline or tab characters in
parts of a URL could allow some forms of attacks.
- Following the controlling specification for URLs defined by
WHATWG urllib.parse() now removes ASCII newlines and tabs
from URLs, preventing such attacks.
- bpo-43472: Ensures interpreter-level audit hooks receive
the cpython.PyInterpreterState_New event when called
through the _xxsubinterpreters module.
- bpo-36384: ipaddress module no longer accepts any leading
zeros in IPv4 address strings. Leading zeros are ambiguous
and interpreted as octal notation by some libraries. For
example the legacy function socket.inet_aton() treats
leading zeros as octal notatation. glibc implementation of
modern inet_pton() does not accept any leading zeros. For
a while the ipaddress module used to accept ambiguous
leading zeros.
- bpo-43075: Fix Regular Expression Denial of Service (ReDoS)
vulnerability in urllib.request.AbstractBasicAuthHandler.
The ReDoS-vulnerable regex has quadratic worst-case
complexity and it allows cause a denial of service when
identifying crafted invalid RFCs. This ReDoS issue is on
the client side and needs remote attackers to control the
HTTP server.
- bpo-42800: Audit hooks are now fired for frame.f_code,
traceback.tb_frame, and generator code/frame attribute
access.
* Core and Builtins
- bpo-43105: Importlib now resolves relative paths when
creating module spec objects from file locations.
- bpo-42924: Fix bytearray repetition incorrectly copying
data from the start of the buffer, even if the data is
offset within the buffer (e.g. after reassigning a slice at
the start of the bytearray to a shorter byte string).
* Library
- bpo-43993: Update bundled pip to 21.1.1.
- bpo-43937: Fixed the turtle module working with non-default
root window.
- bpo-43930: Update bundled pip to 21.1 and setuptools to
56.0.0
- bpo-43920: OpenSSL 3.0.0: load_verify_locations() now
returns a consistent error message when cadata contains no
valid certificate.
- bpo-43607: urllib can now convert Windows paths with \\?\
prefixes into URL paths.
- bpo-43284: platform.win32_ver derives the windows version
from sys.getwindowsversion().platform_version which in turn
derives the version from kernel32.dll (which can be of
a different version than Windows itself). Therefore change
the platform.win32_ver to determine the version using the
platform module’s _syscmd_ver private function to return an
accurate version.
- bpo-42248: [Enum] ensure exceptions raised in _missing__
are released
- bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1
to suppress deprecation warnings. Python requires OpenSSL
1.1.1 APIs.
- bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants
(OpenSSL 3.0.0)
- bpo-43789: OpenSSL 3.0.0: Don’t call the password callback
function a second time when first call has signaled an
error condition.
- bpo-43788: The header files for ssl error codes are now
OpenSSL version-specific. Exceptions will now show correct
reason and library codes. The make_ssl_data.py script has
been rewritten to use OpenSSL’s text file with error codes.
- bpo-43655: tkinter dialog windows are now recognized as
dialogs by window managers on macOS and X Window.
- bpo-43534: turtle.textinput() and turtle.numinput() create
now a transient window working on behalf of the canvas
window.
- bpo-43522: Fix problem with hostname_checks_common_name.
OpenSSL does not copy hostflags from struct SSL_CTX to
struct SSL.
- bpo-42967: Allow bytes separator argument in
urllib.parse.parse_qs and urllib.parse.parse_qsl when
parsing str query strings. Previously, this raised
a TypeError.
- bpo-43176: Fixed processing of a dataclass that inherits
from a frozen dataclass with no fields. It is now correctly
detected as an error.
- bpo-41735: Fix thread locks in zlib module may go wrong in
rare case. Patch by Ma Lin.
- bpo-36470: Fix dataclasses with InitVars and replace().
Patch by Claudiu Popa.
- bpo-32745: Fix a regression in the handling of ctypes’
ctypes.c_wchar_p type: embedded null characters would cause
a ValueError to be raised. Patch by Zackery Spytz.
* Documentation
- bpo-43959: The documentation on the PyContextVar C-API was
clarified.
- bpo-43938: Update dataclasses documentation to express that
FrozenInstanceError is derived from AttributeError.
- bpo-43755: Update documentation to reflect that
unparenthesized lambda expressions can no longer be the
expression part in an if clause in comprehensions and
generator expressions since Python 3.9.
