rpm/python312
SHA256
1
0
Fork 0
forked from pool/python312
Code Pull Requests Activity

- Update to 3.12.0b3:

Browse Source 
- gh-103142: The version of OpenSSL used in Windows and
    Mac installers has been upgraded to 1.1.1u to address
    CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
    as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
    fixed previously in 1.1.1t (gh-101727).
  - gh-102153: urllib.parse.urlsplit() now strips leading C0
    control and space characters following the specification for
    URLs defined by WHATWG in response to CVE-2023-24329.
  - gh-99889: Fixed a security in flaw in uu.decode() that could
    allow for directory traversal based on the input if no
    out_file was specified.
  - gh-104049: Do not expose the local on-disk
    location in directory indexes produced by
    http.client.SimpleHTTPRequestHandler.
  - gh-103935: trace.__main__ now uses io.open_code() for files
    to be executed instead of raw open().
  - gh-102953: The extraction methods in tarfile, and
    shutil.unpack_archive(), have a new filter argument that
    allows limiting tar features than may be surprising or
    dangerous, such as creating files outside the destination
    directory. See Extraction filters for details.
- Remove upstreamed patches:
  - 00398-fix-stack-overwrite-on-32-bit-in-perf-map-test-harness-gh-104811-104823.patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=9
This commit is contained in:
Matej Cepl 2023-06-28 20:08:16 +00:00 committed by Git OBS Bridge
parent c8f2873f34
commit a91ccfd104
9 changed files with 59 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
00398-fix-stack-overwrite-on-32-bit-in-perf-map-test-harness-gh-104811-104823.patch
View File

@ -1,43 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Carl Meyer <carl@oddbird.net>
Date: Tue, 23 May 2023 16:04:31 -0600
Subject: [PATCH] 00398: fix stack overwrite on 32-bit in perf map test harness
(#104811)
---
Modules/_testinternalcapi.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
Index: Python-3.12.0b1/Modules/_testinternalcapi.c
===================================================================
--- Python-3.12.0b1.orig/Modules/_testinternalcapi.c
+++ Python-3.12.0b1/Modules/_testinternalcapi.c
@@ -762,19 +762,24 @@ clear_extension(PyObject *self, PyObject
static PyObject *
write_perf_map_entry(PyObject *self, PyObject *args)
{
+ PyObject *code_addr_v;
const void *code_addr;
unsigned int code_size;
const char *entry_name;
- if (!PyArg_ParseTuple(args, "KIs", &code_addr, &code_size, &entry_name))
+ if (!PyArg_ParseTuple(args, "OIs", &code_addr_v, &code_size, &entry_name))
return NULL;
+ code_addr = PyLong_AsVoidPtr(code_addr_v);
+ if (code_addr == NULL) {
+ return NULL;
+ }
int ret = PyUnstable_WritePerfMapEntry(code_addr, code_size, entry_name);
- if (ret == -1) {
- PyErr_SetString(PyExc_OSError, "Failed to write performance map entry");
+ if (ret < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
return NULL;
}
- return Py_BuildValue("i", ret);
+ return PyLong_FromLong(ret);
}
static PyObject *

3
Python-3.12.0b1.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8ba76ca64acd745babdfb8467820964df98858ee6a9577bf1d93447257be581e
size 20053428

