diff --git a/CVE-2023-27043-email-parsing-errors.patch b/CVE-2023-27043-email-parsing-errors.patch index ca22afa..b2824db 100644 --- a/CVE-2023-27043-email-parsing-errors.patch +++ b/CVE-2023-27043-email-parsing-errors.patch @@ -260,7 +260,7 @@ Co-Authored-By: Thomas Dwyer from email.charset import Charset from email.generator import Generator, DecodedGenerator, BytesGenerator -@@ -3337,15 +3338,137 @@ Foo +@@ -3352,15 +3353,137 @@ Foo ], ) @@ -406,7 +406,7 @@ Co-Authored-By: Thomas Dwyer def test_getaddresses_embedded_comment(self): """Test proper handling of a nested comment""" -@@ -3536,6 +3659,54 @@ multipart/report +@@ -3551,6 +3674,54 @@ multipart/report m = cls(*constructor, policy=email.policy.default) self.assertIs(m.policy, email.policy.default) diff --git a/CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch b/CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch new file mode 100644 index 0000000..264e963 --- /dev/null +++ b/CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch @@ -0,0 +1,67 @@ +Index: Python-3.12.3/Lib/test/test_xml_etree.py +=================================================================== +--- Python-3.12.3.orig/Lib/test/test_xml_etree.py ++++ Python-3.12.3/Lib/test/test_xml_etree.py +@@ -121,6 +121,11 @@ ATTLIST_XML = """\ + + """ + ++IS_SLE_15_6 = os.environ.get("SLE_VERSION", "") == "0150600" ++fails_with_expat_2_6_0 = (unittest.expectedFailure ++ # 2.4 version patched in SLE ++ if IS_SLE_15_6 and pyexpat.version_info >= (2, 4, 0) else ++ lambda test: test) + def checkwarnings(*filters, quiet=False): + def decorator(test): + def newtest(*args, **kwargs): +@@ -1424,9 +1429,11 @@ class XMLPullParserTest(unittest.TestCas + self.assert_event_tags(parser, [('end', 'root')]) + self.assertIsNone(parser.close()) + ++ @fails_with_expat_2_6_0 + def test_simple_xml_chunk_1(self): + self.test_simple_xml(chunk_size=1, flush=True) + ++ @fails_with_expat_2_6_0 + def test_simple_xml_chunk_5(self): + self.test_simple_xml(chunk_size=5, flush=True) + +@@ -1651,6 +1658,9 @@ class XMLPullParserTest(unittest.TestCas + + self.assert_event_tags(parser, [('end', 'doc')]) + ++ @unittest.skipIf(pyexpat.version_info < (2, 6, 0), ++ f'Expat {pyexpat.version_info} does not ' ++ 'support reparse deferral') + def test_flush_reparse_deferral_disabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +Index: Python-3.12.3/Lib/test/test_sax.py +=================================================================== +--- Python-3.12.3.orig/Lib/test/test_sax.py ++++ Python-3.12.3/Lib/test/test_sax.py +@@ -1240,6 +1240,9 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"") + ++ @unittest.skipIf(pyexpat.version_info < (2, 6, 0), ++ f'Expat {pyexpat.version_info} does not ' ++ 'support reparse deferral') + def test_flush_reparse_deferral_disabled(self): + result = BytesIO() + xmlgen = XMLGenerator(result) +Index: Python-3.12.3/Lib/test/test_pyexpat.py +=================================================================== +--- Python-3.12.3.orig/Lib/test/test_pyexpat.py ++++ Python-3.12.3/Lib/test/test_pyexpat.py +@@ -794,6 +794,10 @@ class ReparseDeferralTest(unittest.TestC + self.assertEqual(started, ['doc']) + + def test_reparse_deferral_disabled(self): ++ if expat.version_info < (2, 6, 0): ++ self.skipTest(f'Expat {expat.version_info} does not ' ++ 'support reparse deferral') ++ + started = [] + + def start_element(name, _): diff --git a/Python-3.12.2.tar.xz b/Python-3.12.2.tar.xz deleted file mode 100644 index c0417c2..0000000 --- a/Python-3.12.2.