From 31e91ac78278b3bc46c6aeec0b16816f90c7dbd37a33eb1e1a5b83d4c679548a Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 7 Aug 2024 18:22:59 +0000 Subject: [PATCH] - Update to 3.12.5: - Tests - gh-59022: Add tests for pkgutil.extend_path(). Patch by Andreas Stocker. - gh-99242: os.getloadavg() may throw OSError when running regression tests under certain conditions (e.g. chroot). This error is now caught and ignored, since reporting load average is optional. - gh-121084: Fix test_typing random leaks. Clear typing ABC caches when running tests for refleaks (-R option): call _abc_caches_clear() on typing abstract classes and their subclasses. Patch by Victor Stinner. - gh-121160: Add a test for readline.set_history_length(). Note that this test may fail on readline libraries. - gh-121200: Fix test_expanduser_pwd2() of test_posixpath. Call getpwnam() to get pw_dir, since it can be different than getpwall() pw_dir. Patch by Victor Stinner. - gh-121188: When creating the JUnit XML file, regrtest now escapes characters which are invalid in XML, such as the chr(27) control character used in ANSI escape sequences. Patch by Victor Stinner. - Security - gh-121957: Fixed missing audit events around interactive use of Python, now also properly firing for python -i, as well as for python -m asyncio. The event in question is cpython.run_stdin. - gh-122133: Authenticate the socket connection for the socket.socketpair() fallback on platforms where AF_UNIX is OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=60 --- CVE-2024-6923-email-hdr-inject.patch | 387 --------------------------- Python-3.12.4.tar.xz | 3 - Python-3.12.4.tar.xz.asc | 18 -- Python-3.12.5.tar.xz | 3 + Python-3.12.5.tar.xz.asc | 18 ++ bso1227999-reproducible-builds.patch | 37 --- docs-docutils_014-Sphinx_420.patch | 64 ++--- fix_configure_rst.patch | 14 +- python312.changes | 224 ++++++++++++++-- python312.spec | 8 +- 10 files changed, 256 insertions(+), 520 deletions(-) delete mode 100644 CVE-2024-6923-email-hdr-inject.patch delete mode 100644 Python-3.12.4.tar.xz delete mode 100644 Python-3.12.4.tar.xz.asc create mode 100644 Python-3.12.5.tar.xz create mode 100644 Python-3.12.5.tar.xz.asc delete mode 100644 bso1227999-reproducible-builds.patch diff --git a/CVE-2024-6923-email-hdr-inject.patch b/CVE-2024-6923-email-hdr-inject.patch deleted file mode 100644 index d12a54e..0000000 --- a/CVE-2024-6923-email-hdr-inject.patch +++ /dev/null @@ -1,387 +0,0 @@ -From e58aec9cbfdebf45ee863eded142358e9e98531d Mon Sep 17 00:00:00 2001 -From: Petr Viktorin -Date: Wed, 31 Jul 2024 00:19:48 +0200 -Subject: [PATCH 1/2] gh-121650: Encode newlines in headers, and verify headers - are sound (GH-122233) - -- Encode header parts that contain newlines - -Per RFC 2047: - -> [...] these encoding schemes allow the -> encoding of arbitrary octet values, mail readers that implement this -> decoding should also ensure that display of the decoded data on the -> recipient's terminal will not cause unwanted side-effects - -It seems that the "quoted-word" scheme is a valid way to include -a newline character in a header value, just like we already allow -undecodable bytes or control characters. -They do need to be properly quoted when serialized to text, though. - -- Verify that email headers are well-formed - -This should fail for custom fold() implementations that aren't careful -about newlines. - -Co-authored-by: Bas Bloemsaat -Co-authored-by: Serhiy Storchaka -(cherry picked from commit 097633981879b3c9de9a1dd120d3aa585ecc2384) ---- - Doc/library/email.errors.rst | 7 +++ - Doc/library/email.policy.rst | 18 ++++++ - Lib/email/_header_value_parser.py | 12 +++- - Lib/email/_policybase.py | 8 +++ - Lib/email/errors.py | 4 ++ - Lib/email/generator.py | 13 +++- - Lib/test/test_email/test_generator.py | 62 +++++++++++++++++++ - Lib/test/test_email/test_policy.py | 26 ++++++++ - ...