18
Python-3.12.0b1.tar.xz.asc
View File

@ -1,18 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmRrW0VfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx
Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6
YwUPOg/9GRDnAfe68z7VrKn8owGDL+YQe5Wfj9eDlAo1nG4ncozx2oDmq2k/VFXG
sKSMzatc+K08awmd48w0lCX+GV0EwlOWcTzmFiXliw0UNQ0lfG+Dj8QidGO/CcRQ
U2JUqpyohwJnONjcxB2aIfa0VXKrNY9cAvJGiqwxq+sn4fDrOOKEANOgxisSD2ia
MlU1rYIwDoqC+shLQyv6Dq8WkPsKLYEtHaymT6i7oWcq2+1SZexNkRPdVvC0BGbz
XVCNRq3NsSDxSJLYfmw5METwJ/ZEHPQ3G8VqktLZ61A5foq6Zk08xBYgA3qVstrU
Nrd33qxMZNPlaZFNAlg07FTqlHd056zL/XeYVEu+/J51xiY0aP+XtpEJHsJLcxMP
nBSySwO11SOaMW+1lM6/ylkGmo2N62VrYwfT05t3t5PP5Cz71G5D+lLchcnvbGEu
edeABX5GNcwMvoJL+Dkk4d8kuDiA3UEyytoefko06Qri1wThAdONXRxE9dG0AoNg
VzeD1v7ld2cJ0Of9/ArdJFjNo7LBa9kpE0/Rmn18YbRJZSI/pbRmLvHkqVmpKBTU
rk5sK+wFb5VoXEY3MziClmydQW3UybYk/Eybq0ea+9cpkCWKemVSHCC5t9TX/X35
d4rc2SRAkdgP7a/2V/ZK10lXmq6bCGvdXce8Qd3g14Bq9mBk5cI=
=3HQL
-----END PGP SIGNATURE-----

3
Python-3.12.0b3.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9160c6065e9885b37c2e57865d0bb27fc7e54aaa9c186c761da30d2bddbcc9ee
size 20220780

18
Python-3.12.0b3.tar.xz.asc Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmSQpQZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx
Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6
YwWidw/+Knq6IbctodaIGoNp+s3OnMGqLJ9SHRLxwbNlI4DK5sym0pWVX+VNgJFT
FPCUG6KCO2B46CfrppoMuy+O0WoYskdlYZWjqxEDcSjgB9SgmRAmH34uaQkvpfDa
j8SeL+W+HmmqovjWn2+sroaHJ9TaVgDqaosn8xFUHRsoNwWQvaxn7tYD0WytxhtT
kMM8SEde5A9l1opwmq9Hl6e3FGjbX+zu0AkmAEuH+9fcT3aFCpwjjrljeiHoISdS
LcrrBP80GC1uoRiqJaMeLweCZxEmPwU6AtUffEkzFp8tE6tLAGVQ8HfkWnFGJdEi
/OsJ2dDuh/UFrwOdotmAcJ5Z/rRzfMm1EbH1++YVu07QV4V8vcVNSWPEZhhb/olQ
NppgFVv7LMfY6dVdYMjGGdxFsYLdtAelnvCXBzvoSW5zDVNgaGJN79RfCqnJmqAX
dgSSoAW5q55MDM61DAj5Yb0QKpS9P21qyL7Utg1BFxKF7KIZ7VmwfmW44epiPi8i
EEc1dtvJCvVux6JGKGhaG06pVPUKh57sMhDN8GqMScCPV3wxS+KMF/SWP/csVKxy
nJpfqS1npVjsZuLSw/8R4s7yOfRZAQfkzH28NeHRn0BNfCJAUN6PS1AKDdqISkwv
9vYZADkJvJ6vLGYX21D5WfBoh+rIq2sB9pK+glEjQ3jfR1UOu94=
=/noy
-----END PGP SIGNATURE-----

16
fix_configure_rst.patch
View File

@ -3,10 +3,8 @@
Misc/NEWS | 2 +-
2 files changed, 1 insertion(+), 3 deletions(-)
Index: Python-3.12.0b1/Doc/using/configure.rst
===================================================================
--- Python-3.12.0b1.orig/Doc/using/configure.rst
+++ Python-3.12.0b1/Doc/using/configure.rst
--- a/Doc/using/configure.rst
+++ b/Doc/using/configure.rst
@@ -599,13 +599,11 @@ macOS Options
See ``Mac/README.rst``.
@ -21,14 +19,12 @@ Index: Python-3.12.0b1/Doc/using/configure.rst
.. cmdoption:: --enable-framework=INSTALLDIR
Create a Python.framework rather than a traditional Unix install. Optional
Index: Python-3.12.0b1/Misc/NEWS
===================================================================
--- Python-3.12.0b1.orig/Misc/NEWS
+++ Python-3.12.0b1/Misc/NEWS
@@ -10780,7 +10780,7 @@ C API
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -11173,7 +11173,7 @@ C API
- bpo-40939: Removed documentation for the removed ``PyParser_*`` C API.
- bpo-43795: The list in :ref:`stable-abi-list` now shows the public name
- bpo-43795: The list in :ref:`limited-api-list` now shows the public name
- :c:struct:`PyFrameObject` rather than ``_frame``. The non-existing entry
+ :c:type:`PyFrameObject` rather than ``_frame``. The non-existing entry
``_node`` no longer appears in the list.

