From 7a215a300effa0986a76852e7f21b6dcdd4ec685c5c5d9f94935552c083f3770 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Fri, 7 Jun 2024 10:51:44 +0000 Subject: [PATCH 01/15] - Update to 3.12.4: - Security - gh-118486: os.mkdir() on Windows now accepts mode of 0o700 to restrict the new directory to the current user. This fixes CVE-2024-4030 affecting tempfile.mkdtemp() in scenarios where the base temporary directory is more permissive than the default. - gh-116741: Update bundled libexpat to 2.6.2 - gh-117233: Detect BLAKE2, SHA3, Shake, & truncated SHA512 support in the OpenSSL-ish libcrypto library at build time. This allows hashlib to be used with libraries that do not to support every algorithm that upstream OpenSSL does. - Core and Builtins - gh-119821: Fix execution of annotation scopes within classes when globals is set to a non-dict. Patch by Jelle Zijlstra. - gh-118263: Speed up os.path.normpath() with a direct C call. - gh-119311: Fix bug where names are unexpectedly mangled in the bases of generic classes. - gh-119395: Fix bug where names appearing after a generic class are mangled as if they are in the generic class. - gh-118507: Fix os.path.isfile() on Windows for pipes. - gh-119213: Non-builtin modules built with argument clinic were crashing if used in a subinterpreter before the main interpreter. The objects that were causing the problem by leaking between interpreters carelessly have been fixed. - gh-119011: Fixes type.__type_params__ to return an empty tuple instead of a descriptor. - gh-118997: Fix _Py_ClearImmortal() assertion: use OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=47 --- .gitattributes | 23 + .gitignore | 1 + CVE-2023-27043-email-parsing-errors.patch | 474 ++ ...3-52425-libexpat-2.6.0-backport-15.6.patch | 67 + CVE-2023-6597-TempDir-cleaning-symlink.patch | 171 + PACKAGING-NOTES | 26 + Python-3.12.3.tar.xz | 3 + Python-3.12.3.tar.xz.asc | 18 + Python-3.12.4.tar.xz | 3 + Python-3.12.4.tar.xz.asc | 18 + README.SUSE | 43 + _multibuild | 4 + baselibs.conf | 3 + bluez-devel-vendor.tar.xz | 3 + bpo-31046_ensurepip_honours_prefix.patch | 173 + externally_managed.in | 12 + fix-test-recursion-limit-15.6.patch | 30 + fix_configure_rst.patch | 36 + idle3.appdata.xml | 35 + idle3.desktop | 12 + import_failed.map | 7 + import_failed.py | 23 + macros.python3 | 28 + no-skipif-doctests.patch | 647 ++ pre_checkin.sh | 78 + python-3.3.0b1-fix_date_time_compiler.patch | 27 + python-3.3.0b1-localpath.patch | 13 + python-3.3.0b1-test-posix_fadvise.patch | 17 + python.keyring | 78 + python312-rpmlintrc | 3 + python312.changes | 5906 +++++++++++++++++ python312.spec | 1032 +++ skip-test_pyobject_freed_is_freed.patch | 16 + skipped_tests.py | 69 + subprocess-raise-timeout.patch | 18 + 35 files changed, 9117 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 CVE-2023-27043-email-parsing-errors.patch create mode 100644 CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch create mode 100644 CVE-2023-6597-TempDir-cleaning-symlink.patch create mode 100644 PACKAGING-NOTES create mode 100644 Python-3.12.3.tar.xz create mode 100644 Python-3.12.3.tar.xz.asc create mode 100644 Python-3.12.4.tar.xz create mode 100644 Python-3.12.4.tar.xz.asc create mode 100644 README.SUSE create mode 100644 _multibuild create mode 100644 baselibs.conf create mode 100644 bluez-devel-vendor.tar.xz create mode 100644 bpo-31046_ensurepip_honours_prefix.patch create mode 100644 externally_managed.in create mode 100644 fix-test-recursion-limit-15.6.patch create mode 100644 fix_configure_rst.patch create mode 100644 idle3.appdata.xml create mode 100644 idle3.desktop create mode 100644 import_failed.map create mode 100644 import_failed.py create mode 100644 macros.python3 create mode 100644 no-skipif-doctests.patch create mode 100644 pre_checkin.sh create mode 100644 python-3.3.0b1-fix_date_time_compiler.patch create mode 100644 python-3.3.0b1-localpath.patch create mode 100644 python-3.3.0b1-test-posix_fadvise.patch create mode 100644 python.keyring create mode 100644 python312-rpmlintrc create mode 100644 python312.changes create mode 100644 python312.spec create mode 100644 skip-test_pyobject_freed_is_freed.patch create mode 100644 skipped_tests.py create mode 100644 subprocess-raise-timeout.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/CVE-2023-27043-email-parsing-errors.patch b/CVE-2023-27043-email-parsing-errors.patch new file mode 100644 index 0000000..b2824db --- /dev/null +++ b/CVE-2023-27043-email-parsing-errors.patch @@ -0,0 +1,474 @@ +From 4a153a1d3b18803a684cd1bcc2cdf3ede3dbae19 Mon Sep 17 00:00:00 2001 +From: Victor Stinner +Date: Fri, 15 Dec 2023 16:10:40 +0100 +Subject: [PATCH] [CVE-2023-27043] gh-102988: Reject malformed addresses in + email.parseaddr() (#111116) + +Detect email address parsing errors and return empty tuple to +indicate the parsing error (old API). Add an optional 'strict' +parameter to getaddresses() and parseaddr() functions. Patch by +Thomas Dwyer. + +Co-Authored-By: Thomas Dwyer +--- + Doc/library/email.utils.rst | 19 - + Lib/email/utils.py | 151 +++++++- + Lib/test/test_email/test_email.py | 187 +++++++++- + Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst | 8 + 4 files changed, 344 insertions(+), 21 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst + +--- a/Doc/library/email.utils.rst ++++ b/Doc/library/email.utils.rst +@@ -58,13 +58,18 @@ of the new API. + begins with angle brackets, they are stripped off. + + +-.. function:: parseaddr(address) ++.. function:: parseaddr(address, *, strict=True) + + Parse address -- which should be the value of some address-containing field such + as :mailheader:`To` or :mailheader:`Cc` -- into its constituent *realname* and + *email address* parts. Returns a tuple of that information, unless the parse + fails, in which case a 2-tuple of ``('', '')`` is returned. + ++ If *strict* is true, use a strict parser which rejects malformed inputs. ++ ++ .. versionchanged:: 3.13 ++ Add *strict* optional parameter and reject malformed inputs by default. ++ + + .. function:: formataddr(pair, charset='utf-8') + +@@ -82,12 +87,15 @@ of the new API. + Added the *charset* option. + + +-.. function:: getaddresses(fieldvalues) ++.. function:: getaddresses(fieldvalues, *, strict=True) + + This method returns a list of 2-tuples of the form returned by ``parseaddr()``. + *fieldvalues* is a sequence of header field values as might be returned by +- :meth:`Message.get_all `. Here's a simple +- example that gets all the recipients of a message:: ++ :meth:`Message.get_all `. ++ ++ If *strict* is true, use a strict parser which rejects malformed inputs. ++ ++ Here's a simple example that gets all the recipients of a message:: + + from email.utils import getaddresses + +@@ -97,6 +105,9 @@ of the new API. + resent_ccs = msg.get_all('resent-cc', []) + all_recipients = getaddresses(tos + ccs + resent_tos + resent_ccs) + ++ .. versionchanged:: 3.13 ++ Add *strict* optional parameter and reject malformed inputs by default. ++ + + .. function:: parsedate(date) + +--- a/Lib/email/utils.py ++++ b/Lib/email/utils.py +@@ -48,6 +48,7 @@ TICK = "'" + specialsre = re.compile(r'[][\\()<>@,:;".]') + escapesre = re.compile(r'[\\"]') + ++ + def _has_surrogates(s): + """Return True if s may contain surrogate-escaped binary data.""" + # This check is based on the fact that unless there are surrogates, utf8 +@@ -106,12 +107,127 @@ def formataddr(pair, charset='utf-8'): + return address + + ++def _iter_escaped_chars(addr): ++ pos = 0 ++ escape = False ++ for pos, ch in enumerate(addr): ++ if escape: ++ yield (pos, '\\' + ch) ++ escape = False ++ elif ch == '\\': ++ escape = True ++ else: ++ yield (pos, ch) ++ if escape: ++ yield (pos, '\\') ++ ++ ++def _strip_quoted_realnames(addr): ++ """Strip real names between quotes.""" ++ if '"' not in addr: ++ # Fast path ++ return addr ++ ++ start = 0 ++ open_pos = None ++ result = [] ++ for pos, ch in _iter_escaped_chars(addr): ++ if ch == '"': ++ if open_pos is None: ++ open_pos = pos ++ else: ++ if start != open_pos: ++ result.append(addr[start:open_pos]) ++ start = pos + 1 ++ open_pos = None + +-def getaddresses(fieldvalues): +- """Return a list of (REALNAME, EMAIL) for each fieldvalue.""" +- all = COMMASPACE.join(str(v) for v in fieldvalues) +- a = _AddressList(all) +- return a.addresslist ++ if start < len(addr): ++ result.append(addr[start:]) ++ ++ return ''.join(result) ++ ++ ++supports_strict_parsing = True ++ ++def getaddresses(fieldvalues, *, strict=True): ++ """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue. ++ ++ When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in ++ its place. ++ ++ If strict is true, use a strict parser which rejects malformed inputs. ++ """ ++ ++ # If strict is true, if the resulting list of parsed addresses is greater ++ # than the number of fieldvalues in the input list, a parsing error has ++ # occurred and consequently a list containing a single empty 2-tuple [('', ++ # '')] is returned in its place. This is done to avoid invalid output. ++ # ++ # Malformed input: getaddresses(['alice@example.com ']) ++ # Invalid output: [('', 'alice@example.com'), ('', 'bob@example.com')] ++ # Safe output: [('', '')] ++ ++ if not strict: ++ all = COMMASPACE.join(str(v) for v in fieldvalues) ++ a = _AddressList(all) ++ return a.addresslist ++ ++ fieldvalues = [str(v) for v in fieldvalues] ++ fieldvalues = _pre_parse_validation(fieldvalues) ++ addr = COMMASPACE.join(fieldvalues) ++ a = _AddressList(addr) ++ result = _post_parse_validation(a.addresslist) ++ ++ # Treat output as invalid if the number of addresses is not equal to the ++ # expected number of addresses. ++ n = 0 ++ for v in fieldvalues: ++ # When a comma is used in the Real Name part it is not a deliminator. ++ # So strip those out before counting the commas. ++ v = _strip_quoted_realnames(v) ++ # Expected number of addresses: 1 + number of commas ++ n += 1 + v.count(',') ++ if len(result) != n: ++ return [('', '')] ++ ++ return result ++ ++ ++def _check_parenthesis(addr): ++ # Ignore parenthesis in quoted real names. ++ addr = _strip_quoted_realnames(addr) ++ ++ opens = 0 ++ for pos, ch in _iter_escaped_chars(addr): ++ if ch == '(': ++ opens += 1 ++ elif ch == ')': ++ opens -= 1 ++ if opens < 0: ++ return False ++ return (opens == 0) ++ ++ ++def _pre_parse_validation(email_header_fields): ++ accepted_values = [] ++ for v in email_header_fields: ++ if not _check_parenthesis(v): ++ v = "('', '')" ++ accepted_values.append(v) ++ ++ return accepted_values ++ ++ ++def _post_parse_validation(parsed_email_header_tuples): ++ accepted_values = [] ++ # The parser would have parsed a correctly formatted domain-literal ++ # The existence of an [ after parsing indicates a parsing failure ++ for v in parsed_email_header_tuples: ++ if '[' in v[1]: ++ v = ('', '') ++ accepted_values.append(v) ++ ++ return accepted_values + + + def _format_timetuple_and_zone(timetuple, zone): +@@ -205,16 +321,33 @@ def parsedate_to_datetime(data): + tzinfo=datetime.timezone(datetime.timedelta(seconds=tz))) + + +-def parseaddr(addr): ++def parseaddr(addr, *, strict=True): + """ + Parse addr into its constituent realname and email address parts. + + Return a tuple of realname and email address, unless the parse fails, in + which case return a 2-tuple of ('', ''). ++ ++ If strict is True, use a strict parser which rejects malformed inputs. + """ +- addrs = _AddressList(addr).addresslist +- if not addrs: +- return '', '' ++ if not strict: ++ addrs = _AddressList(addr).addresslist ++ if not addrs: ++ return ('', '') ++ return addrs[0] ++ ++ if isinstance(addr, list): ++ addr = addr[0] ++ ++ if not isinstance(addr, str): ++ return ('', '') ++ ++ addr = _pre_parse_validation([addr])[0] ++ addrs = _post_parse_validation(_AddressList(addr).addresslist) ++ ++ if not addrs or len(addrs) > 1: ++ return ('', '') ++ + return addrs[0] + + +--- a/Lib/test/test_email/test_email.py ++++ b/Lib/test/test_email/test_email.py +@@ -16,6 +16,7 @@ from unittest.mock import patch + + import email + import email.policy ++import email.utils + + from email.charset import Charset + from email.generator import Generator, DecodedGenerator, BytesGenerator +@@ -3352,15 +3353,137 @@ Foo + ], + ) + ++ def test_parsing_errors(self): ++ """Test for parsing errors from CVE-2023-27043 and CVE-2019-16056""" ++ alice = 'alice@example.org' ++ bob = 'bob@example.com' ++ empty = ('', '') ++ ++ # Test utils.getaddresses() and utils.parseaddr() on malformed email ++ # addresses: default behavior (strict=True) rejects malformed address, ++ # and strict=False which tolerates malformed address. ++ for invalid_separator, expected_non_strict in ( ++ ('(', [(f'<{bob}>', alice)]), ++ (')', [('', alice), empty, ('', bob)]), ++ ('<', [('', alice), empty, ('', bob), empty]), ++ ('>', [('', alice), empty, ('', bob)]), ++ ('[', [('', f'{alice}[<{bob}>]')]), ++ (']', [('', alice), empty, ('', bob)]), ++ ('@', [empty, empty, ('', bob)]), ++ (';', [('', alice), empty, ('', bob)]), ++ (':', [('', alice), ('', bob)]), ++ ('.', [('', alice + '.'), ('', bob)]), ++ ('"', [('', alice), ('', f'<{bob}>')]), ++ ): ++ address = f'{alice}{invalid_separator}<{bob}>' ++ with self.subTest(address=address): ++ self.assertEqual(utils.getaddresses([address]), ++ [empty]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ expected_non_strict) ++ ++ self.assertEqual(utils.parseaddr([address]), ++ empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Comma (',') is treated differently depending on strict parameter. ++ # Comma without quotes. ++ address = f'{alice},<{bob}>' ++ self.assertEqual(utils.getaddresses([address]), ++ [('', alice), ('', bob)]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ [('', alice), ('', bob)]) ++ self.assertEqual(utils.parseaddr([address]), ++ empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Real name between quotes containing comma. ++ address = '"Alice, alice@example.org" ' ++ expected_strict = ('Alice, alice@example.org', 'bob@example.com') ++ self.assertEqual(utils.getaddresses([address]), [expected_strict]) ++ self.assertEqual(utils.getaddresses([address], strict=False), [expected_strict]) ++ self.assertEqual(utils.parseaddr([address]), expected_strict) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Valid parenthesis in comments. ++ address = 'alice@example.org (Alice)' ++ expected_strict = ('Alice', 'alice@example.org') ++ self.assertEqual(utils.getaddresses([address]), [expected_strict]) ++ self.assertEqual(utils.getaddresses([address], strict=False), [expected_strict]) ++ self.assertEqual(utils.parseaddr([address]), expected_strict) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Invalid parenthesis in comments. ++ address = 'alice@example.org )Alice(' ++ self.assertEqual(utils.getaddresses([address]), [empty]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ [('', 'alice@example.org'), ('', ''), ('', 'Alice')]) ++ self.assertEqual(utils.parseaddr([address]), empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Two addresses with quotes separated by comma. ++ address = '"Jane Doe" , "John Doe" ' ++ self.assertEqual(utils.getaddresses([address]), ++ [('Jane Doe', 'jane@example.net'), ++ ('John Doe', 'john@example.net')]) ++ self.assertEqual(utils.getaddresses([address], strict=False), ++ [('Jane Doe', 'jane@example.net'), ++ ('John Doe', 'john@example.net')]) ++ self.assertEqual(utils.parseaddr([address]), empty) ++ self.assertEqual(utils.parseaddr([address], strict=False), ++ ('', address)) ++ ++ # Test email.utils.supports_strict_parsing attribute ++ self.assertEqual(email.utils.supports_strict_parsing, True) ++ + def test_getaddresses_nasty(self): +- eq = self.assertEqual +- eq(utils.getaddresses(['foo: ;']), [('', '')]) +- eq(utils.getaddresses( +- ['[]*-- =~$']), +- [('', ''), ('', ''), ('', '*--')]) +- eq(utils.getaddresses( +- ['foo: ;', '"Jason R. Mastaler" ']), +- [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]) ++ for addresses, expected in ( ++ (['"Sürname, Firstname" '], ++ [('Sürname, Firstname', 'to@example.com')]), ++ ++ (['foo: ;'], ++ [('', '')]), ++ ++ (['foo: ;', '"Jason R. Mastaler" '], ++ [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]), ++ ++ ([r'Pete(A nice \) chap) '], ++ [('Pete (A nice ) chap his account his host)', 'pete@silly.test')]), ++ ++ (['(Empty list)(start)Undisclosed recipients :(nobody(I know))'], ++ [('', '')]), ++ ++ (['Mary <@machine.tld:mary@example.net>, , jdoe@test . example'], ++ [('Mary', 'mary@example.net'), ('', ''), ('', 'jdoe@test.example')]), ++ ++ (['John Doe '], ++ [('John Doe (comment)', 'jdoe@machine.example')]), ++ ++ (['"Mary Smith: Personal Account" '], ++ [('Mary Smith: Personal Account', 'smith@home.example')]), ++ ++ (['Undisclosed recipients:;'], ++ [('', '')]), ++ ++ ([r', "Giant; \"Big\" Box" '], ++ [('', 'boss@nil.test'), ('Giant; "Big" Box', 'bob@example.net')]), ++ ): ++ with self.subTest(addresses=addresses): ++ self.assertEqual(utils.getaddresses(addresses), ++ expected) ++ self.assertEqual(utils.getaddresses(addresses, strict=False), ++ expected) ++ ++ addresses = ['[]*-- =~$'] ++ self.assertEqual(utils.getaddresses(addresses), ++ [('', '')]) ++ self.assertEqual(utils.getaddresses(addresses, strict=False), ++ [('', ''), ('', ''), ('', '*--')]) + + def test_getaddresses_embedded_comment(self): + """Test proper handling of a nested comment""" +@@ -3551,6 +3674,54 @@ multipart/report + m = cls(*constructor, policy=email.policy.default) + self.assertIs(m.policy, email.policy.default) + ++ def test_iter_escaped_chars(self): ++ self.assertEqual(list(utils._iter_escaped_chars(r'a\\b\"c\\"d')), ++ [(0, 'a'), ++ (2, '\\\\'), ++ (3, 'b'), ++ (5, '\\"'), ++ (6, 'c'), ++ (8, '\\\\'), ++ (9, '"'), ++ (10, 'd')]) ++ self.assertEqual(list(utils._iter_escaped_chars('a\\')), ++ [(0, 'a'), (1, '\\')]) ++ ++ def test_strip_quoted_realnames(self): ++ def check(addr, expected): ++ self.assertEqual(utils._strip_quoted_realnames(addr), expected) ++ ++ check('"Jane Doe" , "John Doe" ', ++ ' , ') ++ check(r'"Jane \"Doe\"." ', ++ ' ') ++ ++ # special cases ++ check(r'before"name"after', 'beforeafter') ++ check(r'before"name"', 'before') ++ check(r'b"name"', 'b') # single char ++ check(r'"name"after', 'after') ++ check(r'"name"a', 'a') # single char ++ check(r'"name"', '') ++ ++ # no change ++ for addr in ( ++ 'Jane Doe , John Doe ', ++ 'lone " quote', ++ ): ++ self.assertEqual(utils._strip_quoted_realnames(addr), addr) ++ ++ ++ def test_check_parenthesis(self): ++ addr = 'alice@example.net' ++ self.assertTrue(utils._check_parenthesis(f'{addr} (Alice)')) ++ self.assertFalse(utils._check_parenthesis(f'{addr} )Alice(')) ++ self.assertFalse(utils._check_parenthesis(f'{addr} (Alice))')) ++ self.assertFalse(utils._check_parenthesis(f'{addr} ((Alice)')) ++ ++ # Ignore real name between quotes ++ self.assertTrue(utils._check_parenthesis(f'")Alice((" {addr}')) ++ + + # Test the iterator/generators + class TestIterators(TestEmailBase): +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst +@@ -0,0 +1,8 @@ ++:func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now ++return ``('', '')`` 2-tuples in more situations where invalid email ++addresses are encountered instead of potentially inaccurate values. Add ++optional *strict* parameter to these two functions: use ``strict=False`` to ++get the old behavior, accept malformed inputs. ++``getattr(email.utils, 'supports_strict_parsing', False)`` can be use to check ++if the *strict* paramater is available. Patch by Thomas Dwyer and Victor ++Stinner to improve the CVE-2023-27043 fix. diff --git a/CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch b/CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch new file mode 100644 index 0000000..264e963 --- /dev/null +++ b/CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch @@ -0,0 +1,67 @@ +Index: Python-3.12.3/Lib/test/test_xml_etree.py +=================================================================== +--- Python-3.12.3.orig/Lib/test/test_xml_etree.py ++++ Python-3.12.3/Lib/test/test_xml_etree.py +@@ -121,6 +121,11 @@ ATTLIST_XML = """\ + + """ + ++IS_SLE_15_6 = os.environ.get("SLE_VERSION", "") == "0150600" ++fails_with_expat_2_6_0 = (unittest.expectedFailure ++ # 2.4 version patched in SLE ++ if IS_SLE_15_6 and pyexpat.version_info >= (2, 4, 0) else ++ lambda test: test) + def checkwarnings(*filters, quiet=False): + def decorator(test): + def newtest(*args, **kwargs): +@@ -1424,9 +1429,11 @@ class XMLPullParserTest(unittest.TestCas + self.assert_event_tags(parser, [('end', 'root')]) + self.assertIsNone(parser.close()) + ++ @fails_with_expat_2_6_0 + def test_simple_xml_chunk_1(self): + self.test_simple_xml(chunk_size=1, flush=True) + ++ @fails_with_expat_2_6_0 + def test_simple_xml_chunk_5(self): + self.test_simple_xml(chunk_size=5, flush=True) + +@@ -1651,6 +1658,9 @@ class XMLPullParserTest(unittest.TestCas + + self.assert_event_tags(parser, [('end', 'doc')]) + ++ @unittest.skipIf(pyexpat.version_info < (2, 6, 0), ++ f'Expat {pyexpat.version_info} does not ' ++ 'support reparse deferral') + def test_flush_reparse_deferral_disabled(self): + parser = ET.XMLPullParser(events=('start', 'end')) + +Index: Python-3.12.3/Lib/test/test_sax.py +=================================================================== +--- Python-3.12.3.orig/Lib/test/test_sax.py ++++ Python-3.12.3/Lib/test/test_sax.py +@@ -1240,6 +1240,9 @@ class ExpatReaderTest(XmlTestBase): + + self.assertEqual(result.getvalue(), start + b"") + ++ @unittest.skipIf(pyexpat.version_info < (2, 6, 0), ++ f'Expat {pyexpat.version_info} does not ' ++ 'support reparse deferral') + def test_flush_reparse_deferral_disabled(self): + result = BytesIO() + xmlgen = XMLGenerator(result) +Index: Python-3.12.3/Lib/test/test_pyexpat.py +=================================================================== +--- Python-3.12.3.orig/Lib/test/test_pyexpat.py ++++ Python-3.12.3/Lib/test/test_pyexpat.py +@@ -794,6 +794,10 @@ class ReparseDeferralTest(unittest.TestC + self.assertEqual(started, ['doc']) + + def test_reparse_deferral_disabled(self): ++ if expat.version_info < (2, 6, 0): ++ self.skipTest(f'Expat {expat.version_info} does not ' ++ 'support reparse deferral') ++ + started = [] + + def start_element(name, _): diff --git a/CVE-2023-6597-TempDir-cleaning-symlink.patch b/CVE-2023-6597-TempDir-cleaning-symlink.patch new file mode 100644 index 0000000..c5e3528 --- /dev/null +++ b/CVE-2023-6597-TempDir-cleaning-symlink.patch @@ -0,0 +1,171 @@ +--- + Lib/tempfile.py | 16 + + Lib/test/test_tempfile.py | 113 ++++++++++ + Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst | 2 + 3 files changed, 131 insertions(+) + +Index: Python-3.12.4/Lib/tempfile.py +=================================================================== +--- Python-3.12.4.orig/Lib/tempfile.py ++++ Python-3.12.4/Lib/tempfile.py +@@ -285,6 +285,22 @@ def _resetperms(path): + _dont_follow_symlinks(chflags, path, 0) + _dont_follow_symlinks(_os.chmod, path, 0o700) + ++def _dont_follow_symlinks(func, path, *args): ++ # Pass follow_symlinks=False, unless not supported on this platform. ++ if func in _os.supports_follow_symlinks: ++ func(path, *args, follow_symlinks=False) ++ elif _os.name == 'nt' or not _os.path.islink(path): ++ func(path, *args) ++ ++def _resetperms(path): ++ try: ++ chflags = _os.chflags ++ except AttributeError: ++ pass ++ else: ++ _dont_follow_symlinks(chflags, path, 0) ++ _dont_follow_symlinks(_os.chmod, path, 0o700) ++ + + # User visible interfaces. + +Index: Python-3.12.4/Lib/test/test_tempfile.py +=================================================================== +--- Python-3.12.4.orig/Lib/test/test_tempfile.py ++++ Python-3.12.4/Lib/test/test_tempfile.py +@@ -1803,6 +1803,103 @@ class TestTemporaryDirectory(BaseTestCas + new_flags = os.stat(dir1).st_flags + self.assertEqual(new_flags, old_flags) + ++ @os_helper.skip_unless_symlink ++ def test_cleanup_with_symlink_modes(self): ++ # cleanup() should not follow symlinks when fixing mode bits (#91133) ++ with self.do_create(recurse=0) as d2: ++ file1 = os.path.join(d2, 'file1') ++ open(file1, 'wb').close() ++ dir1 = os.path.join(d2, 'dir1') ++ os.mkdir(dir1) ++ for mode in range(8): ++ mode <<= 6 ++ with self.subTest(mode=format(mode, '03o')): ++ def test(target, target_is_directory): ++ d1 = self.do_create(recurse=0) ++ symlink = os.path.join(d1.name, 'symlink') ++ os.symlink(target, symlink, ++ target_is_directory=target_is_directory) ++ try: ++ os.chmod(symlink, mode, follow_symlinks=False) ++ except NotImplementedError: ++ pass ++ try: ++ os.chmod(symlink, mode) ++ except FileNotFoundError: ++ pass ++ os.chmod(d1.name, mode) ++ d1.cleanup() ++ self.assertFalse(os.path.exists(d1.name)) ++ ++ with self.subTest('nonexisting file'): ++ test('nonexisting', target_is_directory=False) ++ with self.subTest('nonexisting dir'): ++ test('nonexisting', target_is_directory=True) ++ ++ with self.subTest('existing file'): ++ os.chmod(file1, mode) ++ old_mode = os.stat(file1).st_mode ++ test(file1, target_is_directory=False) ++ new_mode = os.stat(file1).st_mode ++ self.assertEqual(new_mode, old_mode, ++ '%03o != %03o' % (new_mode, old_mode)) ++ ++ with self.subTest('existing dir'): ++ os.chmod(dir1, mode) ++ old_mode = os.stat(dir1).st_mode ++ test(dir1, target_is_directory=True) ++ new_mode = os.stat(dir1).st_mode ++ self.assertEqual(new_mode, old_mode, ++ '%03o != %03o' % (new_mode, old_mode)) ++ ++ @unittest.skipUnless(hasattr(os, 'chflags'), 'requires os.chflags') ++ @os_helper.skip_unless_symlink ++ def test_cleanup_with_symlink_flags(self): ++ # cleanup() should not follow symlinks when fixing flags (#91133) ++ flags = stat.UF_IMMUTABLE | stat.UF_NOUNLINK ++ self.check_flags(flags) ++ ++ with self.do_create(recurse=0) as d2: ++ file1 = os.path.join(d2, 'file1') ++ open(file1, 'wb').close() ++ dir1 = os.path.join(d2, 'dir1') ++ os.mkdir(dir1) ++ def test(target, target_is_directory): ++ d1 = self.do_create(recurse=0) ++ symlink = os.path.join(d1.name, 'symlink') ++ os.symlink(target, symlink, ++ target_is_directory=target_is_directory) ++ try: ++ os.chflags(symlink, flags, follow_symlinks=False) ++ except NotImplementedError: ++ pass ++ try: ++ os.chflags(symlink, flags) ++ except FileNotFoundError: ++ pass ++ os.chflags(d1.name, flags) ++ d1.cleanup() ++ self.assertFalse(os.path.exists(d1.name)) ++ ++ with self.subTest('nonexisting file'): ++ test('nonexisting', target_is_directory=False) ++ with self.subTest('nonexisting dir'): ++ test('nonexisting', target_is_directory=True) ++ ++ with self.subTest('existing file'): ++ os.chflags(file1, flags) ++ old_flags = os.stat(file1).st_flags ++ test(file1, target_is_directory=False) ++ new_flags = os.stat(file1).st_flags ++ self.assertEqual(new_flags, old_flags) ++ ++ with self.subTest('existing dir'): ++ os.chflags(dir1, flags) ++ old_flags = os.stat(dir1).st_flags ++ test(dir1, target_is_directory=True) ++ new_flags = os.stat(dir1).st_flags ++ self.assertEqual(new_flags, old_flags) ++ + @support.cpython_only + def test_del_on_collection(self): + # A TemporaryDirectory is deleted when garbage collected +@@ -1977,6 +2074,22 @@ class TestTemporaryDirectory(BaseTestCas + + def check_flags(self, flags): + # skip the test if these flags are not supported (ex: FreeBSD 13) ++ filename = os_helper.TESTFN ++ try: ++ open(filename, "w").close() ++ try: ++ os.chflags(filename, flags) ++ except OSError as exc: ++ # "OSError: [Errno 45] Operation not supported" ++ self.skipTest(f"chflags() doesn't support flags " ++ f"{flags:#b}: {exc}") ++ else: ++ os.chflags(filename, 0) ++ finally: ++ os_helper.unlink(filename) ++ ++ def check_flags(self, flags): ++ # skip the test if these flags are not supported (ex: FreeBSD 13) + filename = os_helper.TESTFN + try: + open(filename, "w").close() +Index: Python-3.12.4/Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst +=================================================================== +--- /dev/null ++++ Python-3.12.4/Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst +@@ -0,0 +1,2 @@ ++Fix a bug in :class:`tempfile.TemporaryDirectory` cleanup, which now no longer ++dereferences symlinks when working around file system permission errors. diff --git a/PACKAGING-NOTES b/PACKAGING-NOTES new file mode 100644 index 0000000..e28c88c --- /dev/null +++ b/PACKAGING-NOTES @@ -0,0 +1,26 @@ +Notes for packagers of Python3 +============================== + +0. Faster build turnaround +-------------------------- + +By default, python builds with profile-guided optimization. This needs +an additional run of the test suite and it is generally slow. +PGO build takes around 50 minutes. + +For development, use "--without profileopt" option to disable PGO. This +shortens the build time to ~5 minutes including test suite. + +1. import_failed.map +---------------------- + +This is a mechanism installed as part of python3-base, that places shim modules +on python's path (through a generated zzzz-import-failed-hooks.pth file, so that +it is imported as much at the end as makes sense; and an _import_failed subdir +of /usr/lib/pythonX.Y). Then when the user tries to import a module that is part +of a subpackage, the ImportError will contain a helpful message telling them +which missing subpackage to install. + +This can sometimes cause problems on non-standard configurations, if the pth +gets included too early (for instance if you are using a script to include all +pths by hand in some strange order). Just something to look out for. diff --git a/Python-3.12.3.tar.xz b/Python-3.12.3.tar.xz new file mode 100644 index 0000000..db2a767 --- /dev/null +++ b/Python-3.12.3.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:56bfef1fdfc1221ce6720e43a661e3eb41785dd914ce99698d8c7896af4bdaa1 +size 20625068 diff --git a/Python-3.12.3.tar.xz.asc b/Python-3.12.3.tar.xz.asc new file mode 100644 index 0000000..f0579f8 --- /dev/null +++ b/Python-3.12.3.tar.xz.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmYVDdNfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx +Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6 +YwU8Vg//aP8bxzPTDIM9Af1LLJj5LNLIuZOl5QysWQVbakoCpS8Z8ZiK3LyzGi7H +pQ5uJEnRjhULnOi+va2TPBDqiYvY1CkVizYzmUe1dMtzHdJUBE1TzybfON02JzPD +62oDHxUC1hvITyLE8tjnsgBuP9bbYYHnS+qqmDgBWS1M60i4bqcBiSdlWZp7ZTI4 +KIxIy9eyNujHnNQrQQ1oqIoj7ty1Hrtkfqia/3cVq7rkQT8HecBIW0K82WuIXizm +/Ua/TQslTJsypslFYpoJBoIkWG2nk7RhJvfU5iLxQHen6cr7JOUo/u3jv0DIJyJs +LdBWG6noTIiqKJb65UswLUxexM5f3Y7gLEZ4FCqlbAOAPG16xwwC8Xd7LIF33cHK +133BvYCkwdl0MCpmsQuxi8i6Kql0MaEqJ9MEj6UN66ZJVpRx8hOm2FtZGhn5ZNxx +r5C2zXGw/IjXeS01wgD8cSRVA0XJdN4bu88vmvhqMuezg3CDF5bX85isoFUaLUjS +c5Lv1HNrqPiaWHOctnvzasy0djpwze+WCzsXFMI6VfejPpYwNlhmnxS7i3R9A4RK +gBwViMd5q5rwx365tCfRfGcBW6OOvrHZalhSGYmUw13sBarFliW9CvN4ghN9kWbN +YQwSggf5KD6v5mAAyReMrOJTyBG6B5hMlxKai5CzbRLlG25T2wI= +=ZQxz +-----END PGP SIGNATURE----- diff --git a/Python-3.12.4.tar.xz b/Python-3.12.4.tar.xz new file mode 100644 index 0000000..f50cb46 --- /dev/null +++ b/Python-3.12.4.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f6d419a6d8743ab26700801b4908d26d97e8b986e14f95de31b32de2b0e79554 +size 20659356 diff --git a/Python-3.12.4.tar.xz.asc b/Python-3.12.4.tar.xz.asc new file mode 100644 index 0000000..bcb0184 --- /dev/null +++ b/Python-3.12.4.tar.xz.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmZiK0BfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx +Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6 +YwXdxg/6A5E54ST8gUxcgC6dsX2mOou/AgtzEiql1azbtK0U6p6v/uZ3JACq4iF2 +5SeXCYIq2Aum+f3FcmZ1gPAhCdSaHUl9i5oJvidW2AOz7E3Q81Kutdu+pKfv8Cwr +srhKBij5EQQH8rSLKK5fWDcoYgS26UQnBISrVb8ye5KC+mU1x0ek49jeRjS3ixim ++/jyRK/MStIjQAqeFMzQgathynYM5DtDEu71QATIWQZ/h78mpBCdrQutXMs10zf8 +fuXI6RP/vkh7q5IUg2KFZaUavPPPMUKJZnYAaTn3JbNXkASuliEyBDzXPhl+/t17 +RxzmlM+foXqxLXmupouRilZE73X7tKI4y1MbFUklFIsZlt+7uyXxAbwIZd3zJQrM +GITttH4tx4q1htZ/G1l6cS99AYUmoZp7rJwgKkiH40W9C+6ye2O2zAk6cEi1796t +RXEUpGupws3/XMofKJ23mE1FGwhcTWvoFgrth5ZM5Ig3A2rb5KIJIbMdEmOOiHV7 +CZ62N29fszwdxtErLpEStv5pZdV8zenucC6FtonyLX47v1VOd+3fyw65SvVXlblp +jeXCDWfhZZpnXw5d++y4kTxiQk8VUgTezB8uQ9Z/gNtdvYxWy8SXXcJoFofOCgo2 +/nLLzlJyRAoAFAXIgyZqdkG+8ZPWTH/Tfxg9UYKKXMcSYqak2EU= +=x5Pr +-----END PGP SIGNATURE----- diff --git a/README.SUSE b/README.SUSE new file mode 100644 index 0000000..0053bcf --- /dev/null +++ b/README.SUSE @@ -0,0 +1,43 @@ +Python 3 in SUSE +============== + +* Subpackages * + +Python 3 is split into several subpackages, based on external dependencies. +The main package 'python3' has soft dependencies on all subpackages needed to +assemble the standard library; however, these might not all be installed by default. + +If you attempt to import a module that is currently not installed, an ImportError is thrown, +with instructions to install the missing subpackage. Installing the subpackage might result +in installing libraries that the subpackage requires to function. + + +* ensurepip * + +The 'ensurepip' module from Python 3 standard library (PEP 453) is supposed to deploy +a bundled copy of the pip installer. This makes no sense in a managed distribution like SUSE. +Instead, you need to install package 'python3-pip'. Usually this will be installed automatically +with 'python3'. + +Using 'ensurepip' when pip is not installed will result in an ImportError with instructions +to install 'python3-pip'. + + +* Documentation * + +You can find documentation in seprarate packages: python3-doc and +python3-doc-pdf. These contan following documents: + + Tutorial, What's New in Python, Global Module Index, Library Reference, + Macintosh Module Reference, Installing Python Modules, Distributing Python + Modules, Language Reference, Extending and Embedding, Python/C API, + Documenting Python + +The python3-doc package constains many text files from source tarball. + + +* Interactive mode * + +Interactive mode is by default enhanced with of history and command completion. +If you don't like these features, you can unset the PYTHONSTARTUP variable +in your .profile or disable it system wide in /etc/profile.d/python.sh. diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..1d50bc4 --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + base + doc + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..d7b7b53 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,3 @@ +python312-base +python312 +libpython3_12-1_0 diff --git a/bluez-devel-vendor.tar.xz b/bluez-devel-vendor.tar.xz new file mode 100644 index 0000000..d4d3912 --- /dev/null +++ b/bluez-devel-vendor.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a17f3fb420bf6bd577dde9e2b256cdb1df179ba552abb7172863321208a4713f +size 25308 diff --git a/bpo-31046_ensurepip_honours_prefix.patch b/bpo-31046_ensurepip_honours_prefix.patch new file mode 100644 index 0000000..4faebdb --- /dev/null +++ b/bpo-31046_ensurepip_honours_prefix.patch @@ -0,0 +1,173 @@ +From 5754521af1d51aa8e445cba07a093bbc0c88596d Mon Sep 17 00:00:00 2001 +From: Zackery Spytz +Date: Mon, 16 Dec 2019 18:24:08 -0700 +Subject: [PATCH] bpo-31046: ensurepip does not honour the value of $(prefix) + +Co-Authored-By: Xavier de Gaye +--- + Doc/library/ensurepip.rst | 9 +++-- + Lib/ensurepip/__init__.py | 18 +++++++--- + Lib/test/test_ensurepip.py | 11 ++++++ + Makefile.pre.in | 4 +- + Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst | 1 + 5 files changed, 34 insertions(+), 9 deletions(-) + create mode 100644 Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst + +Index: Python-3.12.4/Doc/library/ensurepip.rst +=================================================================== +--- Python-3.12.4.orig/Doc/library/ensurepip.rst ++++ Python-3.12.4/Doc/library/ensurepip.rst +@@ -59,8 +59,9 @@ is at least as recent as the one availab + By default, ``pip`` is installed into the current virtual environment + (if one is active) or into the system site packages (if there is no + active virtual environment). The installation location can be controlled +-through two additional command line options: ++through some additional command line options: + ++* ``--prefix ``: Installs ``pip`` using the given directory prefix. + * :samp:`--root {dir}`: Installs ``pip`` relative to the given root directory + rather than the root of the currently active virtual environment (if any) + or the default root for the current Python installation. +@@ -92,7 +93,7 @@ Module API + Returns a string specifying the available version of pip that will be + installed when bootstrapping an environment. + +-.. function:: bootstrap(root=None, upgrade=False, user=False, \ ++.. function:: bootstrap(root=None, prefix=None, upgrade=False, user=False, \ + altinstall=False, default_pip=False, \ + verbosity=0) + +@@ -102,6 +103,8 @@ Module API + If *root* is ``None``, then installation uses the default install location + for the current environment. + ++ *prefix* specifies the directory prefix to use when installing. ++ + *upgrade* indicates whether or not to upgrade an existing installation + of an earlier version of ``pip`` to the available version. + +@@ -122,6 +125,8 @@ Module API + *verbosity* controls the level of output to :data:`sys.stdout` from the + bootstrapping operation. + ++ .. versionchanged:: 3.9 the *prefix* parameter was added. ++ + .. audit-event:: ensurepip.bootstrap root ensurepip.bootstrap + + .. note:: +Index: Python-3.12.4/Lib/ensurepip/__init__.py +=================================================================== +--- Python-3.12.4.orig/Lib/ensurepip/__init__.py ++++ Python-3.12.4/Lib/ensurepip/__init__.py +@@ -120,27 +120,27 @@ def _disable_pip_configuration_settings( + os.environ['PIP_CONFIG_FILE'] = os.devnull + + +-def bootstrap(*, root=None, upgrade=False, user=False, ++def bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). ++ and directory prefix). + + Note that calling this function will alter both sys.path and os.environ. + """ + # Discard the return value +- _bootstrap(root=root, upgrade=upgrade, user=user, ++ _bootstrap(root=root, prefix=prefix, upgrade=upgrade, user=user, + altinstall=altinstall, default_pip=default_pip, + verbosity=verbosity) + + +-def _bootstrap(*, root=None, upgrade=False, user=False, ++def _bootstrap(*, root=None, prefix=None, upgrade=False, user=False, + altinstall=False, default_pip=False, + verbosity=0): + """ + Bootstrap pip into the current Python installation (or the given root +- directory). Returns pip command status code. ++ and directory prefix). Returns pip command status code. + + Note that calling this function will alter both sys.path and os.environ. + """ +@@ -190,6 +190,8 @@ def _bootstrap(*, root=None, upgrade=Fal + args = ["install", "--no-cache-dir", "--no-index", "--find-links", tmpdir] + if root: + args += ["--root", root] ++ if prefix: ++ args += ["--prefix", prefix] + if upgrade: + args += ["--upgrade"] + if user: +@@ -265,6 +267,11 @@ def _main(argv=None): + help="Install everything relative to this alternate root directory.", + ) + parser.add_argument( ++ "--prefix", ++ default=None, ++ help="Install everything using this prefix.", ++ ) ++ parser.add_argument( + "--altinstall", + action="store_true", + default=False, +@@ -283,6 +290,7 @@ def _main(argv=None): + + return _bootstrap( + root=args.root, ++ prefix=args.prefix, + upgrade=args.upgrade, + user=args.user, + verbosity=args.verbosity, +Index: Python-3.12.4/Lib/test/test_ensurepip.py +=================================================================== +--- Python-3.12.4.orig/Lib/test/test_ensurepip.py ++++ Python-3.12.4/Lib/test/test_ensurepip.py +@@ -105,6 +105,17 @@ class TestBootstrap(EnsurepipMixin, unit + unittest.mock.ANY, + ) + ++ def test_bootstrapping_with_prefix(self): ++ ensurepip.bootstrap(prefix="/foo/bar/") ++ self.run_pip.assert_called_once_with( ++ [ ++ "install", "--no-cache-dir", "--no-index", "--find-links", ++ unittest.mock.ANY, "--prefix", "/foo/bar/", ++ "pip", ++ ], ++ unittest.mock.ANY, ++ ) ++ + def test_bootstrapping_with_user(self): + ensurepip.bootstrap(user=True) + +Index: Python-3.12.4/Makefile.pre.in +=================================================================== +--- Python-3.12.4.orig/Makefile.pre.in ++++ Python-3.12.4/Makefile.pre.in +@@ -1914,7 +1914,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni + install|*) ensurepip="" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + .PHONY: altinstall +@@ -1925,7 +1925,7 @@ altinstall: commoninstall + install|*) ensurepip="--altinstall" ;; \ + esac; \ + $(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \ +- $$ensurepip --root=$(DESTDIR)/ ; \ ++ $$ensurepip --root=$(DESTDIR)/ --prefix=$(prefix) ; \ + fi + + .PHONY: commoninstall +Index: Python-3.12.4/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +=================================================================== +--- /dev/null ++++ Python-3.12.4/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst +@@ -0,0 +1 @@ ++A directory prefix can now be specified when using :mod:`ensurepip`. diff --git a/externally_managed.in b/externally_managed.in new file mode 100644 index 0000000..54606b6 --- /dev/null +++ b/externally_managed.in @@ -0,0 +1,12 @@ +[externally-managed] +Error=To install Python packages system-wide, try + zypper install __PYTHONPREFIX__-xyz, where xyz is the package + you are trying to install. + + If you wish to install a non-rpm packaged Python package, + create a virtual environment using __PYTHON__ -m venv path/to/venv. + Then use path/to/venv/bin/python and path/to/venv/bin/pip. + + If you wish to install a non-rpm packaged Python application, + it may be easiest to use `pipx install xyz`, which will manage a + virtual environment for you. Install pipx via `zypper install __PYTHONPREFIX__-pipx` . diff --git a/fix-test-recursion-limit-15.6.patch b/fix-test-recursion-limit-15.6.patch new file mode 100644 index 0000000..0b86aa2 --- /dev/null +++ b/fix-test-recursion-limit-15.6.patch @@ -0,0 +1,30 @@ +Index: Python-3.12.3/Lib/test/test_compile.py +=================================================================== +--- Python-3.12.3.orig/Lib/test/test_compile.py ++++ Python-3.12.3/Lib/test/test_compile.py +@@ -14,6 +14,9 @@ from test.support import (script_helper, + requires_specialization, C_RECURSION_LIMIT) + from test.support.os_helper import FakePath + ++IS_SLE_15_6 = os.environ.get("SLE_VERSION", "") == "0150600" ++IS_32bit = hasattr(os, "uname") and os.uname().machine in ["i386", "i486", "i586", "i686"] ++ + class TestSpecifics(unittest.TestCase): + + def compile_single(self, source): +@@ -110,6 +113,7 @@ class TestSpecifics(unittest.TestCase): + self.assertEqual(d['z'], 12) + + @unittest.skipIf(support.is_wasi, "exhausts limited stack on WASI") ++ @unittest.skipIf(IS_SLE_15_6 and IS_32bit, "fails on 15.6 i586") + def test_extended_arg(self): + repeat = int(C_RECURSION_LIMIT * 0.9) + longexpr = 'x = x or ' + '-x' * repeat +@@ -603,6 +607,7 @@ class TestSpecifics(unittest.TestCase): + + @support.cpython_only + @unittest.skipIf(support.is_wasi, "exhausts limited stack on WASI") ++ @unittest.skipIf(IS_SLE_15_6 and IS_32bit, "fails on 15.6 i586") + def test_compiler_recursion_limit(self): + # Expected limit is C_RECURSION_LIMIT * 2 + # Duplicating the limit here is a little ugly. diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch new file mode 100644 index 0000000..88fbe40 --- /dev/null +++ b/fix_configure_rst.patch @@ -0,0 +1,36 @@ +--- + Doc/using/configure.rst | 2 -- + Misc/NEWS | 2 +- + 2 files changed, 1 insertion(+), 3 deletions(-) + +Index: Python-3.12.4/Doc/using/configure.rst +=================================================================== +--- Python-3.12.4.orig/Doc/using/configure.rst ++++ Python-3.12.4/Doc/using/configure.rst +@@ -640,13 +640,11 @@ macOS Options + + See ``Mac/README.rst``. + +-.. option:: --enable-universalsdk + .. option:: --enable-universalsdk=SDKDIR + + Create a universal binary build. *SDKDIR* specifies which macOS SDK should + be used to perform the build (default is no). + +-.. option:: --enable-framework + .. option:: --enable-framework=INSTALLDIR + + Create a Python.framework rather than a traditional Unix install. Optional +Index: Python-3.12.4/Misc/NEWS +=================================================================== +--- Python-3.12.4.orig/Misc/NEWS ++++ Python-3.12.4/Misc/NEWS +@@ -13734,7 +13734,7 @@ C API + - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. + + - bpo-43795: The list in :ref:`limited-api-list` now shows the public name +- :c:struct:`PyFrameObject` rather than ``_frame``. The non-existing entry ++ :c:type:`PyFrameObject` rather than ``_frame``. The non-existing entry + ``_node`` no longer appears in the list. + + - bpo-44378: :c:func:`Py_IS_TYPE` no longer uses :c:func:`Py_TYPE` to avoid diff --git a/idle3.appdata.xml b/idle3.appdata.xml new file mode 100644 index 0000000..554b7c4 --- /dev/null +++ b/idle3.appdata.xml @@ -0,0 +1,35 @@ + + + + + idle3.desktop + IDLE3 + CC0 + Python-2.0 + Python 3 Integrated Development and Learning Environment + +

+ IDLE is Python’s Integrated Development and Learning Environment. + The GUI is uniform between Windows, Unix, and Mac OS X. + IDLE provides an easy way to start writing, running, and debugging + Python code. +

+

+ IDLE is written in pure Python, and uses the tkinter GUI toolkit. + It provides: +

+
    +
  • a Python shell window (interactive interpreter) with colorizing of code input, output, and error messages,
  • +
  • a multi-window text editor with multiple undo, Python colorizing, smart indent, call tips, auto completion, and other features,
  • +
  • search within any window, replace within editor windows, and search through multiple files (grep),
  • +
  • a debugger with persistent breakpoints, stepping, and viewing of global and local namespaces.