-07-27-16-10-41.gh-issue-121650.nf6oc9.rst | 5 ++ - 9 files changed, 151 insertions(+), 4 deletions(-) - create mode 100644 Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst - -diff --git a/Doc/library/email.errors.rst b/Doc/library/email.errors.rst -index 33ab4265116178..f8f43d82a3df2e 100644 ---- a/Doc/library/email.errors.rst -+++ b/Doc/library/email.errors.rst -@@ -58,6 +58,13 @@ The following exception classes are defined in the :mod:`email.errors` module: - :class:`~email.mime.nonmultipart.MIMENonMultipart` (e.g. - :class:`~email.mime.image.MIMEImage`). - -+ -+.. exception:: HeaderWriteError() -+ -+ Raised when an error occurs when the :mod:`~email.generator` outputs -+ headers. -+ -+ - .. exception:: MessageDefect() - - This is the base class for all defects found when parsing email messages. -diff --git a/Doc/library/email.policy.rst b/Doc/library/email.policy.rst -index 83feedf728351e..314767d0802a08 100644 ---- a/Doc/library/email.policy.rst -+++ b/Doc/library/email.policy.rst -@@ -229,6 +229,24 @@ added matters. To illustrate:: - - .. versionadded:: 3.6 - -+ -+ .. attribute:: verify_generated_headers -+ -+ If ``True`` (the default), the generator will raise -+ :exc:`~email.errors.HeaderWriteError` instead of writing a header -+ that is improperly folded or delimited, such that it would -+ be parsed as multiple headers or joined with adjacent data. -+ Such headers can be generated by custom header classes or bugs -+ in the ``email`` module. -+ -+ As it's a security feature, this defaults to ``True`` even in the -+ :class:`~email.policy.Compat32` policy. -+ For backwards compatible, but unsafe, behavior, it must be set to -+ ``False`` explicitly. -+ -+ .. versionadded:: 3.13 -+ -+ - The following :class:`Policy` method is intended to be called by code using - the email library to create policy instances with custom settings: - -diff --git a/Lib/email/_header_value_parser.py b/Lib/email/_header_value_parser.py -index 7da1bbaf8a80d7..ec2215a5e5f33c 100644 ---- a/Lib/email/_header_value_parser.py -+++ b/Lib/email/_header_value_parser.py -@@ -92,6 +92,8 @@ - ASPECIALS = TSPECIALS | set("*'%") - ATTRIBUTE_ENDS = ASPECIALS | WSP - EXTENDED_ATTRIBUTE_ENDS = ATTRIBUTE_ENDS - set('%') -+NLSET = {'\n', '\r'} -+SPECIALSNL = SPECIALS | NLSET - - def quote_string(value): - return '"'+str(value).replace('\\', '\\\\').replace('"', r'\"')+'"' -@@ -2802,9 +2804,13 @@ def _refold_parse_tree(parse_tree, *, policy): - wrap_as_ew_blocked -= 1 - continue - tstr = str(part) -- if part.token_type == 'ptext' and set(tstr) & SPECIALS: -- # Encode if tstr contains special characters. -- want_encoding = True -+ if not want_encoding: -+ if part.token_type == 'ptext': -+ # Encode if tstr contains special characters. -+ want_encoding = not SPECIALSNL.isdisjoint(tstr) -+ else: -+ # Encode if tstr contains newlines. -+ want_encoding = not NLSET.isdisjoint(tstr) - try: - tstr.encode(encoding) - charset = encoding -diff --git a/Lib/email/_policybase.py b/Lib/email/_policybase.py -index 2ec54fbabae83c..5f9aa9fb091fa2 100644 ---- a/Lib/email/_policybase.py -+++ b/Lib/email/_policybase.py -@@ -157,6 +157,13 @@ class Policy(_PolicyBase, metaclass=abc.ABCMeta): - message_factory -- the class to use to create new message objects. - If the value is None, the default is Message. - -+ verify_generated_headers -+ -- if true, the generator verifies that each header -+ they are properly folded, so that a parser won't -+ treat it as multiple headers, start-of-body, or -+ part of another header. -+ This is a check against custom Header & fold() -+ implementations. - """ - - raise_on_defect = False -@@ -165,6 +172,7 @@ class Policy(_PolicyBase, metaclass=abc.ABCMeta): - max_line_length = 78 - mangle_from_ = False - message_factory = None -+ verify_generated_headers = True - - def handle_defect(self, obj, defect): - """Based on policy, either raise defect or call register_defect. -diff --git a/Lib/email/errors.py b/Lib/email/errors.py -index 3ad00565549968..02aa5eced6ae46 100644 ---- a/Lib/email/errors.py -+++ b/Lib/email/errors.py -@@ -29,6 +29,10 @@ class CharsetError(MessageError): - """An illegal charset was given.""" - - -+class HeaderWriteError(MessageError): -+ """Error while writing headers.""" -+ -+ - # These are parsing defects which the parser was able to work around. - class MessageDefect(ValueError): - """Base class for a message defect.""" -diff --git a/Lib/email/generator.py b/Lib/email/generator.py -index c8056ad47baa0f..47b9df8f4e6090 100644 ---- a/Lib/email/generator.py -+++ b/Lib/email/generator.py -@@ -14,12 +14,14 @@ - from copy import deepcopy - from io import StringIO, BytesIO - from email.utils import _has_surrogates -+from email.errors import HeaderWriteError - - UNDERSCORE = '_' - NL = '\n' # XXX: no longer used by the code below. - - NLCRE = re.compile(r'\r\n|\r|\n') - fcre = re.compile(r'^From ', re.MULTILINE) -+NEWLINE_WITHOUT_FWSP = re.compile(r'\r\n[^ \t]|\r[^ \n\t]|\n[^ \t]') - - - class Generator: -@@ -222,7 +224,16 @@ def _dispatch(self, msg): - - def _write_headers(self, msg): - for h, v in