SHA256
1
0
forked from pool/python310
Commit Graph

145 Commits

Author SHA256 Message Date
f5edaf893f Revert
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=83
2023-03-27 15:08:59 +00:00
ff2aadd3f5 - Switch off obsoleting previous interpreters.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=82
2023-03-27 15:00:17 +00:00
Dominique Leuenberger
c64e33ed3e Accepting request 1071070 from devel:languages:python:Factory
- Add invalid-json.patch fixing invalid JSON in
  Doc/howto/logging-cookbook.rst (somehow similar to
  gh#python/cpython#102582).

OBS-URL: https://build.opensuse.org/request/show/1071070
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python310?expand=0&rev=30
2023-03-15 17:52:49 +00:00
f698aaf4d9 Somebody has not enough to do.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=80
2023-03-13 08:40:16 +00:00
e4ffe4ce0f - Add invalid-json.patch fixing invalid JSON in
Doc/howto/logging-cookbook.rst (somehow similar to
  gh#python/cpython#102582).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=79
2023-03-10 14:39:59 +00:00
Dominique Leuenberger
a67ddc0ae1 Accepting request 1068979 from devel:languages:python:Factory
- Update to 3.10.10:
  Bug fixes and regressions handling, no change of behaviour and
  no security bugs fixed.
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
  bsc#1208471) blocklists bypass via the urllib.parse component
  when supplying a URL that starts with blank characters

OBS-URL: https://build.opensuse.org/request/show/1068979
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python310?expand=0&rev=29
2023-03-05 19:07:48 +00:00
0c5704949d Take care of _testclinic binary module.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=77
2023-03-02 15:23:34 +00:00
602adbc016 - Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
bsc#1208471) blocklists bypass via the urllib.parse component
  when supplying a URL that starts with blank characters

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=76
2023-03-01 21:21:46 +00:00
a60c90b1d7 - Update to 3.10.10:
Bug fixes and regressions handling, no change of behaviour and
  no security bugs fixed.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=75
2023-03-01 21:10:15 +00:00
Dominique Leuenberger
55a026e97b Accepting request 1066987 from devel:languages:python:Factory
- Add provides for readline and sqlite3 to the main Python
  package.

OBS-URL: https://build.opensuse.org/request/show/1066987
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python310?expand=0&rev=28
2023-02-22 14:21:08 +00:00
0269832509 Fix SPEC file
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=73
2023-02-21 11:42:46 +00:00
b88ed8b5bd - Add provides for readline and sqlite3 to the main Python
package.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=72
2023-02-21 11:35:05 +00:00
Dominique Leuenberger
eb1e8bd53a Accepting request 1061591 from devel:languages:python:Factory
OBS-URL: https://build.opensuse.org/request/show/1061591
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python310?expand=0&rev=27
2023-01-29 13:10:05 +00:00
a2b5c7c23b Accepting request 1061584 from home:kukuk:branches:devel:languages:python:Factory
- Disable NIS for new products, it's deprecated and gets removed

OBS-URL: https://build.opensuse.org/request/show/1061584
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=70
2023-01-27 16:14:56 +00:00
Dominique Leuenberger
438d63cfde Accepting request 1041730 from devel:languages:python:Factory
- Update to 3.10.9:
  - python -m http.server no longer allows terminal
    control characters sent within a garbage request to be
    printed to the stderr server lo This is done by changing
    the http.server BaseHTTPRequestHandler .log_message method
    to replace control characters with a \xHH hex escape before
    printin
  - Avoid publishing list of active per-interpreter
    audit hooks via the gc module
  - The IDNA codec decoder used on DNS hostnames by
    socket or asyncio related name resolution functions no
    longer involves a quadratic algorithm. This prevents a
    potential CPU denial of service if an out-of-spec excessive
    length hostname involving bidirectional characters were
    decoded. Some protocols such as urllib http 3xx redirects
    potentially allow for an attacker to supply such a name.
  - Update bundled libexpat to 2.5.0
  - Port XKCP’s fix for the buffer overflows in SHA-3
    (CVE-2022-37454).
  - On Linux the multiprocessing module returns
    to using filesystem backed unix domain sockets for
    communication with the forkserver process instead of the
    Linux abstract socket namespace. Only code that chooses
    to use the “forkserver” start method is affected Abstract
    sockets have no permissions and could allow any user
    on the system in the same network namespace (often the
    whole system) to inject code into the multiprocessing
    forkserver process. This was a potential privilege
    escalation. Filesystem based socket permissions restrict
    this to the forkserver process user as was the default in