  • +
+
+ https://docs.python.org/3/library/idle.html + + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-main-window.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-class-browser.png + http://in.waw.pl/~zbyszek/fedora/idle3-appdata/idle3-code-viewer.png + + zbyszek@in.waw.pl +
diff --git a/idle3.desktop b/idle3.desktop new file mode 100644 index 0000000..43f5a4c --- /dev/null +++ b/idle3.desktop @@ -0,0 +1,12 @@ +[Desktop Entry] +Version=1.0 +Name=IDLE 3 +GenericName=Python 3 IDE +Comment=Python 3 Integrated Development and Learning Environment +Exec=idle3 %F +TryExec=idle3 +Terminal=false +Type=Application +Icon=idle3 +Categories=Development;IDE; +MimeType=text/x-python; diff --git a/import_failed.map b/import_failed.map new file mode 100644 index 0000000..f33690c --- /dev/null +++ b/import_failed.map @@ -0,0 +1,7 @@ +python311-curses: curses _curses _curses_panel +python311-dbm: dbm _dbm _gdbm +python311-idle: idlelib +python311-testsuite: test _ctypes_test _testbuffer _testcapi _testinternalcapi _testimportmultiple _testmultiphase xxlimited +python311-tk: tkinter _tkinter +python311-tools: turtledemo +python311: sqlite3 readline _sqlite3 nis diff --git a/import_failed.py b/import_failed.py new file mode 100644 index 0000000..258b5a5 --- /dev/null +++ b/import_failed.py @@ -0,0 +1,23 @@ +import sys, os +from sysconfig import get_path + +failed_map_path = os.path.join(get_path('stdlib'), '_import_failed', 'import_failed.map') + +if __spec__: + failed_name = __spec__.name +else: + failed_name = __name__ + +with open(failed_map_path) as fd: + for line in fd: + package = line.split(':')[0] + imports = line.split(':')[1] + if failed_name in imports: + raise ImportError(f"""Module '{failed_name}' is not installed. +Use: + sudo zypper install {package} +to install it.""") + +raise ImportError(f"""Module '{failed_name}' is not installed. +It is supposed to be part of python3 distribution, but missing from failed import map. +Please file a bug on the SUSE Bugzilla.""") diff --git a/macros.python3 b/macros.python3 new file mode 100644 index 0000000..2bd193b --- /dev/null +++ b/macros.python3 @@ -0,0 +1,28 @@ +%have_python3 1 + +# commented out legacy macro definitions +#py3_prefix /usr +#py3_incdir /usr/include/python3.5m +#py3_ver 3.5 + +# these should now be provided by macros.python_all +#python3_sitearch /usr/lib64/python3.5/site-packages +#python3_sitelib /usr/lib/python3.5/site-packages +#python3_version 3.5 + +# hard to say if anyone ever used these? +#py3_soflags cpython-35m-x86_64-linux-gnu +#py3_abiflags m +%cpython3_soabi %(python3 -c "import sysconfig; print(sysconfig.get_config_var('SOABI'))") +%py3_soflags %cpython3_soabi + +# compilation macros that might be in use somewhere +%py3_compile(O) \ +find %1 -name '*.pyc' -exec rm -f {} ";"\ +python3 -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +%{-O:\ +find %1 -name '*.pyo' -exec rm -f {} ";"\ +python3 -O -c "import sys, os, compileall; br='%{buildroot}'; compileall.compile_dir(sys.argv[1], ddir=br and (sys.argv[1][len(os.path.abspath(br)):]+'/') or None)" %1\ +} + + diff --git a/no-skipif-doctests.patch b/no-skipif-doctests.patch new file mode 100644 index 0000000..2020707 --- /dev/null +++ b/no-skipif-doctests.patch @@ -0,0 +1,647 @@ +only in patch2: +unchanged: +--- + Doc/library/turtle.rst | 81 ------------------------------------------------- + 1 file changed, 81 deletions(-) + +Index: Python-3.12.2/Doc/library/turtle.rst +=================================================================== +--- Python-3.12.2.orig/Doc/library/turtle.rst ++++ Python-3.12.2/Doc/library/turtle.rst +@@ -441,7 +441,6 @@ Turtle motion + turtle is headed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -468,7 +467,6 @@ Turtle motion + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,0.00) +@@ -487,13 +485,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -512,13 +508,11 @@ Turtle motion + orientation depends on the turtle mode, see :func:`mode`. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(22) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 22.0 +@@ -541,13 +535,11 @@ Turtle motion + not change the turtle's orientation. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 0) + + .. doctest:: +- :skipif: _tkinter is None + + >>> tp = turtle.pos() + >>> tp +@@ -609,13 +601,11 @@ Turtle motion + unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 240) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,240.00) +@@ -631,13 +621,11 @@ Turtle motion + Set the turtle's second coordinate to *y*, leave first coordinate unchanged. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.goto(0, 40) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (0.00,40.00) +@@ -664,7 +652,6 @@ Turtle motion + =================== ==================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setheading(90) + >>> turtle.heading() +@@ -677,14 +664,12 @@ Turtle motion + its start-orientation (which depends on the mode, see :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.setheading(90) + >>> turtle.goto(0, -10) + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.heading() + 90.0 +@@ -716,7 +701,6 @@ Turtle motion + calculated automatically. May be used to draw regular polygons. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.position() +@@ -745,7 +729,6 @@ Turtle motion + + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.dot() +@@ -763,7 +746,6 @@ Turtle motion + it by calling ``clearstamp(stamp_id)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("blue") + >>> stamp_id = turtle.stamp() +@@ -778,7 +760,6 @@ Turtle motion + Delete stamp with given *stampid*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.position() + (150.00,-0.00) +@@ -816,7 +797,6 @@ Turtle motion + undo actions is determined by the size of the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for i in range(4): + ... turtle.fd(50); turtle.lt(80) +@@ -849,7 +829,6 @@ Turtle motion + turtle turn instantly. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.speed() + 3 +@@ -870,7 +849,6 @@ Tell Turtle's state + Return the turtle's current location (x,y) (as a :class:`Vec2D` vector). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pos() + (440.00,-0.00) +@@ -886,7 +864,6 @@ Tell Turtle's state + orientation which depends on the mode - "standard"/"world" or "logo". + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(10, 10) + >>> turtle.towards(0,0) +@@ -898,7 +875,6 @@ Tell Turtle's state + Return the turtle's x coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(50) +@@ -914,7 +890,6 @@ Tell Turtle's state + Return the turtle's y coordinate. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(60) +@@ -931,7 +906,6 @@ Tell Turtle's state + :func:`mode`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(67) +@@ -948,7 +922,6 @@ Tell Turtle's state + other turtle, in turtle step units. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.distance(30,40) +@@ -972,7 +945,6 @@ Settings for measurement + Default value is 360 degrees. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -995,7 +967,6 @@ Settings for measurement + ``degrees(2*math.pi)``. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.left(90) +@@ -1006,7 +977,6 @@ Settings for measurement + 1.5707963267948966 + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.degrees(360) +@@ -1042,7 +1012,6 @@ Drawing state + thickness. If no argument is given, the current pensize is returned. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.pensize() + 1 +@@ -1074,7 +1043,6 @@ Drawing state + attributes in one statement. + + .. doctest:: +- :skipif: _tkinter is None + :options: +NORMALIZE_WHITESPACE + + >>> turtle.pen(fillcolor="black", pencolor="red", pensize=10) +@@ -1097,7 +1065,6 @@ Drawing state + Return ``True`` if pen is down, ``False`` if it's up. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.penup() + >>> turtle.isdown() +@@ -1138,7 +1105,6 @@ Color control + newly set pencolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> colormode() + 1.0 +@@ -1187,7 +1153,6 @@ Color control + with the newly set fillcolor. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.fillcolor("violet") + >>> turtle.fillcolor() +@@ -1226,7 +1191,6 @@ Color control + with the newly set colors. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("red", "green") + >>> turtle.color() +@@ -1243,7 +1207,6 @@ Filling + ~~~~~~~ + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> turtle.home() +@@ -1253,7 +1216,6 @@ Filling + Return fillstate (``True`` if filling, ``False`` else). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.begin_fill() + >>> if turtle.filling(): +@@ -1278,7 +1240,6 @@ Filling + above may be either all yellow or have some white regions. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.color("black", "red") + >>> turtle.begin_fill() +@@ -1295,7 +1256,6 @@ More drawing control + variables to the default values. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.goto(0,-22) + >>> turtle.left(100) +@@ -1346,7 +1306,6 @@ Visibility + drawing observably. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.hideturtle() + +@@ -1357,7 +1316,6 @@ Visibility + Make the turtle visible. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.showturtle() + +@@ -1388,7 +1346,6 @@ Appearance + deal with shapes see Screen method :func:`register_shape`. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape() + 'classic' +@@ -1414,7 +1371,6 @@ Appearance + ``resizemode("user")`` is called by :func:`shapesize` when used with arguments. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.resizemode() + 'noresize' +@@ -1438,7 +1394,6 @@ Appearance + of the shape's outline. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shapesize() + (1.0, 1.0, 1) +@@ -1463,7 +1418,6 @@ Appearance + heading of the turtle are sheared. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("circle") + >>> turtle.shapesize(5,2) +@@ -1480,7 +1434,6 @@ Appearance + change the turtle's heading (direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1526,7 +1479,6 @@ Appearance + turtle (its direction of movement). + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.reset() + >>> turtle.shape("circle") +@@ -1555,7 +1507,6 @@ Appearance + given matrix. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle = Turtle() + >>> turtle.shape("square") +@@ -1571,7 +1522,6 @@ Appearance + can be used to define a new shape or components of a compound shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.shape("square") + >>> turtle.shapetransform(4, -1, 0, 2) +@@ -1596,7 +1546,6 @@ Using events + procedural way: + + .. doctest:: +- :skipif: _tkinter is None + + >>> def turn(x, y): + ... left(180) +@@ -1617,7 +1566,6 @@ Using events + ``None``, existing bindings are removed. + + .. doctest:: +- :skipif: _tkinter is None + + >>> class MyTurtle(Turtle): + ... def glow(self,x,y): +@@ -1645,7 +1593,6 @@ Using events + mouse-click event on that turtle. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.ondrag(turtle.goto) + +@@ -1673,7 +1620,6 @@ Special Turtle methods + Return the last recorded polygon. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.home() + >>> turtle.begin_poly() +@@ -1693,7 +1639,6 @@ Special Turtle methods + turtle properties. + + .. doctest:: +- :skipif: _tkinter is None + + >>> mick = Turtle() + >>> joe = mick.clone() +@@ -1706,7 +1651,6 @@ Special Turtle methods + return the "anonymous turtle": + + .. doctest:: +- :skipif: _tkinter is None + + >>> pet = getturtle() + >>> pet.fd(50) +@@ -1720,7 +1664,6 @@ Special Turtle methods + TurtleScreen methods can then be called for that object. + + .. doctest:: +- :skipif: _tkinter is None + + >>> ts = turtle.getscreen() + >>> ts +@@ -1738,7 +1681,6 @@ Special Turtle methods + ``None``, the undobuffer is disabled. + + .. doctest:: +- :skipif: _tkinter is None + + >>> turtle.setundobuffer(42) + +@@ -1748,7 +1690,6 @@ Special Turtle methods + Return number of entries in the undobuffer. + + .. doctest:: +- :skipif: _tkinter is None + + >>> while undobufferentries(): + ... undo() +@@ -1771,7 +1712,6 @@ below: + For example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> s = Shape("compound") + >>> poly1 = ((0,0),(10,-5),(0,10),(-10,-5)) +@@ -1782,7 +1722,6 @@ below: + 3. Now add the Shape to the Screen's shapelist and use it: + + .. doctest:: +- :skipif: _tkinter is None + + >>> register_shape("myshape", s) + >>> shape("myshape") +@@ -1802,7 +1741,6 @@ Most of the examples in this section ref + ``screen``. + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen = Screen() +@@ -1819,7 +1757,6 @@ Window control + Set or return background color of the TurtleScreen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.bgcolor("orange") + >>> screen.bgcolor() +@@ -1911,7 +1848,6 @@ Window control + distorted. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.reset() + >>> screen.setworldcoordinates(-50,-7.5,50,7.5) +@@ -1922,7 +1858,6 @@ Window control + ... left(45); fd(2) # a regular octagon + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> screen.reset() +@@ -1944,7 +1879,6 @@ Animation control + Optional argument: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.delay() + 10 +@@ -1966,7 +1900,6 @@ Animation control + :func:`delay`). + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.tracer(8, 25) + >>> dist = 2 +@@ -2003,7 +1936,6 @@ Using screen events + must have the focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -2024,7 +1956,6 @@ Using screen events + must have focus. (See method :func:`listen`.) + + .. doctest:: +- :skipif: _tkinter is None + + >>> def f(): + ... fd(50) +@@ -2049,7 +1980,6 @@ Using screen events + named ``turtle``: + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.onclick(turtle.goto) # Subsequently clicking into the TurtleScreen will + >>> # make the turtle move to the clicked point. +@@ -2069,7 +1999,6 @@ Using screen events + Install a timer that calls *fun* after *t* milliseconds. + + .. doctest:: +- :skipif: _tkinter is None + + >>> running = True + >>> def f(): +@@ -2151,7 +2080,6 @@ Settings and special methods + ============ ========================= =================== + + .. doctest:: +- :skipif: _tkinter is None + + >>> mode("logo") # resets turtle heading to north + >>> mode() +@@ -2166,7 +2094,6 @@ Settings and special methods + values of color triples have to be in the range 0..*cmode*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.colormode(1) + >>> turtle.pencolor(240, 160, 80) +@@ -2187,7 +2114,6 @@ Settings and special methods + do with a Tkinter Canvas. + + .. doctest:: +- :skipif: _tkinter is None + + >>> cv = screen.getcanvas() + >>> cv +@@ -2199,7 +2125,6 @@ Settings and special methods + Return a list of names of all currently available turtle shapes. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.getshapes() + ['arrow', 'blank', 'circle', ..., 'turtle'] +@@ -2223,7 +2148,6 @@ Settings and special methods + coordinates: Install the corresponding polygon shape. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.register_shape("triangle", ((5,-3), (0,5), (-5,-3))) + +@@ -2239,7 +2163,6 @@ Settings and special methods + Return the list of turtles on the screen. + + .. doctest:: +- :skipif: _tkinter is None + + >>> for turtle in screen.turtles(): + ... turtle.color("red") +@@ -2301,7 +2224,6 @@ Methods specific to Screen, not inherite + center window vertically + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.setup (width=200, height=200, startx=0, starty=0) + >>> # sets window to 200x200 pixels, in upper left of screen +@@ -2317,7 +2239,6 @@ Methods specific to Screen, not inherite + Set title of turtle window to *titlestring*. + + .. doctest:: +- :skipif: _tkinter is None + + >>> screen.title("Welcome to the turtle zoo!") + +@@ -2388,7 +2309,6 @@ Public classes + Example: + + .. doctest:: +- :skipif: _tkinter is None + + >>> poly = ((0,0),(10,-5),(0,10),(-10,-5)) + >>> s = Shape("compound") +@@ -2774,7 +2694,6 @@ Changes since Python 3.0 + + + .. doctest:: +- :skipif: _tkinter is None + :hide: + + >>> for turtle in turtles(): diff --git a/pre_checkin.sh b/pre_checkin.sh new file mode 100644 index 0000000..a2cf992 --- /dev/null +++ b/pre_checkin.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +export LC_ALL=C + +master=python*.spec + +# create import_failed.map from package definitions +pkgname=$(grep python_pkg_name $master |grep define |awk -F' ' '{print $3}') +MAPFILE=import_failed.map +function new_map_line () { + package=$1 + package=$(echo $1 |sed -e "s:%{python_pkg_name}:$pkgname:") + modules=$2 + if [ -z "$package" -o -z "$modules" ]; then + return + fi + if [[ "$package" =~ "-base" ]]; then + return + fi + echo "$package:$modules" >> $MAPFILE.tmp +} + +for spec in *.spec; do + basename=${spec%.spec} + package= + modules= + while read line; do + case $line in + "%files -n "*) + new_map_line $package "$modules" + package=${line#"%files -n "} + modules= + ;; + "%files "*) + new_map_line $package "$modules" + package=$basename-${line#"%files "} + modules= + ;; + "%files") + new_map_line $package "$modules" + package=$basename + modules= + ;; + "%{sitedir}/config-"*) + # ignore + ;; + "%{sitedir}/"*) + word=${line#"%{sitedir}/"} + if ! echo $word | grep -q /; then + modules="$modules $word" + fi + ;; + "%{dynlib "*"}") + word=${line#"%{dynlib "} + word=${word%"}"} + modules="$modules $word" + ;; + esac + done < $spec + new_map_line $package "$modules" +done + +cat $MAPFILE.tmp |sort -u > $MAPFILE +rm $MAPFILE.tmp + +# run test inclusion check +tar xJf Python-*.xz +python3 skipped_tests.py + +# generate baselibs.conf +VERSION=$(grep ^Version $master|awk -F':' '{print $2}' |sed -e 's/ //g') +python_version=${VERSION:0:3} # 3.3 +python_version_abitag=${python_version//./} # 33 +python_version_soname=${python_version//./_} # 3_3 +echo "$pkgname-base" > baselibs.conf +echo "$pkgname" >> baselibs.conf +echo "libpython$python_version_soname-1_0" >> baselibs.conf + diff --git a/python-3.3.0b1-fix_date_time_compiler.patch b/python-3.3.0b1-fix_date_time_compiler.patch new file mode 100644 index 0000000..43bb625 --- /dev/null +++ b/python-3.3.0b1-fix_date_time_compiler.patch @@ -0,0 +1,27 @@ +--- + Makefile.pre.in | 7 +++++++ + 1 file changed, 7 insertions(+) + +Index: Python-3.12.4/Makefile.pre.in +=================================================================== +--- Python-3.12.4.orig/Makefile.pre.in ++++ Python-3.12.4/Makefile.pre.in +@@ -1337,11 +1337,18 @@ Modules/getbuildinfo.o: $(PARSER_OBJS) \ + $(DTRACE_OBJS) \ + $(srcdir)/Modules/getbuildinfo.c + $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DDATE="\"`date -u -r Makefile.pre.in +"%b %d %Y"`\"" \ ++ -DTIME="\"`date -u -r Makefile.pre.in +"%T"`\"" \ + -DGITVERSION="\"`LC_ALL=C $(GITVERSION)`\"" \ + -DGITTAG="\"`LC_ALL=C $(GITTAG)`\"" \ + -DGITBRANCH="\"`LC_ALL=C $(GITBRANCH)`\"" \ + -o $@ $(srcdir)/Modules/getbuildinfo.c + ++Python/getcompiler.o: $(srcdir)/Python/getcompiler.c Makefile ++ $(CC) -c $(PY_CORE_CFLAGS) \ ++ -DCOMPILER='"[GCC]"' \ ++ -o $@ $(srcdir)/Python/getcompiler.c ++ + Modules/getpath.o: $(srcdir)/Modules/getpath.c Python/frozen_modules/getpath.h Makefile $(PYTHON_HEADERS) + $(CC) -c $(PY_CORE_CFLAGS) -DPYTHONPATH='"$(PYTHONPATH)"' \ + -DPREFIX='"$(prefix)"' \ diff --git a/python-3.3.0b1-localpath.patch b/python-3.3.0b1-localpath.patch new file mode 100644 index 0000000..69174fb --- /dev/null +++ b/python-3.3.0b1-localpath.patch @@ -0,0 +1,13 @@ +Index: Python-3.12.2/Lib/site.py +=================================================================== +--- Python-3.12.2.orig/Lib/site.py ++++ Python-3.12.2/Lib/site.py +@@ -77,7 +77,7 @@ import io + import stat + + # Prefixes for site-packages; add additional prefixes like /usr/local here +-PREFIXES = [sys.prefix, sys.exec_prefix] ++PREFIXES = [sys.prefix, sys.exec_prefix, '/usr/local'] + # Enable per user site-packages directory + # set it to False to disable the feature or True to force the feature + ENABLE_USER_SITE = None diff --git a/python-3.3.0b1-test-posix_fadvise.patch b/python-3.3.0b1-test-posix_fadvise.patch new file mode 100644 index 0000000..2735034 --- /dev/null +++ b/python-3.3.0b1-test-posix_fadvise.patch @@ -0,0 +1,17 @@ +--- + Lib/test/test_posix.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: Python-3.12.2/Lib/test/test_posix.py +=================================================================== +--- Python-3.12.2.orig/Lib/test/test_posix.py ++++ Python-3.12.2/Lib/test/test_posix.py +@@ -433,7 +433,7 @@ class PosixTester(unittest.TestCase): + def test_posix_fadvise(self): + fd = os.open(os_helper.TESTFN, os.O_RDONLY) + try: +- posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_WILLNEED) ++ posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_RANDOM) + finally: + os.close(fd) + diff --git a/python.keyring b/python.keyring new file mode 100644 index 0000000..93baed9 --- /dev/null +++ b/python.keyring @@ -0,0 +1,78 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFUAInYBEACrmKcXagNRlo1VjznrJZMMUh0rxUn2iK2wy9H5qrCo4EgMYahZ +ibBunSWB4RNeVQevzUm3eSyOixnt+BmGZbSYqKp8tJIXRRcnKhEtC62X+7NVMc7B +9uPu/aJ3HNqXrsQwBJUzZxzLMLg6obCyarhhHAYbWmfaafU4yNk3J4dGNKoZtHvz +bjnUtlsUAkCmuyt3MsUuSYz34BviRLSEZEKW6xNoyQmD9dUhQ5exBuTPjtmdTf+x +gOKpBluRkJ4TADGlWf42lIkaI+8DYRj1R8eQdLFwS7sDTu/MMPceKU7nTWOoj8HF +3xXRJ+bJbpOJXZFEzVKjXHKuMFkhKr562i0LD8pdl1+s+9LRovmAvGwggt04Drzb +AK437QoyjPKiTnFlg4tOeIuN0Y+GGk2hXOdH7fNw79B9Tq5ENxth8NsnKVlz1zpF +X+aV0zCvAjNWutAUpikqZT/ibpwmM+NJcz3pgzQOq+LfPFskyrv7zkVODEjH3SG3 +s4ROvyoWfLPWmX92kJMOkvzyQObZmU2zWJgJbjYRApZiTfbfnH1tE+wxH4ZR5dji +FpEdUJn1yjpYp21Q10khIdsj6q9IvS3RDq0ygc5wfl5111byEsdP12y36lvPTclT +33VHBR1vxr+js9d8FI4wwt/o+7TmAO39DYhLrtn+ZgyRgIBYY65lhEaUtwARAQAB +tCJUaG9tYXMgV291dGVycyA8dGhvbWFzQHB5dGhvbi5vcmc+iQJUBBMBCgA+AhsD +BQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAFiEEcWlgX2LHUTVtBUomqCHmgOX6YwUF +AmDgZQIFCRVGRAsACgkQqCHmgOX6YwUF8RAAiCyNSQc63wae9rvhK6iR90ybBnql +4Wec0Lbxb1Fu16q6CuZQbC+Uyw/K7cl2SosJ6U0sIR6lIaEgPn5R6CSXk0a3m2bm +zbPHEUqqLkz4l89GZfKZ0pNgZfCN3mt+8Z5O70LmzUQnWRSe/a7r+XrgPzSfNUXR +DL+aRxCChctHXwvYOk1b8Hy1CaNeFijgs4iaoYyt21mhjJDAAjRTFjLpjkIQcEcx +4+ZL4NKdGb4I+u6J9xYam/JDKkG1NtpxlPACY+VyIcUWcofRs8v90YL8aZDikr/R +l68ydTsfr1Jy95TH0EL0XgWo7yVppTKADc9jeCtemymBvhvvWlCRGjvhgvlCZ+IT +yy1mDmZkVzxAWT8JxyuUJ8Hwj4E67X24AyLirMxEpAObE1FAE6F/S6s3w18HGOCY +24PmvDpS+lbR6TOe2AOAJGpVZqvqy+7EpM4OM1KrVDTKfzP5HR+QOyI7aKSYt0sO +URqhrlq1fs9Q6yssFQYHRLYQO/OrhMx5yR6R2o1ndyJ9Wx9WWcL/HalmlocTL9AC +4U0LjBVKYWaPpsLuSgID4vPWG3gul5OqZ2LNTF/VzOm5do6ZeBe/9LOa1GGf9MMx +NMW7CB8igLcoF0XD979q1zADpYZufZgTvTFQzmWXhXIUBpWyXHg05baCFkdtKCqE +/bwf9KDY9ecGDJK0IVRob21hcyBXb3V0ZXJzIDx0aG9tYXNAeHM0YWxsLm5sPokC +VwQTAQoAQQIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAIZARYhBHFpYF9ix1E1 +bQVKJqgh5oDl+mMFBQJg4GUBBQkVRkQLAAoJEKgh5oDl+mMFvwoP/R84ApRtRxMp +idzwUAJ/CDs5hVxoqsu4dpGUog6fEFzHdHmLeL/jW3D1Zm8KqytbBRhoMjtJABYw +qf6GMiEYw7t4JkthDeFKOAlQUDyCe3xU+QGzoBGJtUldZmlFT5RGhV5dCzvqqsLb +tRLv8igzmPM4N4qXGOBi0+SLFb4SJIlZujYK63UX1pcbFjyp0V9C8SkloxeVLIAt +Bd3bCLJrEyf3foVXktfcjjHpS6vJDHmfkayV5wjKVqXCLFn9A8WRMMeDLlWV0fgw +R5LFnZu7UrbCHYeius+7lSwUeoFo7vIwmZkxKtvDz+Z0S2TgpfYpMhXwnFaSlYgR +cDmO5w7z19KRdMHIoI4rTxk6Q9c6oCFNw900kKRw5WB3JvyPOhHcyBVQBueJlhML +9jEduzy15n1glNPUW0/321o0VwOWXoGYSOohdDF2ccURkmHcT1+BXCbxPBHrG8tL +rinBoMlAm7ZXehb2HKam4YQqaJNVnk22gOFu4y0s1xXbPeg9ihINtP3sojvzkdSN +OMSQ5U15v2CUZP9eGo6LfbN8mLQgpPEJMuz/KBvso/0NUMPieLWWIWvCdC0tVbx1 +XudU5yJDbhR/s9G7GG9KVTcYT3SFvJPj7lkITr4QASQHlcfrdUMfCAv3GOgCR1bv +3yc4n6b9TgGNCzb31Kh/o30sf4Ip76FvtCRUaG9tYXMgV291dGVycyA8dHdvdXRl +cnNAZ29vZ2xlLmNvbT6JAlQEEwEKAD4CGwMFCwkIBwMFFQoJCAsFFgIDAQACHgEC +F4AWIQRxaWBfYsdRNW0FSiaoIeaA5fpjBQUCYOBlAQUJFUZECwAKCRCoIeaA5fpj +BTvxEACfyEt5rN5QGmVgahD/83l7lQpZUzLSq5MnIfRjCz50seh+oWsOuecayHZ7 +9IDVSkF2L2kE1rumcB7UKPez0kHVrTdh3mQIsfCzQZEMsWTDYotlZbrPPvT3lKGL ++O7fU321q9GVotJAssYcQFIK9F2p3jhN2coOzguikVlSc4nswnq2KRIJ4BpSJ3fk +1rWLr8oJxN2pSpskYtHdUyUxfZ+fOrMHLbW94JWsLYDad4wpr8etBneVAaUPfphh +bIwfhRXlHuTreDtwr3LJYKp1VjUjzGVVT2CXkS9LbJ7aM2BYa/1MJyHxkglu8O9L +IDGH2arlbtmBKMbCXPSX/42HsGpUgQYRwG4f+2CfPj4fNx5GK8LO/EJjaw2Qh542 +U0356RRVZquN6E6SS6Sndlf9sO4cKU/ptT8IsfWKKaLwvr0l71hgLRqqe3rSpTV5 +4cKpJfYIG+Qf4Do69etJLxjYUsyCqzuFocxZa0DGkqDQ+f1cD1bdg7Twso041NZG +6y9+E7kCf3jtKkiYAHBY902qZi8FvtI2tDAqwlfJjdiH5rUtYZALO3KGT+l9p3FT +YIdDD1iVC41CeF6loJk0gQZiNmJtyY1TTyNS5Chtr8fSV9yYuoB5XoYYpLu1NCks +4Cwva1tE45VhFrl8lPaM3EABOV+JeHYHX/DgooJRIwgpXCBmwbkCDQRVACJ2ARAA +4lpbW8WeDqyRFffqQzVUK6456CkM7Fd77n1FdY0KwNeAmULYeiQ1Kp2PDzxFOyoJ +Ne8aQazB7jPqGth0+JgFCOxGlnAtBP7DQl2MrYAL+AcKJ0c5dXc96ObZ6xtd01n9 +gAoouppJINaA2aEX8P6nhQGu9qNz8yMBC22w0MYJZ+38ZVeXGcBCS3AGggeROwNP +yNSZnW5TPVHi+Sea5bCE4eo5UYIAMqcToxieI3V4A2ciQV9nBERLF0bAadD1HEeC +b6wMg6h8z6VIRPitk45Dw73dy1yC6OvhkyGQ1yGuOPxwVnG3w0CLSUmMQeqyNAuf +mtN2yeoSMV74K9kOpkxCzzSulXGhEgCXWE7EXKC2g8i6M4BwYm3AaBGqeo+z7Din +ffWs8W2UvQUN6JTAdGVgNUfacYbP8YR7fOO1EczJ/FYGxq+JnDUFRpKNsDouw6Ze +RI1EiQT3FEKWI3meNmTPBmIcWLoYGNYdmaeb4pqHBb6SfV45H4QjTyIjNHiW/Lkp +uI7oNo/vIlNF8OQwyUFtknXIx57A0VSdI+vfz1crneg/bg0qzBz5SoYZ0XZUfvmY +LAoDZ0/KLaqZ1x1Z9wiLbe3iK6nE1mjmWf7rOfmWHuxH/gbChXMDDfOMwgOYFXNX +ImsNPWPX3XA2DrhFrlNWzA8kxi9hXJrgAfkRcx/84oUAEQEAAYkCPAQYAQoAJgIb +DBYhBHFpYF9ix1E1bQVKJqgh5oDl+mMFBQJg4GUPBQkVRkQZAAoJEKgh5oDl+mMF +hIcP/j3tJamzKpJGJAwcsoneFtYfmZnLA4UosffaPlsLGRVL1buyRuj2dFBr2WU4 +NAldYrQPK4T+ciSpfogJ9Dk8s1eUMhZi7gxKmeOHUDyefPXIp7v3PSG4xcnfXjyE +K9zC714qFsI9ERjTg7uaw6qmFv8Xht8O8TLGMgqDijQIgrH2oGd6tEdYyOOCOPQ7 +d6PBSm5Sw53LlCWlW5I9bc0NCjbnwWjh7Z9UXtLffzZyxgxggSw0vfg5PuhcprZ2 +Rd3MwzJmALI2BB7eWW1x+M0hXmtdqj7Opmajh+UMrFjLtAlEZfslJwzV9NkAFxDY +zRi2jvsmJx78vOPB1XhXgTvlEOvA7qEYDXFaZJHlBDmFU9JqytGZ6PtiQENuLHIe +4hO6aHbhJA4I9EqoG1U1COQAwrsHreV6+fpcFn4lXbu+gWPyUzKiQMQd9kI3EEia +yObUro21OFHS7z131kKbMec/oc2RfADCvEwY8oay7o0S9aTqvPSQODs8nYkbZchN +FoC+oF9n8pBMNzhYBsTk1OXleD1yMucsuywr5i0meyvu6oQ4+pdPYD6wh7JatJh0 +hayKy33GGsXd278J1Ek1p6MEFnGLc/zH+NZZLIU7Qn1oFU+gK4cVeaLX2g0/BLKc +Q/AEmYIwnecLr8A+Y4mZVwwsnSHtfELtoGSsawN26bzKbnRs +=J6BY +-----END PGP PUBLIC KEY BLOCK----- diff --git a/python312-rpmlintrc b/python312-rpmlintrc new file mode 100644 index 0000000..5b35f34 --- /dev/null +++ b/python312-rpmlintrc @@ -0,0 +1,3 @@ +addFilter("pem-certificate.*/usr/lib.*/python.*/test/*.pem") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/tests/*.c") +addFilter("devel-file-in-non-devel-package.*/usr/lib.*/python.*/test/*.cpp") diff --git a/python312.changes b/python312.changes new file mode 100644 index 0000000..91345ed --- /dev/null +++ b/python312.changes @@ -0,0 +1,5906 @@ +------------------------------------------------------------------- +Fri Jun 7 10:44:55 UTC 2024 - Matej Cepl + +- Update to 3.12.4: + - Security + - gh-118486: os.mkdir() on Windows now accepts mode of 0o700 + to restrict the new directory to the current user. This + fixes CVE-2024-4030 affecting tempfile.mkdtemp() in + scenarios where the base temporary directory is more + permissive than the default. + - gh-116741: Update bundled libexpat to 2.6.2 + - gh-117233: Detect BLAKE2, SHA3, Shake, & truncated SHA512 + support in the OpenSSL-ish libcrypto library at build + time. This allows hashlib to be used with libraries that do + not to support every algorithm that upstream OpenSSL does. + - Core and Builtins + - gh-119821: Fix execution of annotation scopes within + classes when globals is set to a non-dict. Patch by Jelle + Zijlstra. + - gh-118263: Speed up os.path.normpath() with a direct C + call. + - gh-119311: Fix bug where names are unexpectedly mangled in + the bases of generic classes. + - gh-119395: Fix bug where names appearing after a generic + class are mangled as if they are in the generic class. + - gh-118507: Fix os.path.isfile() on Windows for pipes. + - gh-119213: Non-builtin modules built with argument clinic + were crashing if used in a subinterpreter before the main + interpreter. The objects that were causing the problem by + leaking between interpreters carelessly have been fixed. + - gh-119011: Fixes type.__type_params__ to return an empty + tuple instead of a descriptor. + - gh-118997: Fix _Py_ClearImmortal() assertion: use + _Py_IsImmortal() to tolerate reference count lower than + _Py_IMMORTAL_REFCNT. Fix the assertion for the stable + ABI, when a C extension is built with Python 3.11 or + lower. Patch by Victor Stinner. + - gh-118513: Fix incorrect UnboundLocalError when two + comprehensions in the same function both reference the same + name, and in one comprehension the name is bound while in + the other it’s an implicit global. + - gh-118164: Break a loop between the Python implementation + of the decimal module and the Python code for integer + to string conversion. Also optimize integer to string + conversion for values in the range from 9_000 to 135_000 + decimal digits. + - gh-118272: Fix bug where generator.close does not free the + generator frame’s locals. + - gh-116767: Fix crash in compiler on ‘async with’ that has + many context managers. + - gh-117894: Prevent agen.aclose() objects being re-used + after .throw(). + - gh-117881: prevent concurrent access to an async generator + via athrow().throw() or asend().throw() + - gh-115874: Fixed a possible segfault during garbage + collection of _asyncio.FutureIter objects + - Library + - gh-119819: Fix regression to allow logging configuration + with multiprocessing queue types. + - gh-89727: Fix issue with shutil.rmtree() where a + RecursionError is raised on deep directory trees. + - gh-89727: Partially fix issue with shutil.rmtree() + where a RecursionError is raised on deep directory + trees. A recursion error is no longer raised when + rmtree.avoids_symlink_attacks is false. + - gh-119118: Fix performance regression in the tokenize + module by caching the line token attribute and calculating + the column offset more efficiently. + - gh-89727: Fix issue with os.fwalk() where a RecursionError + was raised on deep directory trees by adjusting the + implementation to be iterative instead of recursive. + - gh-113892: Now, the method sock_connect of + asyncio.ProactorEventLoop raises a ValueError if given + socket is not in non-blocking mode, as well as in other + loop implementations. + - gh-119174: Fix high DPI causes turtledemo(turtle-graphics + examples) windows blurry Patch by Wulian233 and Terry Jan + Reedy + - gh-118643: Fix an AttributeError in the email module + when re-fold a long address list. Also fix more cases of + incorrect encoding of the address separator in the address + list. + - gh-58933: Make pdb return to caller frame correctly when + f_trace of the caller frame is not set + - gh-118868: Fixed issue where kwargs were no longer passed + to the logging handler QueueHandler + - gh-118164: The Python implementation of the decimal + module could appear to hang in relatively small power + cases (like 2**117) if context precision was set to a + very high value. A different method to check for exactly + representable results is used now that doesn’t rely on + computing 10**precision (which could be effectively too + large to compute). + - gh-118404: Fix inspect.signature() for non-comparable + callables. + - gh-118314: Fix an edge case in binascii.a2b_base64() strict + mode, where excessive padding is not detected when no + padding is necessary. + - gh-118042: Fix an unraisable exception in + telnetlib.Telnet.