From 55316ef9e1e92dc5d81676dbfd104980faa014f9a095d3f5294da05f4e9d7afa Mon Sep 17 00:00:00 2001 From: Daniel Garcia Date: Wed, 6 Sep 2023 07:58:19 +0000 Subject: [PATCH] - Update to 3.11.5 (bsc#1214692): - Security - gh-108310: Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by Gregory P. Smith. - Core and Builtins - gh-104432: Fix potential unaligned memory access on C APIs involving returned sequences of char * pointers within the grp and socket modules. These were revealed using a -fsaniziter=alignment build on ARM macOS. Patch by Christopher Chavez. - gh-77377: Ensure that multiprocessing synchronization objects created in a fork context are not sent to a different process created in a spawn context. This changes a segfault into an actionable RuntimeError in the parent process. - gh-106092: Fix a segmentation fault caused by a use-after-free bug in frame_dealloc when the trashcan delays the deallocation of a PyFrameObject. - gh-106719: No longer suppress arbitrary errors in the __annotations__ getter and setter in the type and module types. - gh-106723: Propagate frozen_modules to multiprocessing spawned process interpreters. - gh-105979: Fix crash in _imp.get_frozen_object() due to improper exception handling. - gh-105840: Fix possible crashes when specializing function calls with too many __defaults__. - gh-105588: Fix an issue that could result in crashes when OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=83 --- Python-3.11.4.tar.xz | 3 - Python-3.11.4.tar.xz.asc | 16 --- Python-3.11.5.tar.xz | 3 + Python-3.11.5.tar.xz.asc | 16 +++ python311.changes | 228 +++++++++++++++++++++++++++++++++++++++ python311.spec | 2 +- 6 files changed, 248 insertions(+), 20 deletions(-) delete mode 100644 Python-3.11.4.tar.xz delete mode 100644 Python-3.11.4.tar.xz.asc create mode 100644 Python-3.11.5.tar.xz create mode 100644 Python-3.11.5.tar.xz.asc diff --git a/Python-3.11.4.tar.xz b/Python-3.11.4.tar.xz deleted file mode 100644 index 74ec0ef..0000000 --- a/Python-3.11.4.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2f0e409df2ab57aa9fc4cbddfb976af44e4e55bf6f619eee6bc5c2297264a7f6 -size 19954828 diff --git a/Python-3.11.4.tar.xz.asc b/Python-3.11.4.tar.xz.asc deleted file mode 100644 index b95003c..0000000 --- a/Python-3.11.4.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmR/sHIACgkQ/+h0BBaL -2EfQDQ//eFWvcQ5ijhVd3r5lp7NTNUPK6xKR2iqzpNWlN2Z4QkGJ2+IworBaZoGA -tzmbT0j0LB9ZQ+ba3xnqXGXD8Ky+fHLg8GV5yshPlH/bD7tPuHtfDRxNcWplEVSS -MbMuLjAYavTIHhYEz/Rpx4jvZTI5lwplVqj9WxNI/8tNrL5M2bsCtv+IB6brohiw -rUOUlT/KDkZbrGfB1Fe033Ep8hay5MkKjhgr7O1dU7zMuDRG+HRsCYGs7a5x6KhH -3QNTEp+GEIAKEsip5nR7vl5KqL02lHa5sf36SV2wjRTwO+IhgV7lvtJEwOD12oE5 -c+TCQMFbmBXg2vVmNBN/Lwftw1SwT/+orFX6V4U93jq6QNUo4GvPqum6YzuayGYc -/JM4MNziqmfdNW2YjEHPPfzti3f40eTapys97YufOrmYjM2NY0Fs+kAErvyxiWqi -guVQtaZIYeLl/9KWqQ0F/Apy1N+fVDuWBkZlizwHrUsGips4Rp7Bh/iCrDdOj+1D -gRCio7+KvdtzHavZPZnU5dcpUiXZgsDzOTI138IyYaEtVUS59ELkA2qxI1yCb5mk -eLVG1L7r/J2tIaTcguQppp5Z+62UDTArlUbnRxda0buzA2r1aFiQCTMwp+kTRegw -T9Ht/CT/D4vpMdmSQTun9MkKifcK+2uGfSsS7Lz4fSWjQLqg36k= -=zSfJ ------END PGP SIGNATURE----- diff --git a/Python-3.11.5.tar.xz b/Python-3.11.5.tar.xz new file mode 100644 index 0000000..24794b2 --- /dev/null +++ b/Python-3.11.5.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:85cd12e9cf1d6d5a45f17f7afe1cebe7ee628d3282281c492e86adf636defa3f +size 20053580 diff --git a/Python-3.11.5.tar.xz.asc b/Python-3.11.5.tar.xz.asc new file mode 100644 index 0000000..d72003b --- /dev/null +++ b/Python-3.11.5.