- bpo-43739: Fixing the example code in
Doc/extending/extending.rst to declare and initialize the
pmodule variable to be of the right type.
* Tests
- bpo-43961: Fix
test_logging.test_namer_rotator_inheritance() on Windows:
use os.replace() rather than os.rename(). Patch by Victor
Stinner.
- bpo-43842: Fix a race condition in the SMTP test of
test_logging. Don’t close a file descriptor (socket) from
a different thread while asyncore.loop() is polling the
file descriptor. Patch by Victor Stinner.
- bpo-43811: Tests multiple OpenSSL versions on GitHub
Actions. Use ccache to speed up testing.
- bpo-43791: OpenSSL 3.0.0: Disable testing of legacy
protocols TLS 1.0 and 1.1. Tests are failing with
TLSV1_ALERT_INTERNAL_ERROR.
- Refreshed patches:
- bpo-31046_ensurepip_honours_prefix.patch
- python-3.3.0b1-fix_date_time_compiler.patch
- Add vendorized files from bluez-devel to enable building support for
Bluetooth.
OBS-URL: https://build.opensuse.org/request/show/890779
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python39?expand=0&rev=66
This commit is contained in:
Git OBS Bridge
@@ -53,7 +53,7 @@
|
||||
# Will do the /usr/bin/python3 and all the core links
|
||||
%define primary_interpreter 0
|
||||
# We don't process beta signs well
|
||||
%define folderversion 3.9.4
|
||||
%define folderversion 3.9.5
|
||||
%define tarname Python-%{tarversion}
|
||||
%define sitedir %{_libdir}/python%{python_version}
|
||||
# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149
|
||||
@@ -88,7 +88,7 @@
|
||||
%bcond_without profileopt
|
||||
%endif
|
||||
Name: %{python_pkg_name}%{psuffix}
|
||||
Version: 3.9.4
|
||||
Version: 3.9.5
|
||||
Release: 0
|
||||
Summary: Python 3 Interpreter
|
||||
License: Python-2.0
|
||||
@@ -104,6 +104,12 @@ Source10: pre_checkin.sh
|
||||
Source11: skipped_tests.py
|
||||
Source19: idle3.desktop
|
||||
Source20: idle3.appdata.xml
|
||||
# content of bluez-devel:
|
||||
# 1. sudo zypper --pkg-cache-dir /tmp install -f -d --no-recommends bluez-devel
|
||||
# 2. rpm2cpio /tmp/*/*/bluez-devel-*.rpm|cpio -idu
|
||||
# 3. mkdir Vendor && mv usr/include/* Vendor/
|
||||
# 4. tar cJf bluez-devel-vendor.tar.xz Vendor/
|
||||
Source21: bluez-devel-vendor.tar.xz
|
||||
Source99: https://www.python.org/static/files/pubkeys.txt#/python.keyring
|
||||
# The following files are not used in the build.
|
||||
# They are listed here to work around missing functionality in rpmbuild,
|
||||
@@ -402,6 +408,9 @@ rm -r Modules/expat
|
||||
# drop duplicate README from site-packages
|
||||
rm Lib/site-packages/README.txt
|
||||
|
||||
# Add vendored bluez-devel files
|
||||
tar xvf %{SOURCE21}
|
||||
|
||||
%build
|
||||
%if %{with doc}
|
||||
TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"`
|
||||
@@ -427,6 +436,8 @@ autoreconf -fvi
|
||||
sed -e 's/-fprofile-correction//' -i Makefile.pre.in
|
||||
%endif
|
||||
|
||||
export CFLAGS="%{optflags} -IVendor/"
|
||||
|
||||
%configure \
|
||||
--with-platlibdir=%{_lib} \
|
||||
--docdir=%{_docdir}/python \
|
||||
@@ -488,9 +499,6 @@ EXCLUDE="$EXCLUDE test_multiprocessing_forkserver test_multiprocessing_spawn tes
|
||||
# done have any such interface breaking the uuid module.
|
||||
EXCLUDE="$EXCLUDE test_uuid"
|
||||
|
||||
# TEMPORARILY EXCLUDE test_capi bpo#37169
|
||||
EXCLUDE="$EXCLUDE test_capi"
|
||||
|
||||
# Limit virtual memory to avoid spurious failures
|
||||
if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then
|
||||
ulimit -v 10000000 || :
|
||||
|
||||
Reference in New Issue
Block a user