__del__() when the __init__() method was + not called. + - gh-118221: Fix a bug where sqlite3.iterdump() could fail if + a custom row factory was used. Patch by Erlend Aasland. + - gh-118013: Fix regression introduced in gh-103193 that + meant that calling inspect.getattr_static() on an instance + would cause a strong reference to that instance’s class to + persist in an internal cache in the inspect module. This + caused unexpected memory consumption if the class was + dynamically created, the class held strong references to + other objects which took up a significant amount of memory, + and the cache contained the sole strong reference to the + class. The fix for the regression leads to a slowdown + in getattr_static(), but the function should still be + significantly faster than it was in Python 3.11. Patch by + Alex Waygood. + - gh-90848: Fixed unittest.mock.create_autospec() to + configure parent mock with keyword arguments. + - gh-118168: Fix incorrect argument substitution when + typing.Unpack is used with the builtin tuple. typing.Unpack + now raises TypeError when used with certain invalid + types. Patch by Jelle Zijlstra. + - gh-118033: Fix dataclasses.dataclass() not creating a + __weakref__ slot when subclassing typing.Generic. + - gh-117535: Do not try to get the source line for made up + file name “sys” in warnings. + - gh-114053: Fix erroneous NameError when calling + typing.get_type_hints() on a class that made use of PEP 695 + type parameters in a module that had from __future__ import + annotations at the top of the file. Patch by Alex Waygood. + - gh-117995: Don’t raise DeprecationWarning when a + sequence of parameters is used to bind indexed, nameless + placeholders. See also gh-100668. + - gh-80361: Fix TypeError in + email.message.Message.get_payload() when the charset is RFC + 2231 encoded. + - gh-86650: Fix IndexError when parse some emails with + invalid Message-ID (including one-off addresses generated + by Microsoft Outlook). + - gh-117691: Improve the error messages emitted by tarfile + deprecation warnings relating to PEP 706. If a filter + argument is not provided to extract() or extractall, the + deprecation warning now points to the line in the user’s + code where the relevant function was called. Patch by Alex + Waygood. + - gh-77102: site module now parses .pth file with UTF-8 + first, and locale encoding if UnicodeDecodeError + happened. It supported only locale encoding before. + - gh-117692: Fixes a bug when doctest.DocTestFinder was + failing on wrapped builtin_function_or_method. + - gh-117566: ipaddress.IPv6Address.is_loopback() will now + return True for IPv4-mapped loopback addresses, i.e. + addresses in the ::ffff:127.0.0.0/104 address space. + - gh-117503: Fix support of non-ASCII user names in bytes + paths in os.path.expanduser() on Posix. + - gh-117313: Only treat '\n', '\r' and '\r\n' as line + separators in re-folding the email messages. Preserve + control characters '\v', '\f', '\x1c', '\x1d' and '\x1e' + and Unicode line separators '\x85', '\u2028' and '\u2029' + as is. + - gh-113171: Fixed various false positives and false + negatives in + ipaddress.IPv4Address.is_private (see these docs for details) + ipaddress.IPv4Address.is_global + ipaddress.IPv6Address.is_private + ipaddress.IPv6Address.is_global + Also in the corresponding ipaddress.IPv4Network and + ipaddress.IPv6Network attributes. + - gh-103956: Fix lack of newline characters in trace module + output when line tracing is enabled but source code line + for current frame is not available. + - gh-92081: Fix missing spaces in email headers when the + spaces are mixed with encoded 8-bit characters. + - gh-103194: Prepare Tkinter for C API changes in Tcl 8.7/9.0 + to avoid _tkinter.Tcl_Obj being unexpectedly returned + instead of bool, str, bytearray, or int. + - gh-87106: Fixed handling in inspect.Signature.bind() of + keyword arguments having the same name as positional-only + arguments when a variadic keyword argument (e.g. **kwargs) + is present. + - bpo-45767: Fix integer conversion in os.major(), + os.minor(), and os.makedev(). Support device numbers larger + than 2**63-1. Support non-existent device number (NODEV). + - bpo-40943: Fix several IndexError when parse emails with + truncated Message-ID, address, routes, etc, e.g. example@. + - bpo-30988: Fix parsing of emails with invalid address + headers having a leading or trailing dot. Patch by tsufeki. + - gh-67693: Fix urllib.parse.urlunparse() and + urllib.parse.urlunsplit() for URIs with path starting with + multiple slashes and no authority. Based on patch by Ashwin + Ramaswami. + - bpo-15010: unittest.TestLoader.discover() now saves the + original value of unittest.TestLoader._top_level_dir and + restores it at the end of the call. + - Documentation + - gh-117928: The minimum Sphinx version required for the + documentation is now 6.2.1. + - gh-91565: Changes to documentation files and config + outputs to reflect the new location for reporting bugs - + i.e. GitHub rather than bugs.python.org. + - Tests + - gh-119050: regrtest test runner: Add XML support to the + refleak checker (-R option). Patch by Victor Stinner. + - IDLE + - bpo-34774: Use user-selected color theme for Help => IDLE + Doc. + - C API + - gh-119585: Fix crash when a thread state that was + created by PyGILState_Ensure() calls a destructor that + during PyThreadState_Clear() that calls back into + PyGILState_Ensure() and PyGILState_Release(). This + might occur when in the free-threaded build or when + using thread-local variables whose destructors call + PyGILState_Ensure(). + - gh-117534: Improve validation logic in the C implementation + of datetime.fromisoformat() to better handle invalid + years. Patch by Vlad Efanov. +- Updated patches: + - CVE-2023-6597-TempDir-cleaning-symlink.patch + - bpo-31046_ensurepip_honours_prefix.patch + - fix_configure_rst.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Mon Apr 15 10:31:32 UTC 2024 - Daniel Garcia + +- Add CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch to fix tests with + patched libexpat below 2.6.0 that doesn't update the version number, + just in 15.6. +- Drop libexpat260.patch, not needed anymore. This patch is merged + with the CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch to keep + working on 15.6. +- Add fix-test-recursion-limit-15.6.patch, gh#python/cpython#115083. + +------------------------------------------------------------------- +Wed Apr 10 14:41:07 UTC 2024 - Matej Cepl + +- Update to 3.12.3: + - Security + - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral + (CVE-2023-52425, bsc#1219559) by adding five new methods: + xml.etree.ElementTree.XMLParser.flush() + xml.etree.ElementTree.XMLPullParser.flush() + xml.parsers.expat.xmlparser.GetReparseDeferralEnabled() + xml.parsers.expat.xmlparser.SetReparseDeferralEnabled() + xml.sax.expatreader.ExpatParser.flush() + - gh-115399: Update bundled libexpat to 2.6.0 (bsc#1222075) + - gh-115243: Fix possible crashes in + collections.deque.index() when the deque is concurrently + modified. + - gh-114572: ssl.SSLContext.cert_store_stats() and + ssl.SSLContext.get_ca_certs() now correctly lock access to + the certificate store, when the ssl.SSLContext is shared + across multiple threads. + - Core and Builtins + - gh-109120: Added handle of incorrect star expressions, e.g + f(3, *). Patch by Grigoryev Semyon + - gh-99108: Updated the hashlib built-in HACL* project C code + from upstream that we use for many implementations when + they are not present via OpenSSL in a given build. This + also avoids the rare potential for a C symbol name one + definition rule linking issue. + - gh-116735: For INSTRUMENTED_CALL_FUNCTION_EX, set arg0 to + sys.monitoring.MISSING instead of None for CALL event. + - gh-113964: Starting new threads and process creation + through os.fork() are now only prevented once all + non-daemon threads exit. + - gh-116604: Respect the status of the garbage collector when + indirect calls are made via PyErr_CheckSignals() and the + evaluation breaker. Patch by Pablo Galindo + - gh-116626: Ensure INSTRUMENTED_CALL_FUNCTION_EX always + emits CALL + - gh-116296: Fix possible refleak in object.__reduce__() + internal error handling. + - gh-116034: Fix location of the error on a failed assertion. + - gh-115823: Properly calculate error ranges in the parser + when raising SyntaxError exceptions caused by invalid byte + sequences. Patch by Pablo Galindo + - gh-112087: For an empty reverse iterator for list will be + reduced to reversed(). Patch by Donghee Na. + - gh-115154: Fix a bug that was causing the + tokenize.untokenize() function to handle unicode named + literals incorrectly. Patch by Pablo Galindo + - gh-114828: Fix compilation crashes in uncommon code + examples using super() inside a comprehension in a class + body. + - gh-115011: Setters for members with an unsigned integer + type now support the same range of valid values for objects + that has a __index__() method as for int. + - gh-112215: Change the C recursion limits to more closely + reflect the underlying platform limits. + - gh-96497: Fix incorrect resolution of mangled class + variables used in assignment expressions in comprehensions. + - Library + - gh-117467: Preserve mailbox ownership when rewriting in + mailbox.mbox.flush(). Patch by Tony Mountifield. + - gh-117310: Fixed an unlikely early & extra Py_DECREF + triggered crash in ssl when creating a new _ssl._SSLContext + if CPython was built implausibly such that the + default cipher list is empty or the SSL library it + was linked against reports a failure from its C + SSL_CTX_set_cipher_list() API. + - gh-117178: Fix regression in lazy loading of + self-referential modules, introduced in gh-114781. + - gh-117084: Fix zipfile extraction for directory entries + with the name containing backslashes on Windows. + - gh-117110: Fix a bug that prevents subclasses of typing.Any + to be instantiated with arguments. Patch by Chris Fu. + - gh-90872: On Windows, subprocess.Popen.wait() no longer + calls WaitForSingleObject() with a negative timeout: pass 0 + ms if the timeout is negative. Patch by Victor Stinner. + - gh-116957: configparser: Don’t leave ConfigParser values + in an invalid state (stored as a list instead of a str) + after an earlier read raised DuplicateSectionError or + DuplicateOptionError. + - gh-90095: Ignore empty lines and comments in .pdbrc + - gh-116764: Restore support of None and other false values + in urllib.parse functions parse_qs() and parse_qsl(). Also, + they now raise a TypeError for non-zero integers and + non-empty sequences. + - gh-116811: In PathFinder.invalidate_caches, delegate to + MetadataPathFinder.invalidate_caches. + - gh-116600: Fix repr() for global Flag members. + - gh-116484: Change automatically generated + tkinter.Checkbutton widget names to avoid collisions with + automatically generated tkinter.ttk.Checkbutton widget + names within the same parent widget. + - gh-116401: Fix blocking os.fwalk() and shutil.rmtree() on + opening named pipe. + - gh-116143: Fix a race in pydoc _start_server, eliminating a + window in which _start_server can return a thread that is + “serving” but without a docserver set. + - gh-116325: typing: raise SyntaxError instead of + AttributeError on forward references as empty strings. + - gh-90535: Fix support of interval values > 1 in + logging.TimedRotatingFileHandler for when='MIDNIGHT' and + when='Wx'. + - gh-115978: Disable preadv(), readv(), pwritev(), and + writev() on WASI. + - Under wasmtime for WASI 0.2, these + functions don’t pass test_posix + (https://github.com/bytecodealliance/wasmtime/issues/7830). + - gh-88352: Fix the computation of the next rollover + time in the logging.TimedRotatingFileHandler handler. + computeRollover() now always returns a timestamp larger + than the specified time and works correctly during the DST + change. doRollover() no longer overwrite the already rolled + over file, saving from data loss when run at midnight or + during repeated time at the DST change. + - gh-87115: Set __main__.__spec__ to None when running a + script with pdb + - gh-76511: Fix UnicodeEncodeError in + email.Message.as_string() that results when a message + that claims to be in the ascii character set actually has + non-ascii characters. Non-ascii characters are now replaced + with the U+FFFD replacement character, like in the replace + error handler. + - gh-116040: [Enum] fix by-value calls when second value is + falsey; e.g. Cardinal(1, 0) + - gh-75988: Fixed unittest.mock.create_autospec() to pass + the call through to the wrapped object to return the real + result. + - gh-115881: Fix issue where ast.parse() would incorrectly + flag conditional context managers (such as with (x() if y + else z()): ...) as invalid syntax if feature_version=(3, + 8) was passed. This reverts changes to the grammar made as + part of gh-94949. + - gh-115886: Fix silent truncation of the + name with an embedded null character in + multiprocessing.shared_memory.SharedMemory. + - gh-115809: Improve algorithm for computing + which rolled-over log files to delete in + logging.TimedRotatingFileHandler. It is now reliable for + handlers without namer and with arbitrary deterministic + namer that leaves the datetime part in the file name + unmodified. + - gh-74668: urllib.parse functions parse_qs() and + parse_qsl() now support bytes arguments containing raw and + percent-encoded non-ASCII data. + - gh-67044: csv.writer() now always quotes or escapes '\r' + and '\n', regardless of lineterminator value. + - gh-115712: csv.writer() now quotes empty fields if + delimiter is a space and skipinitialspace is true and + raises exception if quoting is not possible. + - gh-112364: Fixed ast.unparse() to handle format_spec with + ", ' or \\. Patched by Frank Hoffmann. + - gh-111358: Fix a bug in + asyncio.BaseEventLoop.shutdown_default_executor() to ensure + the timeout passed to the coroutine behaves as expected. + - gh-115618: Fix improper decreasing the reference count for + None argument in property methods getter(), setter() and + deleter(). + - gh-115570: A DeprecationWarning is no longer omitted + on access to the __doc__ attributes of the deprecated + typing.io and typing.re pseudo-modules. + - gh-112006: Fix inspect.unwrap() for types with the + __wrapper__ data descriptor. + - gh-101293: Support callables with the __call__() method + and types with __new__() and __init__() methods set to + class methods, static methods, bound methods, partial + functions, and other types of methods and descriptors in + inspect.Signature.from_callable(). + - gh-115392: Fix a bug in doctest where incorrect line + numbers would be reported for decorated functions. + - gh-114563: Fix several format() bugs when using the C + implementation of Decimal: * memory leak in some rare + cases when using the z format option (coerce negative 0) * + incorrect output when applying the z format option to type + F (fixed-point with capital NAN / INF) * incorrect output + when applying the # format option (alternate form) + - gh-115197: urllib.request no longer resolves the hostname + before checking it against the system’s proxy bypass list + on macOS and Windows. + - gh-115165: Most exceptions are now ignored when attempting + to set the __orig_class__ attribute on objects returned + when calling typing generic aliases (including generic + aliases created using typing.Annotated). Previously only + AttributeError was ignored. Patch by Dave Shawley. + - gh-115133: Fix tests for XMLPullParser with Expat 2.6.0. + - gh-115059: io.BufferedRandom.read1() now flushes the + underlying write buffer. + - gh-79382: Trailing ** no longer allows to match files and + non-existing paths in recursive glob(). + - gh-114071: Support tuple subclasses using auto() for enum + member value. + - gh-114763: Protect modules loaded with + importlib.util.LazyLoader from race conditions when + multiple threads try to access attributes before the + loading is complete. + - gh-97959: Fix rendering class methods, bound methods, + method and function aliases in pydoc. Class methods + no longer have “method of builtins.type instance” + note. Corresponding notes are now added for class and + unbound methods. Method and function aliases now have + references to the module or the class where the origin + was defined if it differs from the current. Bound methods + are now listed in the static methods section. Methods of + builtin classes are now supported as well as methods of + Python classes. + - gh-112281: Allow creating union of types for + typing.Annotated with unhashable metadata. + - gh-111775: Fix + importlib.resources.simple.ResourceHandle.open() for text + mode, added missed stream argument. + - gh-90095: Make .pdbrc and -c work with any valid pdb + commands. + - gh-107155: Fix incorrect output of help(x) where x is a + lambda function, which has an __annotations__ dictionary + attribute with a "return" key. + - gh-105866: Fixed _get_slots bug which caused error when + defining dataclasses with slots and a weakref_slot. + - gh-60346: Fix ArgumentParser inconsistent with + parse_known_args. + - gh-100985: Update HTTPSConnection to consistently wrap IPv6 + Addresses when using a proxy. + - gh-100884: email: fix misfolding of comma in address-lists + over multiple lines in combination with unicode encoding. + - gh-95782: Fix io.BufferedReader.tell(), + io.BufferedReader.seek(), _pyio.BufferedReader.tell(), + io.BufferedRandom.tell(), io.BufferedRandom.seek() and + _pyio.BufferedRandom.tell() being able to return negative + offsets. + - gh-96310: Fix a traceback in argparse when all options in a + mutually exclusive group are suppressed. + - gh-93205: Fixed a bug in + logging.handlers.TimedRotatingFileHandler where multiple + rotating handler instances pointing to files with the same + name but different extensions would conflict and not delete + the correct files. + - bpo-44865: Add missing call to localization function in + argparse. + - bpo-43952: Fix multiprocessing.connection.Listener.accept() + to accept empty bytes as authkey. Not accepting empty bytes + as key causes it to hang indefinitely. + - bpo-42125: linecache: get module name from __spec__ if + available. This allows getting source code for the __main__ + module when a custom loader is used. + - gh-66543: Make mimetypes.guess_type() properly parsing + of URLs with only a host name, URLs containing fragment + or query, and filenames with only a UNC sharepoint on + Windows. Based on patch by Dong-hee Na. + - bpo-33775: Add ‘default’ and ‘version’ help text for + localization in argparse. + - Documentation + - gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under + “XML vulnerabilities”. + - gh-115233: Fix an example for LoggerAdapter in the Logging + Cookbook. + - Tests + - gh-83434: Disable JUnit XML output (--junit-xml=FILE + command line option) in regrtest when hunting for reference + leaks (-R option). Patch by Victor Stinner. + - gh-117187: Fix XML tests for vanilla Expat <2.6.0. + - gh-116333: Tests of TLS related things (error codes, etc) + were updated to be more lenient about specific error + message strings and behaviors as seen in the BoringSSL and + AWS-LC forks of OpenSSL. + - gh-115979: Update test_importlib so that it passes under + WASI SDK 21. + - gh-112536: Add –tsan to test.regrtest for running TSAN + tests in reasonable execution times. Patch by Donghee Na. + - gh-116307: Added import helper isolated_modules as + CleanImport does not remove modules imported during the + context. Use it in importlib.resources tests to avoid + leaving mod around to impede importlib.metadata tests. + - gh-115720: Leak tests (-R, --huntrleaks) now show a summary + of the number of leaks found in each iteration. + - gh-115122: Add --bisect option to regrtest test runner: + run failed tests with test.bisect_cmd to identify failing + tests. Patch by Victor Stinner. + - gh-115596: Fix ProgramPriorityTests in test_os permanently + changing the process priority. + - Build + - gh-116313: Get WASI builds to work under wasmtime 18 w/ + WASI 0.2/preview2 primitives. + - gh-116117: Backport libb2’s PR #42 to fix compiling CPython + on 32-bit Windows with clang-cl. + - gh-115167: Avoid vendoring vcruntime140_threads.dll when + building with Visual Studio 2022 version 17.8. + - gh-112536: Add support for thread sanitizer (TSAN) + - Windows + - gh-117267: Ensure DirEntry.stat().st_ctime behaves + consistently with os.stat() during the deprecation + period of st_ctime by containing the same value as + st_birthtime. After the deprecation period, st_ctime + will be the metadata change time (or unavailable through + DirEntry), and only st_birthtime will contain the creation + time. + - gh-116773: Fix instances of <_overlapped.Overlapped object + at 0xXXX> still has pending operation at deallocation, the + process may crash. + - gh-91227: Fix the asyncio ProactorEventLoop implementation + so that sending a datagram to an address that is not + listening does not prevent receiving any more datagrams. + - gh-115554: The installer now has more strict rules about + updating the Python Launcher for Windows. In general, most + users only have a single launcher installed and will see no + difference. When multiple launchers have been installed, + the option to install the launcher is disabled until all + but one have been removed. Downgrading the launcher (which + was never allowed) is now more obviously blocked. + - gh-115543: Python Launcher for Windows can now + detect Python 3.13 when installed from the Microsoft + Store, and will install Python 3.12 by default when + PYLAUNCHER_ALLOW_INSTALL is set. + - gh-115049: Fixes py.exe launcher failing when run as users + without user profiles. + - gh-115009: Update Windows installer to use SQLite 3.45.1. + - IDLE + - gh-88516: On macOS show a proxy icon in the title bar of + editor windows to match platform behaviour. + - Tools/Demos + - gh-113516: Don’t set LDSHARED when building for WASI. + - C API + - gh-117021: Fix integer overflow in PyLong_AsPid() on + non-Windows 64-bit platforms. + - gh-116869: Make the C API compatible with + -Werror=declaration-after-statement compiler flag + again. Patch by Victor Stinner. + +------------------------------------------------------------------- +Wed Mar 6 14:13:58 UTC 2024 - Pedro Monreal + +- Use the system-wide crypto-policies [bsc#1211301] + * Use the system default cipher list instead of hardcoded values + * Add the --with-ssl-default-suites=openssl configure option + +------------------------------------------------------------------- +Fri Feb 23 01:06:42 UTC 2024 - Matej Cepl + +- (bsc#1219666, CVE-2023-6597) Add + CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from + gh#python/cpython!99930) fixing symlink bug in cleanup of + tempfile.TemporaryDirectory. + +------------------------------------------------------------------- +Tue Feb 20 18:12:05 UTC 2024 - Matej Cepl + +- Switch to %%autopatch. Let’s try it as an experiment, and if we + need conditional patch, we should put condition inside of it. +- Remove double definition of /usr/bin/idle%%{version} in + %%files. + +------------------------------------------------------------------- +Thu Feb 15 10:29:07 UTC 2024 - Daniel Garcia + +- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser + with Expat 2.6.0, gh#python/cpython#115288 + +------------------------------------------------------------------- +Mon Feb 12 13:32:43 UTC 2024 - Matej Cepl + +- (bsc#1210638, CVE-2023-27043) Add + CVE-2023-27043-email-parsing-errors.patch, which rejects + malformed addresses in email.parseaddr() (gh#python/cpython!111116) + Detect email address parsing errors and return empty tuple to + indicate the parsing error (old API). Add an optional 'strict' + parameter to getaddresses() and parseaddr() functions. Patch by + Thomas Dwyer. + +------------------------------------------------------------------- +Thu Feb 8 07:08:51 UTC 2024 - Daniel Garcia + +- Update to 3.12.2: + - Security + - gh-113659: Skip .pth files with names starting with a dot or + hidden file attribute. + - Core and Builtins + - gh-114887: Changed socket type validation in + create_datagram_endpoint() to accept all non-stream sockets. + This fixes a regression in compatibility with raw sockets. + - gh-114388: Fix a RuntimeWarning emitted when assign an + integer-like value that is not an instance of int to an + attribute that corresponds to a C struct member of type T_UINT + and T_ULONG. Fix a double RuntimeWarning emitted when assign a + negative integer value to an attribute that corresponds to a C + struct member of type T_UINT. + - gh-113703: Fix a regression in the codeop module that was + causing it to incorrectly identify incomplete f-strings. Patch + by Pablo Galindo + - gh-89811: Check for a valid tp_version_tag before performing + bytecode specializations that rely on this value being usable. + - gh-113602: Fix an error that was causing the parser to try to + overwrite existing errors and crashing in the process. Patch by + Pablo Galindo + - gh-113297: Fix segfault in the compiler on with statement with + 19 context managers. + - gh-106905: Use per AST-parser state rather than global state to + track recursion depth within the AST parser to prevent potential + race condition due to simultaneous parsing. + - The issue primarily showed up in 3.11 by multithreaded users of + ast.parse(). In 3.12 a change to when garbage collection can be + triggered prevented the race condition from occurring. + - gh-112943: Correctly compute end column offsets for multiline + tokens in the tokenize module. Patch by Pablo Galindo + - gh-112716: Fix SystemError in the import statement and in + __reduce__() methods of builtin types when __builtins__ is not a + dict. + - gh-94606: Fix UnicodeEncodeError when + email.message.get_payload() reads a message with a Unicode + surrogate character and the message content is not well-formed + for surrogateescape encoding. Patch by Sidney Markowitz. + - Library + - gh-114965: Update bundled pip to 24.0 + - gh-114959: tarfile no longer ignores errors when trying to + extract a directory on top of a file. + - gh-109475: Fix support of explicit option value “–” in argparse + (e.g. --option=--). + - gh-110190: Fix ctypes structs with array on Windows ARM64 + platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by + Diego Russo + - gh-113280: Fix a leak of open socket in rare cases when error + occurred in ssl.SSLSocket creation. + - gh-77749: email.policy.EmailPolicy.fold() now always encodes + non-ASCII characters in headers if utf8 is false. + - gh-114492: Make the result of termios.tcgetattr() reproducible + on Alpine Linux. Previously it could leave a random garbage in + some fields. + - gh-113267: Revert changes in gh-106584 which made calls of + TestResult methods startTest() and stopTest() unbalanced. + - gh-75128: Ignore an OSError in + asyncio.BaseEventLoop.create_server() when IPv6 is available but + the interface cannot actually support it. + - gh-114257: Dismiss the FileNotFound error in + ctypes.util.find_library() and just return None on Linux. + - gh-114328: The tty.setcbreak() and new tty.cfmakecbreak() no + longer clears the terminal input ICRLF flag. This fixes a + regression introduced in 3.12 that no longer matched how OSes + define cbreak mode in their stty(1) manual pages. + - gh-101438: Avoid reference cycle in ElementTree.iterparse. The + iterator returned by ElementTree.iterparse may hold on to a file + descriptor. The reference cycle prevented prompt clean-up of the + file descriptor if the returned iterator was not exhausted. + - gh-104522: OSError raised when run a subprocess now only has + filename attribute set to cwd if the error was caused by a + failed attempt to change the current directory. + - gh-114149: Enum: correctly handle tuple subclasses in custom + __new__. + - gh-109534: Fix a reference leak in + asyncio.selector_events.BaseSelectorEventLoop when SSL + handshakes fail. Patch contributed by Jamie Phan. + - gh-114077: Fix possible OverflowError in + socket.socket.sendfile() when pass count larger than 2 GiB on + 32-bit platform. + - gh-114014: Fixed a bug in fractions.Fraction where an invalid + string using d in the decimals part creates a different error + compared to other invalid letters/characters. Patch by Jeremiah + Gabriel Pascual. + - gh-113951: Fix the behavior of tag_unbind() methods of + tkinter.Text and tkinter.Canvas classes with three arguments. + Previously, widget.tag_unbind(tag, sequence, funcid) destroyed + the current binding for sequence, leaving sequence unbound, and + deleted the funcid command. Now it removes only funcid from the + binding for sequence, keeping other commands, and deletes the + funcid command. It leaves sequence unbound only if funcid was + the last bound command. + - gh-113877: Fix tkinter method winfo_pathname() on 64-bit + Windows. + - gh-113661: unittest runner: Don’t exit 5 if tests were skipped. + The intention of exiting 5 was to detect issues where the test + suite wasn’t discovered at all. If we skipped tests, it was + correctly discovered. + - gh-113781: Silence unraisable AttributeError when warnings are + emitted during Python finalization. + - gh-112932: Restore the ability for zipfile to extractall from + zip files with a “/” directory entry in them as is commonly + added to zips by some wiki or bug tracker data exporters. + - gh-113594: Fix UnicodeEncodeError in email when re-fold lines + that contain unknown-8bit encoded part followed by + non-unknown-8bit encoded part. + - gh-113538: In asyncio.StreamReaderProtocol.connection_made(), + there is callback that logs an error if the task wrapping the + “connected callback” fails. This callback would itself fail if + the task was cancelled. Prevent this by checking whether the + task was cancelled first. If so, close the transport but don’t + log an error. + - gh-85567: Fix resource warnings for unclosed files in pickle and + pickletools command line interfaces. + - gh-101225: Increase the backlog for + multiprocessing.connection.Listener objects created by + multiprocessing.manager and multiprocessing.resource_sharer to + significantly reduce the risk of getting a connection refused + error when creating a multiprocessing.connection.Connection to + them. + - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends + webbrowser.open audit event. + - gh-113028: When a second reference to a string appears in the + input to pickle, and the Python implementation is in use, we are + guaranteed that a single copy gets pickled and a single object + is shared when reloaded. Previously, in protocol 0, when a + string contained certain characters (e.g. newline) it resulted + in duplicate objects. + - gh-113421: Fix multiprocessing logger for %(filename)s. + - gh-111784: Fix segfaults in the _elementtree module. Fix first + segfault during deallocation of _elementtree.XMLParser instances + by keeping strong reference to pyexpat module in module state + for capsule lifetime. Fix second segfault which happens in the + same deallocation process by keeping strong reference to + _elementtree module in XMLParser structure for _elementtree + module lifetime. + - gh-113407: Fix import of unittest.mock when CPython is built + without docstrings. + - gh-113320: Fix regression in Python 3.12 where Protocol classes + that were not marked as runtime-checkable would be unnecessarily + introspected, potentially causing exceptions to be raised if the + protocol had problematic members. Patch by Alex Waygood. + - gh-113358: Fix rendering tracebacks for exceptions with a broken + __getattr__. + - gh-113214: Fix an AttributeError during asyncio SSL protocol + aborts in SSL-over-SSL scenarios. + - gh-113246: Update bundled pip to 23.3.2. + - gh-113199: Make http.client.HTTPResponse.read1 and + http.client.HTTPResponse.readline close IO after reading all + data when content length is known. Patch by Illia Volochii. + - gh-113188: Fix shutil.copymode() and shutil.copystat() on + Windows. Previously they worked differenly if dst is a symbolic + link: they modified the permission bits of dst itself rather + than the file it points to if follow_symlinks is true or src is + not a symbolic link, and did not modify the permission bits if + follow_symlinks is false and src is a symbolic link. + - gh-61648: Detect line numbers of properties in doctests. + - gh-112559: signal.signal() and signal.getsignal() no longer call + repr on callable handlers. asyncio.run() and + asyncio.Runner.run() no longer call repr on the task results. + Patch by Yilei Yang. + - gh-110190: Fix ctypes structs with array on PPC64LE platform by + setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo. + - gh-79429: Ignore FileNotFoundError when remove a temporary + directory in the multiprocessing finalizer. + - gh-81194: Fix a crash in socket.if_indextoname() with specific + value (UINT_MAX). Fix an integer overflow in + socket.if_indextoname() on 64-bit non-Windows platforms. + - gh-112343: Improve handling of pdb convenience variables to + avoid replacing string contents. + - gh-111615: Fix a regression caused by a fix to gh-93162 whereby + you couldn’t configure a QueueHandler without specifying + handlers. + - gh-111049: Fix crash during garbage collection of the io.BytesIO + buffer object. + - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in + tkinter._test(). + - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now + raises BadZipFile when try to read an entry that overlaps with + other entry or central directory. + - gh-114440: On Windows, closing the connection writer when + cleaning up a broken multiprocessing.Queue queue is now done for + all queues, rather than only in concurrent.futures manager + thread. This can prevent a deadlock when a multiprocessing + worker process terminates without cleaning up. This completes + the backport of patches by Victor Stinner and Serhiy Storchaka. + - gh-38807: Fix race condition in trace. Instead of checking if a + directory exists and creating it, directly call os.makedirs() + with the kwarg exist_ok=True. + - gh-75705: Set unixfrom envelope in mailbox.mbox and + mailbox.MMDF. + - gh-106233: Fix stacklevel in InvalidTZPathWarning during + zoneinfo module import. + - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure + when the system endianness is the opposite of the classes. + - gh-104282: Fix null pointer dereference in + lzma._decode_filter_properties() due to improper handling of BCJ + filters with properties of zero length. Patch by Radislav + Chugunov. + - gh-102512: When os.fork() is called from a foreign thread (aka + _DummyThread), the type of the thread in a child process is + changed to _MainThread. Also changed its name and daemonic + status, it can be now joined. + - bpo-35928: io.TextIOWrapper now correctly handles the decoding + buffer after read() and write(). + - bpo-26791: shutil.move() now moves a symlink into a directory + when that directory is the target of the symlink. This provides + the same behavior as the mv shell command. The previous behavior + raised an exception. Patch by Jeffrey Kintscher. + - bpo-36959: Fix some error messages for invalid ISO format string + combinations in strptime() that referred to directives not + contained in the format string. Patch by Gordon P. Hemsley. + - bpo-18060: Fixed a class inheritance issue that can cause + segfaults when deriving two or more levels of subclasses from a + base class of Structure or Union. + - Documentation + - gh-110746: Improved markup for valid options/values for methods + ttk.treeview.column and ttk.treeview.heading, and for Layouts. + - gh-95649: Document that the asyncio module contains code taken + from v0.16.0 of the uvloop project, as well as the required MIT + licensing information. + - Tests + - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS, + where system tar can include more information in the archive + than shutil.make_archive. + - gh-105089: Fix + test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write + test in AIX by doing a bitwise AND of 0xFFFF on mode , so that + it will be in sync with zinfo.external_attr + - bpo-40648: Test modes that file can get with chmod() on Windows. + - Build + - gh-112305: Fixed the check-clean-src step performed on out of + tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h + files and recommend appropriate source tree cleanup steps to get + a working build again. + - gh-112867: Fix the build for the case that + WITH_PYMALLOC_RADIX_TREE=0 set. + - bpo-11102: The os.major(), os.makedev(), and os.minor() + functions are now available on HP-UX v3. + - bpo-36351: Do not set ipv6type when cross-compiling. + - IDLE + - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and + ‘object’. + - gh-72284: Improve the lists of features, editor key bindings, + and shell key bingings in the IDLE doc. + - gh-113903: Fix rare failure of test.test_idle, in + test_configdialog. + - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and + 3.12.1. + - gh-113269: Fix test_editor hang on macOS Catalina. + - gh-112898: Fix processing unsaved files when quitting IDLE on + macOS. + - gh-103820: Revise IDLE bindings so that events from mouse button + 4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not + mistaken for scrolling. + - bpo-13586: Enter the selected text when opening the “Replace” + dialog. + - Tools/Demos + - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and + multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1. + - gh-115015: Fix a bug in Argument Clinic that generated incorrect + code for methods with no parameters that use the METH_METHOD | + METH_FASTCALL | METH_KEYWORDS calling convention. Only the + positional parameter count was checked; any keyword argument + passed would be silently accepted. + +- Refresh patches: + - bpo-31046_ensurepip_honours_prefix.patch + - fix_configure_rst.patch + - no-skipif-doctests.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-localpath.patch + - python-3.3.0b1-test-posix_fadvise.patch + - skip-test_pyobject_freed_is_freed.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Fri Dec 15 09:51:22 UTC 2023 - Daniel Garcia + +- Update patch fix_configure_rst.patch +- Update to 3.12.1 (CVE-2023-6507, bsc#1217939): + - Core and Builtins + - gh-112125: Fix None.__ne__(None) returning NotImplemented + instead of False + - gh-112625: Fixes a bug where a bytearray object could be + cleared while iterating over an argument in the + bytearray.join() method that could result in reading memory + after it was freed. + - gh-105967: Workaround a bug in Apple’s macOS platform zlib + library where zlib.crc32() and binascii.crc32() could produce + incorrect results on multi-gigabyte inputs. Including when + using zipfile on zips containing large data. + - gh-112356: Stopped erroneously deleting a LOAD_NULL bytecode + instruction when optimized twice. + - gh-111058: Change coro.cr_frame/gen.gi_frame to return None + after the coroutine/generator has been closed. This fixes a bug + where getcoroutinestate() and getgeneratorstate() return the + wrong state for a closed coroutine/generator. + - gh-112388: Fix an error that was causing the parser to try to + overwrite tokenizer errors. Patch by pablo Galindo + - gh-112387: Fix error positions for decoded strings with + backwards tokenize errors. Patch by Pablo Galindo + - gh-112367: Avoid undefined behaviour when using the perf + trampolines by not freeing the code arenas until shutdown. + Patch by Pablo Galindo + - gh-112243: Don’t include comments in f-string debug + expressions. Patch by Pablo Galindo + - gh-112266: Change docstrings of __dict__ and __weakref__. + - gh-111654: Fix runtime crash when some error happens in opcode + LOAD_FROM_DICT_OR_DEREF. + - gh-109181: Speed up Traceback object creation by lazily compute + the line number. Patch by Pablo Galindo + - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 + codecs read out of bounds + - gh-111366: Fix an issue in the codeop that was causing + SyntaxError exceptions raised in the presence of invalid syntax + to not contain precise error messages. Patch by Pablo Galindo + - gh-111380: Fix a bug that was causing SyntaxWarning to appear + twice when parsing if invalid syntax is encountered later. + Patch by Pablo galindo + - gh-94438: Fix a regression that prevented jumping across is + None and is not None when debugging. Patch by Savannah + Ostrowski. + - gh-110938: Fix error messages for indented blocks with + functions and classes with generic type parameters. Patch by + Pablo Galindo + - gh-109894: Fixed crash due to improperly initialized static + MemoryError in subinterpreter. + - gh-110782: Fix crash when typing.TypeVar is constructed with a + keyword argument. Patch by Jelle Zijlstra. + - gh-110696: Fix incorrect error message for invalid argument + unpacking. Patch by Pablo Galindo + - gh-110543: Fix regression in Python 3.12 where + types.CodeType.replace() would produce a broken code object if + called on a module or class code object that contains a + comprehension. Patch by Jelle Zijlstra. + - gh-110514: Add PY_THROW to sys.setprofile() events + - gh-110455: Guard assert(tstate->thread_id > 0) with #ifndef + HAVE_PTHREAD_STUBS. This allows for for pydebug builds to work + under WASI which (currently) lacks thread support. + - gh-110259: Correctly identify the format spec in f-strings + (with single or triple quotes) that have multiple lines in the + expression part and include a formatting spec. Patch by Pablo + Galindo + - gh-110237: Fix missing error checks for calls to PyList_Append + in _PyEval_MatchClass. + - gh-109889: Fix the compiler’s redundant NOP detection algorithm + to skip over NOPs with no line number when looking for the next + instruction’s lineno. + - gh-109853: sys.path[0] is now set correctly for + subinterpreters. + - gh-105716: Subinterpreters now correctly handle the case where + they have threads running in the background. Before, such + threads would interfere with cleaning up and destroying them, + as well as prevent running another script. + - gh-109793: The main thread no longer exits prematurely when a + subinterpreter is cleaned up during runtime finalization. The + bug was a problem particularly because, when triggered, the + Python process would always return with a 0 exitcode, even if + it failed. + - gh-109596: Fix some tokens in the grammar that were incorrectly + marked as soft keywords. Also fix some repeated rule names and + ensure that repeated rules are not allowed. Patch by Pablo + Galindo + - gh-109351: Fix crash when compiling an invalid AST involving a + named (walrus) expression. + - gh-109216: Fix possible memory leak in BUILD_MAP. + - gh-109207: Fix a SystemError in __repr__ of symtable entry + object. + - gh-109179: Fix bug where the C traceback display drops notes + from SyntaxError. + - gh-109052: Use the base opcode when comparing code objects to + avoid interference from instrumentation + - gh-88943: Improve syntax error for non-ASCII character that + follows a numerical literal. It now points on the invalid + non-ASCII character, not on the valid numerical literal. + - gh-106931: Statically allocated string objects are now interned + globally instead of per-interpreter. This fixes a situation + where such a string would only be interned in a single + interpreter. Normal string objects are unaffected. + + - Library + - gh-79325: Fix an infinite recursion error in + tempfile.TemporaryDirectory() cleanup on Windows. + - gh-112645: Remove deprecation error on passing onerror to + shutil.rmtree(). + - gh-112618: Fix a caching bug relating to typing.Annotated. + Annotated[str, True] is no longer identical to Annotated[str, + 1]. + - gh-112334: Fixed a performance regression in 3.12’s subprocess + on Linux where it would no longer use the fast-path vfork() + system call when it should have due to a logic bug, instead + always falling back to the safe but slower fork(). + - Also fixed a related 3.12 security regression: If a value of + extra_groups=[] was passed to subprocess.Popen or related APIs, + the underlying setgroups(0, NULL) system call to clear the + groups list would not be made in the child process prior to + exec(). This has been assigned CVE-2023-6507. + - This was identified via code inspection in the process of fixing + the first bug. + - gh-110190: Fix ctypes structs with array on Arm platform by + setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo. + - gh-112578: Fix a spurious RuntimeWarning when executing the + zipfile module. + - gh-112509: Fix edge cases that could cause a key to be present + in both the __required_keys__ and __optional_keys__ attributes + of a typing.TypedDict. Patch by Jelle Zijlstra. + - gh-112414: Fix regression in Python 3.12 where calling repr() on + a module that had been imported using a custom loader could fail + with AttributeError. Patch by Alex Waygood. + - gh-112358: Revert change to struct.Struct initialization that + broke some cases of subclassing. + - gh-94722: Fix bug where comparison between instances of DocTest + fails if one of them has None as its lineno. + - gh-112105: Make readline.set_completer_delims() work with + libedit + - gh-111942: Fix SystemError in the TextIOWrapper constructor with + non-encodable “errors” argument in non-debug mode. + - gh-109538: Issue warning message instead of having RuntimeError + be displayed when event loop has already been closed at + StreamWriter.__del__(). + - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when + pass invalid arguments, e.g. non-string encoding. + - gh-111460: curses: restore wide character support (including + curses.unget_wch() and get_wch()) on macOS, which was + unavailable due to a regression in Python 3.12. + - gh-103791: contextlib.suppress now supports suppressing + exceptions raised as part of a BaseExceptionGroup, in addition + to the recent support for ExceptionGroup. + - gh-111804: Remove posix.fallocate() under WASI as the underlying + posix_fallocate() is not available in WASI preview2. + - gh-111841: Fix truncating arguments on an embedded null + character in os.putenv() and os.unsetenv() on Windows. + - gh-111541: Fix doctest for SyntaxError not-builtin subclasses. + - gh-110894: Call loop exception handler for exceptions in + client_connected_cb of asyncio.start_server() so that + applications can handle it. Patch by Kumar Aditya. + - gh-111531: Fix reference leaks in bind_class() and bind_all() + methods of tkinter widgets. + - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and + io.IncrementalNewlineDecoder to io.__all__. + - gh-111342: Fixed typo in math.sumprod(). + - gh-68166: Remove mention of not supported “vsapi” element type + in tkinter.ttk.Style.element_create(). Add tests for + element_create() and other ttk.Style methods. Add examples for + element_create() in the documentation. + - gh-75666: Fix the behavior of tkinter widget’s unbind() method + with two arguments. Previously, widget.unbind(sequence, funcid) + destroyed the current binding for sequence, leaving sequence + unbound, and deleted the funcid command. Now it removes only + funcid from the binding for sequence, keeping other commands, + and deletes the funcid command. It leaves sequence unbound only + if funcid was the last bound command. + - gh-79033: Another attempt at fixing + asyncio.Server.wait_closed(). It now blocks until both + conditions are true: the server is closed, and there are no more + active connections. (This means that in some cases where in + 3.12.0 this function would incorrectly have returned + immediately, it will now block; in particular, when there are no + active connections but the server hasn’t been closed yet.) + - gh-111295: Fix time not checking for errors when initializing. + - gh-111253: Add error checking during _socket module init. + - gh-111251: Fix _blake2 not checking for errors when + initializing. + - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly + for empty BytesIO. + - gh-111187: Postpone removal version for + locale.getdefaultlocale() to Python 3.15. + - gh-111159: Fix doctest output comparison for exceptions with + notes. + - gh-110910: Fix invalid state handling in asyncio.TaskGroup and + asyncio.Timeout. They now raise proper RuntimeError if they are + improperly used and are left in consistent state after this. + - gh-111092: Make turtledemo run without default root enabled. + - gh-110488: Fix a couple of issues in + pathlib.PurePath.with_name(): a single dot was incorrectly + considered a valid name, and in PureWindowsPath, a name with an + NTFS alternate data stream, like a:b, was incorrectly considered + invalid. + - gh-110392: Fix tty.setraw() and tty.setcbreak(): previously they + returned partially modified list of the original tty attributes. + tty.cfmakeraw() and tty.cfmakecbreak() now make a copy of the + list of special characters before modifying it. + - gh-110590: Fix a bug in _sre.compile() where TypeError would be + overwritten by OverflowError when the code argument was a list + of non-ints. + - gh-65052: Prevent pdb from crashing when trying to display + undisplayable objects + - gh-110519: Deprecation warning about non-integer number in + gettext now alwais refers to the line in the user code where + gettext function or method is used. Previously it could refer to + a line in gettext code. + - gh-110395: Ensure that select.kqueue() objects correctly appear + as closed in forked children, to prevent operations on an + invalid file descriptor. + - gh-110378: contextmanager() and asynccontextmanager() context + managers now close an invalid underlying generator object that + yields more then one value. + - gh-110365: Fix termios.tcsetattr() bug that was overwritting + existing errors during parsing integers from term list. + - gh-109653: Fix a Python 3.12 regression in the import time of + random. Patch by Alex Waygood. + - gh-110196: Add __reduce__ method to IPv6Address in order to keep + scope_id + - gh-110036: On Windows, multiprocessing Popen.terminate() now + catchs PermissionError and get the process exit code. If the + process is still running, raise again the PermissionError. + Otherwise, the process terminated as expected: store its exit + code. Patch by Victor Stinner. + - gh-110038: Fixed an issue that caused KqueueSelector.select() to + not return all the ready events in some cases when a file + descriptor is registered for both read and write. + - gh-109631: re functions such as re.findall(), re.split(), + re.search() and re.sub() which perform short repeated matches + can now be interrupted by user. + - gh-109747: Improve errors for unsupported look-behind patterns. + Now re.error is raised instead of OverflowError or RuntimeError + for too large width of look-behind pattern. + - gh-109818: Fix reprlib.recursive_repr() not copying + __type_params__ from decorated function. + - gh-109047: concurrent.futures: The executor manager thread now + catches exceptions when adding an item to the call queue. During + Python finalization, creating a new thread can now raise + RuntimeError. Catch the exception and call terminate_broken() in + this case. Patch by Victor Stinner. + - gh-109782: Ensure the signature of os.path.isdir() is identical + on all platforms. Patch by Amin Alaee. + - gh-109590: shutil.which() will prefer files with an extension in + PATHEXT if the given mode includes os.X_OK on win32. If no + PATHEXT match is found, a file without an extension in PATHEXT + can be returned. This change will have shutil.which() act more + similarly to previous behavior in Python 3.11. + - gh-109786: Fix possible reference leaks and crash when re-enter + the __next__() method of itertools.pairwise. + - gh-109593: Avoid deadlocking on a reentrant call to the + multiprocessing resource tracker. Such a reentrant call, though + unlikely, can happen if a GC pass invokes the finalizer for a + multiprocessing object such as SemLock. + - gh-109613: Fix os.stat() and os.DirEntry.stat(): check for + exceptions. Previously, on Python built in debug mode, these + functions could trigger a fatal Python error (and abort the + process) when a function succeeded with an exception set. Patch + by Victor Stinner. + - gh-109375: The pdb alias command now prevents registering + aliases without arguments. + - gh-107219: Fix a race condition in concurrent.futures. When a + process in the process pool was terminated abruptly (while the + future was running or pending), close the connection write end. + If the call queue is blocked on sending bytes to a worker + process, closing the connection write end interrupts the send, + so the queue can be closed. Patch by Victor Stinner. + - gh-50644: Attempts to pickle or create a shallow or deep copy of + codecs streams now raise a TypeError. Previously, copying failed + with a RecursionError, while pickling produced wrong results + that eventually caused unpickling to fail with a RecursionError. + - gh-108987: Fix _thread.start_new_thread() race condition. If a + thread is created during Python finalization, the newly spawned + thread now exits immediately instead of trying to access freed + memory and lead to a crash. Patch by Victor Stinner. + - gh-108791: Improved error handling in pdb command line + interface, making it produce more concise error messages. + - gh-105829: Fix concurrent.futures.ProcessPoolExecutor deadlock + - gh-106584: Fix exit code for unittest if all tests are skipped. + Patch by Egor Eliseev. + - gh-102956: Fix returning of empty byte strings after seek in + zipfile module + - gh-84867: unittest.TestLoader no longer loads test cases from + exact unittest.TestCase and unittest.FunctionTestCase classes. + - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, + which now no longer dereferences symlinks when working around + file system permission errors. + - gh-73561: Omit the interface scope from an IPv6 address when + used as Host header by http.client. + - gh-86826: zipinfo now supports the full range of values in the + TZ string determined by RFC 8536 and detects all invalid + formats. Both Python and C implementations now raise exceptions + of the same type on invalid data. + - bpo-43153: On Windows, tempfile.TemporaryDirectory previously + masked a PermissionError with NotADirectoryError during + directory cleanup. It now correctly raises PermissionError if + errors are not ignored. Patch by Andrei Kulakov and Ken Jin. + - bpo-35332: The shutil.rmtree() function now ignores errors when + calling os.close() when ignore_errors is True, and os.close() no + longer retried after error. + - bpo-41422: Fixed memory leaks of pickle.Pickler and + pickle.Unpickler involving cyclic references via the internal + memo mapping. + - bpo-40262: The ssl.SSLSocket.recv_into() method no longer + requires the buffer argument to implement __len__ and supports + buffers with arbitrary item size. + + - Documentation + - gh-111699: Relocate smtpd deprecation notice to its own section + rather than under locale in What’s New in Python 3.12 document + - gh-108826: dis module command-line interface is now mentioned in + documentation. Test- s + - gh-112769: The tests now correctly compare zlib version when + zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For + example zlib-ng defines the version as 1.3.0.zlib-ng. + - gh-110367: Make regrtest --verbose3 option compatible with + --huntrleaks -jN options. The ./python -m test -j1 -R 3:3 + --verbose3 command now works as expected. Patch by Victor + Stinner. + - gh-111165: Remove no longer used functions run_unittest() and + run_doctest() from the test.support module. + - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment + variable is defined: use the variable value as the random seed. + Patch by Victor Stinner. + - gh-110995: test_gdb: Fix detection of gdb built without Python + scripting support. Patch by Victor Stinner. + - gh-110918: Test case matching patterns specified by options + --match, --ignore, --matchfile and --ignorefile are now tested + in the order of specification, and the last match determines + whether the test case be run or ignored. + - gh-110647: Fix test_stress_modifying_handlers() of test_signal. + Patch by Victor Stinner. + - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make + distclean” instead of “make clean” in the copied source + directory to remove also the “python” program. Patch by Victor + Stinner. + - gh-110167: Fix a deadlock in test_socket when server fails with + a timeout but the client is still running in its thread. Don’t + hold a lock to call cleanup functions in doCleanups(). One of + the cleanup function waits until the client completes, whereas + the client could deadlock if it called addCleanup() in such + situation. Patch by Victor Stinner. + - gh-110388: Add tests for tty. + - gh-81002: Add tests for termios. + - gh-110267: Add tests for pickling and copying PyStructSequence + objects. Patched by Xuehai Pan. + - gh-110031: Skip test_threading tests using thread+fork if Python + is built with Address Sanitizer (ASAN). Patch by Victor Stinner. + - gh-110088: Fix test_asyncio timeouts: don’t measure the maximum + duration, a test should not measure a CI performance. Only + measure the minimum duration when a task has a timeout or delay. + Add CLOCK_RES to test_asyncio.utils. Patch by Victor Stinner. + - gh-109974: Fix race conditions in test_threading lock tests. + Wait until a condition is met rather than using time.sleep() + with a hardcoded number of seconds. Patch by Victor Stinner. + - gh-110033: Fix test_interprocess_signal() of test_signal. Make + sure that the subprocess.Popen object is deleted before the test + raising an exception in a signal handler. Otherwise, + Popen.