msg.raw_items(): -- self.write(self.policy.fold(h, v)) -+ folded = self.policy.fold(h, v) -+ if self.policy.verify_generated_headers: -+ linesep = self.policy.linesep -+ if not folded.endswith(self.policy.linesep): -+ raise HeaderWriteError( -+ f'folded header does not end with {linesep!r}: {folded!r}') -+ if NEWLINE_WITHOUT_FWSP.search(folded.removesuffix(linesep)): -+ raise HeaderWriteError( -+ f'folded header contains newline: {folded!r}') -+ self.write(folded) - # A blank line always separates headers from body - self.write(self._NL) - -diff --git a/Lib/test/test_email/test_generator.py b/Lib/test/test_email/test_generator.py -index bc6f734d4fd0a9..c75a842c33578e 100644 ---- a/Lib/test/test_email/test_generator.py -+++ b/Lib/test/test_email/test_generator.py -@@ -6,6 +6,7 @@ - from email.generator import Generator, BytesGenerator - from email.headerregistry import Address - from email import policy -+import email.errors - from test.test_email import TestEmailBase, parameterize - - -@@ -249,6 +250,44 @@ def test_rfc2231_wrapping_switches_to_default_len_if_too_narrow(self): - g.flatten(msg) - self.assertEqual(s.getvalue(), self.typ(expected)) - -+ def test_keep_encoded_newlines(self): -+ msg = self.msgmaker(self.typ(textwrap.dedent("""\ -+ To: nobody -+ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com -+ -+ None -+ """))) -+ expected = textwrap.dedent("""\ -+ To: nobody -+ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com -+ -+ None -+ """) -+ s = self.ioclass() -+ g = self.genclass(s, policy=self.policy.clone(max_line_length=80)) -+ g.flatten(msg) -+ self.assertEqual(s.getvalue(), self.typ(expected)) -+ -+ def test_keep_long_encoded_newlines(self): -+ msg = self.msgmaker(self.typ(textwrap.dedent("""\ -+ To: nobody -+ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com -+ -+ None -+ """))) -+ expected = textwrap.dedent("""\ -+ To: nobody -+ Subject: Bad subject -+ =?utf-8?q?=0A?=Bcc: -+ injection@example.com -+ -+ None -+ """) -+ s = self.ioclass() -+ g = self.genclass(s, policy=self.policy.clone(max_line_length=30)) -+ g.flatten(msg) -+ self.assertEqual(s.getvalue(), self.typ(expected)) -+ - - class TestGenerator(TestGeneratorBase, TestEmailBase): - -@@ -273,6 +312,29 @@ def test_flatten_unicode_linesep(self): - g.flatten(msg) - self.assertEqual(s.getvalue(), self.typ(expected)) - -+ def test_verify_generated_headers(self): -+ """gh-121650: by default the generator prevents header injection""" -+ class LiteralHeader(str): -+ name = 'Header' -+ def fold(self, **kwargs): -+ return self -+ -+ for text in ( -+ 'Value\r\nBad Injection\r\n', -+ 'NoNewLine' -+ ): -+ with self.subTest(text=text): -+ message = message_from_string( -+ "Header: Value\r\n\r\nBody", -+ policy=self.policy, -+ ) -+ -+ del message['Header'] -+ message['Header'] = LiteralHeader(text) -+ -+ with self.assertRaises(email.errors.HeaderWriteError): -+ message.as_string() -+ - - class TestBytesGenerator(TestGeneratorBase, TestEmailBase): - -diff --git a/Lib/test/test_email/test_policy.py b/Lib/test/test_email/test_policy.py -index c6b9c80efe1b54..baa35fd68e49c5 100644 ---- a/Lib/test/test_email/test_policy.py -+++ b/Lib/test/test_email/test_policy.py -@@ -26,6 +26,7 @@ class PolicyAPITests(unittest.TestCase): - 'raise_on_defect': False, - 'mangle_from_': True, - 'message_factory': None, -+ 'verify_generated_headers': True, - } - # These default values are the ones set on email.policy.default. - # If any of these defaults change, the docs must be updated. -@@ -294,6 +295,31 @@ def test_short_maxlen_error(self): - with self.assertRaises(email.errors.HeaderParseError): - policy.fold("Subject", subject) - -+ def test_verify_generated_headers(self): -+ """Turning protection off allows header injection""" -+ policy = email.policy.default.clone(verify_generated_headers=False) -+ for text in ( -+ 'Header: Value\r\nBad: Injection\r\n', -+ 'Header: NoNewLine' -+ ): -+ with self.subTest(text=text): -+ message = email.message_from_string( -+ "Header: Value\r\n\r\nBody", -+ policy=policy, -+ ) -+ class LiteralHeader(str): -+ name = 'Header' -+ def fold(self, **kwargs): -+ return self -+ -+ del message['Header'] -+ message['Header'] = LiteralHeader(text) -+ -+ self.assertEqual( -+ message.as_string(), -+ f"{text}\nBody", -+ ) -+ - # XXX: Need subclassing tests. - # For adding subclassed objects, make sure the usual rules apply (subclass - # wins), but that the order still works (right overrides left). -diff --git a/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst b/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst -new file mode 100644 -index 00000000000000..83dd28d4ac575b ---- /dev/null -+++ b/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst -@@ -0,0 +1,5 @@ -+:mod:`email` headers with embedded newlines are now quoted on output. The -+:mod:`~email.generator` will now refuse to serialize (write) headers that -+are unsafely folded or delimited; see -+:attr:`~email.policy.Policy.verify_generated_headers`. (Contributed by Bas -+Bloemsaat and Petr Viktorin in :gh:`121650`.) - -From 7e3b0413643c574ce42b8a1e2c48a1fb0f45d385 Mon Sep 17 00:00:00 2001 -From: Petr Viktorin -Date: Fri, 2 Aug 2024 11:28:33 +0200 -Subject: [PATCH 2/2] Document changes as made in 3.12.5 - ---- - Doc/library/email.policy.rst | 2 +- - Doc/whatsnew/3.12.rst | 17 +++++++++++++++++ - 2 files changed, 18 insertions(+), 1 deletion(-) - -diff --git a/Doc/library/email.policy.rst b/Doc/library/email.policy.rst -index 314767d0802a08..51d65dc5ba94ee 100644 ---- a/Doc/library/email.policy.rst -+++ b/Doc/library/email.policy.rst -@@ -244,7 +244,7 @@ added matters. To illustrate:: - For backwards compatible, but unsafe, behavior, it must be set to - ``False`` explicitly. - -- .. versionadded:: 3.13 -+ .. versionadded:: 3.12.5 - - - The following :class:`Policy` method is intended to be called by code using -diff --git a/Doc/whatsnew/3.12.rst b/Doc/whatsnew/3.12.rst -index 8ed3b3c6f2387c..98d5b7a2c62b73 100644 ---- a/Doc/whatsnew/3.12.rst -+++ b/Doc/whatsnew/3.12.rst -@@ -2260,3 +2260,20 @@ ipaddress - - * Fixed ``is_global`` and ``is_private`` behavior in ``IPv4Address``, - ``IPv6Address``, ``IPv4Network`` and ``IPv6Network``. -+ -+ -+Notable changes in 3.12.5 -+========================= -+ -+email -+----- -+ -+ -+* Headers with embedded newlines are now quoted on output. -+ -+ The :mod:`~email.generator` will now refuse to serialize (write) headers -+ that are improperly folded or delimited, such that they would be parsed as -+ multiple headers or joined with adjacent data. -+ If you need to turn this safety feature off, -+ set :attr:`~email.policy.Policy.verify_generated_headers`. -+ (Contributed by Bas Bloemsaat and Petr Viktorin in :gh:`121650`.) diff --git a/Python-3.12.4.tar.xz b/Python-3.12.4.tar.xz deleted file mode 100644 index f50cb46..0000000 --- a/Python-3.12.4.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f6d419a6d8743ab26700801b4908d26d97e8b986e14f95de31b32de2b0e79554 -size 20659356 diff --git a/Python-3.12.4.tar.xz.asc b/Python-3.12.4.tar.xz.asc deleted file mode 100644 index bcb0184..0000000 --- a/Python-3.12.4.tar.xz.asc +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmZiK0BfFIAAAAAALgAo -aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx -Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6 -YwXdxg/6A5E54ST8gUxcgC6dsX2mOou/AgtzEiql1azbtK0U6p6v/uZ3JACq4iF2 -5SeXCYIq2Aum+f3FcmZ1gPAhCdSaHUl9i5oJvidW2AOz7E3Q81Kutdu+pKfv8Cwr -srhKBij5EQQH8rSLKK5fWDcoYgS26UQnBISrVb8ye5KC+mU1x0ek49jeRjS3ixim -+/jyRK/MStIjQAqeFMzQgathynYM5DtDEu71QATIWQZ/h78mpBCdrQutXMs10zf8 -fuXI6RP/vkh7q5IUg2KFZaUavPPPMUKJZnYAaTn3JbNXkASuliEyBDzXPhl+/t17 -RxzmlM+foXqxLXmupouRilZE73X7tKI4y1MbFUklFIsZlt+7uyXxAbwIZd3zJQrM -GITttH4tx4q1htZ/G1l6cS99AYUmoZp7rJwgKkiH40W9C+6ye2O2zAk6cEi1796t -RXEUpGupws3/XMofKJ23mE1FGwhcTWvoFgrth5ZM5Ig3A2rb5KIJIbMdEmOOiHV7 -CZ62N29fszwdxtErLpEStv5pZdV8zenucC6FtonyLX47v1VOd+3fyw65SvVXlblp -jeXCDWfhZZpnXw5d++y4kTxiQk8VUgTezB8uQ9Z/gNtdvYxWy8SXXcJoFofOCgo2 -/nLLzlJyRAoAFAXIgyZqdkG+8ZPWTH/Tfxg9UYKKXMcSYqak2EU= -=x5Pr ------END PGP SIGNATURE----- diff --git a/Python-3.12.5.tar.xz b/Python-3.12.5.tar.xz new file mode 100644 index 0000000..abbbe8a --- /dev/null +++ b/Python-3.12.5.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fa8a2e12c5e620b09f53e65bcd87550d2e5a1e2e04bf8ba991dcc55113876397 +size 20422396 diff --git a/Python-3.12.5.tar.xz.asc b/Python-3.12.5.tar.xz.asc new file mode 100644 index 0000000..445454f --- /dev/null +++ b/Python-3.12.5.tar.xz.