From 204d863a889469979213dc213a1e528d9ba8b4bb435cc7765058f7918ab11dd5 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 2 Aug 2022 17:22:32 +0000 Subject: [PATCH] =?UTF-8?q?-=20Update=20to=203.10.6:=20=20=20-=20gh-87389:?= =?UTF-8?q?=20http.server:=20Fix=20an=20open=20redirection=20vulnerability?= =?UTF-8?q?=20=20=20=20=20in=20the=20HTTP=20server=20when=20an=20URI=20pat?= =?UTF-8?q?h=20starts=20with=20//.=20=20=20=20=20Vulnerability=20discovere?= =?UTF-8?q?d,=20and=20initial=20fix=20proposed,=20by=20Hamza=20=20=20=20?= =?UTF-8?q?=20Avvan.=20=20=20-=20gh-92888:=20Fix=20memoryview=20use=20afte?= =?UTF-8?q?r=20free=20when=20accessing=20the=20=20=20=20=20backing=20buffe?= =?UTF-8?q?r=20in=20certain=20cases.=20=20=20-=20gh-95355:=20=5FPyPegen=5F?= =?UTF-8?q?Parser=5FNew=20now=20properly=20detects=20token=20=20=20=20=20m?= =?UTF-8?q?emory=20allocation=20errors.=20Patch=20by=20Honglin=20Zhu.=20?= =?UTF-8?q?=20=20-=20gh-94938:=20Fix=20error=20detection=20in=20some=20bui?= =?UTF-8?q?ltin=20functions=20when=20=20=20=20=20keyword=20argument=20name?= =?UTF-8?q?=20is=20an=20instance=20of=20a=20str=20subclass=20with=20=20=20?= =?UTF-8?q?=20=20overloaded=20=5F=5Feq=5F=5F=20and=20=5F=5Fhash=5F=5F.=20P?= =?UTF-8?q?reviously=20it=20could=20cause=20=20=20=20=20SystemError=20or?= =?UTF-8?q?=20other=20undesired=20behavior.=20=20=20-=20gh-94949:=20ast.pa?= =?UTF-8?q?rse()=20will=20no=20longer=20parse=20parenthesized=20=20=20=20?= =?UTF-8?q?=20context=20managers=20when=20passed=20feature=5Fversion=20les?= =?UTF-8?q?s=20than=20=20=20=20=20(3,=209).=20Patch=20by=20Shantanu=20Jain?= =?UTF-8?q?.=20=20=20-=20gh-94947:=20ast.parse()=20will=20no=20longer=20pa?= =?UTF-8?q?rse=20assignment=20=20=20=20=20expressions=20when=20passed=20fe?= =?UTF-8?q?ature=5Fversion=20less=20than=20=20=20=20=20(3,=208).=20Patch?= =?UTF-8?q?=20by=20Shantanu=20Jain.=20=20=20-=20gh-94869:=20Fix=20the=20co?= =?UTF-8?q?lumn=20offsets=20for=20some=20expressions=20in=20=20=20=20=20mu?= =?UTF-8?q?lti-line=20f-strings=20ast=20nodes.=20Patch=20by=20Pablo=20Gali?= =?UTF-8?q?ndo.=20=20=20-=20gh-91153:=20Fix=20an=20issue=20where=20a=20byt?= =?UTF-8?q?earray=20item=20assignment=20=20=20=20=20could=20crash=20if=20i?= =?UTF-8?q?t=E2=80=99s=20resized=20by=20the=20new=20value=E2=80=99s=20=5F?= =?UTF-8?q?=5Findex=5F=5F()=20=20=20=20=20method.=20=20=20-=20gh-94329:=20?= =?UTF-8?q?Compile=20and=20run=20code=20with=20unpacking=20of=20extremely?= =?UTF-8?q?=20=20=20=20=20large=20sequences=20(1000s=20of=20elements).=20S?= =?UTF-8?q?uch=20code=20failed=20to=20=20=20=20=20compile.=20It=20now=20co?= =?UTF-8?q?mpiles=20and=20runs=20correctly.=20=20=20-=20gh-94360:=20Fixed?= =?UTF-8?q?=20a=20tokenizer=20crash=20when=20reading=20encoded=20=20=20=20?= =?UTF-8?q?=20files=20with=20syntax=20errors=20from=20stdin=20with=20non?= =?UTF-8?q?=20utf-8=20encoded=20=20=20=20=20text.=20Patch=20by=20Pablo=20G?= =?UTF-8?q?alindo?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=49 --- Python-3.10.5.tar.xz | 3 - Python-3.10.5.tar.xz.asc | 16 ---- Python-3.10.6.tar.xz | 3 + Python-3.10.6.tar.xz.asc | 16 ++++ bluez-devel-vendor.tar.xz | 2 +- python310.changes | 197 ++++++++++++++++++++++++++++++++++++++ python310.spec | 4 +- 7 files changed, 219 insertions(+), 22 deletions(-) delete mode 100644 Python-3.10.5.tar.xz delete mode 100644 Python-3.10.5.tar.xz.asc create mode 100644 Python-3.10.6.tar.xz create mode 100644 Python-3.10.6.tar.xz.asc diff --git a/Python-3.10.5.tar.xz b/Python-3.10.5.tar.xz deleted file mode 100644 index 6f6bbaf..0000000 --- a/Python-3.10.5.