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:be28112dac813d2053545c14bf13a16401a21877f1a69eb6ea5d84c4a0f3d870 -size 20591308 diff --git a/Python-3.12.2.tar.xz.asc b/Python-3.12.2.tar.xz.asc deleted file mode 100644 index ca66451..0000000 --- a/Python-3.12.2.tar.xz.asc +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmXCmEZfFIAAAAAALgAo -aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx -Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6 -YwVxNQ/5AfuzQgW8NEaIe9J2cT78VvGa6I1DMSud8X6RnZLGDtk0D19ENhykO9bn -RtpbVGVUMWKoalU0AB3IZ4E7/ZLVl8ooZScfmzo4B3D9jdVcDJiIS8S2dYKPZ4QK -pVLTXZxi5/KUnirohguUdMlNEE/RyDMHpYO0wDpG4bfq6E9fkkrqm9n+j7/JZpQj -xEDyA5h3GBSus1KvG59C96r2YRFVXNebl1RgnCEuFKA6aJB/A5ht1UbINzS9vsaj -zGTRjMNdDVZVfomtYL63Zr5dHsv8t7jpwZHe+kqmY6FyiIElcV5euvjK+akujrjp -pY3KzyKC3tGcWz5qNaiL7H2WSW72e0fxbEZ1F2LUfmvfJM8oMcfEEb91R225m+Jp -Ot46t7DXYazcyRVkx1cfiAijPBjbxoLQXkKcZEFXkosJE543zqzy316of64Sh1Pj -vL+txgpMCpSYaXfgKImwya7F/twK9yPb6bvA6X2qcSZsK9FbC7d/WqSJejp0Nu5k -QCMwN3DICOERgN0gkgLccCsF6yH+a/06Mebx4gDBDrsXxEkgLHLrZkRwYrv2vlHg -/g6QOli029CMlbSbNIJeb2fEczRK4kqKlZyt9NOQ6InSwsAS5+F3DdhjQ2zu5lid -saAiV4yWU0RiyGp98X1vjLPOWjp/sILbYlLplJBY7LxWBqC7+2A= -=50z7 ------END PGP SIGNATURE----- diff --git a/Python-3.12.3.tar.xz b/Python-3.12.3.tar.xz new file mode 100644 index 0000000..db2a767 --- /dev/null +++ b/Python-3.12.3.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:56bfef1fdfc1221ce6720e43a661e3eb41785dd914ce99698d8c7896af4bdaa1 +size 20625068 diff --git a/Python-3.12.3.tar.xz.asc b/Python-3.12.3.tar.xz.asc new file mode 100644 index 0000000..f0579f8 --- /dev/null +++ b/Python-3.12.3.tar.xz.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmYVDdNfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx +Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6 +YwU8Vg//aP8bxzPTDIM9Af1LLJj5LNLIuZOl5QysWQVbakoCpS8Z8ZiK3LyzGi7H +pQ5uJEnRjhULnOi+va2TPBDqiYvY1CkVizYzmUe1dMtzHdJUBE1TzybfON02JzPD +62oDHxUC1hvITyLE8tjnsgBuP9bbYYHnS+qqmDgBWS1M60i4bqcBiSdlWZp7ZTI4 +KIxIy9eyNujHnNQrQQ1oqIoj7ty1Hrtkfqia/3cVq7rkQT8HecBIW0K82WuIXizm +/Ua/TQslTJsypslFYpoJBoIkWG2nk7RhJvfU5iLxQHen6cr7JOUo/u3jv0DIJyJs +LdBWG6noTIiqKJb65UswLUxexM5f3Y7gLEZ4FCqlbAOAPG16xwwC8Xd7LIF33cHK +133BvYCkwdl0MCpmsQuxi8i6Kql0MaEqJ9MEj6UN66ZJVpRx8hOm2FtZGhn5ZNxx +r5C2zXGw/IjXeS01wgD8cSRVA0XJdN4bu88vmvhqMuezg3CDF5bX85isoFUaLUjS +c5Lv1HNrqPiaWHOctnvzasy0djpwze+WCzsXFMI6VfejPpYwNlhmnxS7i3R9A4RK +gBwViMd5q5rwx365tCfRfGcBW6OOvrHZalhSGYmUw13sBarFliW9CvN4ghN9kWbN +YQwSggf5KD6v5mAAyReMrOJTyBG6B5hMlxKai5CzbRLlG25T2wI= +=ZQxz +-----END PGP SIGNATURE----- diff --git a/fix-test-recursion-limit-15.6.patch b/fix-test-recursion-limit-15.6.patch new file mode 100644 index 0000000..0b86aa2 --- /dev/null +++ b/fix-test-recursion-limit-15.6.patch @@ -0,0 +1,30 @@ +Index: Python-3.12.3/Lib/test/test_compile.py +=================================================================== +--- Python-3.12.3.orig/Lib/test/test_compile.py ++++ Python-3.12.3/Lib/test/test_compile.py +@@ -14,6 +14,9 @@ from test.support import (script_helper, + requires_specialization, C_RECURSION_LIMIT) + from test.support.os_helper import FakePath + ++IS_SLE_15_6 = os.environ.get("SLE_VERSION", "") == "0150600" ++IS_32bit = hasattr(os, "uname") and os.uname().machine in ["i386", "i486", "i586", "i686"] ++ + class TestSpecifics(unittest.TestCase): + + def compile_single(self, source): +@@ -110,6 +113,7 @@ class TestSpecifics(unittest.TestCase): + self.assertEqual(d['z'], 12) + + @unittest.skipIf(support.is_wasi, "exhausts limited stack on WASI") ++ @unittest.skipIf(IS_SLE_15_6 and IS_32bit, "fails on 15.6 i586") + def test_extended_arg(self): + repeat = int(C_RECURSION_LIMIT * 0.9) + longexpr = 'x = x or ' + '-x' * repeat +@@ -603,6 +607,7 @@ class TestSpecifics(unittest.TestCase): + + @support.cpython_only + @unittest.skipIf(support.is_wasi, "exhausts limited stack on WASI") ++ @unittest.skipIf(IS_SLE_15_6 and IS_32bit, "fails on 15.6 i586") + def test_compiler_recursion_limit(self): + # Expected limit is C_RECURSION_LIMIT * 2 + # Duplicating the limit here is a little ugly. diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch index e2993bb..ab85538 100644 --- a/fix_configure_rst.patch +++ b/fix_configure_rst.patch @@ -3,11 +3,9 @@ Misc/NEWS | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) -Index: Python-3.12.2/Doc/using/configure.rst -=================================================================== ---- Python-3.12.2.orig/Doc/using/configure.rst -+++ Python-3.12.2/Doc/using/configure.rst -@@ -629,13 +629,11 @@ macOS Options +--- a/Doc/using/configure.rst ++++ b/Doc/using/configure.rst +@@ -631,13 +631,11 @@ macOS Options See ``Mac/README.rst``. @@ -21,11 +19,9 @@ Index: Python-3.12.2/Doc/using/configure.rst .. option:: --enable-framework=INSTALLDIR Create a Python.framework rather than a traditional Unix install. Optional -Index: Python-3.12.2/Misc/NEWS -=================================================================== ---- Python-3.12.2.orig/Misc/NEWS -+++ Python-3.12.2/Misc/NEWS -@@ -12998,7 +12998,7 @@ C API +--- a/Misc/NEWS ++++ b/Misc/NEWS +@@ -13428,7 +13428,7 @@ C API - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-43795: The list in :ref:`limited-api-list` now shows the public name diff --git a/libexpat260.patch b/libexpat260.patch deleted file mode 100644 index 4e38aab..0000000 --- a/libexpat260.patch +++ /dev/null @@ -1,107 +0,0 @@ -From f2eebf3c38eae77765247791576b437ec25ccfe2 Mon Sep 17 00:00:00 2001 -From: Serhiy Storchaka -Date: Sun, 11 Feb 2024 12:08:39 +0200 -Subject: [PATCH] gh-115133: Fix tests for XMLPullParser with Expat 2.6.0 - (GH-115164) - -Feeding the parser by too small chunks defers parsing to prevent -CVE-2023-52425. Future versions of Expat may be more reactive. -(cherry picked from commit 4a08e7b3431cd32a0daf22a33421cd3035343dc4) - -Co-authored-by: Serhiy Storchaka ---- - Lib/test/test_xml_etree.py | 58 ++++++++++++------- - ...-02-08-14-21-28.gh-issue-115133.ycl4ko.rst | 2 + - 2 files changed, 38 insertions(+), 22 deletions(-) - create mode 100644 Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst - -Index: Python-3.12.2/Lib/test/test_xml_etree.py -=================================================================== ---- Python-3.12.2.orig/Lib/test/test_xml_etree.py -+++ Python-3.12.2/Lib/test/test_xml_etree.py -@@ -13,6 +13,7 @@ import itertools - import operator - import os - import pickle -+import pyexpat - import sys - import textwrap - import types -@@ -120,6 +121,10 @@ ATTLIST_XML = """\ - - """ - -+fails_with_expat_2_6_0 = (unittest.expectedFailure -+ if pyexpat.version_info >= (2, 6, 0) else -+ lambda test: test) -+ - def checkwarnings(*filters, quiet=False): - def decorator(test): - def newtest(*args, **kwargs): -@@ -1400,28 +1405,37 @@ class XMLPullParserTest(unittest.TestCas - self.assertEqual([(action, elem.tag) for action, elem in events], - expected) - -- def test_simple_xml(self): -- for chunk_size in (None, 1, 5): -- with self.subTest(chunk_size=chunk_size): -- parser = ET.XMLPullParser() -- self.assert_event_tags(parser, []) -- self._feed(parser, "\n", chunk_size) -- self.assert_event_tags(parser, []) -- self._feed(parser, -- "\n text\n", chunk_size) -- self.assert_event_tags(parser, [('end', 'element')]) -- self._feed(parser, "texttail\n", chunk_size) -- self._feed(parser, "\n", chunk_size) -- self.assert_event_tags(parser, [ -- ('end', 'element'), -- ('end', 'empty-element'), -- ]) -- self._feed(parser, "\n", chunk_size) -- self.assert_event_tags(parser, [('end', 'root')]) -- self.assertIsNone(parser.close()) -+ def test_simple_xml(self, chunk_size=None): -+ parser = ET.XMLPullParser() -+ self.assert_event_tags(parser, []) -+ self._feed(parser, "\n", chunk_size) -+ self.assert_event_tags(parser, []) -+ self._feed(parser, -+ "\n text\n", chunk_size) -+ self.assert_event_tags(parser, [('end', 'element')]) -+ self._feed(parser, "texttail\n", chunk_size) -+ self._feed(parser, "\n", chunk_size) -+ self.assert_event_tags(parser, [ -+ ('end', 'element'), -+ ('end', 'empty-element'), -+ ]) -+ self._feed(parser, "\n", chunk_size) -+ self.assert_event_tags(parser, [('end', 'root')]) -+ self.assertIsNone(parser.close()) -+ -+ @fails_with_expat_2_6_0 -+ def test_simple_xml_chunk_1(self): -+ self.test_simple_xml(chunk_size=1) -+ -+ @fails_with_expat_2_6_0 -+ def test_simple_xml_chunk_5(self): -+ self.test_simple_xml(chunk_size=5) -+ -+ def test_simple_xml_chunk_22(self): -+ self.test_simple_xml(chunk_size=22) - - def test_feed_while_iterating(self): - parser = ET.XMLPullParser() -Index: Python-3.12.2/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst -=================================================================== ---- /dev/null -+++ Python-3.12.2/Misc/NEWS.d/next/Library/2024-02-08-14-21-28.gh-issue-115133.ycl4ko.rst -@@ -0,0 +1,2 @@ -+Fix tests for :class:`~xml.etree.ElementTree.XMLPullParser` with Expat -+2.6.0. diff --git a/python312.changes b/python312.changes index f594f2c..722b280 100644 --- a/python312.changes +++ b/python312.changes @@ -1,3 +1,340 @@ +------------------------------------------------------------------- +Mon Apr 15 10:31:32 UTC 2024 - Daniel Garcia + +- Add CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch to fix tests with + patched libexpat below 2.6.0 that doesn't update the version number, + just in 15.6. +- Drop libexpat260.patch, not needed anymore. This patch is merged + with the CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch to keep + working on 15.6. +- Add fix-test-recursion-limit-15.6.patch, gh#python/cpython#115083. + +------------------------------------------------------------------- +Wed Apr 10 14:41:07 UTC 2024 - Matej Cepl + +- Update to 3.12.3: + - Security + - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral + (CVE-2023-52425, bsc#1219559) by adding five new methods: + xml.etree.ElementTree.XMLParser.flush() + xml.etree.ElementTree.XMLPullParser.flush() + xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() + xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() + xml.sax.expatreader.ExpatParser.flush() + - gh-115399: Update bundled libexpat to 2.6.0 (bsc#1222075) + - gh-115243: Fix possible crashes in + collections.deque.index() when the deque is concurrently + modified. + - gh-114572: ssl.SSLContext.cert_store_stats() and + ssl.SSLContext.get_ca_certs() now correctly lock access to + the certificate store, when the ssl.SSLContext is shared + across multiple threads. + - Core and Builtins + - gh-109120: Added handle of incorrect star expressions, e.g + f(3, *). Patch by Grigoryev Semyon + - gh-99108: Updated the hashlib built-in HACL* project C code + from upstream that we use for many implementations when + they are not present via OpenSSL in a given build. This + also avoids the rare potential for a C symbol name one + definition rule linking issue. + - gh-116735: For INSTRUMENTED_CALL_FUNCTION_EX, set arg0 to + sys.monitoring.MISSING instead of None for CALL event. + - gh-113964: Starting new threads and process creation + through os.fork() are now only prevented once all + non-daemon threads exit. + - gh-116604: Respect the status of the garbage collector when + indirect calls are made via PyErr_CheckSignals() and the + evaluation breaker. Patch by Pablo Galindo + - gh-116626: Ensure INSTRUMENTED_CALL_FUNCTION_EX always + emits CALL + - gh-116296: Fix possible refleak in object.