__del__() can get the exception which is logged as + Exception ignored in: ... and the test fails. Patch by Victor + Stinner. + - gh-109594: Fix test_timeout() of + test_concurrent_futures.test_wait. Remove the future which may + or may not complete depending if it takes longer than the + timeout ot not. Keep the second future which does not complete + before wait() timeout. Patch by Victor Stinner. + - gh-109972: Split test_gdb.py file into a test_gdb package made + of multiple tests, so tests can now be run in parallel. Patch by + Victor Stinner. + - gh-103053: Skip test_freeze_simple_script() of + test_tools.test_freeze if Python is built with ./configure + --enable-optimizations, which means with Profile Guided + Optimization (PGO): it just makes the test too slow. The freeze + tool is tested by many other CIs with other (faster) compiler + flags. Patch by Victor Stinner. + - gh-109580: Skip test_perf_profiler if Python is built with ASAN, + MSAN or UBSAN sanitizer. Python does crash randomly in this test + on such build. Patch by Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-108927: Fixed order dependence in running tests in the same + process when a test that has submodules (e.g. test_importlib) + follows a test that imports its submodule (e.g. + test_importlib.util) and precedes a test (e.g. test_unittest or + test_compileall) that uses that submodule. + + - Build + - gh-112088: Add Tools/build/regen-configure.sh script to + regenerate the configure with an Ubuntu container image. The + quay.io/tiran/cpython_autoconf:271 container image + (tiran/cpython_autoconf) is no longer used. Patch by Victor + Stinner. + - gh-111046: For wasi-threads, memory is now exported to fix + compatibility issues with some wasm runtimes. + - gh-103053: “make check-clean-src” now also checks if the + “python” program is found in the source directory: fail with an + error if it does exist. Patch by Victor Stinner. + - gh-109191: Fix compile error when building with recent versions + of libedit. + + - IDLE + - bpo-35668: Add docstrings to the IDLE debugger module. Fix two + bugs: initialize Idb.botframe (should be in Bdb); in + Idb.in_rpc_code, check whether prev_frame is None before trying + to use it. Greatly expand test_debugger. + + - C API + - gh-106560: Fix redundant declarations in the public C API. + Declare PyBool_Type and PyLong_Type only once. Patch by Victor + Stinner. + - gh-112438: Fix support of format units “es”, “et”, “es#”, and + “et#” in nested tuples in PyArg_ParseTuple()-like functions. + - gh-109521: PyImport_GetImporter() now sets RuntimeError if it + fails to get sys.path_hooks or sys.path_importer_cache or they + are not list and dict correspondingly. Previously it could + return NULL without setting error in obscure cases, crash or + raise SystemError if these attributes have wrong type. + +------------------------------------------------------------------- +Thu Nov 16 10:02:18 UTC 2023 - Daniel Garcia + +- Remove F00251-change-user-install-location.patch, that patch breaks + the python-rpm-macros usage with multibuild + +------------------------------------------------------------------- +Mon Oct 2 17:15:53 UTC 2023 - Matej Cepl + +- Update to the final release of 3.12.0: + Python 3.12 is the latest stable release of the Python + programming language, with a mix of changes to the language and + the standard library. The library changes focus on cleaning up + deprecated APIs, usability, and correctness. Of note, the + distutils package has been removed from the standard library. + Filesystem support in os and pathlib has seen a number of + improvements, and several modules have better performance. + The language changes focus on usability, as f-strings have had + many limitations removed and ‘Did you mean …’ suggestions + continue to improve. The new type parameter syntax and type + statement improve ergonomics for using generic types and type + aliases with static type checkers. + This article doesn’t attempt to provide a complete + specification of all new features, but instead gives + a convenient overview. For full details, you should refer to + the documentation, such as the Library Reference and Language + Reference. If you want to understand the complete + implementation and design rationale for a change, refer to the + PEP for a particular new feature; but note that PEPs usually + are not kept up-to-date once a feature has been fully + implemented. + - New syntax features: + - PEP 695, type parameter syntax and the type statement + - New grammar features: + - PEP 701, f-strings in the grammar + - Interpreter improvements: + - PEP 684, a unique per-interpreter GIL + - PEP 669, low impact monitoring + - Improved ‘Did you mean …’ suggestions for NameError, + ImportError, and SyntaxError exceptions + - Python data model improvements: + - PEP 688, using the buffer protocol from Python + - Significant improvements in the standard library: + - The pathlib.Path class now supports subclassing + - The os module received several improvements for Windows + support + - A command-line interface has been added to the sqlite3 + module + - isinstance() checks against runtime-checkable protocols + enjoy a speed up of between two and 20 times + - The asyncio package has had a number of performance + improvements, with some benchmarks showing a 75% speed + up. + - A command-line interface has been added to the uuid + module + - Due to the changes in PEP 701, producing tokens via the + tokenize module is up to up to 64% faster. + - Security improvements: + - Replace the builtin hashlib implementations of SHA1, + SHA3, SHA2-384, SHA2-512, and MD5 with formally verified + code from the HACL* project. These builtin + implementations remain as fallbacks that are only used + when OpenSSL does not provide them. + - C API improvements: + - PEP 697, unstable C API tier + - PEP 683, immortal objects + - CPython implementation improvements: + - PEP 709, comprehension inlining + - CPython support for the Linux perf profiler + - Implement stack overflow protection on supported + platforms + - New typing features: + - PEP 692, using TypedDict to annotate **kwargs + - PEP 698, typing.override() decorator + - Important deprecations, removals or restrictions: + - PEP 623: Remove wstr from Unicode objects in Python’s + C API, reducing the size of every str object by at least + 8 bytes. + - PEP 632: Remove the distutils package. See the migration + guide for advice replacing the APIs it provided. The + third-party Setuptools package continues to provide + distutils, if you still require it in Python 3.12 and + beyond. + - gh-95299: Do not pre-install setuptools in virtual + environments created with venv. This means that + distutils, setuptools, pkg_resources, and easy_install + will no longer available by default; to access these run + pip install setuptools in the activated virtual + environment. + - The asynchat, asyncore, and imp modules have been + removed, along with several unittest.TestCase method + aliases. +- Refresh bluez-devel-vendor.tar.xz from bluez-devel 5.69-1.1. + +------------------------------------------------------------------- +Wed Sep 20 07:14:17 UTC 2023 - Daniel Garcia + +- Update to 3.12.0rc3: + - Core and Builtins + - gh-109496: On a Python built in debug mode, Py_DECREF() now + calls _Py_NegativeRefcount() if the object is a dangling pointer + to deallocated memory: memory filled with 0xDD “dead byte” by + the debug hook on memory allocators. The fix is to check the + reference count before checking for _Py_IsImmortal(). Patch by + Victor Stinner. + - gh-109371: Deopted instructions correctly for tool + initialization and modified the incorrect assertion in + instrumentation, when a previous tool already sets INSTRUCTION + events + - gh-105658: Fix bug where the line trace of an except block + ending with a conditional includes an excess event with the line + of the conditional expression. + - gh-109219: Fix compiling type param scopes that use a name which + is also free in an inner scope. + - gh-109341: Fix crash when compiling an invalid AST involving a + ast.TypeAlias. + - gh-109195: Fix source location for the LOAD_* instruction + preceding a LOAD_SUPER_ATTR to load the super global (or + shadowing variable) so that it encompasses only the name super + and not the following parentheses. + - gh-109118: Disallow nested scopes (lambdas, generator + expressions, and comprehensions) within PEP 695 annotation + scopes that are nested within classes. + - gh-109114: Relax the detection of the error message for invalid + lambdas inside f-strings to not search for arbitrary replacement + fields to avoid false positives. Patch by Pablo Galindo + - gh-109118: Fix interpreter crash when a NameError is raised + inside the type parameters of a generic class. + - gh-108976: Fix crash that occurs after de-instrumenting a code + object in a monitoring callback. + - gh-108732: Make iteration variables of module- and class-scoped + comprehensions visible to pdb and other tools that use + frame.f_locals again. + - gh-108959: Fix caret placement for error locations for subscript + and binary operations that involve non-semantic parentheses and + spaces. Patch by Pablo Galindo + - Library + - gh-108682: Enum: require names=() or type=... to create an empty + enum using the functional syntax. + - gh-108843: Fix an issue in ast.unparse() when unparsing + f-strings containing many quote types. + - Documentation + - gh-102823: Document the return type of x // y when x and y have + type float. + - Tests + - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a + longer key: FIPS mode requires at least of at least 112 bits. + The previous key was only 32 bits. Patch by Victor Stinner. + - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on + Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt” + command output to detect when gdb fails to retrieve the + traceback. For example, skip a test if Backtrace stopped: frame + did not save the PC is found. Patch by Victor Stinner. + - gh-109237: Fix test_site.test_underpth_basic() when the working + directory contains at least one non-ASCII character: encode the + ._pth file to UTF-8 and enable the UTF-8 Mode to use UTF-8 for + the child process stdout. Patch by Victor Stinner. + - gh-109230: Fix test_pyexpat.test_exception(): it can now be run + from a directory different than Python source code directory. + Before, the test failed in this case. Skip the test if + Modules/pyexpat.c source is not available. Skip also the test on + Python implementations other than CPython. Patch by Victor + Stinner. + - gh-109015: Fix test_asyncio, test_imaplib and test_socket tests + on FreeBSD if the TCP blackhole is enabled (sysctl + net.inet.tcp.blackhole). Skip the few tests which failed with + ETIMEDOUT which such non standard configuration. Currently, the + FreeBSD GCP image enables TCP and UDP blackhole (sysctl + net.inet.tcp.blackhole=2 and sysctl net.inet.udp.blackhole=1). + Patch by Victor Stinner. + - gh-91960: Skip test_gdb if gdb is unable to retrieve Python + frame objects: if a frame is . When Python is + built with “clang -Og”, gdb can fail to retrive the frame + parameter of _PyEval_EvalFrameDefault(). In this case, tests + like py_bt() are likely to fail. Without getting access to + Python frames, python-gdb.py is mostly clueless on retrieving + the Python traceback. Moreover, test_gdb is no longer skipped on + macOS if Python is built with Clang. Patch by Victor Stinner. + - gh-108962: Skip test_tempfile.test_flags() if chflags() fails + with “OSError: [Errno 45] Operation not supported” (ex: on + FreeBSD 13). Patch by Victor Stinner. + - gh-108851: Fix test_tomllib recursion tests for WASI buildbots: + reduce the recursion limit and compute the maximum nested + array/dict depending on the current available recursion limit. + Patch by Victor Stinner. + - gh-108851: Add get_recursion_available() and + get_recursion_depth() functions to the test.support module. + Patch by Victor Stinner. + - gh-108834: Add --fail-rerun option option to regrtest: if a test + failed when then passed when rerun in verbose mode, exit the + process with exit code 2 (error), instead of exit code 0 + (success). Patch by Victor Stinner. + - gh-108834: Rename regrtest --verbose2 option (-w) to --rerun. + Keep --verbose2 as a deprecated alias. Patch by Victor Stinner. + - gh-108834: When regrtest reruns failed tests in verbose mode + (./python -m test --rerun), tests are now rerun in fresh worker + processes rather than being executed in the main process. If a + test does crash or is killed by a timeout, the main process can + detect and handle the killed worker process. Tests are rerun in + parallel if the -jN option is used to run tests in parallel. + Patch by Victor Stinner. + - gh-103186: Suppress and assert expected RuntimeWarnings in + test_sys_settrace.py + - Build + - gh-108740: Fix a race condition in make regen-all. The + deepfreeze.c source and files generated by Argument Clinic are + now generated or updated before generating “global objects”. + Previously, some identifiers may miss depending on the order in + which these files were generated. Patch by Victor Stinner. +- Python 3.12.0 release candidate 2: + - Security + - gh-108310: Fixed an issue where instances of ssl.SSLSocket were + vulnerable to a bypass of the TLS handshake and included + protections (like certificate verification) and treating sent + unencrypted data as if it were post-handshake TLS encrypted + data. Security issue reported as CVE-2023-40217 by Aapo Oksman. + Patch by Gregory P. Smith. + - gh-107774: PEP 669 specifies that + sys.monitoring.register_callback will generate an audit event. + Pre-releases of Python 3.12 did not generate the audit event. + This is now fixed. + - Core and Builtins + - gh-108520: Fix + multiprocessing.synchronize.SemLock.__setstate__() to properly + initialize multiprocessing.synchronize.SemLock._is_fork_ctx. + This fixes a regression when passing a SemLock accross nested + processes. + - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to + multiprocessing.synchronize.SemLock._is_fork_ctx to avoid + exposing it as public API. + - gh-108654: Restore locals shadowed by an inlined comprehension + if the comprehension raises an exception. + - gh-108487: Change an assert that would cause a spurious crash in + a devious case that should only trigger deoptimization. + - gh-106176: Use a WeakValueDictionary to track the lists + containing the modules each thread is currently importing. This + helps avoid a reference leak from keeping the list around longer + than necessary. Weakrefs are used as GC can’t interrupt the + cleanup. + - gh-107901: Fix missing line number on JUMP_BACKWARD at the end + of a for loop. + - gh-108390: Raise an exception when setting a non-local event + (RAISE, EXCEPTION_HANDLED, etc.) in + sys.monitoring.set_local_events. + - Fixes crash when tracing in recursive calls to Python classes. + - gh-91051: Fix abort / segfault when using all eight type watcher + slots, on platforms where char is signed by default. + - gh-107724: In pre-release versions of 3.12, up to rc1, the + sys.monitoring callback function for the PY_THROW event was + missing the third, exception argument. That is now fixed. + - gh-107080: Trace refs builds (--with-trace-refs) were crashing + when used with isolated subinterpreters. The problematic global + state has been isolated to each interpreter. Other fixing the + crashes, this change does not affect users. + - gh-77377: Ensure that multiprocessing synchronization objects + created in a fork context are not sent to a different process + created in a spawn context. This changes a segfault into an + actionable RuntimeError in the parent process. + - Library + - gh-108469: ast.unparse() now supports new f-string syntax + introduced in Python 3.12. Note that the f-string quotes are + reselected for simplicity under the new syntax. (Patch by Steven + Sun) + - gh-108682: Enum: raise TypeError if super().__new__() is called + from a custom __new__. + - gh-108295: Fix crashes related to use of weakrefs on + typing.TypeVar. + - gh-64662: Fix support for virtual tables in + sqlite3.Connection.iterdump(). Patch by Aviv Palivoda. + - gh-108111: Fix a regression introduced in gh-101251 for 3.12, + resulting in an incorrect offset calculation in + gzip.GzipFile.seek(). + - gh-105736: Harmonized the pure Python version of OrderedDict + with the C version. Now, both versions set up their internal + state in __new__. Formerly, the pure Python version did the set + up in __init__. + - gh-108083: Fix bugs in the constructor of sqlite3.Connection and + sqlite3.Connection.close() where exceptions could be leaked. + Patch by Erlend E. Aasland. + - gh-107963: Fix multiprocessing.set_forkserver_preload() to check + the given list of modules names. Patch by Dong-hee Na. + - gh-106242: Fixes os.path.normpath() to handle embedded null + characters without truncating the path. + - gh-107913: Fix possible losses of errno and winerror values in + OSError exceptions if they were cleared or modified by the + cleanup code before creating the exception object. + - gh-107845: tarfile.data_filter() now takes the location of + symlinks into account when determining their target, so it will + no longer reject some valid tarballs with + LinkOutsideDestinationError. + - gh-107805: Fix signatures of module-level generated functions in + turtle. + - gh-107715: Fix doctest.DocTestFinder.find() in presence of class + names with special characters. Patch by Gertjan van Zwieten. + - gh-100814: Passing a callable object as an option value to a + Tkinter image now raises the expected TclError instead of an + AttributeError. + - gh-106684: Close asyncio.StreamWriter when it is not closed by + application leading to memory leaks. Patch by Kumar Aditya. + - gh-107396: tarfiles; Fixed use before assignment of + self.exception for gzip decompression + - gh-106052: re module: fix the matching of possessive quantifiers + in the case of a subpattern containing backtracking. + - gh-100061: Fix a bug that causes wrong matches for regular + expressions with possessive qualifier. + - gh-99203: Restore following CPython <= 3.10.5 behavior of + shutil.make_archive(): do not create an empty archive if + root_dir is not a directory, and, in that case, raise + FileNotFoundError or NotADirectoryError regardless of format + choice. Beyond the brought-back behavior, the function may now + also raise these exceptions in dry_run mode. + - Documentation + - gh-105052: Update timeit doc to specify that time in seconds is just the default. + - Tests + - gh-89392: Removed support of test_main() function in tests. They + now always use normal unittest test runner. + - gh-108388: Convert test_concurrent_futures to a package of 7 + sub-tests. Patch by Victor Stinner. + - gh-108388: Split test_multiprocessing_fork, + test_multiprocessing_forkserver and test_multiprocessing_spawn + into test packages. Each package is made of 4 sub-tests: + processes, threads, manager and misc. It allows running more + tests in parallel and so reduce the total test duration. Patch + by Victor Stinner. + - gh-105776: Fix test_cppext when the C compiler command -std=c11 + option: remove -std= options from the compiler command. Patch by + Victor Stinner. + - gh-107178: Add the C API test for functions in the Mapping + Protocol, the Sequence Protocol and some functions in the Object + Protocol. + - Build + - gh-63760: Fix Solaris build: no longer redefine the + gethostname() function. Solaris defines the function since 2005. + Patch by Victor Stinner, original patch by Jakub Kulík. + - gh-107814: When calling find_python.bat with -q it did not + properly silence the output of nuget. That is now fixed. + - Windows + - gh-107565: Update Windows build to use OpenSSL 3.0.10. + - gh-106242: Fixes realpath() to behave consistently when passed a + path containing an embedded null character on Windows. In strict + mode, it now raises OSError instead of the unexpected + ValueError, and in non-strict mode will make the path absolute. + - gh-106844: Fix integer overflow and truncating by the null + character in _winapi.LCMapStringEx() which affects + ntpath.normcase(). + - macOS + - gh-107565: Update macOS installer to use OpenSSL 3.0.10. + - Tools/Demos + - gh-107565: Update multissltests and GitHub CI workflows to use + OpenSSL 1.1.1v, 3.0.10, and 3.1.2. + - gh-95065: Argument Clinic now supports overriding automatically + generated signature by using directive @text_signature. + - C API + - gh-107916: C API functions PyErr_SetFromErrnoWithFilename(), + PyErr_SetExcFromWindowsErrWithFilename() and + PyErr_SetFromWindowsErrWithFilename() save now the error code + before calling PyUnicode_DecodeFSDefault(). + - gh-107915: Such C API functions as PyErr_SetString(), + PyErr_Format(), PyErr_SetFromErrnoWithFilename() and many others + no longer crash or ignore errors if it failed to format the + error message or decode the filename. Instead, they keep a + corresponding error. + - gh-107810: Improve DeprecationWarning for uses of PyType_Spec + with metaclasses that have custom tp_new. + +------------------------------------------------------------------- +Thu Aug 10 09:33:26 UTC 2023 - Dirk Müller + +- restrict PEP668 to ALP/Tumbleweed + +------------------------------------------------------------------- +Mon Aug 7 07:31:27 UTC 2023 - Daniel Garcia + +- Refresh all patches +- Drop Revert-gh105127-left-tests.patch, in upstream now +- Update to 3.12.0rc1: + - Reverted the :mod:`email.utils` security improvement change + released in 3.12beta4 that unintentionally caused + :mod:`email.utils.getaddresses` to fail to parse email addresses + with a comma in the quoted name field. See :gh:`106669`. + - Start initializing ob_digit during creation of + :c:type:`PyLongObject` objects. Patch by Illia Volochii. + - Increase C recursion limit for functions other than the main + interpreter from 800 to 1500. This should allow functions like + list.__repr__ and json.dumps to handle all the inputs that they + could prior to 3.12 + - Fix potential unaligned memory access on C APIs involving returned + sequences of char * pointers within the :mod:`grp` and + :mod:`socket` modules. These were revealed using a + -fsaniziter=alignment build on ARM macOS. Patch by Christopher + Chavez. + - Add the exception as the third argument to PY_UNIND callbacks in + sys.monitoring. This makes the PY_UNWIND callback consistent with + the other exception hanlding callbacks. + - Raise a ValueError when a monitoring callback funtion returns + DISABLE for events that cannot be disabled locally. + - Add a RERAISE event to sys.monitoring, which occurs when an + exception is reraised, either explicitly by a plain raise + statement, or implicitly in an except or finally block. + - Unsupported modules now always fail to be imported. + - Fix classmethod-style :func:`super` method calls (i.e., where the + second argument to :func:`super`, or the implied second argument + drawn from self/cls in the case of zero-arg super, is a type) when + the target of the call is not a classmethod. + - Python no longer crashes due an infrequent race when initialzing + per-interpreter interned strings. The crash would manifest when + the interpreter was finalized. + - Python no longer crashes due to an infrequent race in setting + Py_FileSystemDefaultEncoding and Py_FileSystemDefaultEncodeErrors + (both deprecated), when simultaneously initializing two isolated + subinterpreters. Now they are only set during runtime + initialization. + - Fix a segmentation fault caused by a use-after-free bug in + frame_dealloc when the trashcan delays the deallocation of a + PyFrameObject. + - No longer suppress arbitrary errors in the __annotations__ getter + and setter in the type and module types. + - Propagate frozen_modules to multiprocessing spawned process + interpreters. + - Prevent out-of-bounds memory access during mmap.find() calls. + - Seems that in some conditions, OpenSSL will return + SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification + verification has failed, but the error parameters will still + contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are + now detecting this situation and raising the appropiate + ssl.SSLCertVerificationError. Patch by Pablo Galindo + - Fix :func:`types.get_original_bases` to only return + :attr:`!__orig_bases__` if it is present on cls directly. Patch by + James Hilton-Balfe. + - Prevent memory leak and use-after-free when using pointers to + pointers with ctypes + - Make :func:`gettext.pgettext` search plural definitions when + translation is not found. + - Document behavior of :func:`shutil.disk_usage` for non-mounted + filesystems on Unix. + - Do not report MultipartInvariantViolationDefect defect when the + :class:`email.parser.Parser` class is used to parse emails with + headersonly=True. + - Fix invalid result from :meth:`PurePath.relative_to` method when + attempting to walk a ".." segment in other with walk_up enabled. A + :exc:`ValueError` exception is now raised in this case. + - Fix potential missing NULL check of d2i_SSL_SESSION result in + _ssl.c. + - Update the bundled copy of pip to version 23.2.1. + - Fixed several bugs in zipfile.Path, including: in Path.match`, + Windows separators are no longer honored (and never were meant to + be); Fixed ``name/suffix/suffixes/stem operations when no filename + is present and the Path is not at the root of the zipfile; + Reworked glob for performance and more correct matching behavior. + - Add __copy__ and __deepcopy__ in :mod:`enum` + - Revert a change to :func:`colorsys.rgb_to_hls` that caused + division by zero for certain almost-white inputs. Patch by Terry + Jan Reedy. + - Instances of :class:`typing.TypeVar`, :class:`typing.ParamSpec`, + :class:`typing.ParamSpecArgs`, :class:`typing.ParamSpecKwargs`, + and :class:`typing.TypeVarTuple` once again support weak + references, fixing a regression introduced in Python 3.12.0 beta + 1. Patch by Jelle Zijlstra. + - Detect possible memory allocation failure in the libtommath + function :c:func:`mp_init` used by the _tkinter module. + - Fix crash when calling repr with a manually constructed SignalDict + object. Patch by Charlie Zhao. + - Change the default return value of + :meth:`http.client.HTTPConnection.get_proxy_response_headers` to + be None and not {}. + - Ensure gettext(msg) retrieve translations even if a plural form + exists. In other words: gettext(msg) == ngettext(msg, '', 1). + - Add documentation for :c:type:`PyInterpreterConfig` and + :c:func:`Py_NewInterpreterFromConfig`. Also clarify some of the + nearby docs relative to per-interpreter GIL. + - Document the :mod:`curses` module variables :const:`~curses.LINES` + and :const:`~curses.COLS`. + - Add a number of standard external names to nitpick_ignore. + - Add documentation on how to localize the :mod:`argparse` module. + - test_logging: Fix test_udp_reconnection() by increasing the + timeout from 100 ms to 5 minutes (LONG_TIMEOUT). Patch by Victor + Stinner. + - test_capi: Fix test_no_FatalError_infinite_loop() to no longer + write a coredump, by using test.support.SuppressCrashReport. Patch + by Victor Stinner. + - Avoid creating a reference to the test object in + :meth:`~unittest.TestResult.collectedDurations`. + - Moved tests for zipfile.Path into Lib/test/test_zipfile/_path. + Made zipfile._path a package. + - Check for linux/limits.h before including it in + Modules/posixmodule.c. + - Detect MPI compilers in :file:`configure`. + - Add experimental wasi-threads support. Patch by Takashi Yamamoto. + - Update Windows build to use OpenSSL 3.0.9 + - Update macOS installer to use OpenSSL 3.0.9. + - Fix bugs in the Argument Clinic destination clear command; + the destination buffers would never be cleared, and the + destination directive parser would simply continue to the fault + handler after processing the command. Patch by Erlend E. Aasland. + - freeze now fetches CONFIG_ARGS from the original CPython instance + the Makefile uses to call utility scripts. Patch by Ijtaba + Hussain. + - :c:func:`PyModule_AddObjectRef` is now only available in the + limited API version 3.10 or later. + +------------------------------------------------------------------- +Fri Aug 4 06:37:41 UTC 2023 - Dirk Müller + +- add externally_managed.in to label this build as PEP-668 managed + +------------------------------------------------------------------- +Thu Aug 3 14:13:30 UTC 2023 - Matej Cepl + +- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! +- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) + partially reverting CVE-2023-27043-email-parsing-errors.patch, + because of the regression in gh#python/cpython#106669. + +------------------------------------------------------------------- +Tue Jul 11 22:20:22 UTC 2023 - Matej Cepl + +- Update to 3.12.0b4: + - gh-issue-102988: CVE-2023-27043 (bsc#1210638): Prevent + :func:`email.utils.parseaddr` and + :func:`email.utils.getaddresses` from returning the realname + portion of an invalid RFC2822 email header in the email + address portion of the 2-tuple returned after being parsed by + :class:`email._parseaddr.AddressList`. + - gh-issue-106396: When the format specification of an + f-string expression is empty, the parser now generates an + empty :class:`ast.JoinedStr` node for it instead of an + one-element :class:`ast.JoinedStr` with an empty string + :class:`ast.Constant`. + - gh-issue-106145: Make ``end_lineno`` and ``end_col_offset`` + required on ``type_param`` ast nodes. + - gh-issue-105979: Fix crash in :func:`!