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmayiFtfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx +Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6 +YwUr4g//VyVs9tvbtiSp8pGe8f1gYErEw54r124sL/CBuNii8Irts1j5ymGxcm+l +hshPK5UlqRnhd5dCJWFTvLTXa5Ko2R1L3JyyxfGd1hmDuMhrWsDHijI0R7L/mGM5 +6X2LTaadBVNvk8HaNKvR8SEWvo68rdnOuYElFA9ir7uqwjO26ZWz9FfH80YDGwo8 +Blef2NYw8rNhiaZMFV0HYV7D+YyUAZnFNfW8M7Fd4oskUyj1tD9J89T9FFLYN09d +BcCIf+EdiEfqRpKxH89bW2g52kDrm4jYGONtpyF8eruyS3YwYSbvbuWioBYKmlxC +s51mieXz6G325GTZnmPxLek3ywPv6Gil9y0wH3fIr2BsWsmXust4LBpjDGt56Fy6 +seokGBg8xzsBSk3iEqNoFmNsy/QOiuCcDejX4XqBDNodOlETQPJb07TkTI2iOmg9 +NG4Atiz1HvGVxK68UuK9IIcNHyaWUmH8h4VQFGvc6KV6feP5Nm21Y12PZ5XIqJBO +Y8M/VJIJ5koaNPQfnBbbI5YBkUr4BVpIXIpY5LM/L5sUo2C3R7hMi0VGK88HGfSQ +KV4JmZgf6RMBNmrWY12sryS1QQ6q3P110GTUGQWB3sxxNbhmfcrK+4viqHc83yDz +ifmk33HuqaQGU7OzUMHeNcoCJIPo3H1FpoHOn9wLLCtA1pT+as4= +=t0Rk +-----END PGP SIGNATURE----- diff --git a/bso1227999-reproducible-builds.patch b/bso1227999-reproducible-builds.patch deleted file mode 100644 index fb33d18..0000000 --- a/bso1227999-reproducible-builds.patch +++ /dev/null @@ -1,37 +0,0 @@ -From ac2b8869724d7a57d9b5efbdce2f20423214e8bb Mon Sep 17 00:00:00 2001 -From: "Bernhard M. Wiedemann" -Date: Tue, 16 Jul 2024 21:39:33 +0200 -Subject: [PATCH] Allow to override build date with SOURCE_DATE_EPOCH - -to make builds reproducible. -See https://reproducible-builds.org/ for why this is good -and https://reproducible-builds.org/specs/source-date-epoch/ -for the definition of this variable. ---- - Doc/conf.py | 3 ++- - Doc/library/functions.rst | 2 +- - 2 files changed, 3 insertions(+), 2 deletions(-) - ---- a/Doc/conf.py -+++ b/Doc/conf.py -@@ -316,7 +316,8 @@ html_context = { - } - - # This 'Last updated on:' timestamp is inserted at the bottom of every page. --html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime()) -+html_time = int(os.environ.get('SOURCE_DATE_EPOCH', time.time())) -+html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime(html_time)) - - # Path to find HTML templates. - templates_path = ['tools/templates'] ---- a/Doc/library/functions.rst -+++ b/Doc/library/functions.rst -@@ -1356,7 +1356,7 @@ are always available. They are listed h - (where :func:`open` is declared), :mod:`os`, :mod:`os.path`, :mod:`tempfile`, - and :mod:`shutil`. - -- .. audit-event:: open file,mode,flags open -+ .. audit-event:: open path,mode,flags open - - The ``mode`` and ``flags`` arguments may have been modified or inferred from - the original call. diff --git a/docs-docutils_014-Sphinx_420.patch b/docs-docutils_014-Sphinx_420.patch index 26563f5..0b5b6fe 100644 --- a/docs-docutils_014-Sphinx_420.patch +++ b/docs-docutils_014-Sphinx_420.patch @@ -1,32 +1,32 @@ --- Doc/tools/extensions/c_annotations.py | 6 +++++- Doc/tools/extensions/glossary_search.py | 12 ++++++++++-- - Doc/tools/extensions/pyspecific.py | 13 ++++++++++--- - 3 files changed, 25 insertions(+), 6 deletions(-) + Doc/tools/extensions/pyspecific.py | 5 ++++- + 3 files changed, 19 insertions(+), 4 deletions(-) --- a/Doc/tools/extensions/c_annotations.py +++ b/Doc/tools/extensions/c_annotations.py -@@ -84,7 +84,11 @@ class Annotations: - self.stable_abi_data[name] = record - - def add_annotations(self, app, doctree): -- for node in doctree.findall(addnodes.desc_content): -+ try: -+ findall = doctree.findall -+ except AttributeError: -+ findall = doctree.traverse -+ for node in findall(addnodes.desc_content): - par = node.parent - if par['domain'] != 'c': - continue +@@ -118,7 +118,11 @@ def add_annotations(app: Sphinx, doctree + state = app.env.domaindata["c_annotations"] + refcount_data = state["refcount_data"] + stable_abi_data = state["stable_abi_data"] +- for node in doctree.findall(addnodes.desc_content): ++ try: ++ findall = doctree.findall ++ except AttributeError: ++ findall = doctree.traverse ++ for node in findall(addnodes.desc_content): + par = node.parent + if par["domain"] != "c": + continue --- a/Doc/tools/extensions/glossary_search.py +++ b/Doc/tools/extensions/glossary_search.py -@@ -25,8 +25,16 @@ def process_glossary_nodes(app, doctree, - - terms = {} +@@ -30,8 +30,16 @@ def process_glossary_nodes( + else: + terms = app.env.glossary_terms = {} - for node in doctree.findall(glossary): -- for glossary_item in node.findall(definition_list_item): +- for glossary_item in node.findall(nodes.definition_list_item): + try: + findall = doctree.findall + except AttributeError: @@ -37,8 +37,8 @@ + except AttributeError: + node_findall = node.traverse + for glossary_item in node_findall(definition_list_item): - term = glossary_item[0].astext().lower() - definition = glossary_item[1] + term = glossary_item[0].astext() + definition = glossary_item[-1] --- a/Doc/tools/extensions/pyspecific.py +++ b/Doc/tools/extensions/pyspecific.py @@ -54,25 +54,3 @@ ISSUE_URI = 'https://bugs.python.org/issue?