OBS-URL: https://build.opensuse.org/request/show/1041730
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python310?expand=0&rev=26
2022-12-12 17:59:10 +00:00
7757e5a6dc - Update to 3.10.9:
- python -m http.server no longer allows terminal
    control characters sent within a garbage request to be
    printed to the stderr server lo This is done by changing
    the http.server BaseHTTPRequestHandler .log_message method
    to replace control characters with a \xHH hex escape before
    printin
  - Avoid publishing list of active per-interpreter
    audit hooks via the gc module
  - The IDNA codec decoder used on DNS hostnames by
    socket or asyncio related name resolution functions no
    longer involves a quadratic algorithm. This prevents a
    potential CPU denial of service if an out-of-spec excessive
    length hostname involving bidirectional characters were
    decoded. Some protocols such as urllib http 3xx redirects
    potentially allow for an attacker to supply such a name.
  - Update bundled libexpat to 2.5.0
  - Port XKCP’s fix for the buffer overflows in SHA-3
    (CVE-2022-37454).
  - On Linux the multiprocessing module returns
    to using filesystem backed unix domain sockets for
    communication with the forkserver process instead of the
    Linux abstract socket namespace. Only code that chooses
    to use the “forkserver” start method is affected Abstract
    sockets have no permissions and could allow any user
    on the system in the same network namespace (often the
    whole system) to inject code into the multiprocessing
    forkserver process. This was a potential privilege
    escalation. Filesystem based socket permissions restrict
    this to the forkserver process user as was the default in

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=68
2022-12-08 14:49:07 +00:00
Dominique Leuenberger
d498aa5eb1 Accepting request 1034962 from devel:languages:python:Factory
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
  CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
  extremely long domain names.

OBS-URL: https://build.opensuse.org/request/show/1034962
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python310?expand=0&rev=25
2022-11-12 16:39:52 +00:00
00fe94daed - Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
  extremely long domain names.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=66
2022-11-09 18:33:25 +00:00
Dominique Leuenberger
992e439ab9 Accepting request 1033570 from devel:languages:python:Factory
- Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid
  CVE-2022-42919 (bsc#1204886) avoiding Linux specific local
  privilege escalation via the multiprocessing forkserver start
  method.

OBS-URL: https://build.opensuse.org/request/show/1033570
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python310?expand=0&rev=24
2022-11-05 13:46:32 +00:00
7c8b7412f2 - Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid
CVE-2022-42919 (bsc#1204886) avoiding Linux specific local
  privilege escalation via the multiprocessing forkserver start
  method.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=64
2022-11-04 14:58:28 +00:00
Dominique Leuenberger
b954ccba31 Accepting request 1031406 from devel:languages:python:Factory
OBS-URL: https://build.opensuse.org/request/show/1031406
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python310?expand=0&rev=23
2022-10-28 17:28:30 +00:00
87c3616141 Accepting request 1031400 from home:mcepl:branches:devel:languages:python:Factory
- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to
  allow building of documentation with the latest Sphinx 5.3.0
  (gh#python/cpython#98366).

OBS-URL: https://build.opensuse.org/request/show/1031400
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=62
2022-10-26 21:24:55 +00:00
9ffbba32c9 - Update to 3.10.8:
- Fix multiplying a list by an integer (list *= int): detect
    the integer overflow when the new allocated length is close
    to the maximum size.
  - Fix a shell code injection vulnerability in the
    get-remote-certificate.py example script. The script no
    longer uses a shell to run openssl commands. (originally
    filed as CVE-2022-37460, later withdrawn)
  - Fix command line parsing: reject -X int_max_str_digits option
    with no value (invalid) when the PYTHONINTMAXSTRDIGITS
    environment variable is set to a valid limit.
  - When ValueError is raised if an integer is larger than the
    limit, mention the sys.set_int_max_str_digits() function in
    the error message.
  - The deprecated mailcap module now refuses to inject unsafe
    text (filenames, MIME types, parameters) into shell
    commands. Instead of using such text, it will warn and act
    as if a match was not found (or for test commands, as if the
    test failed).
  - os.sched_yield() now release the GIL while calling
    sched_yield(2).
  - Bugfix: PyFunction_GetAnnotations() should return a borrowed
    reference. It was returning a new reference.
  - Fixed a missing incref/decref pair in
    Exception.__setstate__().
  - Fix overly-broad source position information for chained
    comparisons used as branching conditions.
  - Fix undefined behaviour in _testcapimodule.c.
  - At Python exit, sometimes a thread holding the GIL can
    wait forever for a thread (usually a daemon thread) which