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8437efd5b106ef0a75aabfbf23d880625120a73a86a22ade4d2e2e68d7b74486 -size 19361320 diff --git a/Python-3.10.5.tar.xz.asc b/Python-3.10.5.tar.xz.asc deleted file mode 100644 index 4f10f1d..0000000 --- a/Python-3.10.5.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmKd7cEACgkQ/+h0BBaL -2EfE/g/+MM3/BRFoUwEFRF+s0WYh1IxjalHXx+9IjKFYH9xYgz4hkegcU2A6XftC -mNHI9WRZ0tXPCOe/HSL3cmGretOW59Fh1outhzL3xumLAhODMJ5JBQM3/pQ2q/CV -/zvX5nVWjwg4XhlOg6AtIRRdmqjbNesGj4a0laG5l45AzxggAVe/2l/YMvo5aq4s -uTZ8s0EdNkPugVOZBe3bQ6MxkWymUmB0VC86mCuhcNx2uzB2ulyjUHBKUwqRo55N -C7BQUvL+dUNf27aFUBs42D3bjlUijvwf0Nc3BQM95d6WgmIsEOUQj/Tevsdb34DL -zt/slvwiwxJYlIlJP9jmxd6/CuqCdt07ML24/EMv1UUadwyvi5zVhmatuKpACULX -RNZSHy8ksgclc1KszxQfJMOqdbjy4K4Wa9jmh8/URCSOoagkF1opr7n9NXjPARXa -NoZCAbwoBiV9E1F4Fs8AmubI9tLyL9tMYayqF4vQgnSKlYD/Y5bxV7bmYTV6ELXE -m6UurUeCx0kzAvGt9qNx2B2TBoeyMdy12nmiiOAF1CCK76UUXwFFnG+vOlxC1d4U -GSKISTJkNY8dn40RPBpYjhCgbEPJiJbpvh4ryE3EVUQ6sPOBdrt2/xKJq/UprpFf -/rf5gk0BoNLtTp23k+Hh9UeRkji+0PMR0DgVS4DxzV9RUaSMyDY= -=FV1Y ------END PGP SIGNATURE----- diff --git a/Python-3.10.6.tar.xz b/Python-3.10.6.tar.xz new file mode 100644 index 0000000..d3ccbef --- /dev/null +++ b/Python-3.10.6.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f795ff87d11d4b0c7c33bc8851b0c28648d8a4583aa2100a98c22b4326b6d3f3 +size 19600672 diff --git a/Python-3.10.6.tar.xz.asc b/Python-3.10.6.tar.xz.asc new file mode 100644 index 0000000..888d94f --- /dev/null +++ b/Python-3.10.6.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmLoOeYACgkQ/+h0BBaL +2EeOCw/8DZ+RhttyrfzanYVN8lkWASoyG3BO9dcUpuKgq70kcfnMVySDMoKcluJM +ACJGbJf7XvyiUaylbpiJsvgIbbdhprcJR0O/xCQqouBbjZEW/oOMJWTVOALlOAEG +PutOdZpxFUltFu49g9fumvZxfouN+/GGYJy3RA13MDl/kL+UWMzaHh4U54+fuD/K +iAxezTitzj/sRhgmpqoOPXN8wzalifAc5bJWRe2xcQQHFJQjOAbg3lA4tmiKGOuJ +inbacNNkkkWj6cMirIcwZ+25wXiBmTFlEl/Q/yOeHxJkiVDxD6/MKKarV0LNRLZL +eug4D+jp+XpCC48IvMQhZ7tUe3BlgUIyyUeq2hmiVkNzFHLNEG4Drihj/Zic3lt8 +LbcAOWEvR58qBoz6foPNahudBqlAL/jaKMDAOAd5X5oOUDXwWag4MjH5lJwb1S0D +cctY9azwCCGss6iFyi/zD2RB7QXrF+NRbUcEoMIjJJ/w5mB3sAKMTEV3wbOyrDkG +x4NQDfozZtvrVACJ9A6j4Vnh4CO4Gl/8dpV2ABcoIjE5IZgSyak/GhUaNIdBHkno +LgEKGYY8Wp/rw7PgHlhxYYcn0I/Y2Ej6ki03weRrD6Lpt6AUKh2eQCgjFC1xBSUh +2eM7eOOD8FD4h+urrTTmNAiTl7OFLtQfwhWzonrsCOJJF3Yqcho= +=0eZA +-----END PGP SIGNATURE----- diff --git a/bluez-devel-vendor.tar.xz b/bluez-devel-vendor.tar.xz index 57fb3e5..f6fb7ae 100644 --- a/bluez-devel-vendor.tar.xz +++ b/bluez-devel-vendor.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:868fbfba2ddaed62f2c45cf869fe2c648527ac3bac738f4f41f3c2872f5b0211 +oid sha256:8f500ed7fc0680e2b4a18a3c188fcd6be5706f7ddfbc2002134f0772b3d4d4ce size 25040 diff --git a/python310.changes b/python310.changes index 26c4492..622af60 100644 --- a/python310.changes +++ b/python310.changes @@ -1,3 +1,200 @@ +------------------------------------------------------------------- +Tue Aug 2 17:13:37 UTC 2022 - Matej Cepl + +- Update to 3.10.6: + - gh-87389: http.server: Fix an open redirection vulnerability + in the HTTP server when an URI path starts with //. + Vulnerability discovered, and initial fix proposed, by Hamza + Avvan. + - gh-92888: Fix memoryview