28
python312.changes
View File

@ -1,3 +1,31 @@
-------------------------------------------------------------------
Wed Jun 28 19:59:03 UTC 2023 - Matej Cepl <mcepl@suse.com>
- Update to 3.12.0b3:
- gh-103142: The version of OpenSSL used in Windows and
Mac installers has been upgraded to 1.1.1u to address
CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
fixed previously in 1.1.1t (gh-101727).
- gh-102153: urllib.parse.urlsplit() now strips leading C0
control and space characters following the specification for
URLs defined by WHATWG in response to CVE-2023-24329.
- gh-99889: Fixed a security in flaw in uu.decode() that could
allow for directory traversal based on the input if no
out_file was specified.
- gh-104049: Do not expose the local on-disk
location in directory indexes produced by
http.client.SimpleHTTPRequestHandler.
- gh-103935: trace.__main__ now uses io.open_code() for files
to be executed instead of raw open().
- gh-102953: The extraction methods in tarfile, and
shutil.unpack_archive(), have a new filter argument that
allows limiting tar features than may be surprising or
dangerous, such as creating files outside the destination
directory. See Extraction filters for details.
- Remove upstreamed patches:
- 00398-fix-stack-overwrite-on-32-bit-in-perf-map-test-harness-gh-104811-104823.patch
-------------------------------------------------------------------
Thu Jun 1 11:42:58 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>

6
python312.spec
View File

@ -105,7 +105,7 @@
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
%bcond_without profileopt
Name: %{python_pkg_name}%{psuffix}
Version: 3.12.0b1
Version: 3.12.0b3
Release: 0
Summary: Python 3 Interpreter
License: Python-2.0
@ -162,9 +162,6 @@ Patch34: skip-test_pyobject_freed_is_freed.patch
# PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com
# remove duplicate link targets and make documentation with old Sphinx in SLE
Patch35: fix_configure_rst.patch
# PATCH-FIX-UPSTREAM 00398-fix-stack-overwrite-on-32-bit-in-perf-map-test-harness-gh-104811-104823.patch -- gh#python/cpython#104811
# fix stack overwrite on 32-bit in perf map test harness
Patch36: 00398-fix-stack-overwrite-on-32-bit-in-perf-map-test-harness-gh-104811-104823.patch
BuildRequires: autoconf-archive
BuildRequires: automake
@ -434,7 +431,6 @@ other applications.
%patch34 -p1
%endif
%patch35 -p1
%patch36 -p1
# drop Autoconf version requirement
sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac

8
subprocess-raise-timeout.patch
View File

@ -2,11 +2,9 @@
Lib/test/test_subprocess.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Index: Python-3.12.0b1/Lib/test/test_subprocess.py
===================================================================
--- Python-3.12.0b1.orig/Lib/test/test_subprocess.py
+++ Python-3.12.0b1/Lib/test/test_subprocess.py
@@ -279,7 +279,8 @@ class ProcessTestCase(BaseTestCase):
--- a/Lib/test/test_subprocess.py
+++ b/Lib/test/test_subprocess.py
@@ -280,7 +280,8 @@ class ProcessTestCase(BaseTestCase):
"time.sleep(3600)"],
# Some heavily loaded buildbots (sparc Debian 3.x) require
# this much time to start and print.