_imp.get_frozen_object` + due to improper exception handling. + - gh-issue-98931: Ensure custom :exc:`SyntaxError` error + messages are raised for invalid imports with multiple + targets. Patch by Pablo Galindo + - gh-issue-105908: Fixed bug where :gh:`99111` breaks future + import ``barry_as_FLUFL`` in the Python REPL. + - gh-issue-105340: Include the comprehension iteration + variable in ``locals()`` inside a module- or class-scope + comprehension. + - gh-issue-105486: Change the repr of ``ParamSpec`` list of + args in ``types.GenericAlias``. + - gh-issue-101006: Improve error handling when read + :mod:`marshal` data. + - gh-issue-106524: Fix crash in :func:`!_sre.template` with + templates containing invalid group indices. + - gh-issue-106510: Improve debug output for atomic groups in + regular expressions. + - gh-issue-106503: Fix ref cycle in + :class:`!asyncio._SelectorSocketTransport` by removing + ``_write_ready`` in ``close``. + - gh-issue-105497: Fix flag mask inversion when unnamed flags + exist. + - gh-issue-90876: Prevent :mod:`multiprocessing.spawn` from + failing to *import* in environments where ``sys.executable`` + is ``None``. This regressed in 3.11 with the addition of + support for path-like objects in multiprocessing. + - gh-issue-106292: Check for an instance-dict + cached value in the :meth:`__get__` method of + :func:`functools.cached_property`. This better matches the + pre-3.12 behavior and improves compatibility for users + subclassing :func:`functools.cached_property` and adding a + :meth:`__set__` method. + - gh-issue-106330: Fix incorrect matching of empty paths in + :meth:`pathlib.PurePath.match`. This bug was introduced in + Python 3.12.0 beta 1. + - gh-issue-102541: Make pydoc.doc catch bad module ImportError + when output stream is not None. + - gh-issue-106152: Added PY_THROW event hook for + :mod:`cProfile` for generators + - gh-issue-106075: Added `asyncio.taskgroups.__all__` to + `asyncio.__all__` for export in star imports. + - gh-issue-105987: Fix crash due to improper reference counting + in :mod:`asyncio` eager task factory internal routines. + - gh-issue-105974: Fix bug where a :class:`typing.Protocol` + class that had one or more non-callable members would + raise :exc:`TypeError` when :func:`issubclass` was called + against it, even if it defined a custom ``__subclasshook__`` + method. The behaviour in Python 3.11 and lower -- which has + now been restored -- was not to raise :exc:`TypeError` in + these situations if a custom ``__subclasshook__`` method was + defined. Patch by Alex Waygood. + - gh-issue-96145: Reverted addition of ``json.AttrDict``. + - gh-issue-105497: Fix flag inversion when alias/mask members + exist. + - gh-issue-104554: Add RTSPS scheme support in urllib.parse + - gh-issue-94777: Fix hanging :mod:`multiprocessing` + ``ProcessPoolExecutor`` when a child process crashes while + data is being written in the call queue. + - gh-issue-106232: Make timeit doc command lines compatible + with Windows by using double quotes for arguments. This + works on linux and macOS also. + - gh-issue-101634: When running the Python test suite with + ``-jN`` option, if a worker stdout cannot be decoded from + the locale encoding report a failed testn so the exitcode is + non-zero. Patch by Victor Stinner. + - gh-issue-106118: Fix compilation for platforms without + :data:`!O_CLOEXEC`. The issue was introduced with Python + 3.12b1 in :gh:`103295`. Patch by Erlend Aasland. + - gh-issue-104692: Include ``commoninstall`` as a prerequisite + for ``bininstall`` + This ensures that ``commoninstall`` is completed before + ``bininstall`` is started when parallel builds are used (``make + -j install``), and so the ``python3`` symlink is only installed + after all standard library modules are installed. + - gh-issue-106359: Argument Clinic now explicitly forbids + "kwarg splats" in function calls used as annotations. + - gh-issue-105227: The new :c:func:`PyType_GetDict` provides + the dictionary for the given type object that is normally + exposed by ``cls.__dict__``. Normally it's sufficient to + use :c:member:`~PyTypeObject.tp_dict`, but for the static + builtin types :c:member:`!tp_dict` is now always ``NULL``. + :c:func:`!PyType_GetDict()` provides the correct dict object + instead. + +------------------------------------------------------------------- +Wed Jun 28 19:59:03 UTC 2023 - Matej Cepl + +- Update to 3.12.0b3: + - gh-103142: The version of OpenSSL used in Windows and + Mac installers has been upgraded to 1.1.1u to address + CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464, + as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303 + fixed previously in 1.1.1t (gh-101727). + - gh-102153: urllib.parse.urlsplit() now strips leading C0 + control and space characters following the specification for + URLs defined by WHATWG in response to CVE-2023-24329. + - gh-99889: Fixed a security in flaw in uu.decode() that could + allow for directory traversal based on the input if no + out_file was specified. + - gh-104049: Do not expose the local on-disk + location in directory indexes produced by + http.client.SimpleHTTPRequestHandler. + - gh-103935: trace.__main__ now uses io.open_code() for files + to be executed instead of raw open(). + - gh-102953: The extraction methods in tarfile, and + shutil.unpack_archive(), have a new filter argument that + allows limiting tar features than may be surprising or + dangerous, such as creating files outside the destination + directory. See Extraction filters for details. +- Remove upstreamed patches: + - 00398-fix-stack-overwrite-on-32-bit-in-perf-map-test-harness-gh-104811-104823.patch + +------------------------------------------------------------------- +Thu Jun 1 11:42:58 UTC 2023 - Daniel Garcia + +- Add 00398-fix-stack-overwrite-on-32-bit-in-perf-map-test-harness-gh-104811-104823.patch + gh#python/cpython#104811 + +------------------------------------------------------------------- +Wed May 31 08:54:44 UTC 2023 - Daniel Garcia + +- Refresh all patches +- Update to 3.12.0b1: + Full changelog can be found here + https://docs.python.org/dev/whatsnew/changelog.html#python-3-12-0-beta-1 + +------------------------------------------------------------------- +Sun Apr 30 18:11:57 UTC 2023 - Matej Cepl + +- Why in the world we download from HTTP? + +------------------------------------------------------------------- +Thu Apr 27 16:59:09 UTC 2023 - Daniel Garcia + +- Ignore failing test test_freeze_simple_script, it fails because it + cannot import _sysconfigdata__linux_x86_64-linux-gnu that's not + present in the test environment, it fails without bundled libs. +- Remove non existing paths: + * %{sitedir}/tkinter/test + * %{sitedir}/sqlite3/test + * %{dynlib _curses_panel} + +------------------------------------------------------------------- +Wed Apr 26 10:55:38 UTC 2023 - Daniel Garcia + +- Update to 3.12.0a7: + Full changelog can be found here + https://docs.python.org/dev/whatsnew/changelog.html#python-3-12-0-alpha-7 + +------------------------------------------------------------------- +Mon Mar 27 15:10:19 UTC 2023 - Matej Cepl + +- Switch off obsoleting previous interpreters. + +------------------------------------------------------------------- +Sat Mar 25 22:02:04 UTC 2023 - Matej Cepl + +- Update to 3.12.0a6: + - Many new features for Python 3.12 are still being planned and + written. Among the new major new features and changes so far: + - Even more improved error messages. More exceptions + potentially caused by typos now make suggestions to the + user. + - Support for the Linux perf profiler to report Python + function names in traces. + - The deprecated wstr and wstr_length members of the C + implementation of unicode objects were removed, per PEP + 623. + - In the unittest module, a number of long deprecated methods + and classes were removed. (They had been deprecated since + Python 3.1 or 3.2). + - The deprecated smtpd and distutils modules have been + removed (see PEP 594 and PEP 632. The setuptools package + (installed by default in virtualenvs and many other places) + continues to provide the distutils module. + - A number of other old, broken and deprecated functions, + classes and methods have been removed. + - Invalid backslash escape sequences in strings now warn + with SyntaxWarning instead of DeprecationWarning, making + them more visible. (They will become syntax errors in the + future.) + - The internal representation of integers has changed in + preparation for performance enhancements. (This should not + affect most users as it is an internal detail, but it may + cause problems for Cython-generated code.) +- Add the refreshed version of + F00251-change-user-install-location.patch (updated from + Fedora), which works together with the installation schemes in + sysconfig. +- Remove distutils-reproducible-compile.patch, which is not + applicable anymore (because distutils was removed from the + standard library). +- Remove upstreamed support-expat-CVE-2022-25236-patched.patch + +------------------------------------------------------------------- +Fri Mar 3 17:23:35 UTC 2023 - Matej Cepl + +- Update to 3.11.2: + Bug fixes, no changes in API and no security bugs. + +------------------------------------------------------------------- +Wed Mar 1 20:50:04 UTC 2023 - Matej Cepl + +- Add python310 Obsoletes line to obsolete_python_versioned macro. + +------------------------------------------------------------------- +Tue Feb 21 11:34:49 UTC 2023 - Matej Cepl + +- Add provides for readline and sqlite3 to the main Python + package. + +------------------------------------------------------------------- +Thu Jan 26 13:28:24 UTC 2023 - Thorsten Kukuk + +- Disable NIS for new products, it's deprecated and gets removed + +------------------------------------------------------------------- +Tue Jan 24 12:23:34 UTC 2023 - Dirk Müller + +- build GLIBC hwcaps optimized versions of the interpreter + +------------------------------------------------------------------- +Tue Jan 10 11:11:56 UTC 2023 - Matej Cepl + +- Don't fail on Sphinx build warnings. +- For jsc#PED-1570, providing Python 3.11 for SLE-15-SP5. + +------------------------------------------------------------------- +Thu Dec 8 14:59:50 UTC 2022 - Matej Cepl + +- Update to 3.11.1: + - python -m http.server no longer allows terminal control + characters sent within a garbage request to be printed + to the stderr server lo This is done by changing the + http.server BaseHTTPRequestHandler .log_message method to + replace control characters with a \xHH hex escape before + printin + - Avoid publishing list of active per-interpreter audit hooks + via the gc module + - The IDNA codec decoder used on DNS hostnames by socket or + asyncio related name resolution functions no longer involves + a quadratic algorithm. This prevents a potential CPU denial + of service if an out-of-spec excessive length hostname + involving bidirectional characters were decoded. Some + protocols such as urllib http 3xx redirects potentially allow + for an attacker to supply such a name (CVE-2022-45061). + - Update bundled libexpat to 2.5.0 + - Fix a shell code injection vulnerability in the + get-remote-certificate.py example script. The script no + longer uses a shell to run openssl commands. Issue reported + and initial fix by Caleb Shortt. Patch by Victor Stinner. + - Fix a crash when an object which does not have a dictionary + frees its instance values. + - Fix a bug in the tokenizer that could cause infinite + recursion when showing syntax warnings that happen in the + first line of the source. Patch by Pablo Galindo + - Fix an issue that could cause frames to be visible to Python + code as they are being torn down, possibly leading to memory + corruption or hard crashes of the interpreter. + - Fix a reference bug in _imp.create_builtin() after the + creation of the first sub-interpreter for modules builtins + and sys. Patch by Victor Stinner. + - Fixed a bug that was causing a buffer overflow if the + tokenizer copies a line missing the newline caracter from a + file that is as long as the available tokenizer buffer. Patch + by Pablo galindo + - Fix bug where an ExceptionGroup subclass can wrap a + BaseException. + - Fix zip path for venv created from a non-installed python on + POSIX platforms. + - Fix an issue that could potentially cause incorrect error + handling for some bytecode instructions. + - Fix an issue that prevented PyThreadState and + PyInterpreterState memory from being freed properly. + - Fix failure in except* with unhashable exceptions. + - Fix calculation of sys._base_executable when inside a POSIX + virtual environment using copies of the python binary when + the base installation does not provide the executable name + used by the venv. Calculation will fall back to alternative + names (“python”, “python.”). + - Update faulthandler to emit an error message with the proper + unexpected signal number. Patch by Dong-hee Na. + - Fix location of SyntaxError for a try block with both except + and except*. + - Fix the error reporting positions of specialized traceback + anchors when the source line contains Unicode characters. + - Fix subscription of type aliases containing bare generic + types or types like TypeVar: for example tuple[A, T][int] and + tuple[TypeVar, T][int], where A is a generic type, and T is a + type variable. + - Lower the recursion depth for marshal on WASI to support + wasmtime 2.0/main. + - Fix multiple crashes in debug mode when str subclasses are + used instead of str itself. + - Fix an issue where member descriptors (such as those for + __slots__) could behave incorrectly or crash instead of + raising a TypeError when accessed via an instance of an + invalid type. + - Suppress ImportError for invalid query for help() + command. Patch by Dong-hee Na. + - Fix detection of MAC addresses for uuid on certain OSs. Patch + by Chaim Sanders + - Print exception class name instead of its string + representation when raising errors from ctypes calls. + - os.sched_yield() now release the GIL while calling + sched_yield(2). Patch by Dong-hee Na. + - Fix an issue that could delay the specialization of PRECALL + instructions. + - Bugfix: PyFunction_GetAnnotations() should return a borrowed + reference. It was returning a new reference. + - Ensure that all Python frame objects are backed by “complete” + frames. + - Fixed a missing incref/decref pair in + Exception.__setstate__(). Patch by Ofey Chan. + - Fix the Python path configuration used to initialized + sys.path at Python startup. Paths are no longer encoded + to UTF-8/strict to avoid encoding errors if it contains + surrogate characters (bytes paths are decoded with the + surrogateescape error handler). Patch by Victor Stinner. + - Fix overly-broad source position information for chained + comparisons used as branching conditions. + - At Python exit, sometimes a thread holding the GIL can + wait forever for a thread (usually a daemon thread) which + requested to drop the GIL, whereas the thread already + exited. To fix the race condition, the thread which requested + the GIL drop now resets its request before exiting. Issue + discovered and analyzed by Mingliang ZHAO. Patch by Victor + Stinner. + - Fix a possible assertion failure, fatal error, or SystemError + if a line tracing event raises an exception while opcode + tracing is enabled. + - Fix undefined behaviour in C code of null pointer arithmetic. + - Make sure that all frame objects created are created from + valid interpreter frames. Prevents the possibility of invalid + frames in backtraces and signal handlers. + - Disable incorrect pickling of the C implemented classmethod + descriptors. + - On WASI ENOTCAPABLE is now mapped to PermissionError. The + errno modules exposes the new error number. getpath.py now + ignores PermissionError when it cannot open landmark files + pybuilddir.txt and pyenv.cfg. + - Allow pdb to locate source for frozen modules in the standard + library. + - Raise ValueError instead of SystemError when methods of + uninitialized io.IncrementalNewlineDecoder objects are + called. Patch by Oren Milman. + - Fix a possible assertion failure in io.FileIO when the opener + returns an invalid file descriptor. + - Also escape s in the http.server + BaseHTTPRequestHandler.log_message so that it is technically + possible to parse the line and reconstruct what the original + data was. Without this a xHH is ambiguious as to if it is a + hex replacement we put in or the characters r”x” came through + in the original request line. + - asyncio.get_event_loop() now only emits a deprecation warning + when a new event loop was created implicitly. It no longer + emits a deprecation warning if the current event loop was + set. + - Fix bug when calling trace.CoverageResults with valid infile. + - Fix a bug in handling class cleanups in + unittest.TestCase. Now addClassCleanup() uses separate lists + for different TestCase subclasses, and doClassCleanups() only + cleans up the particular class. + - Release the GIL when calling termios APIs to avoid blocking + threads. + - Fix ast.increment_lineno() to also cover ast.TypeIgnore when + changing line numbers. + - Fix bug in urllib.parse.urlparse() that causes URL schemes + that begin with a digit, a plus sign, or a minus sign to be + parsed incorrectly. + - Check the number of arguments in substitution in user + generics containing a TypeVarTuple and one or more TypeVar. + - Fix substitution of ParamSpec followed by TypeVarTuple in + generic aliases. + - Fix substitution of TypeVarTuple and ParamSpec together in + user generics. + - Fixed bug where inspect.signature() reported incorrect + arguments for decorated methods. + - Fix SystemError in ctypes when exception was not set during + __initsubclass__. + - Remove older version of + _SSLProtocolTransport.get_write_buffer_limits in + asyncio.sslproto + - fix negative numbers failing in verify() + - Fix statistics.NormalDist pickle with 0 and 1 protocols. + - enum.auto() is now correctly activated when combined with + other assignment values. E.g. ONE = auto(), 'some text' will + now evaluate as (1, 'some text'). + - Update the bundled copy of pip to version 22.3.1. + - Clean up refleak on failed module initialisation in _zoneinfo + - Clean up refleaks on failed module initialisation in in + _pickle + - Clean up refleak on failed module initialisation in _io. + - Fix memory leak in math.dist() when both points don’t have + the same dimension. Patch by Kumar Aditya. + - [3.11] Applied changes from importlib_metadata 4.11.4 + through 4.13, including compatibility and robustness + fixes for Distribution objects without _normalized_name, + disallowing invalid inputs to Distribution.from_name, and + refined behaviors in PathDistribution._name_from_stem and + PathDistribution._normalized_name. + - Fix argument typechecks in _overlapped.WSAConnect() and + _overlapped.Overlapped.WSASendTo() functions. + - Prevent crashing in traceback when retrieving the byte-offset + for some source files that contain certain unicode + characters. + - Fix internal error in the re module which in very rare + circumstances prevented compilation of a regular expression + containing a conditional expression without the “else” + branch. + - Fix asyncio.StreamWriter.drain() to call + protocol.connection_lost callback only once on Windows. + - Add a mutex to unittest.mock.NonCallableMock to protect + concurrent access to mock attributes. + - Fix hang on Windows in subprocess.wait_closed() in asyncio + with ProactorEventLoop. Patch by Kumar Aditya. + - Fix infinite loop in unittest when a self-referencing chained + exception is raised + - tkinter.Text.count() raises now an exception for options + starting with “-” instead of silently ignoring them. + - On uname_result, restored expectation that _fields and + _asdict would include all six properties including processor. + - A createSocket() method was added to SysLogHandler. + - Fix bug in urllib.parse.urlparse() that causes certain port + numbers containing whitespace, underscores, plus and minus + signs, or non-ASCII digits to be incorrectly accepted. + - Allow venv to pass along PYTHON* variables to ensurepip and + pip when they do not impact path resolution + - On macOS, fix a crash in syslog.syslog() in multi-threaded + applications. On macOS, the libc syslog() function is not + thread-safe, so syslog.syslog() no longer releases the GIL to + call it. Patch by Victor Stinner. + - Allow BUILTINS to be a valid field name for frozen + dataclasses. + - Wrap network errors consistently in urllib FTP support, so + the test suite doesn’t fail when a network is available but + the public internet is not reachable. + - Make sure patch.dict() can be applied on async functions. + - Earlier in 3.11 we deprecated + asyncio.Task.cancel("message"). We realized we were too + harsh, and have undeprecated it. + - Change deprecate warning message in unittest from It is + deprecated to return a value!=None to It is deprecated to + return a value that is not None from a test case + - Fixes AttributeError when subprocess.check_output() is used + with argument input=None and either of the arguments encoding + or errors are used. + - Fix is_private properties in the ipaddress module. Previously + non-private networks (0.0.0.0/0) would return True from this + method; now they correctly return False. + - Avoid spurious tracebacks from asyncio when default executor + cleanup is delayed until after the event loop is closed (e.g. + as the result of a keyboard interrupt). + - Avoid a crash in the C version of + asyncio.Future.remove_done_callback() when an evil argument + is passed. + - Remove tokenize.NL check from tabnanny. + - Fix generation of the default name of + tkinter.Checkbutton. Previously, checkbuttons in different + parent widgets could have the same short name and share + the same state if arguments “name” and “variable” are not + specified. Now they are globally unique. + - Update bundled libexpat to 2.4.9 + - Fix race condition in asyncio where process_exited() called + before the pipe_data_received() leading to inconsistent + output. Patch by Kumar Aditya. + - Fixed check in multiprocessing.resource_tracker that + guarantees that the length of a write to a pipe is not + greater than PIPE_BUF. + - Corrected type annotation for dataclass attribute + pstats.FunctionProfile.ncalls to be str. + - Fix repr of Any subclasses. + - Work around missing socket functions in socket’s __repr__. + - In inspect, fix overeager replacement of “typing.” in + formatting annotations. + - Fix handling of bytes path-like objects in os.ismount(). + - Fix handling compiler warnings (SyntaxWarning and + DeprecationWarning) in codeop.compile_command() when checking + for incomplete input. Previously it emitted warnings and + raised a SyntaxError. Now it always returns None for + incomplete input without emitting any warnings. + - To avoid apparent memory leaks when asyncio.open_connection() + raises, break reference cycles generated by local exception + and future instances (which has exception instance as its + member var). Patch by Dong Uk, Kang. + - Fixed flickering of the turtle window when the tracer is + turned off. Patch by Shin-myoung-serp. + - Fix asyncio subprocess transport to kill process cleanly + when process is blocked and avoid RuntimeError when loop is + closed. Patch by Kumar Aditya. + - Prevent error when activating venv in nested fish instances. + - TarFile.next() now returns None when called on an empty + tarfile. + - Document the optional callback parameter of WeakMethod. Patch + by Géry Ogam. + - Restrict use of sockets instead of pipes for stdin of + subprocesses created by asyncio to AIX platform only. + - shutil.copytree() now applies the ignore_dangling_symlinks + argument recursively. + - Fix IndexError in argparse.ArgumentParser when a store_true + action is given an explicit argument. + - Document that calling variadic functions with ctypes requires + special care on macOS/arm64 (and possibly other platforms). + - Remove extra row + - Clarified the conflicting advice given in the ast + documentation about ast.literal_eval() being “safe” for use + on untrusted input while at the same time warning that it + can crash the process. The latter statement is true and is + deemed unfixable without a large amount of work unsuitable + for a bugfix. So we keep the warning and no longer claim that + literal_eval is safe. + - Restructured the documentation for the os.wait* family of + functions, and improved the docs for os.waitid() with more + explanation of the possible argument constants. + - Skip test_normalization() of test_unicodedata if it + fails to download NormalizationTest.txt file from + pythontest.net. Patch by Victor Stinner. + - Correct test_marsh on (32 bit) x86: test_deterministic sets + was failing. + - Optional big memory tests in test_sqlite3 now catch the + correct sqlite.DataError exception type in case of too large + strings and/or blobs passed. + - Fix a bug in the typing tests where a test relying + on CPython-specific implementation details was not + decorated with @cpython_only and was not skipped on other + implementations. + - Add tests for star-unpacking with PEP 646, and some other + miscellaneous PEP 646 tests. + - Added explicit coverage of Py_Initialize (and hence + Py_InitializeEx) back to the embedding tests (all other + embedding tests migrated to Py_InitializeFromConfig in Python + 3.11) + - Some C API tests were moved into the new Lib/test/test_capi/ + directory. + - Fix -Wimplicit-int, -Wstrict-prototypes, and + -Wimplicit-function-declaration compiler warnings in + configure checks. + - Fix a compilation issue with GCC 12 on macOS. + - Fix -Wimplicit-int compiler warning in configure check for + PTHREAD_SCOPE_SYSTEM. + - Fix a possible fd leak in Programs/_freeze_module.c + introduced in Python 3.11. + - Fix build with PYTHON_FOR_REGEN=python3.8. + - Specify the full path to the source location for make + docclean (needed for cross-builds). + - Don’t use vendored libmpdec headers if --with-system-libmpdec + is passed to configure. Don’t use vendored libexpat headers + if --with-system-expat is passed to !configure. + - Fix the build process of clang compiler for _bootstrap_python + if LTO optimization is applied. Patch by Matthias Görgens and + Dong-hee Na. + - wasm32-emscripten builds for browsers now include + concurrent.futures for asyncio and unittest.mock. + - wasm32-emscripten platform no longer builds resource module, + getresuid(), getresgid(), and their setters. The APIs are + stubs and not functional. + - Updated pegen regeneration script on Windows to find and + use Python 3.9 or higher. Prior to this, pegen regeneration + already required 3.9 or higher, but the script may have used + lower versions of Python. + - Fix a bug in the previous bugfix that caused IDLE to + not start when run with 3.10.8, 3.12.0a1, and at least + Microsoft Python 3.10.2288.0 installed without the Lib/test + package. 3.11.0 was never affected. + - The wasm_build.py script now pre-builds Emscripten ports, + checks for broken EMSDK versions, and warns about pkg-config + env vars. + - The new tool Tools/wasm/wasm_builder.py automates configure, + compile, and test steps for building CPython on WebAssembly + platforms. + - Fix handling of module docstrings in Tools/i18n/pygettext.py. + - PyBUF_* constants were marked as part of Limited API + of Python 3.11+. These were available in 3.11.0 with + Py_LIMITED_API defined for 3.11, and are necessary to use the + buffer API. + - Fix use-after-free in Py_SetPythonHome(NULL), + Py_SetProgramName(NULL) and _Py_SetProgramFullPath(NULL) + function calls. Issue reported by Benedikt Reinartz. Patch by + Victor Stinner. + - Py_InitializeEx now correctly calls PyConfig_Clear after + initializing the interpreter (the omission didn’t cause a + memory leak only because none of the dynamically allocated + config fields are populated by the wrapper function) +- Removed upstreamed patches: + - 98437-sphinx.locale._-as-gettext-in-pyspecific.patch + - CVE-2022-45061-DoS-by-IDNA-decode.patch + +------------------------------------------------------------------- +Wed Nov 9 18:31:23 UTC 2022 - Matej Cepl + +- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid + CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding + extremely long domain names. + +------------------------------------------------------------------- +Tue Oct 25 08:39:47 UTC 2022 - Matej Cepl + +- Update to 3.11.0 (overall changes from 3.10.*): + - General changes + - PEP 657 -- Include Fine-Grained Error Locations in + Tracebacks + - PEP 654 -- Exception Groups and except* + - PEP 680 -- tomllib: Support for Parsing TOML in the + Standard Library + - gh-90908 -- Introduce task groups to asyncio + - gh-34627 -- Atomic grouping ((?>...)) and possessive + quantifiers (*+, ++, ?