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=61
2022-10-19 07:46:21 +00:00
Dominique Leuenberger
cb4bb1e48d Accepting request 1004684 from devel:languages:python:Factory
OBS-URL: https://build.opensuse.org/request/show/1004684
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python310?expand=0&rev=22
2022-09-21 12:38:55 +00:00
01ff931ee1 Accepting request 1004493 from openSUSE:Factory:RISCV
- test-int-timing.patch: gh-96710: Make the test timing more lenient for
  the int/str DoS regression test. (#96717)

OBS-URL: https://build.opensuse.org/request/show/1004493
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=59
2022-09-19 11:20:10 +00:00
Dominique Leuenberger
f7ce61916b Accepting request 1002508 from devel:languages:python:Factory
- Update to 3.10.7:
  - Fix for CVE-2020-10735 (bsc#1203125) Converting between int
    and str in bases other than 2 (binary), 4, 8 (octal), 16
    (hexadecimal), or 32 such as base 10 (decimal) now raises
    a ValueError if the number of digits in string form is above
    a limit to avoid potential denial of service attacks due to
    the algorithmic complexity.
  - Other bug fixes:
    - Fixed a bug that caused _PyCode_GetExtra to return garbage
      for negative indexes.
    - Fix format string in _PyPegen_raise_error_known_location
      that can lead to memory corruption on some 64bit systems.
      The function was building a tuple with i (int) instead of
      n (Py_ssize_t) for Py_ssize_t arguments.
    - Fix misleading contents of error message when converting an
      all-whitespace string to float.
    - coroutine.throw() now properly initializes the frame.f_back
      when resuming a stack of coroutines. This allows e.g.
      traceback.print_stack() to work correctly when an exception
      (such as CancelledError) is thrown into a coroutine.
    - ast.parse() will no longer parse function definitions with
      positional-only params when passed feature_version less
      than (3, 8).
    - Correct conversion of numbers.Rational’s to float.
    - Fix a performance regression in logging
      TimedRotatingFileHandler. Only check for special files when
      the rollover time has passed.
    - Fix unused localName parameter in the Attr class in
      xml.dom.minidom.
    - Update bundled pip to 22.2.2.

OBS-URL: https://build.opensuse.org/request/show/1002508
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python310?expand=0&rev=21
2022-09-17 18:08:07 +00:00
0dca4d95d4 Accepting request 991870 from home:coolo:branches:devel:languages:python:Factory
- Extend distutils-reproducible-compile.patch with a workaround
  for non reproducible pyc files issue 93317

OBS-URL: https://build.opensuse.org/request/show/991870
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=57
2022-09-11 08:43:05 +00:00
8e56b3482c - Update to 3.10.7:
- Fix for CVE-2020-10735 (bsc#1203125) Converting between int
    and str in bases other than 2 (binary), 4, 8 (octal), 16
    (hexadecimal), or 32 such as base 10 (decimal) now raises
    a ValueError if the number of digits in string form is above
    a limit to avoid potential denial of service attacks due to
    the algorithmic complexity.
  - Other bug fixes:
    - Fixed a bug that caused _PyCode_GetExtra to return garbage
      for negative indexes.
    - Fix format string in _PyPegen_raise_error_known_location
      that can lead to memory corruption on some 64bit systems.
      The function was building a tuple with i (int) instead of
      n (Py_ssize_t) for Py_ssize_t arguments.
    - Fix misleading contents of error message when converting an
      all-whitespace string to float.
    - coroutine.throw() now properly initializes the frame.f_back
      when resuming a stack of coroutines. This allows e.g.
      traceback.print_stack() to work correctly when an exception
      (such as CancelledError) is thrown into a coroutine.
    - ast.parse() will no longer parse function definitions with
      positional-only params when passed feature_version less
      than (3, 8).
    - Correct conversion of numbers.Rational’s to float.
    - Fix a performance regression in logging
      TimedRotatingFileHandler. Only check for special files when
      the rollover time has passed.
    - Fix unused localName parameter in the Attr class in
      xml.dom.minidom.
    - Update bundled pip to 22.2.2.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=56
2022-09-11 08:41:57 +00:00
Dominique Leuenberger
2efb08548d Accepting request 1000538 from devel:languages:python:Factory
Add references to bsc#1202624, CVE-2021-28861