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmTnS9sACgkQ/+h0BBaL +2EeG8g//Q6EC79SSFl4BPb064d8X1q8agfLN+D07N6ULsaOL1baOClLbMxiCgquQ +R1CVzEXc0osL25Xw/7rTIBO0tCSS2yNcQ3GMuetBO4wfofDvs9V2ydaVQdrIHEQm +OTOveioF9TOaQ/zozi9Hecl4RY289kCD64sWNkwPYBJzO9KQD/UGRS/b5a4CGKyP +GSQEFdfevYsuLxLtwNh1z8af1LKRGhuWoZOBhDgpz4foH4EQdz80sssXzm2vG3tS +hAeniPphjZyRfl8kC1C86M/hH08S3h4bf/LF/OQ0OYUrwOquqOsLlz03XzJ+COGK +nBa/CGsFrxeby2oI/XF8YZrFzt9LKyWYc2p+AIU+u2EnYwOmAkrE4QaczqOV8ldD +UvfZLTeMVG/Q6JGkNS/OyM3SZoVKDdGJlg5yVAQtbQjdsB5QjVDcysLhhZ+qnuJv +pnQ6anbbX5r4X4ji/2Uar5cwO/jf7QenTKLtgGY67Q2oRE20w6F5rbYHEdO4a4MM +OkI/0pUaU5MGRJfowwtcD5AbWPKo1XXqw2UY8p+biEaVQOj+kWhoB8YA5Qz1utHJ +GiPP69oDIjfn3sPMxB/C1pBdB/m3i8za58b+G3aYtAWWP1q0abaHqPusACotvxPp +3IvB3ryLlTyUYqqTiDp9wgYh2Nr+a9b6i6yW0ptcdycnzDWC1/E= +=Lzjg +-----END PGP SIGNATURE----- diff --git a/python311.changes b/python311.changes index de1b948..671941b 100644 --- a/python311.changes +++ b/python311.changes @@ -1,3 +1,231 @@ +------------------------------------------------------------------- +Wed Sep 6 07:52:11 UTC 2023 - Daniel Garcia + +- Update to 3.11.5 (bsc#1214692): + - Security + - gh-108310: Fixed an issue where instances of ssl.SSLSocket were + vulnerable to a bypass of the TLS handshake and included + protections (like certificate verification) and treating sent + unencrypted data as if it were post-handshake TLS encrypted data. + Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by + Gregory P. Smith. + - Core and Builtins + - gh-104432: Fix potential unaligned memory access on C APIs + involving returned sequences of char * pointers within the grp + and socket modules. These were revealed using a + -fsaniziter=alignment build on ARM macOS. Patch by Christopher + Chavez. + - gh-77377: Ensure that multiprocessing synchronization objects + created in a fork context are not sent to a different process + created in a spawn context. This changes a segfault into an + actionable RuntimeError in the parent process. + - gh-106092: Fix a segmentation fault caused by a use-after-free + bug in frame_dealloc when the trashcan delays the deallocation + of a PyFrameObject. + - gh-106719: No longer suppress arbitrary errors in the + __annotations__ getter and setter in the type and module types. + - gh-106723: Propagate frozen_modules to multiprocessing spawned + process interpreters. + - gh-105979: Fix crash in _imp.get_frozen_object() due to improper + exception handling. + - gh-105840: Fix possible crashes when specializing function calls + with too many __defaults__. + - gh-105588: Fix an issue that could result in crashes when + compiling malformed ast nodes. + - gh-105375: Fix bugs in the builtins module where exceptions + could end up being overwritten. + - gh-105375: Fix bug in the compiler where an exception could end + up being overwritten. + - gh-105375: Improve error handling in + PyUnicode_BuildEncodingMap() where an exception could end up + being overwritten. + - gh-105235: Prevent out-of-bounds memory access during + mmap.find() calls. + - gh-101006: Improve error handling when read marshal data. + - Library + - gh-105736: Harmonized the pure Python version of OrderedDict + with the C version. Now, both versions set up their internal + state in __new__. Formerly, the pure Python version did the set + up in __init__. + - gh-107963: Fix multiprocessing.set_forkserver_preload() to check + the given list of modules names. Patch by Dong-hee Na. + - gh-106242: Fixes os.path.normpath() to handle embedded null + characters without truncating the path. + - gh-107845: tarfile.data_filter() now takes the location of + symlinks into account when determining their target, so it will + no longer reject some valid tarballs with + LinkOutsideDestinationError. + - gh-107715: Fix doctest.DocTestFinder.find() in presence of class + names with special characters. Patch by Gertjan van Zwieten. + - gh-100814: Passing a callable object as an option value to a + Tkinter image now raises the expected TclError instead of an + AttributeError. + - gh-106684: Close asyncio.StreamWriter when it is not closed by + application leading to memory leaks. Patch by Kumar Aditya. + - gh-107077: Seems that in some conditions, OpenSSL will return + SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification + verification has failed, but the error parameters will still + contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are + now detecting this situation and raising the appropiate + ssl.SSLCertVerificationError. Patch by Pablo Galindo + - gh-107396: tarfiles; Fixed use before assignment