use after free when accessing the + backing buffer in certain cases. + - gh-95355: _PyPegen_Parser_New now properly detects token + memory allocation errors. Patch by Honglin Zhu. + - gh-94938: Fix error detection in some builtin functions when + keyword argument name is an instance of a str subclass with + overloaded __eq__ and __hash__. Previously it could cause + SystemError or other undesired behavior. + - gh-94949: ast.parse() will no longer parse parenthesized + context managers when passed feature_version less than + (3, 9). Patch by Shantanu Jain. + - gh-94947: ast.parse() will no longer parse assignment + expressions when passed feature_version less than + (3, 8). Patch by Shantanu Jain. + - gh-94869: Fix the column offsets for some expressions in + multi-line f-strings ast nodes. Patch by Pablo Galindo. + - gh-91153: Fix an issue where a bytearray item assignment + could crash if it’s resized by the new value’s __index__() + method. + - gh-94329: Compile and run code with unpacking of extremely + large sequences (1000s of elements). Such code failed to + compile. It now compiles and runs correctly. + - gh-94360: Fixed a tokenizer crash when reading encoded + files with syntax errors from stdin with non utf-8 encoded + text. Patch by Pablo Galindo + - gh-94192: Fix error for dictionary literals with invalid + expression as value. + - gh-93964: Strengthened compiler overflow checks to prevent + crashes when compiling very large source files. + - gh-93671: Fix some exponential backtrace case happening with + deeply nested sequence patterns in match statements. Patch by + Pablo Galindo + - gh-93021: Fix the __text_signature__ for __get__() methods + implemented in C. Patch by Jelle Zijlstra. + - gh-92930: Fixed a crash in _pickle.c from mutating + collections during __reduce__ or persistent_id. + - gh-92914: Always round the allocated size for lists up to the + nearest even number. + - gh-92858: Improve error message for some suites with syntax + error before ‘:’ + - gh-95339: Update bundled pip to 22.2.1. + - gh-95045: Fix GC crash when deallocating _lsprof.Profiler by + untracking it before calling any callbacks. Patch by Kumar + Aditya. + - gh-95087: Fix IndexError in parsing invalid date in the email + module. + - gh-95199: Upgrade bundled setuptools to 63.2.0. + - gh-95194: Upgrade bundled pip to 22.2. + - gh-93899: Fix check for existence of os.EFD_CLOEXEC, + os.EFD_NONBLOCK and os.EFD_SEMAPHORE flags on older kernel + versions where these flags are not present. Patch by Kumar + Aditya. + - gh-95166: Fix concurrent.futures.Executor.map() to cancel the + currently waiting on future on an error - e.g. TimeoutError + or KeyboardInterrupt. + - gh-93157: Fix fileinput module didn’t support errors option + when inplace is true. + - gh-94821: Fix binding of unix socket to empty address + on Linux to use an available address from the abstract + namespace, instead of “0”. + - gh-94736: Fix crash when deallocating an instance of a + subclass of _multiprocessing.SemLock. Patch by Kumar Aditya. + - gh-94637: SSLContext.set_default_verify_paths() now releases + the GIL around SSL_CTX_set_default_verify_paths call. The + function call performs I/O and CPU intensive work. + - gh-94510: Re-entrant calls to sys.setprofile() and + sys.settrace() now raise RuntimeError. Patch by Pablo + Galindo. + - gh-92336: Fix bug where linecache.getline() fails on bad + files with UnicodeDecodeError or SyntaxError. It now returns + an empty string as per the documentation. + - gh-89988: Fix memory leak in pickle.Pickler when looking up + dispatch_table. Patch by Kumar Aditya. + - gh-94254: Fixed types of struct module to be immutable. Patch + by Kumar Aditya. + - gh-94245: Fix pickling and copying of typing.Tuple[()]. + - gh-94207: Made _struct.Struct GC-tracked in order to fix a + reference leak in the _struct module. + - gh-94101: Manual instantiation of ssl.SSLSession objects is + no longer allowed as it lead to misconfigured instances that + crashed the interpreter when attributes where accessed on + them. + - gh-84753: inspect.iscoroutinefunction(), + inspect.isgeneratorfunction(), and + inspect.isasyncgenfunction() now properly return True + for duck-typed function-like objects like instances of + unittest.mock.AsyncMock. + - This makes inspect.iscoroutinefunction() consistent with the + behavior of asyncio.iscoroutinefunction(). Patch by Mehdi + ABAAKOUK. + - gh-83499: Fix double closing of file description in tempfile. + - gh-79512: Fixed names and __module__ value of weakref classes + ReferenceType, ProxyType, CallableProxyType. It makes them + pickleable. + - gh-90494: copy.copy() and copy.deepcopy() now always raise + a TypeError if __reduce__() returns a tuple with length 6 + instead of silently ignore the 6th item or produce incorrect + result. + - gh-90549: Fix a multiprocessing bug where a global named + resource (such as a semaphore) could leak when a child + process is spawned (as opposed to forked). + - gh-79579: sqlite3 now correctly detects DML queries with + leading comments. Patch by Erlend E. Aasland. + - gh-93421: Update sqlite3.Cursor.rowcount when a DML + statement has run to completion. This fixes the row count + for SQL queries like UPDATE ... RETURNING. Patch by Erlend + E. Aasland. + - gh-91810: Suppress writing an XML declaration in open + files in ElementTree.write() with encoding='unicode' and + xml_declaration=None. + - gh-93353: Fix the importlib.resources.as_file() context + manager to remove the temporary file if destroyed late + during Python finalization: keep a local reference to the + os.remove() function. Patch by Victor Stinner. + - gh-83658: Make multiprocessing.Pool raise an exception if + maxtasksperchild is not None or a positive int. + - gh-74696: shutil.make_archive() no longer temporarily changes + the current working directory during creation of standard + .zip or tar archives. + - gh-91577: Move imports in SharedMemory methods to module + level so that they can be executed late in python + finalization. + - bpo-47231: Fixed an issue with inconsistent trailing slashes + in tarfile longname directories. + - bpo-46755: In QueueHandler, clear stack_info from LogRecord + to prevent stack trace from being written twice. + - bpo-46053: Fix OSS audio support on NetBSD. + - bpo-46197: Fix ensurepip environment isolation for subprocess + running pip. + - bpo-45924: Fix asyncio incorrect traceback when future’s + exception is raised multiple times. Patch by Kumar Aditya. + - bpo-34828: sqlite3.Connection.iterdump() now handles + databases that use AUTOINCREMENT in one or more tables. + - gh-94321: Document the PEP 246 style protocol type + sqlite3.PrepareProtocol. + - gh-86128: Document a limitation in ThreadPoolExecutor where + its exit handler is executed before any handlers in atexit. + - gh-61162: Clarify sqlite3 behavior when Using the connection + as a context manager. + - gh-87260: Align sqlite3 argument specs with the actual + implementation. + - gh-86986: The minimum Sphinx version required to build the + documentation is now 3.2. + - gh-88831: Augmented documentation of + asyncio.create_task(). Clarified the need to keep strong + references to tasks and added a code snippet detailing how to + to this. + - bpo-47161: Document that pathlib.PurePath does not collapse + initial double slashes because they denote UNC paths. + - gh-95280: Fix problem with test_ssl test_get_ciphers on + systems that require perfect forward secrecy (PFS) ciphers. + - gh-95212: Make multiprocessing test case + test_shared_memory_recreate parallel-safe. + - gh-91330: Added more tests for dataclasses to cover behavior + with data descriptor-based fields. + - gh-94208: test_ssl is now checking for supported TLS version + and protocols in more tests. + - gh-93951: In test_bdb.StateTestCase.test_skip, avoid + including auxiliary importers. + - gh-93957: Provide nicer error reporting from subprocesses in + test_venv.EnsurePipTest.test_with_pip. + - gh-57539: Increase calendar test coverage for + calendar.LocaleTextCalendar.formatweekday(). + - gh-92886: Fixing tests that fail when running with + optimizations (-O) in test_zipimport.py + - bpo-47016: Create a GitHub Actions workflow for verifying + bundled pip and setuptools. Patch by Illia Volochii and Adam + Turner. + - gh-94841: Fix the possible performance regression of + PyObject_Free() compiled with MSVC version 1932. + - gh-95511: Fix the Shell context menu copy-with-prompts bug of + copying an extra line when one selects whole lines. + - gh-95471: In the Edit menu, move Select All and add a new + separator. + - gh-95411: Enable using IDLE’s module browser with .pyw files. + - gh-89610: Add .pyi as a recognized extension for IDLE on + macOS. This allows opening stub files by double clicking on + them in the Finder. + - gh-94538: Fix Argument Clinic output to custom file + destinations. Patch by Erlend E. Aasland. + - gh-94430: Allow parameters named module and self with custom + C names in Argument Clinic. Patch by Erlend E. Aasland + - gh-94930: Fix SystemError raised when + PyArg_ParseTupleAndKeywords() is used with # in (...) but + without PY_SSIZE_T_CLEAN defined. + - gh-94864: Fix PyArg_Parse* with deprecated format units “u” + and “Z”. It returned 1 (success) when warnings are turned + into exceptions. + ------------------------------------------------------------------- Thu Jul 21 14:19:52 UTC 2022 - Matej Cepl diff --git a/python310.spec b/python310.spec index 90b3d75..3bbb087 100644 --- a/python310.spec +++ b/python310.spec @@ -67,7 +67,7 @@ Obsoletes: python39%{?1:-%{1}} %define tarversion %{version} %endif # We don't process beta signs well -%define folderversion 3.10.5 +%define folderversion 3.10.6 %define tarname Python-%{tarversion} %define sitedir %{_libdir}/python%{python_version} # three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 @@ -103,7 +103,7 @@ Obsoletes: python39%{?1:-%{1}} %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.10.5 +Version: 3.10.6 Release: 0 Summary: Python 3 Interpreter License: Python-2.0