OBS-URL: https://build.opensuse.org/request/show/1000538
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python310?expand=0&rev=20
2022-09-01 20:10:16 +00:00
Steve Kowalik
04cd0e8ee2 Add bug and cve references
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=54
2022-09-01 03:44:32 +00:00
Dominique Leuenberger
f2d823559c Accepting request 998410 from devel:languages:python:Factory
OBS-URL: https://build.opensuse.org/request/show/998410
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python310?expand=0&rev=19
2022-08-22 09:04:39 +00:00
9797d7c86c Accepting request 997520 from home:dirkmueller:Factory
- fix import_failed.map to refer to the python 3.10 package versions

OBS-URL: https://build.opensuse.org/request/show/997520
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=52
2022-08-20 21:29:40 +00:00
Dominique Leuenberger
a218f8546a Accepting request 992411 from devel:languages:python:Factory
- Update to 3.10.6:
  - gh-87389: http.server: Fix an open redirection vulnerability
    in the HTTP server when an URI path starts with //.
    Vulnerability discovered, and initial fix proposed, by Hamza
    Avvan.
  - gh-92888: Fix memoryview use after free when accessing the
    backing buffer in certain cases.
  - gh-95355: _PyPegen_Parser_New now properly detects token
    memory allocation errors. Patch by Honglin Zhu.
  - gh-94938: Fix error detection in some builtin functions when
    keyword argument name is an instance of a str subclass with
    overloaded __eq__ and __hash__. Previously it could cause
    SystemError or other undesired behavior.
  - gh-94949: ast.parse() will no longer parse parenthesized
    context managers when passed feature_version less than
    (3, 9). Patch by Shantanu Jain.
  - gh-94947: ast.parse() will no longer parse assignment
    expressions when passed feature_version less than
    (3, 8). Patch by Shantanu Jain.
  - gh-94869: Fix the column offsets for some expressions in
    multi-line f-strings ast nodes. Patch by Pablo Galindo.
  - gh-91153: Fix an issue where a bytearray item assignment
    could crash if it’s resized by the new value’s __index__()
    method.
  - gh-94329: Compile and run code with unpacking of extremely
    large sequences (1000s of elements). Such code failed to
    compile. It now compiles and runs correctly.
  - gh-94360: Fixed a tokenizer crash when reading encoded
    files with syntax errors from stdin with non utf-8 encoded
    text. Patch by Pablo Galindo
  - gh-94192: Fix error for dictionary literals with invalid
    expression as value.
  - gh-93964: Strengthened compiler overflow checks to prevent
    crashes when compiling very large source files.
  - gh-93671: Fix some exponential backtrace case happening with
    deeply nested sequence patterns in match statements. Patch by
    Pablo Galindo
  - gh-93021: Fix the __text_signature__ for __get__() methods
    implemented in C. Patch by Jelle Zijlstra.
  - gh-92930: Fixed a crash in _pickle.c from mutating
    collections during __reduce__ or persistent_id.
  - gh-92914: Always round the allocated size for lists up to the
    nearest even number.
  - gh-92858: Improve error message for some suites with syntax
    error before ‘:’
  - gh-95339: Update bundled pip to 22.2.1.
  - gh-95045: Fix GC crash when deallocating _lsprof.Profiler by
    untracking it before calling any callbacks. Patch by Kumar
    Aditya.
  - gh-95087: Fix IndexError in parsing invalid date in the email
    module.
  - gh-95199: Upgrade bundled setuptools to 63.2.0.
  - gh-95194: Upgrade bundled pip to 22.2.
  - gh-93899: Fix check for existence of os.EFD_CLOEXEC,
    os.EFD_NONBLOCK and os.EFD_SEMAPHORE flags on older kernel
    versions where these flags are not present. Patch by Kumar
    Aditya.
  - gh-95166: Fix concurrent.futures.Executor.map() to cancel the
    currently waiting on future on an error - e.g. TimeoutError
    or KeyboardInterrupt.
  - gh-93157: Fix fileinput module didn’t support errors option
    when inplace is true.
  - gh-94821: Fix binding of unix socket to empty address
    on Linux to use an available address from the abstract
    namespace, instead of “0”.
  - gh-94736: Fix crash when deallocating an instance of a
    subclass of _multiprocessing.SemLock. Patch by Kumar Aditya.
  - gh-94637: SSLContext.set_default_verify_paths() now releases
    the GIL around SSL_CTX_set_default_verify_paths call. The
    function call performs I/O and CPU intensive work.
  - gh-94510: Re-entrant calls to sys.setprofile() and
    sys.settrace() now raise RuntimeError. Patch by Pablo
    Galindo.
  - gh-92336: Fix bug where linecache.getline() fails on bad
    files with UnicodeDecodeError or SyntaxError. It now returns
    an empty string as per the documentation.
  - gh-89988: Fix memory leak in pickle.Pickler when looking up
    dispatch_table. Patch by Kumar Aditya.
  - gh-94254: Fixed types of struct module to be immutable. Patch
    by Kumar Aditya.
  - gh-94245: Fix pickling and copying of typing.Tuple[()].
  - gh-94207: Made _struct.Struct GC-tracked in order to fix a
    reference leak in the _struct module.
  - gh-94101: Manual instantiation of ssl.SSLSession objects is
    no longer allowed as it lead to misconfigured instances that
    crashed the interpreter when attributes where accessed on
    them.
  - gh-84753: inspect.iscoroutinefunction(),
    inspect.isgeneratorfunction(), and
    inspect.isasyncgenfunction() now properly return True