of + self.exception for gzip decompression + - gh-62519: Make gettext.pgettext() search plural definitions when + translation is not found. + - gh-83006: Document behavior of shutil.disk_usage() for + non-mounted filesystems on Unix. + - gh-106186: Do not report MultipartInvariantViolationDefect + defect when the email.parser.Parser class is used to parse + emails with headersonly=True. + - gh-106831: Fix potential missing NULL check of d2i_SSL_SESSION + result in _ssl.c. + - gh-106774: Update the bundled copy of pip to version 23.2.1. + - gh-106752: Fixed several bug in zipfile.Path in + name/suffix/suffixes/stem operations when no filename is present + and the Path is not at the root of the zipfile. + - gh-106602: Add __copy__ and __deepcopy__ in enum + - gh-106530: Revert a change to colorsys.rgb_to_hls() that caused + division by zero for certain almost-white inputs. Patch by Terry + Jan Reedy. + - gh-106052: re module: fix the matching of possessive quantifiers + in the case of a subpattern containing backtracking. + - gh-106510: Improve debug output for atomic groups in regular + expressions. + - gh-105497: Fix flag mask inversion when unnamed flags exist. + - gh-90876: Prevent multiprocessing.spawn from failing to import + in environments where sys.executable is None. This regressed in + 3.11 with the addition of support for path-like objects in + multiprocessing. + - gh-106350: Detect possible memory allocation failure in the + libtommath function mp_init() used by the _tkinter module. + - gh-102541: Make pydoc.doc catch bad module ImportError when + output stream is not None. + - gh-106263: Fix crash when calling repr with a manually + constructed SignalDict object. Patch by Charlie Zhao. + - gh-105375: Fix a bug in _Unpickler_SetInputStream() where an + exception could end up being overwritten in case of failure. + - gh-105375: Fix bugs in sys where exceptions could end up being + overwritten because of deferred error handling. + - gh-105605: Harden pyexpat error handling during module + initialisation to prevent exceptions from possibly being + overwritten, and objects from being dereferenced twice. + - gh-105375: Fix bug in decimal where an exception could end up + being overwritten. + - gh-105375: Fix bugs in _datetime where exceptions could be + overwritten in case of module initialisation failure. + - gh-105375: Fix bugs in _ssl initialisation which could lead to + leaked references and overwritten exceptions. + - gh-105375: Fix a bug in array.array where an exception could end + up being overwritten. + - gh-105375: Fix bugs in _ctypes where exceptions could end up + being overwritten. + - gh-105375: Fix a bug in the posix module where an exception + could be overwritten. + - gh-105375: Fix bugs in _elementtree where exceptions could be + overwritten. + - gh-105375: Fix bugs in zoneinfo where exceptions could be + overwritten. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-105497: Fix flag inversion when alias/mask members exist. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-103171: Revert undocumented behaviour change with + runtime-checkable protocols decorated with typing.final() in + Python 3.11. The behaviour change had meant that objects would + not be considered instances of these protocols at runtime unless + they had a __final__ attribute. Patch by Alex Waygood. + - gh-105375: Fix a bug in sqlite3 where an exception could be + overwritten in the collation callback. + - gh-105332: Revert pickling method from by-name back to by-value. + - gh-104554: Add RTSPS scheme support in urllib.parse + - gh-100061: Fix a bug that causes wrong matches for regular + expressions with possessive qualifier. + - gh-102541: Hide traceback in help() prompt, when import failed. + - gh-99203: Restore following CPython <= 3.10.5 behavior of + shutil.make_archive(): do not create an empty archive if + root_dir is not a directory, and, in that case, raise + FileNotFoundError or NotADirectoryError regardless of format + choice. Beyond the brought-back behavior, the