__reduce__() + internal error handling. + - gh-116034: Fix location of the error on a failed assertion. + - gh-115823: Properly calculate error ranges in the parser + when raising SyntaxError exceptions caused by invalid byte + sequences. Patch by Pablo Galindo + - gh-112087: For an empty reverse iterator for list will be + reduced to reversed(). Patch by Donghee Na. + - gh-115154: Fix a bug that was causing the + tokenize.untokenize() function to handle unicode named + literals incorrectly. Patch by Pablo Galindo + - gh-114828: Fix compilation crashes in uncommon code + examples using super() inside a comprehension in a class + body. + - gh-115011: Setters for members with an unsigned integer + type now support the same range of valid values for objects + that has a __index__() method as for int. + - gh-112215: Change the C recursion limits to more closely + reflect the underlying platform limits. + - gh-96497: Fix incorrect resolution of mangled class + variables used in assignment expressions in comprehensions. + - Library + - gh-117467: Preserve mailbox ownership when rewriting in + mailbox.mbox.flush(). Patch by Tony Mountifield. + - gh-117310: Fixed an unlikely early & extra Py_DECREF + triggered crash in ssl when creating a new _ssl._SSLContext + if CPython was built implausibly such that the + default cipher list is empty or the SSL library it + was linked against reports a failure from its C + SSL_CTX_set_cipher_list() API. + - gh-117178: Fix regression in lazy loading of + self-referential modules, introduced in gh-114781. + - gh-117084: Fix zipfile extraction for directory entries + with the name containing backslashes on Windows. + - gh-117110: Fix a bug that prevents subclasses of typing.Any + to be instantiated with arguments. Patch by Chris Fu. + - gh-90872: On Windows, subprocess.Popen.wait() no longer + calls WaitForSingleObject() with a negative timeout: pass 0 + ms if the timeout is negative. Patch by Victor Stinner. + - gh-116957: configparser: Don’t leave ConfigParser values + in an invalid state (stored as a list instead of a str) + after an earlier read raised DuplicateSectionError or + DuplicateOptionError. + - gh-90095: Ignore empty lines and comments in .pdbrc + - gh-116764: Restore support of None and other false values + in urllib.parse functions parse_qs() and parse_qsl(). Also, + they now raise a TypeError for non-zero integers and + non-empty sequences. + - gh-116811: In PathFinder.invalidate_caches, delegate to + MetadataPathFinder.invalidate_caches. + - gh-116600: Fix repr() for global Flag members. + - gh-116484: Change automatically generated + tkinter.Checkbutton widget names to avoid collisions with + automatically generated tkinter.ttk.Checkbutton widget + names within the same parent widget. + - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on + opening named pipe. + - gh-116143: Fix a race in pydoc _start_server, eliminating a + window in which _start_server can return a thread that is + “serving” but without a docserver set. + - gh-116325: typing: raise SyntaxError instead of + AttributeError on forward references as empty strings. + - gh-90535: Fix support of interval values > 1 in + logging.TimedRotatingFileHandler for when='MIDNIGHT' and + when='Wx'. + - gh-115978: Disable preadv(), readv(), pwritev(), and + writev() on WASI. + - Under wasmtime for WASI 0.2, these + functions don’t pass test_posix + (https://github.com/bytecodealliance/wasmtime/issues/7830). + - gh-88352: Fix the computation of the next rollover + time in the logging.TimedRotatingFileHandler handler. + computeRollover() now always returns a timestamp larger + than the specified time and works correctly during the DST + change. doRollover() no longer overwrite the already rolled + over file, saving from data loss when run at midnight or + during repeated time at the DST change. + - gh-87115: Set __main__.