    for duck-typed function-like objects like instances of
    unittest.mock.AsyncMock.
  - This makes inspect.iscoroutinefunction() consistent with the
    behavior of asyncio.iscoroutinefunction(). Patch by Mehdi
    ABAAKOUK.
  - gh-83499: Fix double closing of file description in tempfile.
  - gh-79512: Fixed names and __module__ value of weakref classes
    ReferenceType, ProxyType, CallableProxyType. It makes them
    pickleable.
  - gh-90494: copy.copy() and copy.deepcopy() now always raise
    a TypeError if __reduce__() returns a tuple with length 6
    instead of silently ignore the 6th item or produce incorrect
    result.
  - gh-90549: Fix a multiprocessing bug where a global named
    resource (such as a semaphore) could leak when a child
    process is spawned (as opposed to forked).
  - gh-79579: sqlite3 now correctly detects DML queries with
    leading comments. Patch by Erlend E. Aasland.
  - gh-93421: Update sqlite3.Cursor.rowcount when a DML
    statement has run to completion. This fixes the row count
    for SQL queries like UPDATE ... RETURNING. Patch by Erlend
    E. Aasland.
  - gh-91810: Suppress writing an XML declaration in open
    files in ElementTree.write() with encoding='unicode' and
    xml_declaration=None.
  - gh-93353: Fix the importlib.resources.as_file() context
    manager to remove the temporary file if destroyed late
    during Python finalization: keep a local reference to the
    os.remove() function. Patch by Victor Stinner.
  - gh-83658: Make multiprocessing.Pool raise an exception if
    maxtasksperchild is not None or a positive int.
  - gh-74696: shutil.make_archive() no longer temporarily changes
    the current working directory during creation of standard
    .zip or tar archives.
  - gh-91577: Move imports in SharedMemory methods to module
    level so that they can be executed late in python
    finalization.
  - bpo-47231: Fixed an issue with inconsistent trailing slashes
    in tarfile longname directories.
  - bpo-46755: In QueueHandler, clear stack_info from LogRecord
    to prevent stack trace from being written twice.
  - bpo-46053: Fix OSS audio support on NetBSD.
  - bpo-46197: Fix ensurepip environment isolation for subprocess
    running pip.
  - bpo-45924: Fix asyncio incorrect traceback when future’s
    exception is raised multiple times. Patch by Kumar Aditya.
  - bpo-34828: sqlite3.Connection.iterdump() now handles
    databases that use AUTOINCREMENT in one or more tables.
  - gh-94321: Document the PEP 246 style protocol type
    sqlite3.PrepareProtocol.
  - gh-86128: Document a limitation in ThreadPoolExecutor where
    its exit handler is executed before any handlers in atexit.
  - gh-61162: Clarify sqlite3 behavior when Using the connection
    as a context manager.
  - gh-87260: Align sqlite3 argument specs with the actual
    implementation.
  - gh-86986: The minimum Sphinx version required to build the
    documentation is now 3.2.
  - gh-88831: Augmented documentation of
    asyncio.create_task(). Clarified the need to keep strong
    references to tasks and added a code snippet detailing how to
    to this.
  - bpo-47161: Document that pathlib.PurePath does not collapse
    initial double slashes because they denote UNC paths.
  - gh-95280: Fix problem with test_ssl test_get_ciphers on
    systems that require perfect forward secrecy (PFS) ciphers.
  - gh-95212: Make multiprocessing test case
    test_shared_memory_recreate parallel-safe.
  - gh-91330: Added more tests for dataclasses to cover behavior
    with data descriptor-based fields.
  - gh-94208: test_ssl is now checking for supported TLS version
    and protocols in more tests.
  - gh-93951: In test_bdb.StateTestCase.test_skip, avoid
    including auxiliary importers.
  - gh-93957: Provide nicer error reporting from subprocesses in
    test_venv.EnsurePipTest.test_with_pip.
  - gh-57539: Increase calendar test coverage for
    calendar.LocaleTextCalendar.formatweekday().
  - gh-92886: Fixing tests that fail when running with
    optimizations (-O) in test_zipimport.py
  - bpo-47016: Create a GitHub Actions workflow for verifying
    bundled pip and setuptools. Patch by Illia Volochii and Adam
    Turner.
  - gh-94841: Fix the possible performance regression of
    PyObject_Free() compiled with MSVC version 1932.
  - gh-95511: Fix the Shell context menu copy-with-prompts bug of
    copying an extra line when one selects whole lines.
  - gh-95471: In the Edit menu, move Select All and add a new
    separator.
  - gh-95411: Enable using IDLE’s module browser with .pyw files.
  - gh-89610: Add .pyi as a recognized extension for IDLE on
    macOS. This allows opening stub files by double clicking on
    them in the Finder.
  - gh-94538: Fix Argument Clinic output to custom file
    destinations. Patch by Erlend E. Aasland.
  - gh-94430: Allow parameters named module and self with custom
    C names in Argument Clinic. Patch by Erlend E. Aasland
  - gh-94930: Fix SystemError raised when
    PyArg_ParseTupleAndKeywords() is used with # in (...) but
    without PY_SSIZE_T_CLEAN defined.
  - gh-94864: Fix PyArg_Parse* with deprecated format units “u”
    and “Z”. It returned 1 (success) when warnings are turned
    into exceptions.
- Reapply patches
  -  bpo-31046_ensurepip_honours_prefix.patch
  -  fix_configure_rst.patch
  -  no-skipif-doctests.patch
  -  skip-test_pyobject_freed_is_freed.patch

OBS-URL: https://build.opensuse.org/request/show/992411
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python310?expand=0&rev=18
2022-08-10 15:12:20 +00:00
a525b95311 - Reapply patches
-  bpo-31046_ensurepip_honours_prefix.patch
  -  fix_configure_rst.patch
  -  no-skipif-doctests.patch
  -  skip-test_pyobject_freed_is_freed.patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=50
2022-08-02 21:52:43 +00:00
204d863a88 - Update to 3.10.6:
- gh-87389: http.server: Fix an open redirection vulnerability
    in the HTTP server when an URI path starts with //.
    Vulnerability discovered, and initial fix proposed, by Hamza
    Avvan.
  - gh-92888: Fix memoryview use after free when accessing the
    backing buffer in certain cases.
  - gh-95355: _PyPegen_Parser_New now properly detects token
    memory allocation errors. Patch by Honglin Zhu.
  - gh-94938: Fix error detection in some builtin functions when
    keyword argument name is an instance of a str subclass with
    overloaded __eq__ and __hash__. Previously it could cause
    SystemError or other undesired behavior.
  - gh-94949: ast.parse() will no longer parse parenthesized
    context managers when passed feature_version less than
    (3, 9). Patch by Shantanu Jain.
  - gh-94947: ast.parse() will no longer parse assignment
    expressions when passed feature_version less than
    (3, 8). Patch by Shantanu Jain.
  - gh-94869: Fix the column offsets for some expressions in
    multi-line f-strings ast nodes. Patch by Pablo Galindo.
  - gh-91153: Fix an issue where a bytearray item assignment
    could crash if it’s resized by the new value’s __index__()
    method.
  - gh-94329: Compile and run code with unpacking of extremely
    large sequences (1000s of elements). Such code failed to
    compile. It now compiles and runs correctly.
  - gh-94360: Fixed a tokenizer crash when reading encoded
    files with syntax errors from stdin with non utf-8 encoded
    text. Patch by Pablo Galindo