function may now + also raise these exceptions in dry_run mode. + - gh-94777: Fix hanging multiprocessing ProcessPoolExecutor when a + child process crashes while data is being written in the call + queue. + - bpo-18319: Ensure gettext(msg) retrieve translations even if a + plural form exists. In other words: gettext(msg) == + ngettext(msg, '', 1). + - Documentation + - gh-107008: Document the curses module variables LINES and COLS. + - gh-106948: Add a number of standard external names to + nitpick_ignore. + - gh-54738: Add documentation on how to localize the argparse + module. + - Tests + - gh-105776: Fix test_cppext when the C compiler command -std=c11 + option: remove -std= options from the compiler command. Patch by + Victor Stinner. + - gh-107237: test_logging: Fix test_udp_reconnection() by + increasing the timeout from 100 ms to 5 minutes (LONG_TIMEOUT). + Patch by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - Build + - gh-107814: When calling find_python.bat with -q it did not + properly silence the output of nuget. That is now fixed. + - gh-106881: Check for linux/limits.h before including it in + Modules/posixmodule.c. + - gh-104692: Include commoninstall as a prerequisite for + bininstall + - This ensures that commoninstall is completed before bininstall + is started when parallel builds are used (make -j install), and + so the python3 symlink is only installed after all standard + library modules are installed. + - gh-100340: Allows -Wno-int-conversion for wasm-sdk 17 and + onwards, thus enables building WASI builds once against the + latest sdk. + - Windows + - gh-106242: Fixes realpath() to behave consistently when passed a + path containing an embedded null character on Windows. In strict + mode, it now raises OSError instead of the unexpected + ValueError, and in non-strict mode will make the path absolute. + - gh-106844: Fix integer overflow in _winapi.LCMapStringEx() which + affects ntpath.normcase(). + - gh-99079: Update Windows build to use OpenSSL 3.0.9 + - gh-105436: Ensure that an empty environment block is terminated + by two null characters, as is required by Windows. + - macOS + - gh-107565: Update macOS installer to use OpenSSL 3.0.10. + - gh-99079: Update macOS installer to use OpenSSL 3.0.9. + - Tools/Demos + - gh-107565: Update multissltests and GitHub CI workflows to use + OpenSSL 1.1.1v, 3.0.10, and 3.1.2. + - gh-95065: Argument Clinic now supports overriding automatically + generated signature by using directive @text_signature. See How + to override the generated signature. + - gh-106970: Fix bugs in the Argument Clinic destination + clear command; the destination buffers would never be cleared, + and the destination directive parser would simply continue to + the fault handler after processing the command. Patch by Erlend + E. Aasland. + - C API + - gh-107916: C API functions PyErr_SetFromErrnoWithFilename(), + PyErr_SetExcFromWindowsErrWithFilename() and + PyErr_SetFromWindowsErrWithFilename() save now the error code + before calling PyUnicode_DecodeFSDefault(). + - gh-107915: Such C API functions as PyErr_SetString(), + PyErr_Format(), PyErr_SetFromErrnoWithFilename() and many others + no longer crash or ignore errors if it failed to format the + error message or decode the filename. Instead, they keep a + corresponding error. + - gh-107226: PyModule_AddObjectRef() is now only available in the + limited API version 3.10 or later. + - gh-105375: Fix a bug in PyErr_WarnExplicit() where an exception + could end up being overwritten if the API failed internally. + - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only + data: *consumed was not set. + ------------------------------------------------------------------- Thu Aug 10 09:33:26 UTC 2023 - Dirk Müller diff --git a/python311.spec b/python311.spec index cf486f6..91872f0 100644 --- a/python311.spec +++ b/python311.spec @@ -94,7 +94,7 @@ %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.11.4 +Version: 3.11.5 Release: 0 Summary: Python 3 Interpreter License: Python-2.0