__spec__ to None when running a + script with pdb + - gh-76511: Fix UnicodeEncodeError in + email.Message.as_string() that results when a message + that claims to be in the ascii character set actually has + non-ascii characters. Non-ascii characters are now replaced + with the U+FFFD replacement character, like in the replace + error handler. + - gh-116040: [Enum] fix by-value calls when second value is + falsey; e.g. Cardinal(1, 0) + - gh-75988: Fixed unittest.mock.create_autospec() to pass + the call through to the wrapped object to return the real + result. + - gh-115881: Fix issue where ast.parse() would incorrectly + flag conditional context managers (such as with (x() if y + else z()): ...) as invalid syntax if feature_version=(3, + 8) was passed. This reverts changes to the grammar made as + part of gh-94949. + - gh-115886: Fix silent truncation of the + name with an embedded null character in + multiprocessing.shared_memory.SharedMemory. + - gh-115809: Improve algorithm for computing + which rolled-over log files to delete in + logging.TimedRotatingFileHandler. It is now reliable for + handlers without namer and with arbitrary deterministic + namer that leaves the datetime part in the file name + unmodified. + - gh-74668: urllib.parse functions parse_qs() and + parse_qsl() now support bytes arguments containing raw and + percent-encoded non-ASCII data. + - gh-67044: csv.writer() now always quotes or escapes '\r' + and '\n', regardless of lineterminator value. + - gh-115712: csv.writer() now quotes empty fields if + delimiter is a space and skipinitialspace is true and + raises exception if quoting is not possible. + - gh-112364: Fixed ast.unparse() to handle format_spec with + ", ' or \\. Patched by Frank Hoffmann. + - gh-111358: Fix a bug in + asyncio.BaseEventLoop.shutdown_default_executor() to ensure + the timeout passed to the coroutine behaves as expected. + - gh-115618: Fix improper decreasing the reference count for + None argument in property methods getter(), setter() and + deleter(). + - gh-115570: A DeprecationWarning is no longer omitted + on access to the __doc__ attributes of the deprecated + typing.io and typing.re pseudo-modules. + - gh-112006: Fix inspect.unwrap() for types with the + __wrapper__ data descriptor. + - gh-101293: Support callables with the __call__() method + and types with __new__() and __init__() methods set to + class methods, static methods, bound methods, partial + functions, and other types of methods and descriptors in + inspect.Signature.from_callable(). + - gh-115392: Fix a bug in doctest where incorrect line + numbers would be reported for decorated functions. + - gh-114563: Fix several format() bugs when using the C + implementation of Decimal: * memory leak in some rare + cases when using the z format option (coerce negative 0) * + incorrect output when applying the z format option to type + F (fixed-point with capital NAN / INF) * incorrect output + when applying the # format option (alternate form) + - gh-115197: urllib.request no longer resolves the hostname + before checking it against the system’s proxy bypass list + on macOS and Windows. + - gh-115165: Most exceptions are now ignored when attempting + to set the __orig_class__ attribute on objects returned + when calling typing generic aliases (including generic + aliases created using typing.Annotated). Previously only + AttributeError was ignored. Patch by Dave Shawley. + - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0. + - gh-115059: io.BufferedRandom.read1() now flushes the + underlying write buffer. + - gh-79382: Trailing ** no longer allows to match files and + non-existing paths in recursive glob(). + - gh-114071: Support tuple subclasses using auto() for enum + member value. + - gh-114763: Protect modules loaded with + importlib.util.LazyLoader from race conditions when + multiple threads try to access attributes before the + loading is complete. + - gh-97959: Fix rendering class methods, bound methods, + method and function aliases in pydoc. Class methods + no longer have “method of builtins.type instance” + note. Corresponding notes are now added for class and + unbound methods. Method and function aliases now have + references to the module or the class where the origin + was defined if it differs from the current. Bound methods + are