Commit Graph

30 Commits

Author SHA256 Message Date
6c436c7abc - Update to 3.11.1:
- python -m http.server no longer allows terminal control
    characters sent within a garbage request to be printed
    to the stderr server lo This is done by changing the
    http.server BaseHTTPRequestHandler .log_message method to
    replace control characters with a \xHH hex escape before
    printin
  - Avoid publishing list of active per-interpreter audit hooks
    via the gc module
  - The IDNA codec decoder used on DNS hostnames by socket or
    asyncio related name resolution functions no longer involves
    a quadratic algorithm. This prevents a potential CPU denial
    of service if an out-of-spec excessive length hostname
    involving bidirectional characters were decoded. Some
    protocols such as urllib http 3xx redirects potentially allow
    for an attacker to supply such a name (CVE-2022-45061).
  - Update bundled libexpat to 2.5.0
  - Fix a shell code injection vulnerability in the
    get-remote-certificate.py example script. The script no
    longer uses a shell to run openssl commands. Issue reported
    and initial fix by Caleb Shortt. Patch by Victor Stinner.
  - Fix a crash when an object which does not have a dictionary
    frees its instance values.
  - Fix a bug in the tokenizer that could cause infinite
    recursion when showing syntax warnings that happen in the
    first line of the source. Patch by Pablo Galindo
  - Fix an issue that could cause frames to be visible to Python
    code as they are being torn down, possibly leading to memory
    corruption or hard crashes of the interpreter.
  - Fix a reference bug in _imp.create_builtin() after the

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=40
2022-12-08 15:05:06 +00:00
03d1be1616 - Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
  extremely long domain names.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=38
2022-11-09 18:37:56 +00:00
c6df50684c revert
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=37
2022-11-04 15:18:41 +00:00
ba06f07184 - Add CVE-2022-42919-loc-priv-mulitproc-forksrv.patch to avoid
CVE-2022-42919 (bsc#1204886) avoiding Linux specific local
  privilege escalation via the multiprocessing forkserver start
  method.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=36
2022-11-04 15:00:28 +00:00
403af99cf1 Accepting request 1031401 from home:mcepl:branches:devel:languages:python:Factory
- Update to 3.11.0 (overall changes from 3.10.*):
  - General changes
    - PEP 657 -- Include Fine-Grained Error Locations in
      Tracebacks
    - PEP 654 -- Exception Groups and except*
    - PEP 680 -- tomllib: Support for Parsing TOML in the
      Standard Library
    - gh-90908 -- Introduce task groups to asyncio
    - gh-34627 -- Atomic grouping ((?>...)) and possessive
      quantifiers (*+, ++, ?+, {m,n}+) are now supported in
      regular expressions.
    - The Faster CPython Project is already yielding some
      exciting results. Python 3.11 is up to 10-60% faster than
      Python 3.10. On average, we measured a 1.22x speedup on the
      standard benchmark suite. See Faster CPython for details.
  - Typing and typing language changes
    - PEP 673 -- Self Type
    - PEP 646 -- Variadic Generics
    - PEP 675 -- Arbitrary Literal String Type
    - PEP 655 -- Marking individual TypedDict items as required
      or potentially-missing
    - PEP 681 -- Data Class Transforms
- (just changes from 3.11.0rc2):
  - Fix multiplying a list by an integer (list *= int): detect
    the integer overflow when the new allocated length is close
    to the maximum size. Issue reported by Jordan Limor. Patch by
    Victor Stinner.
  - On Linux the multiprocessing module returns to using
    filesystem backed unix domain sockets for communication
    with the forkserver process instead of the Linux abstract

OBS-URL: https://build.opensuse.org/request/show/1031401
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=34
2022-10-26 21:24:53 +00:00
d8ac67fc2d - Update to 3.11.0rc2:
- Converting between int and str in bases other than 2
    (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base
    10 (decimal) now raises a ValueError if the number of digits
    in string form is above a limit to avoid potential denial of
    service attacks due to the algorithmic complexity. This is
    a mitigation for CVE-2020-10735.
    This new limit can be configured or disabled by environment
    variable, command line flag, or sys APIs. See the integer
    string conversion length limitation documentation. The
    default limit is 4300 digits in string form.
  - Fix case of undefined behavior in ceval.c
  - Do not expose KeyWrapper in _functools.
  - Ensure that tracing, sys.setrace(), is turned on
    immediately. In pre-release versions of 3.11, some tracing
    events might have been lost when turning on tracing in a
    __del__ method or interrupt.
  - Fix use after free in trace refs build mode. Patch by Kumar
    Aditya.
  - When loading a file with invalid UTF-8 inside a multi-line
    string, a correct SyntaxError is emitted.
  - Make sure that incomplete frames do not show up in
    tracemalloc traces.
  - Remove two cases of undefined behavior, by adding NULL
    checks.
  - Fix possible NULL pointer dereference in
    _PyThread_CurrentFrames. Patch by Kumar Aditya.
  - Fix AttributeError missing name and obj attributes in
    object.__getattribute__(). Patch by Philip Georgi.
  - Loading a file with invalid UTF-8 will now report the broken

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=32
2022-09-15 09:14:50 +00:00
d9d021447f Accepting request 1001307 from openSUSE:Factory:RISCV
- Increase testsuite timeout for test_freeze_simple_script

OBS-URL: https://build.opensuse.org/request/show/1001307
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=30
2022-09-06 12:03:43 +00:00
3931fb9f09 - fix import_failed.map to refer to the python 3.11 package versions
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=28
2022-08-20 21:31:49 +00:00
93d3c08eeb - Update to 3.11.0rc1:
- Core and Builtins
    - Update code object hashing and equality to consider all
      debugging and exception handling tables. This fixes an
      issue where certain non-identical code objects could be
      “deduplicated” during compilation.
    - _PyPegen_Parser_New now properly detects token memory
      allocation errors. Patch by Honglin Zhu.
    - Run Python code in tracer/profiler function at full
      speed. Fixes slowdown in earlier versions of 3.11.
    - Emit a warning in debug mode if an object does not call
      PyObject_GC_UnTrack() before deallocation. Patch by Pablo
      Galindo.
    - Prevented crashes in the AST constructor when
      compiling some absurdly long expressions like
      "+0"*1000000. RecursionError is now raised instead. Patch
      by Pablo Galindo
    - ast.AST node positions are now validated when provided to
      compile() and other related functions. If invalid positions
      are detected, a ValueError will be raised.
    - Fix error detection in some builtin functions when keyword
      argument name is an instance of a str subclass with
      overloaded __eq__ and __hash__. Previously it could cause
      SystemError or other undesired behavior.
  - Library
    - Update bundled pip to 22.2.2.
    - Fix asyncio.TaskGroup to propagate exception when
      asyncio.CancelledError was replaced with another exception
      by a context manger. Patch by Kumar Aditya and Guido van
      Rossum.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=27
2022-08-20 14:25:45 +00:00
a867744a23 - Update to 3.11.0b5:
- Core and Builtins
    - gh-93351: ast.AST node positions are now validated when
      provided to compile() and other related functions. If
      invalid positions are detected, a ValueError will be
      raised.
    - gh-94438: Fix an issue that caused extended opcode
      arguments and some conditional pops to be ignored when
      calculating valid jump targets for assignments to the
      f_lineno attribute of frame objects. In some cases, this
      could cause inconsistent internal state, resulting in a
      hard crash of the interpreter.
    - gh-95060: Undocumented PyCode_Addr2Location function now
      properly returns when addrq argument is less than zero.
    - gh-95113: Replace all EXTENDED_ARG_QUICK instructions
      with basic EXTENDED_ARG instructions in unquickened
      code. Consumers of non-adaptive bytecode should be able to
      handle extended arguments the same way they were handled in
      CPython 3.10 and older.
    - gh-91409: Fix incorrect source location info caused by
      certain optimizations in the bytecode compiler.
    - gh-94036: Fix incorrect source location info for some
      multi-line attribute accesses and method calls.
    - gh-94739: Allow jumping within, out of, and across
      exception handlers in the debugger.
    - gh-94949: ast.parse() will no longer parse parenthesized
      context managers when passed feature_version less than (3,
      9). Patch by Shantanu Jain.
    - gh-94947: ast.parse() will no longer parse assignment
      expressions when passed feature_version less than (3,

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=25
2022-07-26 10:43:57 +00:00
ebc3127ec8 Restore %primary_interpreter
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=23
2022-07-21 15:15:28 +00:00
3978a4fb6f - Switch from %primary_interpreter to prjconf-defined
%primary_python (gh#openSUSE/python-rpm-macros#127).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=22
2022-07-21 14:25:26 +00:00
6af5b9f2b3 - Update to 3.11.0b4:
- Fixes many bugs and adds following more significant changes
- Security
  - gh-68966: The deprecated mailcap module now refuses to inject
    Coreunsafe text (filenames, MIME types, parameters) into
    shell Corecommands. Instead of using such text, it will
    warn and act Coreas if a match was not found (or for test
    commands, as if the Coretest failed). and Builtins
  - gh-93516: Lazily create a table mapping bytecode offsets to
    line numbers to speed up calculation of line numbers when
    tracing.
  - gh-93461: importlib.invalidate_caches() now drops entries
    from sys.path_importer_cache with a relative path as
    name. This solves a caching issue when a process changes its
    current working directory.
  - FileFinder no longer inserts a dot in the path, e.g.
    /egg/./spam is now /egg/spam.
Library
  - gh-93896: Fix asyncio.run() and
    unittest.IsolatedAsyncioTestCase to always the set event loop
    as it was done in Python 3.10 and earlier. Patch by Kumar
    Aditya.
  - gh-94101: Manual instantiation of ssl.SSLSession objects is
    no longer allowed as it lead to misconfigured instances that
    crashed the interpreter when attributes where accessed on
    them.
  - gh-83658: Make multiprocessing.Pool raise an exception if
    maxtasksperchild is not None or a positive int.
  - gh-61162: Clarify sqlite3 behavior when Using the connection
    as a context manager.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=20
2022-07-14 16:01:58 +00:00
b3dd13aabb Fix changelog
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=18
2022-06-06 06:24:48 +00:00
f224cc3c2d - Update to 3.11.0b2:
- many small updates

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=17
2022-05-31 20:57:46 +00:00
eff536f20e We require more recent Sphinx
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=15
2022-05-18 09:35:06 +00:00
9c0a8f3c4c - Add patch support-expat-245.patch:
* Support Expat >= 2.4.4 (jsc#SLE-21253)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=14
2022-05-17 22:11:07 +00:00
Dominique Leuenberger
f037c0629d Accepting request 977835 from devel:languages:python:Factory
Testing package of the beta1 release.

OBS-URL: https://build.opensuse.org/request/show/977835
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python311?expand=0&rev=1
2022-05-18 11:13:27 +00:00
bf95b5f221 - Fix building with system-expat (gh#python/cpython#92875). Nope,
it didn't work, worked around it.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=13
2022-05-17 18:43:45 +00:00
6534561f49 Fix changelog
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=12
2022-05-17 17:43:59 +00:00
634ab7609b Fix building with system-expat (gh#python/cpython#92875).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=11
2022-05-17 17:43:33 +00:00
ae07cf4ccf Adjust patches
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=10
2022-05-10 19:17:52 +00:00
2b3a992a89 Fix SPEC
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=9
2022-05-10 19:14:07 +00:00
42e2453f80 Fix missing item in %%files.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=8
2022-05-10 17:19:41 +00:00
1c968d4121 - Refresh bluez-devel-vendor.tar.xz
- Fix files and handling of new modules.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=7
2022-05-10 16:49:16 +00:00
5e1455c810 Readjust patches.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=6
2022-05-10 11:17:42 +00:00
887681833e Rename files to comply with the name of the package
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=5
2022-05-09 15:17:36 +00:00
4cbd00e948 Fix baselibs.conf
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=4
2022-05-09 15:13:18 +00:00
62ccbe2ed8 - Update to pre-release version 3.11.0b1:
- PEP 657 – Include Fine-Grained Error Locations in Tracebacks
  - PEP 654 – Exception Groups and except*
  - PEP 673 – Self Type
  - PEP 646 – Variadic Generics
  - PEP 680– tomllib: Support for Parsing TOML in the Standard Library
  - PEP 675– Arbitrary Literal String Type
  - PEP 655– Marking individual TypedDict items as required or potentially-missing
  - bpo-46752– Introduce task groups to asyncio
  - The Faster Cpython Project is already yielding some exciting
    results. Python 3.11 is up to 10-60% faster than Python
    3.10. On average, we measured a 1.22x speedup on the standard
    benchmark suite. See
    https://docs.python.org/3.11/whatsnew/3.11.html#faster-cpython
    for details.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=3
2022-05-09 15:12:55 +00:00
4861b77003 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=2 2022-05-09 15:04:49 +00:00