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=49
2022-08-02 17:22:32 +00:00
Richard Brown
d69db434ab Accepting request 990684 from devel:languages:python:Factory
- Switch from %primary_interpreter to prjconf-defined
  %primary_python (gh#openSUSE/python-rpm-macros#127).

OBS-URL: https://build.opensuse.org/request/show/990684
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python310?expand=0&rev=17
2022-07-29 14:46:58 +00:00
d852af53f4 Restore %primary_interpreter
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=47
2022-07-21 15:15:23 +00:00
318a36b4de - Switch from %primary_interpreter to prjconf-defined
%primary_python (gh#openSUSE/python-rpm-macros#127).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=46
2022-07-21 14:25:07 +00:00
Dominique Leuenberger
d12236cfd4 Accepting request 983936 from devel:languages:python:Factory
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
  CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
  command injection in the mailcap module.
- Fix building of documentation and the universal configuration of the
  %primary_interpreter.

- Switch primary_interpreter from python38 to python310 for
  Factory (only)

- (bsc#1196784, CVE-2022-25236) Rename patch:
  support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch
  and update the patch to detect expat >= 2.4.4 instead of >= 2.4.5
  as it was fully patched against CVE-2022-25236.

OBS-URL: https://build.opensuse.org/request/show/983936
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python310?expand=0&rev=16
2022-06-23 08:22:00 +00:00
84e54ed87f Fix conditions for primary_interpreter
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=44
2022-06-20 09:49:55 +00:00
7760f38ab4 Adjust support-expat-CVE-2022-25236-patched.patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=43
2022-06-15 04:51:16 +00:00
Dominique Leuenberger
a5833b2f91 Accepting request 981085 from devel:languages:python:Factory
Synchronize the changelog with SLE, so that we can update from Factory.

OBS-URL: https://build.opensuse.org/request/show/981085
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python310?expand=0&rev=15
2022-06-14 22:31:46 +00:00
140fcc45f7 - Fix building of documentation and the universal configuration of the
%primary_interpreter.
- Switch primary_interpreter from python38 to python310 for
  Factory (only)

- (bsc#1196784, CVE-2022-25236) Rename patch:
  support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch
  and update the patch to detect expat >= 2.4.4 instead of >= 2.4.5
  as it was fully patched against CVE-2022-25236.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=41
2022-06-10 17:46:36 +00:00
83bcadedd7 - Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
  command injection in the mailcap module.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=40
2022-06-10 10:02:35 +00:00
d02fad6ac0 Adjust patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=39
2022-06-06 22:35:32 +00:00
5dbebc15a6 - Update to 3.10.5:
- Core and Builtins
    - gh-93418: Fixed an assert where an f-string has an equal
      sign ‘=’ following an expression, but there’s no trailing
      brace. For example, f”{i=”.
    - gh-91924: Fix __ltrace__ debug feature if the stdout
      encoding is not UTF-8. Patch by Victor Stinner.
    - gh-93061: Backward jumps after async for loops are no
      longer given dubious line numbers.
    - gh-93065: Fix contextvars HAMT implementation to handle
      iteration over deep trees.
    - The bug was discovered and fixed by Eli Libman. See
      MagicStack/immutables#84 for more details.
    - gh-92311: Fixed a bug where setting frame.f_lineno to jump
      over a list comprehension could misbehave or crash.
    - gh-92112: Fix crash triggered by an evil custom mro() on
      a metaclass.
    - gh-92036: Fix a crash in subinterpreters related to the
      garbage collector. When a subinterpreter is deleted,
      untrack all objects tracked by its GC. To prevent a crash
      in deallocator functions expecting objects to be tracked by
      the GC, leak a strong reference to these objects on
      purpose, so they are never deleted and their deallocator
      functions are not called. Patch by Victor Stinner.
    - gh-91421: Fix a potential integer overflow in
      _Py_DecodeUTF8Ex.
    - bpo-47212: Raise IndentationError instead of SyntaxError
      for a bare except with no following indent. Improve
      SyntaxError locations for an un-parenthesized generator
      used as arguments. Patch by Matthieu Dartiailh.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=38
2022-06-06 22:34:45 +00:00
87a5f35b6f - Refresh bluez-devel-vendor.tar.xz
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=37
2022-05-10 15:00:59 +00:00
564c0ba86c - Switch primary_interpreter from python38 to python310
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=36
2022-05-05 14:36:14 +00:00
Dominique Leuenberger
4e76764f9f Accepting request 965119 from devel:languages:python:Factory
- Update to 3.10.4:
  - bpo-46968: Check for the existence of the “sys/auxv.h” header
    in faulthandler to avoid compilation problems in systems
    where this header doesn’t exist. Patch by Pablo Galindo
  - bpo-23691: Protect the re.finditer() iterator from
    re-entering.
  - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to
    avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception
    when reading a ZipFile from multiple threads.
  - bpo-38256: Fix binascii.crc32() when it is compiled to use
    zlib’c crc32 to work properly on inputs 4+GiB in length
    instead of returning the wrong result. The workaround prior
    to this was to always feed the function data in increments
    smaller than 4GiB or to just call the zlib module function.
  - bpo-39394: A warning about inline flags not at the start of
    the regular expression now contains the position of the flag.
  - bpo-47061: Deprecate the various modules listed by PEP 594:
  - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt,
    imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd,
    sndhdr, spwd, sunau, telnetlib, uu, xdrlib
  - bpo-2604: Fix bug where doctests using globals would fail
    when run multiple times.
  - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order.
  - bpo-47022: The asynchat, asyncore and smtpd modules have been
    deprecated since at least Python 3.6. Their documentation and
    deprecation warnings and have now been updated to note they
    will removed in Python 3.12 (PEP 594).
  - bpo-46421: Fix a unittest issue where if the command was
    invoked as python -m unittest and the filename(s) began with
    a dot (.), a ValueError is returned.

OBS-URL: https://build.opensuse.org/request/show/965119
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python310?expand=0&rev=14
2022-04-01 19:34:43 +00:00
30dacf455e - Update to 3.10.4:
- bpo-46968: Check for the existence of the “sys/auxv.h” header
    in faulthandler to avoid compilation problems in systems
    where this header doesn’t exist. Patch by Pablo Galindo
  - bpo-23691: Protect the re.finditer() iterator from
    re-entering.
  - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to
    avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception
    when reading a ZipFile from multiple threads.
  - bpo-38256: Fix binascii.crc32() when it is compiled to use
    zlib’c crc32 to work properly on inputs 4+GiB in length
    instead of returning the wrong result. The workaround prior
    to this was to always feed the function data in increments
    smaller than 4GiB or to just call the zlib module function.
  - bpo-39394: A warning about inline flags not at the start of
    the regular expression now contains the position of the flag.
  - bpo-47061: Deprecate the various modules listed by PEP 594:
  - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt,
    imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd,
    sndhdr, spwd, sunau, telnetlib, uu, xdrlib
  - bpo-2604: Fix bug where doctests using globals would fail
    when run multiple times.
  - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order.
  - bpo-47022: The asynchat, asyncore and smtpd modules have been
    deprecated since at least Python 3.6. Their documentation and
    deprecation warnings and have now been updated to note they
    will removed in Python 3.12 (PEP 594).
  - bpo-46421: Fix a unittest issue where if the command was
    invoked as python -m unittest and the filename(s) began with
    a dot (.), a ValueError is returned.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=34
2022-03-26 22:57:32 +00:00