now listed in the static methods section. Methods of + builtin classes are now supported as well as methods of + Python classes. + - gh-112281: Allow creating union of types for + typing.Annotated with unhashable metadata. + - gh-111775: Fix + importlib.resources.simple.ResourceHandle.open() for text + mode, added missed stream argument. + - gh-90095: Make .pdbrc and -c work with any valid pdb + commands. + - gh-107155: Fix incorrect output of help(x) where x is a + lambda function, which has an __annotations__ dictionary + attribute with a "return" key. + - gh-105866: Fixed _get_slots bug which caused error when + defining dataclasses with slots and a weakref_slot. + - gh-60346: Fix ArgumentParser inconsistent with + parse_known_args. + - gh-100985: Update HTTPSConnection to consistently wrap IPv6 + Addresses when using a proxy. + - gh-100884: email: fix misfolding of comma in address-lists + over multiple lines in combination with unicode encoding. + - gh-95782: Fix io.BufferedReader.tell(), + io.BufferedReader.seek(), _pyio.BufferedReader.tell(), + io.BufferedRandom.tell(), io.BufferedRandom.seek() and + _pyio.BufferedRandom.tell() being able to return negative + offsets. + - gh-96310: Fix a traceback in argparse when all options in a + mutually exclusive group are suppressed. + - gh-93205: Fixed a bug in + logging.handlers.TimedRotatingFileHandler where multiple + rotating handler instances pointing to files with the same + name but different extensions would conflict and not delete + the correct files. + - bpo-44865: Add missing call to localization function in + argparse. + - bpo-43952: Fix multiprocessing.connection.Listener.accept() + to accept empty bytes as authkey. Not accepting empty bytes + as key causes it to hang indefinitely. + - bpo-42125: linecache: get module name from __spec__ if + available. This allows getting source code for the __main__ + module when a custom loader is used. + - gh-66543: Make mimetypes.guess_type() properly parsing + of URLs with only a host name, URLs containing fragment + or query, and filenames with only a UNC sharepoint on + Windows. Based on patch by Dong-hee Na. + - bpo-33775: Add ‘default’ and ‘version’ help text for + localization in argparse. + - Documentation + - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under + “XML vulnerabilities”. + - gh-115233: Fix an example for LoggerAdapter in the Logging + Cookbook. + - Tests + - gh-83434: Disable JUnit XML output (--junit-xml=FILE + command line option) in regrtest when hunting for reference + leaks (-R option). Patch by Victor Stinner. + - gh-117187: Fix XML tests for vanilla Expat <2.6.0. + - gh-116333: Tests of TLS related things (error codes, etc) + were updated to be more lenient about specific error + message strings and behaviors as seen in the BoringSSL and + AWS-LC forks of OpenSSL. + - gh-115979: Update test_importlib so that it passes under + WASI SDK 21. + - gh-112536: Add –tsan to test.regrtest for running TSAN + tests in reasonable execution times. Patch by Donghee Na. + - gh-116307: Added import helper isolated_modules as + CleanImport does not remove modules imported during the + context. Use it in importlib.resources tests to avoid + leaving mod around to impede importlib.metadata tests. + - gh-115720: Leak tests (-R, --huntrleaks) now show a summary + of the number of leaks found in each iteration. + - gh-115122: Add --bisect option to regrtest test runner: + run failed tests with test.bisect_cmd to identify failing + tests. Patch by Victor Stinner. + - gh-115596: Fix ProgramPriorityTests in test_os permanently + changing the process priority. + - Build + - gh-116313: Get WASI builds to work under wasmtime 18 w/ + WASI 0.2/preview2 primitives. + - gh-116117: Backport libb2’s PR #42 to fix compiling CPython + on 32-bit Windows with clang-cl. + - gh-115167: Avoid vendoring vcruntime140_threads.dll when + building with Visual Studio 2022 version 17.8. + - gh-112536: Add support for thread sanitizer (TSAN) + - Windows + - gh-117267: Ensure DirEntry.stat().st_ctime behaves + consistently with os.stat() during the deprecation + period of st_ctime by containing the same value as + st_birthtime. After the deprecation period, st_ctime + will be the metadata change time (or unavailable through + DirEntry), and only st_birthtime will contain the creation + time. + - gh-116773: Fix instances of <_overlapped.Overlapped object + at 0xXXX> still has pending operation at deallocation, the + process may crash. + - gh-91227: Fix the asyncio ProactorEventLoop implementation + so that sending a datagram to an address that is not + listening does not prevent receiving any more datagrams. + - gh-115554: The installer now has more strict rules about + updating the Python Launcher for Windows. In general, most + users only have a single launcher installed and will see no + difference. When multiple launchers have been installed, + the option to install the launcher is disabled until all + but one have been removed. Downgrading the launcher (which + was never allowed) is now more obviously blocked. + - gh-115543: Python Launcher for Windows can now + detect Python 3.13 when installed from the Microsoft + Store, and will install Python 3.12 by default when + PYLAUNCHER_ALLOW_INSTALL is set. + - gh-115049: Fixes py.exe launcher failing when run as users + without user profiles. + - gh-115009: Update Windows installer to use SQLite 3.45.1. + - IDLE + - gh-88516: On macOS show a proxy icon in the title bar of + editor windows to match platform behaviour. + - Tools/Demos + - gh-113516: Don’t set LDSHARED when building for WASI. + - C API + - gh-117021: Fix integer overflow in PyLong_AsPid() on + non-Windows 64-bit platforms. + - gh-116869: Make the C API compatible with + -Werror=declaration-after-statement compiler flag + again. Patch by Victor Stinner. + ------------------------------------------------------------------- Wed Mar 6 14:13:58 UTC 2024 - Pedro Monreal diff --git a/python312.spec b/python312.spec index 2439ca1..ede5bda 100644 --- a/python312.spec +++ b/python312.spec @@ -105,7 +105,7 @@ %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so %bcond_without profileopt Name: %{python_pkg_name}%{psuffix} -Version: 3.12.2 +Version: 3.12.3 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 @@ -160,12 +160,17 @@ Patch35: fix_configure_rst.patch # Detect email address parsing errors and return empty tuple to # indicate the parsing error (old API) Patch36: CVE-2023-27043-email-parsing-errors.patch -# PATCH-FIX-UPSTREAM libexpat260.patch gh#python/cpython#115288 -# Fix tests for XMLPullParser with Expat 2.6.0 -Patch37: libexpat260.patch # PATCH-FIX-UPSTREAM CVE-2023-6597-TempDir-cleaning-symlink.patch bsc#1219666 mcepl@suse.com # tempfile.TemporaryDirectory: fix symlink bug in cleanup (from gh#python/cpython!99930) Patch38: CVE-2023-6597-TempDir-cleaning-symlink.patch +# PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch +# This problem on libexpat is patched on 15.6 without version +# update, this patch changes the tests to match the libexpat provided +# by SUSE +Patch39: CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch +# PATCH-FIX-OPENSUSE fix-test-recursion-limit-15.6.patch gh#python/cpython#115083 +# Skip some failing tests in test_compile for i586 arch in 15.6. +Patch40: fix-test-recursion-limit-15.6.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -527,6 +532,8 @@ LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \ %endif %check +export SUSE_VERSION="0%{?suse_version}" +export SLE_VERSION="0%{?sle_version}" %if %{with general} # exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos # when you install gdb into your test env