@action=redirect&bpo=%s' -@@ -604,7 +607,11 @@ def parse_monitoring_event(env, sig, sig - - - def process_audit_events(app, doctree, fromdocname): -- for node in doctree.findall(audit_event_list): -+ try: -+ findall = doctree.findall -+ except AttributeError: -+ findall = doctree.traverse -+ for node in findall(audit_event_list): - break - else: - return -@@ -663,7 +670,7 @@ def process_audit_events(app, doctree, f - - body += row - -- for node in doctree.findall(audit_event_list): -+ for node in findall(audit_event_list): - node.replace_self(table) - - diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch index 88fbe40..d0d9baf 100644 --- a/fix_configure_rst.patch +++ b/fix_configure_rst.patch @@ -3,10 +3,8 @@ Misc/NEWS | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) -Index: Python-3.12.4/Doc/using/configure.rst -=================================================================== ---- Python-3.12.4.orig/Doc/using/configure.rst -+++ Python-3.12.4/Doc/using/configure.rst +--- a/Doc/using/configure.rst ++++ b/Doc/using/configure.rst @@ -640,13 +640,11 @@ macOS Options See ``Mac/README.rst``. @@ -21,11 +19,9 @@ Index: Python-3.12.4/Doc/using/configure.rst .. option:: --enable-framework=INSTALLDIR Create a Python.framework rather than a traditional Unix install. Optional -Index: Python-3.12.4/Misc/NEWS -=================================================================== ---- Python-3.12.4.orig/Misc/NEWS -+++ Python-3.12.4/Misc/NEWS -@@ -13734,7 +13734,7 @@ C API +--- a/Misc/NEWS ++++ b/Misc/NEWS +@@ -13832,7 +13832,7 @@ C API - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-43795: The list in :ref:`limited-api-list` now shows the public name diff --git a/python312.changes b/python312.changes index abeec29..78bed4d 100644 --- a/python312.changes +++ b/python312.changes @@ -1,9 +1,214 @@ +------------------------------------------------------------------- +Wed Aug 7 18:05:57 UTC 2024 - Matej Cepl + +- Update to 3.12.5: + - Tests + - gh-59022: Add tests for pkgutil.extend_path(). Patch by + Andreas Stocker. + - gh-99242: os.getloadavg() may throw OSError when + running regression tests under certain conditions (e.g. + chroot). This error is now caught and ignored, since + reporting load average is optional. + - gh-121084: Fix test_typing random leaks. Clear typing ABC + caches when running tests for refleaks (-R option): call + _abc_caches_clear() on typing abstract classes and their + subclasses. Patch by Victor Stinner. + - gh-121160: Add a test for + readline.set_history_length(). Note that this test may fail + on readline libraries. + - gh-121200: Fix test_expanduser_pwd2() of + test_posixpath. Call getpwnam() to get pw_dir, since it + can be different than getpwall() pw_dir. Patch by Victor + Stinner. + - gh-121188: When creating the JUnit XML file, regrtest + now escapes characters which are invalid in XML, such + as the chr(27) control character used in ANSI escape + sequences. Patch by Victor Stinner. + - Security + - gh-121957: Fixed missing audit events around interactive + use of Python, now also properly firing for python -i, as + well as for python -m asyncio. The event in question is + cpython.run_stdin. + - gh-122133: Authenticate the socket connection for the + socket.socketpair() fallback on platforms where AF_UNIX is + not available like Windows. + - Patch by Gregory P. Smith and Seth Larson + . Reported by Ellie + - Library + - gh-122744: Bump the version of pip bundled in ensurepip to + version 24.2. + - gh-122334: Fix crash when importing ssl after the main + interpreter restarts. + - gh-87320: In code.InteractiveInterpreter, handle exceptions + caused by calling a non-default sys.excepthook(). Before, + the exception bubbled up to the caller, ending the REPL. + - gh-122400: Handle ValueErrors raised by os.stat() in + filecmp.dircmp and filecmp.cmpfiles(). Patch by Bénédikt + Tran. + - gh-122311: Fix some error messages in pickle. + - gh-121650: email headers with embedded newlines are + now quoted on output. The generator will now refuse to + serialize (write) headers that are unsafely folded or + delimited; see verify_generated_headers. (Contributed by + Bas Bloemsaat and Petr Viktorin in gh-121650; bsc#1228780, + CVE-2024-6923). + - gh-122332: Fixed segfault with asyncio.Task.get_coro() when + using an eager task factory. + - gh-122170: Handle ValueErrors raised by os.stat() in + linecache. Patch by Bénédikt Tran. + - gh-121723: Make logging.config.dictConfig() accept any + object implementing the Queue public API. See the queue + configuration section for details. Patch by Bénédikt Tran. + - gh-82951: Serializing objects with complex __qualname__ + (such as unbound methods and nested classes) by name no + longer involves serializing parent objects by value in + pickle protocols < 4. + - gh-120930: Fixed a bug introduced by gh-92081 that added an + incorrect extra blank to encoded words occurring in wrapped + headers. + - gh-121474: Fix missing sanity check for parties arg in + threading.Barrier constructor. Patch by Clinton Christian + (pygeek). + - gh-121025: Improve the __repr__() of + functools.partialmethod. Patch by Bénédikt Tran. + - gh-121018: Fixed issues where + argparse.ArgumentParser.parse_args() did not honor + exit_on_error=False. Based on patch by Ben Hsing. + - gh-119614: Fix truncation of strings with embedded null + characters in some internal operations in tkinter. + - gh-120910: When reading installed files from an egg, use + relative_to(walk_up=True) to honor files installed outside + of the installation root. + - gh-101830: Accessing the tkinter object’s string + representation no longer converts the underlying Tcl object + to a string on Windows. + - gh-120811: Fix possible memory leak in + contextvars.Context.run(). + - gh-120769: Make empty line in pdb repeats the last command + even when the command is from cmdqueue. + - gh-120732: Fix name passing to unittest.mock.Mock object + when using unittest.mock.create_autospec(). + - gh-120495: Fix incorrect exception handling in Tab + Nanny. Patch by Wulian233. + - gh-120343: Fix column offset reporting for tokens that come + after multiline f-strings in the tokenize module. + - gh-119600: Fix unittest.mock.patch() to not read attributes + of the target when new_callable is set. Patch by Robert + Collins. + - gh-120289: Fixed the use-after-free issue in cProfile by + disallowing disable() and clear() in external timers. + - gh-114053: Fix edge-case bug where typing.get_type_hints() + would produce incorrect results if type parameters in a + class scope were overridden by assignments in a class scope + and from __future__ import annotations semantics were + enabled. Patch by Alex Waygood. + - gh-114053: Fix erroneous NameError when calling + inspect.get_annotations() with eval_str=True` on a class + that made use of PEP 695 type parameters in a module that + had from __future__ import annotations at the top of the + file. Patch by Alex Waygood. + - gh-120268: Prohibit passing None to pure-Python + datetime.date.fromtimestamp() to achieve consistency with + C-extension implementation. + - gh-120244: Fix memory leak in re.sub() when the replacement + string contains backreferences. + - gh-120211: Fix tkinter.ttk with Tcl/Tk 9.0. + - gh-71587: Fix crash in C version of + datetime.datetime.strptime() when called again on the + restarted interpreter. + - gh-117983: Defer the threading import in importlib.util + until lazy loading is used. + - gh-119698: Fix symtable.Class.get_methods() and document + its behaviour. Patch by Bénédikt Tran. + - gh-120121: Add concurrent.futures.InvalidStateError to + module’s __all__. + - gh-112672: Support building tkinter with Tcl 9.0. + - gh-65454: unittest.mock.Mock.attach_mock() no longer + triggers a call to a PropertyMock being attached. + - gh-81936: help() and showtopic() methods now respect a + configured output argument to pydoc.Helper and not use the + pager in such cases. Patch by Enrico Tröger. + - gh-119577: The DeprecationWarning emitted when testing + the truth value of an xml.etree.ElementTree.Element now + describes unconditionally returning True in a future + version rather than raising an exception in Python 3.14. + - gh-119506: Fix io.TextIOWrapper.write() method breaks + internal buffer when the method is called again during + flushing internal buffer. + - gh-119189: When using the ** operator or pow() with + Fraction as the base and an exponent that is not rational, + a float, or a complex, the fraction is no longer converted + to a float. + - gh-105623: Fix performance degradation in + logging.handlers.RotatingFileHandler. Patch by Craig + Robson. + - bpo-39324: Add mime type mapping for .md <-> text/markdown + - IDLE + - gh-122482: Change About IDLE to direct users to + discuss.python.org instead of the now unused idle-dev email + and mailing list. + - gh-78889: Stop Shell freezes by blocking user access to + non-method sys.stdout.shell attributes, which are all + private. + - gh-120104: Fix padding in config and search dialog windows + in IDLE. + - Documentation + - gh-121749: Fix documentation for PyModule_AddObjectRef(). + - gh-120012: Clarify the behaviours of + multiprocessing.Queue.empty() and + multiprocessing.SimpleQueue.empty() on closed queues. Patch + by Bénédikt Tran. + - gh-121871: Documentation HTML varies from timestamp. Patch by + Bernhard M. Wiedemann (bsc#1227999). + - Core and Builtins + - gh-122208: Dictionary watchers now only deliver the + PyDict_EVENT_ADDED event when the insertion is in a known + good state to succeed. + - gh-122300: Preserve AST nodes for f-string with + single-element format specifiers. Patch by Pablo Galindo + - gh-122029: Emit c_call events in sys.setprofile() when a + PyMethodObject pointing to a PyCFunction is called. + - gh-122026: Fix a bug that caused the tokenizer to not + correctly identify mismatched parentheses inside f-strings + in some situations. Patch by Pablo Galindo + - gh-121657: Improve the SyntaxError message if the user + tries to use yield from outside a function. + - gh-117482: Unexpected slot wrappers are no longer created + for builtin static types in subinterpreters. + - gh-121439: Allow tuples of length 20 in the freelist to be + reused. + - gh-121130: Fix f-strings with debug expressions in format + specifiers. Patch by Pablo Galindo + - gh-120722: Correctly set the bytecode position on return + instructions within lambdas. Patch by Jelle Zijlstra. + - gh-120384: Fix an array out of bounds crash in + list_ass_subscript, which could be invoked via some + specificly tailored input: including concurrent + modification of a list object, where one thread assigns a + slice and another clears it. + - gh-120380: Fix Python implementation of pickle.Pickler for + bytes and bytearray objects when using protocol version + 5. Patch by Bénédikt Tran. + - gh-93691: Fix source locations of instructions generated + for the iterator of a for statement. + - gh-120198: Fix a crash when multiple threads read and write + to the same __class__ of an object concurrently. + - gh-120298: Fix use-after free in list_richcompare_impl + which can be invoked via some specificly tailored evil + input. + - gh-119666: Fix a compiler crash in the case where two + comprehensions in class scope both reference __class__. + - bpo-24766: Fix handling of doc argument to subclasses of + property. + - Build + - gh-120671: Fix failing configure tests due to a missing + space when appending to CFLAGS. + - gh-115983: Skip building test modules that must be built as + shared under WASI. + ------------------------------------------------------------------- Wed Aug 7 13:40:44 UTC 2024 - Matej Cepl -- Add CVE-2024-6923-email-hdr-inject.patch to prevent email - header injection due to unquoted newlines (bsc#1228780, - CVE-2024-6923). - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999) - Update bluez-devel-vendor.tar.xz @@ -14,19 +219,6 @@ Mon Jul 22 21:20:55 UTC 2024 - Matej Cepl - Remove %suse_update_desktop_file macro as it is not useful any more. -------------------------------------------------------------------- -Thu Jul 18 22:37:07 UTC 2024 - Matej Cepl - -- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 - adding reproducibility patches from gh#python/cpython!121872 - and gh#python/cpython!121883. - -------------------------------------------------------------------- -Mon Jul 15 12:14:05 UTC 2024 - Matej Cepl - -- Stop using %%defattr, it seems to be breaking proper executable - attributes on /usr/bin/ scripts (bsc#1227378). - ------------------------------------------------------------------- Thu Jul 4 16:04:05 UTC 2024 - Matej Cepl diff --git a/python312.spec b/python312.spec index ad8116f..72db76e 100644 --- a/python312.spec +++ b/python312.spec @@ -110,7 +110,7 @@ # _md5.cpython-38m-x86_64-linux-gnu.so %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so Name: %{python_pkg_name}%{psuffix} -Version: 3.12.4 +Version: 3.12.5 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 @@ -186,12 +186,6 @@ Patch40: fix-test-recursion-limit-15.6.patch # PATCH-FIX-SLE docs-docutils_014-Sphinx_420.patch bsc#[0-9]+ mcepl@suse.com # related to gh#python/cpython#119317 Patch41: docs-docutils_014-Sphinx_420.patch -# PATCH-FIX-UPSTREAM CVE-2024-6923-email-hdr-inject.patch bsc#1228780 mcepl@suse.com -# prevent email header injection, patch from gh#python/cpython!122608 -Patch42: CVE-2024-6923-email-hdr-inject.patch -# PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 mcepl@suse.com -# reproducibility patches -Patch43: bso1227999-reproducible-builds.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes