Matej Cepl
a7d54cb5c3
- Update to 3.11.8: - Security - gh-113659: Skip .pth files with names starting with a dot or hidden file attribute. - Core and Builtins - gh-114887: Changed socket type validation in create_datagram_endpoint() to accept all non-stream sockets. This fixes a regression in compatibility with raw sockets. - gh-114388: Fix a RuntimeWarning emitted when assign an integer-like value that is not an instance of int to an attribute that corresponds to a C struct member of type T_UINT and T_ULONG. Fix a double RuntimeWarning emitted when assign a negative integer value to an attribute that corresponds to a C struct member of type T_UINT. - gh-89811: Check for a valid tp_version_tag before performing bytecode specializations that rely on this value being usable. - gh-113602: Fix an error that was causing the parser to try to overwrite existing errors and crashing in the process. Patch by Pablo Galindo - gh-113566: Fix a 3.11-specific crash when the repr of a Future is requested after the module has already been garbage-collected. - gh-106905: Use per AST-parser state rather than global state to track recursion depth within the AST parser to prevent potential race condition due to simultaneous parsing. - The issue primarily showed up in 3.11 by multithreaded users of ast.parse(). In 3.12 a change to when garbage collection can be triggered prevented the race condition from occurring. - gh-112716: Fix SystemError in the import statement and in __reduce__() methods of builtin types when __builtins__ is not a dict. - gh-105967: Workaround a bug in Apple’s macOS platform zlib library where zlib.crc32() and binascii.crc32() could produce incorrect results on multi-gigabyte inputs. Including when using zipfile on zips containing large data. - gh-94606: Fix UnicodeEncodeError when email.message.get_payload() reads a message with a Unicode surrogate character and the message content is not well-formed for surrogateescape encoding. Patch by Sidney Markowitz. - Library - gh-114965: Update bundled pip to 24.0 - gh-114959: tarfile no longer ignores errors when trying to extract a directory on top of a file. - gh-109475: Fix support of explicit option value “–” in argparse (e.g. --option=--). - gh-110190: Fix ctypes structs with array on Windows ARM64 platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo - gh-113280: Fix a leak of open socket in rare cases when error occurred in ssl.SSLSocket creation. - gh-77749: email.policy.EmailPolicy.fold() now always encodes non-ASCII characters in headers if utf8 is false. - gh-114492: Make the result of termios.tcgetattr() reproducible on Alpine Linux. Previously it could leave a random garbage in some fields. - gh-75128: Ignore an OSError in asyncio.BaseEventLoop.create_server() when IPv6 is available but the interface cannot actually support it. - gh-114257: Dismiss the FileNotFound error in ctypes.util.find_library() and just return None on Linux. - gh-101438: Avoid reference cycle in ElementTree.iterparse. The iterator returned by ElementTree.iterparse may hold on to a file descriptor. The reference cycle prevented prompt clean-up of the file descriptor if the returned iterator was not exhausted. - gh-104522: OSError raised when run a subprocess now only has filename attribute set to cwd if the error was caused by a failed attempt to change the current directory. - gh-109534: Fix a reference leak in asyncio.selector_events.BaseSelectorEventLoop when SSL handshakes fail. Patch contributed by Jamie Phan. - gh-114077: Fix possible OverflowError in socket.socket.sendfile() when pass count larger than 2 GiB on 32-bit platform. - gh-114014: Fixed a bug in fractions.Fraction where an invalid string using d in the decimals part creates a different error compared to other invalid letters/characters. Patch by Jeremiah Gabriel Pascual. - gh-113951: Fix the behavior of tag_unbind() methods of tkinter.Text and tkinter.Canvas classes with three arguments. Previously, widget.tag_unbind(tag, sequence, funcid) destroyed the current binding for sequence, leaving sequence unbound, and deleted the funcid command. Now it removes only funcid from the binding for sequence, keeping other commands, and deletes the funcid command. It leaves sequence unbound only if funcid was the last bound command. - gh-113877: Fix tkinter method winfo_pathname() on 64-bit Windows. - gh-113781: Silence unraisable AttributeError when warnings are emitted during Python finalization. - gh-113594: Fix UnicodeEncodeError in email when re-fold lines that contain unknown-8bit encoded part followed by non-unknown-8bit encoded part. - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), there is callback that logs an error if the task wrapping the “connected callback” fails. This callback would itself fail if the task was cancelled. Prevent this by checking whether the task was cancelled first. If so, close the transport but don’t log an error. - gh-85567: Fix resource warnings for unclosed files in pickle and pickletools command line interfaces. - gh-101225: Increase the backlog for multiprocessing.connection.Listener objects created by multiprocessing.manager and multiprocessing.resource_sharer to significantly reduce the risk of getting a connection refused error when creating a multiprocessing.connection.Connection to them. - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends webbrowser.open audit event. - gh-113028: When a second reference to a string appears in the input to pickle, and the Python implementation is in use, we are guaranteed that a single copy gets pickled and a single object is shared when reloaded. Previously, in protocol 0, when a string contained certain characters (e.g. newline) it resulted in duplicate objects. - gh-113421: Fix multiprocessing logger for %(filename)s. - gh-113358: Fix rendering tracebacks for exceptions with a broken __getattr__. - gh-113214: Fix an AttributeError during asyncio SSL protocol aborts in SSL-over-SSL scenarios. - gh-113246: Update bundled pip to 23.3.2. - gh-113199: Make http.client.HTTPResponse.read1 and http.client.HTTPResponse.readline close IO after reading all data when content length is known. Patch by Illia Volochii. - gh-113188: Fix shutil.copymode() and shutil.copystat() on Windows. Previously they worked differenly if dst is a symbolic link: they modified the permission bits of dst itself rather than the file it points to if follow_symlinks is true or src is not a symbolic link, and did not modify the permission bits if follow_symlinks is false and src is a symbolic link. - gh-61648: Detect line numbers of properties in doctests. - gh-112559: signal.signal() and signal.getsignal() no longer call repr on callable handlers. asyncio.run() and asyncio.Runner.run() no longer call repr on the task results. Patch by Yilei Yang. - gh-110190: Fix ctypes structs with array on PPC64LE platform by setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo. - gh-79429: Ignore FileNotFoundError when remove a temporary directory in the multiprocessing finalizer. - gh-79325: Fix an infinite recursion error in tempfile.TemporaryDirectory() cleanup on Windows. - gh-110190: Fix ctypes structs with array on Arm platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo. - gh-81194: Fix a crash in socket.if_indextoname() with specific value (UINT_MAX). Fix an integer overflow in socket.if_indextoname() on 64-bit non-Windows platforms. - gh-75666: Fix the behavior of tkinter widget’s unbind() method with two arguments. Previously, widget.unbind(sequence, funcid) destroyed the current binding for sequence, leaving sequence unbound, and deleted the funcid command. Now it removes only funcid from the binding for sequence, keeping other commands, and deletes the funcid command. It leaves sequence unbound only if funcid was the last bound command. - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in tkinter._test(). - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now raises BadZipFile when try to read an entry that overlaps with other entry or central directory. - gh-38807: Fix race condition in trace. Instead of checking if a directory exists and creating it, directly call os.makedirs() with the kwarg exist_ok=True. - gh-75705: Set unixfrom envelope in mailbox.mbox and mailbox.MMDF. - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure when the system endianness is the opposite of the classes. - gh-104282: Fix null pointer dereference in lzma._decode_filter_properties() due to improper handling of BCJ filters with properties of zero length. Patch by Radislav Chugunov. - gh-102512: When os.fork() is called from a foreign thread (aka _DummyThread), the type of the thread in a child process is changed to _MainThread. Also changed its name and daemonic status, it can be now joined. - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, which now no longer dereferences symlinks when working around file system permission errors. - bpo-43153: On Windows, tempfile.TemporaryDirectory previously masked a PermissionError with NotADirectoryError during directory cleanup. It now correctly raises PermissionError if errors are not ignored. Patch by Andrei Kulakov and Ken Jin. - bpo-35332: The shutil.rmtree() function now ignores errors when calling os.close() when ignore_errors is True, and os.close() no longer retried after error. - bpo-35928: io.TextIOWrapper now correctly handles the decoding buffer after read() and write(). - bpo-26791: shutil.move() now moves a symlink into a directory when that directory is the target of the symlink. This provides the same behavior as the mv shell command. The previous behavior raised an exception. Patch by Jeffrey Kintscher. - bpo-36959: Fix some error messages for invalid ISO format string combinations in strptime() that referred to directives not contained in the format string. Patch by Gordon P. Hemsley. - bpo-18060: Fixed a class inheritance issue that can cause segfaults when deriving two or more levels of subclasses from a base class of Structure or Union. - Documentation - gh-110746: Improved markup for valid options/values for methods ttk.treeview.column and ttk.treeview.heading, and for Layouts. - gh-95649: Document that the asyncio module contains code taken from v0.16.0 of the uvloop project, as well as the required MIT licensing information. - Tests - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS, where system tar can include more information in the archive than shutil.make_archive. - gh-112769: The tests now correctly compare zlib version when zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For example zlib-ng defines the version as 1.3.0.zlib-ng. - gh-105089: Fix test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write test in AIX by doing a bitwise AND of 0xFFFF on mode , so that it will be in sync with zinfo.external_attr - bpo-40648: Test modes that file can get with chmod() on Windows. - Build - gh-101778: Fix build error when there’s a dangling symlink in the directory containing ffi.h. - gh-112305: Fixed the check-clean-src step performed on out of tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h files and recommend appropriate source tree cleanup steps to get a working build again. - bpo-11102: The os.major(), os.makedev(), and os.minor() functions are now available on HP-UX v3. - bpo-36351: Do not set ipv6type when cross-compiling. - IDLE - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and ‘object’. - gh-72284: Improve the lists of features, editor key bindings, and shell key bingings in the IDLE doc. - gh-113903: Fix rare failure of test.test_idle, in test_configdialog. - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and 3.12.1. - gh-113269: Fix test_editor hang on macOS Catalina. - gh-112898: Fix processing unsaved files when quitting IDLE on macOS. - gh-103820: Revise IDLE bindings so that events from mouse button 4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not mistaken for scrolling. - bpo-13586: Enter the selected text when opening the “Replace” dialog. - Tools/Demos - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1. - gh-115015: Fix a bug in Argument Clinic that generated incorrect code for methods with no parameters that use the METH_METHOD | METH_FASTCALL | METH_KEYWORDS calling convention. Only the positional parameter count was checked; any keyword argument passed would be silently accepted. - Refresh all patches: - CVE-2023-27043-email-parsing-errors.patch - F00251-change-user-install-location.patch - bpo-31046_ensurepip_honours_prefix.patch - distutils-reproducible-compile.patch - fix_configure_rst.patch - python-3.3.0b1-fix_date_time_compiler.patch - python-3.3.0b1-localpath.patch - python-3.3.0b1-test-posix_fadvise.patch - skip_if_buildbot-extend.patch - subprocess-raise-timeout.patch - support-expat-CVE-2022-25236-patched.patch OBS-URL: https://build.opensuse.org/request/show/1145174 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python311?expand=0&rev=99
78 lines
3.1 KiB
Diff
78 lines
3.1 KiB
Diff
From 7da97f61816f3cadaa6788804b22a2434b40e8c5 Mon Sep 17 00:00:00 2001
|
||
From: "Miss Islington (bot)"
|
||
<31488909+miss-islington@users.noreply.github.com>
|
||
Date: Mon, 21 Feb 2022 08:16:09 -0800
|
||
Subject: [PATCH] bpo-46811: Make test suite support Expat >=2.4.5 (GH-31453)
|
||
(GH-31472)
|
||
|
||
Curly brackets were never allowed in namespace URIs
|
||
according to RFC 3986, and so-called namespace-validating
|
||
XML parsers have the right to reject them a invalid URIs.
|
||
|
||
libexpat >=2.4.5 has become strcter in that regard due to
|
||
related security issues; with ET.XML instantiating a
|
||
namespace-aware parser under the hood, this test has no
|
||
future in CPython.
|
||
|
||
References:
|
||
- https://datatracker.ietf.org/doc/html/rfc3968
|
||
- https://www.w3.org/TR/xml-names/
|
||
|
||
Also, test_minidom.py: Support Expat >=2.4.5
|
||
(cherry picked from commit 2cae93832f46b245847bdc252456ddf7742ef45e)
|
||
|
||
Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
|
||
---
|
||
Lib/test/test_minidom.py | 23 +++++++++--------------
|
||
1 file changed, 9 insertions(+), 14 deletions(-)
|
||
create mode 100644 Misc/NEWS.d/next/Library/2022-02-20-21-03-31.bpo-46811.8BxgdQ.rst
|
||
|
||
Index: Python-3.11.8/Lib/test/test_minidom.py
|
||
===================================================================
|
||
--- Python-3.11.8.orig/Lib/test/test_minidom.py
|
||
+++ Python-3.11.8/Lib/test/test_minidom.py
|
||
@@ -6,7 +6,6 @@ import io
|
||
from test import support
|
||
import unittest
|
||
|
||
-import pyexpat
|
||
import xml.dom.minidom
|
||
|
||
from xml.dom.minidom import parse, Attr, Node, Document, parseString
|
||
@@ -1163,13 +1162,11 @@ class MinidomTest(unittest.TestCase):
|
||
|
||
# Verify that character decoding errors raise exceptions instead
|
||
# of crashing
|
||
- if pyexpat.version_info >= (2, 4, 5):
|
||
- self.assertRaises(ExpatError, parseString,
|
||
- b'<fran\xe7ais></fran\xe7ais>')
|
||
- self.assertRaises(ExpatError, parseString,
|
||
- b'<franais>Comment \xe7a va ? Tr\xe8s bien ?</franais>')
|
||
- else:
|
||
- self.assertRaises(UnicodeDecodeError, parseString,
|
||
+ # It doesn’t make any sense to insist on the exact text of the
|
||
+ # error message, or even the exact Exception … it is enough that
|
||
+ # the error has been discovered.
|
||
+ with self.assertRaises((UnicodeDecodeError, ExpatError)):
|
||
+ parseString(
|
||
b'<fran\xe7ais>Comment \xe7a va ? Tr\xe8s bien ?</fran\xe7ais>')
|
||
|
||
doc.unlink()
|
||
@@ -1631,12 +1628,10 @@ class MinidomTest(unittest.TestCase):
|
||
self.confirm(doc2.namespaceURI == xml.dom.EMPTY_NAMESPACE)
|
||
|
||
def testExceptionOnSpacesInXMLNSValue(self):
|
||
- if pyexpat.version_info >= (2, 4, 5):
|
||
- context = self.assertRaisesRegex(ExpatError, 'syntax error')
|
||
- else:
|
||
- context = self.assertRaisesRegex(ValueError, 'Unsupported syntax')
|
||
-
|
||
- with context:
|
||
+ # It doesn’t make any sense to insist on the exact text of the
|
||
+ # error message, or even the exact Exception … it is enough that
|
||
+ # the error has been discovered.
|
||
+ with self.assertRaises((ExpatError, ValueError)):
|
||
parseString('<element xmlns:abc="http:abc.com/de f g/hi/j k"><abc:foo /></element>')
|
||
|
||
def testDocRemoveChild(self):
|