+, {m,n}+) are now supported in + regular expressions. + - The Faster CPython Project is already yielding some + exciting results. Python 3.11 is up to 10-60% faster than + Python 3.10. On average, we measured a 1.22x speedup on the + standard benchmark suite. See Faster CPython for details. + - Typing and typing language changes + - PEP 673 -- Self Type + - PEP 646 -- Variadic Generics + - PEP 675 -- Arbitrary Literal String Type + - PEP 655 -- Marking individual TypedDict items as required + or potentially-missing + - PEP 681 -- Data Class Transforms +- (just changes from 3.11.0rc2): + - Fix multiplying a list by an integer (list *= int): detect + the integer overflow when the new allocated length is close + to the maximum size. Issue reported by Jordan Limor. Patch by + Victor Stinner. + - On Linux the multiprocessing module returns to using + filesystem backed unix domain sockets for communication + with the forkserver process instead of the Linux abstract + socket namespace. Only code that chooses to use the + “forkserver” start method is affected. Abstract sockets have + no permissions and could allow any user on the system in the + same network namespace (often the whole system) to inject + code into the multiprocessing forkserver process. This was + a potential privilege escalation. Filesystem based socket + permissions restrict this to the forkserver process user as + was the default in Python 3.8 and earlier. This prevents + Linux CVE-2022-42919. + - Fix an issue where several frame objects could be backed by + the same interpreter frame, possibly leading to corrupted + memory and hard crashes of the interpreter. + - Fix possible data corruption or crashes when accessing the + f_back member of newly-created generator or coroutine frames. + - Fix a crash occurring when PyEval_GetFrame() is called while + the topmost Python frame is in a partially-initialized state. + - Fix command line parsing: reject -X int_max_str_digits option + with no value (invalid) when the PYTHONINTMAXSTRDIGITS + environment variable is set to a valid limit. Patch by Victor + Stinner. + - Fix undefined behaviour in _testcapimodule.c. + - When ValueError is raised if an integer is larger than the + limit, mention the sys.set_int_max_str_digits() function in + the error message. Patch by Victor Stinner. + - Correctly raise SyntaxError on exception groups (PEP 654) on + python versions prior to 3.11 + - Document some places where an assignment expression needs + parentheses. + - Update the bundled copies of pip and setuptools to versions + 22.3 and 65.5.0 respectively. + - fix Flag to use boundary CONFORM + - This restores previous Flag behavior of allowing flags with + non-sequential values to be combined; e.g. + - class Skip(Flag): TWO = 2 EIGHT = 8 + - Skip.TWO | Skip.EIGHT -> + - Fix ! in c domain ref target syntax via a conf.py patch, so + it works as intended to disable ref target resolution. + - Update tutorial introduction output to use 3.10+ SyntaxError + invalid range. + +------------------------------------------------------------------- +Fri Oct 21 10:14:03 UTC 2022 - Matej Cepl + +- Add 98437-sphinx.locale._-as-gettext-in-pyspecific.patch to + allow building of documentation with the latest Sphinx 5.3.0 + (gh#python/cpython#98366). + +------------------------------------------------------------------- +Thu Sep 15 08:43:07 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc2: + - Converting between int and str in bases other than 2 + (binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base + 10 (decimal) now raises a ValueError if the number of digits + in string form is above a limit to avoid potential denial of + service attacks due to the algorithmic complexity. This is + a mitigation for CVE-2020-10735. + This new limit can be configured or disabled by environment + variable, command line flag, or sys APIs. See the integer + string conversion length limitation documentation. The + default limit is 4300 digits in string form. + - Fix case of undefined behavior in ceval.c + - Do not expose KeyWrapper in _functools. + - Ensure that tracing, sys.setrace(), is turned on + immediately. In pre-release versions of 3.11, some tracing + events might have been lost when turning on tracing in a + __del__ method or interrupt. + - Fix use after free in trace refs build mode. Patch by Kumar + Aditya. + - When loading a file with invalid UTF-8 inside a multi-line + string, a correct SyntaxError is emitted. + - Make sure that incomplete frames do not show up in + tracemalloc traces. + - Remove two cases of undefined behavior, by adding NULL + checks. + - Fix possible NULL pointer dereference in + _PyThread_CurrentFrames. Patch by Kumar Aditya. + - Fix AttributeError missing name and obj attributes in + object.__getattribute__(). Patch by Philip Georgi. + - Loading a file with invalid UTF-8 will now report the broken + character at the correct location. + - Fixed a bug that caused _PyCode_GetExtra to return garbage + for negative indexes. Patch by Pablo Galindo + - Fix a deadlock in PyGILState_Ensure() when allocating new + thread state. Patch by Kumar Aditya. + - PyType_Ready() now initializes ht_cached_keys and performs + additional checks to ensure that type objects are properly + configured. This avoids crashes in 3rd party packages that + don’t use regular API to create new types. + - Skip over incomplete frames in PyThreadState_GetFrame(). + - Fix format string in _PyPegen_raise_error_known_location that + can lead to memory corruption on some 64bit systems. The + function was building a tuple with i (int) instead of n + (Py_ssize_t) for Py_ssize_t arguments. + - Fix misleading contents of error message when converting an + all-whitespace string to float. + - ast.parse() will no longer parse function definitions with + positional-only params when passed feature_version less than + (3, 8). Patch by Shantanu Jain. + - Fix incorrect error message in the io module. + - Fix the faulthandler implementation of + faulthandler.register(signal, chain=True) if the sigaction() + function is not available: don’t call the previous signal + handler if it’s NULL. Patch by Victor Stinner. + - Correct conversion of numbers.Rational’s to float. + - Fix TypeVarTuple.__typing_prepare_subst__. TypeError was not + raised when using more than one TypeVarTuple, like [*T, *V] + in type alias substitutions. + - Fix asyncio.streams.StreamReaderProtocol to keep a strong + reference to the created task, so that it’s not garbage + collected + - Fix a performance regression in logging + TimedRotatingFileHandler. Only check for special files when + the rollover time has passed. + - Fix unused localName parameter in the Attr class in + xml.dom.minidom. + - Fix incorrect condition that causes sys.thread_info.name to + be wrong on pthread platforms. + - Remove an incompatible change from bpo-28080 that caused a + regression that ignored the utf8 in ZipInfo.flag_bits. Patch + by Pablo Galindo. + - Fix asyncio.Runner to call asyncio.set_event_loop() only + once to avoid calling attach_loop() multiple times on child + watchers. Patch by Kumar Aditya. + - Fix unittest.IsolatedAsyncioTestCase to set event loop before + calling setup functions. Patch by Kumar Aditya. + - When a task catches asyncio.CancelledError and raises some + other error, the other error should generally not silently be + suppressed. + - Fail gracefully if EPERM or ENOSYS is raised when loading + crypt methods. This may happen when trying to load MD5 on a + Linux kernel with FIPS enabled. + - Allow asyncio.StreamWriter.drain() to be awaited concurrently + by multiple tasks. Patch by Kumar Aditya. + - Fix ast.unparse() when ImportFrom.level is None + - Improve discoverability of the higher level + concurrent.futures module by providing clearer links from the + lower level threading and multiprocessing modules. + - What’s New 3.11 now has instructions for how to provide + compiler and linker flags for Tcl/Tk and OpenSSL on RHEL 7 + and CentOS 7. + - Mitigate the inherent race condition from using + find_unused_port() in testSockName() by trying to find an + unused port a few times before failing. Patch by Ross Burton. + - Build and test with OpenSSL 1.1.1q +- Use support-expat-CVE-2022-25236-patched.patch from the current + version of gh#python/cpython#93900 instead of the old + support-expat-245.patch. +- Reapply fix_configure_rst.patch. + +------------------------------------------------------------------- +Mon Sep 5 08:43:49 UTC 2022 - Andreas Schwab + +- Increase testsuite timeout for test_freeze_simple_script + +------------------------------------------------------------------- +Sat Aug 20 21:31:40 UTC 2022 - Matej Cepl + +- fix import_failed.map to refer to the python 3.11 package versions + +------------------------------------------------------------------- +Sat Aug 20 14:05:21 UTC 2022 - Matej Cepl + +- Update to 3.11.0rc1: + - Core and Builtins + - Update code object hashing and equality to consider all + debugging and exception handling tables. This fixes an + issue where certain non-identical code objects could be + “deduplicated” during compilation. + - _PyPegen_Parser_New now properly detects token memory + allocation errors. Patch by Honglin Zhu. + - Run Python code in tracer/profiler function at full + speed. Fixes slowdown in earlier versions of 3.11. + - Emit a warning in debug mode if an object does not call + PyObject_GC_UnTrack() before deallocation. Patch by Pablo + Galindo. + - Prevented crashes in the AST constructor when + compiling some absurdly long expressions like + "+0"*1000000. RecursionError is now raised instead. Patch + by Pablo Galindo + - ast.AST node positions are now validated when provided to + compile() and other related functions. If invalid positions + are detected, a ValueError will be raised. + - Fix error detection in some builtin functions when keyword + argument name is an instance of a str subclass with + overloaded __eq__ and __hash__. Previously it could cause + SystemError or other undesired behavior. + - Library + - Update bundled pip to 22.2.2. + - Fix asyncio.TaskGroup to propagate exception when + asyncio.CancelledError was replaced with another exception + by a context manger. Patch by Kumar Aditya and Guido van + Rossum. + - Update bundled pip to 22.2.1. + - Fix GC crash when deallocating _lsprof.Profiler by + untracking it before calling any callbacks. Patch by Kumar + Aditya. + - Fix asyncio.run() for asyncio.Task implementations without + uncancel() method. Patch by Kumar Aditya. + - Fix check for existence of os.EFD_CLOEXEC, os.EFD_NONBLOCK + and os.EFD_SEMAPHORE flags on older kernel versions where + these flags are not present. Patch by Kumar Aditya. + - Fix concurrent.futures.Executor.map() to cancel the + currently waiting on future on an error - e.g. TimeoutError + or KeyboardInterrupt. + - Ensure that timeouts scheduled with asyncio.Timeout that + have already expired are delivered promptly. + - Suppress writing an XML declaration in open files + in ElementTree.write() with encoding='unicode' and + xml_declaration=None. + - Fix findtext in the xml module to only give an empty string + when the text attribute is set to None. + - Documentation + - Fix stylesheet not working in Windows CHM htmlhelp docs + and add warning that they are deprecated. Contributed by + C.A.M. Gerlach. + - Update library documentation with availability information + on WebAssembly platforms wasm32-emscripten and wasm32-wasi. + - Use consistent syntax for platform availability. The + directive now supports a content body and emits a warning + when it encounters an unknown platform. + - Document a limitation in ThreadPoolExecutor where its exit + handler is executed before any handlers in atexit. + - Tests + - Lib/test/test_asyncio/test_ssl.py exposed a bug in the + macOS kernel where intense concurrent load on non-blocking + sockets occasionally causes errno.ENOBUFS (“No buffer space + available”) to be emitted. FB11063974 filed with Apple, in + the mean time as a workaround buffer size used in tests on + macOS is decreased to avoid intermittent failures. Patch by + Fantix King. + - Fix problem with test_ssl test_get_ciphers on systems that + require perfect forward secrecy (PFS) ciphers. + - Add a regression test for re exponentional slowdown when + using rjsmin. + - Build + - Fix a regression in configure script that caused some + header checks to ignore custom CPPFLAGS. The regression was + introduced in gh-94802. + - wasm32-wasi builds no longer depend on WASIX’s pthread + stubs. Python now has its own stubbed pthread API. + - Python now detects missing dup function in WASI and works + around some missing errno, select, and socket constants. + - Python now skips missing socket functions and methods on + WASI. WASI can only create sockets from existing fd / + accept and has no netdb. + - Platforms wasm32-unknown-emscripten and wasm32-unknown-wasi + have been promoted to PEP 11 tier 3 platform support. + - IDLE + - Document handling of extensions in Save As dialogs. + - Include prompts when saving Shell (interactive input and + output). + - Fix the Shell context menu copy-with-prompts bug of copying + an extra line when one selects whole lines. + - In the Edit menu, move Select All and add a new separator. + - Enable using IDLE’s module browser with .pyw files. + - Add .pyi as a recognized extension for IDLE on macOS. This + allows opening stub files by double clicking on them in the + Finder. + - C API + - Restore the 3.10 behavior for multiple inheritance of C + extension classes that store their dictionary at the end of + the struct. + - Added PyCode_GetVarnames(), PyCode_GetCellvars() and + PyCode_GetFreevars() for accessing co_varnames, co_cellvars + and co_freevars respectively via the C API. + +------------------------------------------------------------------- +Tue Jul 26 10:37:31 UTC 2022 - Matej Cepl + +- Update to 3.11.0b5: + - Core and Builtins + - gh-93351: ast.AST node positions are now validated when + provided to compile() and other related functions. If + invalid positions are detected, a ValueError will be + raised. + - gh-94438: Fix an issue that caused extended opcode + arguments and some conditional pops to be ignored when + calculating valid jump targets for assignments to the + f_lineno attribute of frame objects. In some cases, this + could cause inconsistent internal state, resulting in a + hard crash of the interpreter. + - gh-95060: Undocumented PyCode_Addr2Location function now + properly returns when addrq argument is less than zero. + - gh-95113: Replace all EXTENDED_ARG_QUICK instructions + with basic EXTENDED_ARG instructions in unquickened + code. Consumers of non-adaptive bytecode should be able to + handle extended arguments the same way they were handled in + CPython 3.10 and older. + - gh-91409: Fix incorrect source location info caused by + certain optimizations in the bytecode compiler. + - gh-94036: Fix incorrect source location info for some + multi-line attribute accesses and method calls. + - gh-94739: Allow jumping within, out of, and across + exception handlers in the debugger. + - gh-94949: ast.parse() will no longer parse parenthesized + context managers when passed feature_version less than (3, + 9). Patch by Shantanu Jain. + - gh-94947: ast.parse() will no longer parse assignment + expressions when passed feature_version less than (3, + 8). Patch by Shantanu Jain. + - gh-91256: Ensures the program name is known for help text + during interpreter startup. + - gh-94869: Fix the column offsets for some expressions in + multi-line f-strings ast nodes. Patch by Pablo Galindo. + - gh-94822: Fix an issue where lookups of metaclass + descriptors may be ignored when an identically-named + attribute also exists on the class itself. + - gh-91153: Fix an issue where a bytearray item assignment + could crash if it’s resized by the new value’s __index__() + method. + - gh-90699: Fix reference counting bug in + bool.__repr__(). Patch by Kumar Aditya. + - Library + - gh-95087: Fix IndexError in parsing invalid date in the + email module. + - gh-95199: Upgrade bundled setuptools to 63.2.0. + - gh-95194: Upgrade bundled pip to 22.2. + - gh-95132: Fix a sqlite3 regression where *args and **kwds + were incorrectly relayed from connect() to the Connection + factory. The regression was introduced in 3.11a1 with PR + 24421 (gh-85128). Patch by Erlend E. Aasland.` + - gh-93157: Fix fileinput module didn’t support errors option + when inplace is true. + - gh-95105: wsgiref.types.InputStream.__iter__() should + return Iterator[bytes], not Iterable[bytes]. Patch by + Shantanu Jain. + - gh-94857: Fix refleak in + _io.TextIOWrapper.reconfigure. Patch by Kumar Aditya. + - gh-94821: Fix binding of unix socket to empty address + on Linux to use an available address from the abstract + namespace, instead of “0”. + - gh-89988: Fix memory leak in pickle.Pickler when looking up + dispatch_table. Patch by Kumar Aditya. + - bpo-47025: Drop support for bytes on sys.path. + - Tests + - gh-95212: Make multiprocessing test case + test_shared_memory_recreate parallel-safe. + - Build + - gh-94847: Fixed _decimal module build issue on GCC when + compiling with LTO and pydebug. Debug builds no longer + force inlining of functions. + - gh-94841: Fix the possible performance regression of + PyObject_Free() compiled with MSVC version 1932. + - gh-94801: configure now uses custom flags like ZLIB_CFLAGS + and ZLIB_LIBS when searching for headers and libraries. + - gh-94773: deepfreeze.py now supports code object with + frozensets that contain incompatible, unsortable types. + - C API + - gh-94930: Fix SystemError raised when + PyArg_ParseTupleAndKeywords() is used with # in (...) but + without PY_SSIZE_T_CLEAN defined. + - gh-94864: Fix PyArg_Parse* with deprecated format units “u” + and “Z”. It returned 1 (success) when warnings are turned + into exceptions. + - gh-94731: Python again uses C-style casts for + most casting operations when compiled with + C++. This may trigger compiler warnings, if they + are enabled with e.g. -Wold-style-cast `` or + ``-Wzero-as-null-pointer-constant options for g++. + +------------------------------------------------------------------- +Thu Jul 21 14:19:53 UTC 2022 - Matej Cepl + +- Switch from %primary_interpreter to prjconf-defined + %primary_python (gh#openSUSE/python-rpm-macros#127). + +------------------------------------------------------------------- +Thu Jul 14 15:37:35 UTC 2022 - Matej Cepl + +- Update to 3.11.0b4: +- Fixes many bugs and adds following more significant changes +- Security + - gh-68966: The deprecated mailcap module now refuses to inject + Coreunsafe text (filenames, MIME types, parameters) into + shell Corecommands. Instead of using such text, it will + warn and act Coreas if a match was not found (or for test + commands, as if the Coretest failed). and Builtins + - gh-93516: Lazily create a table mapping bytecode offsets to + line numbers to speed up calculation of line numbers when + tracing. + - gh-93461: importlib.invalidate_caches() now drops entries + from sys.path_importer_cache with a relative path as + name. This solves a caching issue when a process changes its + current working directory. + - FileFinder no longer inserts a dot in the path, e.g. + /egg/./spam is now /egg/spam. +Library + - gh-93896: Fix asyncio.run() and + unittest.IsolatedAsyncioTestCase to always the set event loop + as it was done in Python 3.10 and earlier. Patch by Kumar + Aditya. + - gh-94101: Manual instantiation of ssl.SSLSession objects is + no longer allowed as it lead to misconfigured instances that + crashed the interpreter when attributes where accessed on + them. + - gh-83658: Make multiprocessing.Pool raise an exception if + maxtasksperchild is not None or a positive int. + - gh-61162: Clarify sqlite3 behavior when Using the connection + as a context manager. +Tools/Demos + - gh-94538: Fix Argument Clinic output to custom file + destinations. Patch by Erlend E. Aasland. +C API + - gh-93937: The following frame functions and type are now + directly available with #include , it’s no longer + needed to add #include : + PyFrame_Check() + PyFrame_GetBack() + PyFrame_GetBuiltins() + PyFrame_GetGenerator() + PyFrame_GetGlobals() + PyFrame_GetLasti() + PyFrame_GetLocals() + PyFrame_Type + +------------------------------------------------------------------- +Tue May 31 20:54:36 UTC 2022 - Matej Cepl + +- Update to 3.11.0b2: + - many small updates +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.4 (jsc#SLE-21253) + +------------------------------------------------------------------- +Tue May 10 15:01:18 UTC 2022 - Matej Cepl + +- Refresh bluez-devel-vendor.tar.xz +- Fix building with system-expat (gh#python/cpython#92875). Nope, + it didn't work, worked around it. + +------------------------------------------------------------------- +Mon May 9 15:09:03 UTC 2022 - Matej Cepl + +- Update to pre-release version 3.11.0b1: + - PEP 657 – Include Fine-Grained Error Locations in Tracebacks + - PEP 654 – Exception Groups and except* + - PEP 673 – Self Type + - PEP 646 – Variadic Generics + - PEP 680– tomllib: Support for Parsing TOML in the Standard Library + - PEP 675– Arbitrary Literal String Type + - PEP 655– Marking individual TypedDict items as required or potentially-missing + - bpo-46752– Introduce task groups to asyncio + - The Faster Cpython Project is already yielding some exciting + results. Python 3.11 is up to 10-60% faster than Python + 3.10. On average, we measured a 1.22x speedup on the standard + benchmark suite. See + https://docs.python.org/3.11/whatsnew/3.11.html#faster-cpython + for details. + +------------------------------------------------------------------- +Thu May 5 14:35:56 UTC 2022 - Matej Cepl + +- Switch primary_interpreter from python38 to python310 + +------------------------------------------------------------------- +Sat Mar 26 22:52:45 UTC 2022 - Matej Cepl + +- Update to 3.10.4: + - bpo-46968: Check for the existence of the “sys/auxv.h” header + in faulthandler to avoid compilation problems in systems + where this header doesn’t exist. Patch by Pablo Galindo + - bpo-23691: Protect the re.finditer() iterator from + re-entering. + - bpo-42369: Fix thread safety of zipfile._SharedFile.tell() to + avoid a “zipfile.BadZipFile: Bad CRC-32 for file” exception + when reading a ZipFile from multiple threads. + - bpo-38256: Fix binascii.crc32() when it is compiled to use + zlib’c crc32 to work properly on inputs 4+GiB in length + instead of returning the wrong result. The workaround prior + to this was to always feed the function data in increments + smaller than 4GiB or to just call the zlib module function. + - bpo-39394: A warning about inline flags not at the start of + the regular expression now contains the position of the flag. + - bpo-47061: Deprecate the various modules listed by PEP 594: + - aifc, asynchat, asyncore, audioop, cgi, cgitb, chunk, crypt, + imghdr, msilib, nntplib, nis, ossaudiodev, pipes, smtpd, + sndhdr, spwd, sunau, telnetlib, uu, xdrlib + - bpo-2604: Fix bug where doctests using globals would fail + when run multiple times. + - bpo-45997: Fix asyncio.Semaphore re-aquiring FIFO order. + - bpo-47022: The asynchat, asyncore and smtpd modules have been + deprecated since at least Python 3.6. Their documentation and + deprecation warnings and have now been updated to note they + will removed in Python 3.12 (PEP 594). + - bpo-46421: Fix a unittest issue where if the command was + invoked as python -m unittest and the filename(s) began with + a dot (.), a ValueError is returned. + - bpo-40296: Fix supporting generic aliases in pydoc. + +- Update to 3.10.3: + - bpo-46940: Avoid overriding AttributeError metadata + information for nested attribute access calls. Patch by Pablo + Galindo. + - bpo-46852: Rename the private undocumented + float.__set_format__() method to float.__setformat__() to fix + a typo introduced in Python 3.7. The method is only used by + test_float. Patch by Victor Stinner. + - bpo-46794: Bump up the libexpat version into 2.4.6 + - bpo-46820: Fix parsing a numeric literal immediately (without + spaces) followed by “not in” keywords, like in 1not in x. Now + the parser only emits a warning, not a syntax error. + - bpo-46762: Fix an assert failure in debug builds when a ‘<’, + ‘>’, or ‘=’ is the last character in an f-string that’s + missing a closing right brace. + - bpo-46724: Make sure that all backwards jumps use the + JUMP_ABSOLUTE instruction, rather than JUMP_FORWARD with an + argument of (2**32)+offset. + - bpo-46732: Correct the docstring for the __bool__() method. + Patch by Jelle Zijlstra. + - bpo-46707: Avoid potential exponential backtracking when + producing some syntax errors involving lots of brackets. + Patch by Pablo Galindo. + - bpo-40479: Add a missing call to va_end() in + Modules/_hashopenssl.c. + - bpo-46615: When iterating over sets internally in + setobject.c, acquire strong references to the resulting items + from the set. This prevents crashes in corner-cases of + various set operations where the set gets mutated. + - bpo-45773: Remove two invalid “peephole” optimizations from + the bytecode compiler. + - bpo-43721: Fix docstrings of getter, setter, and deleter to + clarify that they create a new copy of the property. + - bpo-46503: Fix an assert when parsing some invalid N escape + sequences in f-strings. + - bpo-46417: Fix a race condition on setting a type __bases__ + attribute: the internal function add_subclass() now gets the + PyTypeObject.tp_subclasses member after calling + PyWeakref_NewRef() which can trigger a garbage collection + which can indirectly modify PyTypeObject.tp_subclasses. Patch + by Victor Stinner. + - bpo-46383: Fix invalid signature of _zoneinfo’s module_free + function to resolve a crash on wasm32-emscripten platform. + - bpo-46070: Py_EndInterpreter() now explicitly untracks all + objects currently tracked by the GC. Previously, if an object + was used later by another interpreter, calling + PyObject_GC_UnTrack() on the object crashed if the previous + or the next object of the PyGC_Head structure became + a dangling pointer. Patch by Victor Stinner. + - bpo-46339: Fix a crash in the parser when retrieving the + error text for multi-line f-strings expressions that do not + start in the first line of the string. Patch by Pablo Galindo + - bpo-46240: Correct the error message for unclosed parentheses + when the tokenizer doesn’t reach the end of the source when + the error is reported. Patch by Pablo Galindo + - bpo-46091: Correctly calculate indentation levels for lines + with whitespace character that are ended by line continuation + characters. Patch by Pablo Galindo + - bpo-43253: Fix a crash when closing transports where the + underlying socket handle is already invalid on the Proactor + event loop. + - bpo-47004: Apply bugfixes from importlib_metadata 4.11.3, + including bugfix for EntryPoint.extras, which was returning + match objects and not the extras strings. + - bpo-46985: Upgrade pip wheel bundled with ensurepip (pip + 22.0.4) + - bpo-46968: faulthandler: On Linux 5.14 and newer, dynamically + determine size of signal handler stack size CPython allocates + using getauxval(AT_MINSIGSTKSZ). This changes allows for + Python extension’s request to Linux kernel to use AMX_TILE + instruction set on Sapphire Rapids Xeon processor to succeed, + unblocking use of the ISA in frameworks. + - bpo-46955: Expose asyncio.base_events.Server as + asyncio.Server. Patch by Stefan Zabka. + - bpo-23325: The signal module no longer assumes that SIG_IGN + and SIG_DFL are small int singletons. + - bpo-46932: Update bundled libexpat to 2.4.7 + - bpo-25707: Fixed a file leak in + xml.etree.ElementTree.iterparse() when the iterator is not + exhausted. Patch by Jacob Walls. + - bpo-44886: Inherit asyncio proactor datagram transport from + asyncio.DatagramTransport. + - bpo-46827: Support UDP sockets in asyncio.loop.sock_connect() + for selector-based event loops. Patch by Thomas Grainger. + - bpo-46811: Make test suite support Expat >=2.4.5 + - bpo-46252: Raise TypeError if ssl.SSLSocket is passed to + transport-based APIs. + - bpo-46784: Fix libexpat symbols collisions with user + dynamically loaded or statically linked libexpat in embedded + Python. + - bpo-39327: shutil.rmtree() can now work with VirtualBox + shared folders when running from the guest operating-system. + - bpo-46756: Fix a bug in + urllib.request.HTTPPasswordMgr.find_user_password() and + urllib.request.HTTPPasswordMgrWithPriorAuth.is_authenticated() + which allowed to bypass authorization. For example, access to + URI example.org/foobar was allowed if the user was authorized + for URI example.org/foo. + - bpo-46643: In typing.get_type_hints(), support evaluating + stringified ParamSpecArgs and ParamSpecKwargs annotations. + Patch by Gregory Beauregard. + - bpo-45863: When the tarfile module creates a pax format + archive, it will put an integer representation of timestamps + in the ustar header (if possible) for the benefit of older + unarchivers, in addition to the existing full-precision + timestamps in the pax extended header. + - bpo-46676: Make typing.ParamSpec args and kwargs equal to + themselves. Patch by Gregory Beauregard. + - bpo-46672: Fix NameError in asyncio.gather() when initial + type check fails. + - bpo-46655: In typing.get_type_hints(), support evaluating + bare stringified TypeAlias annotations. Patch by Gregory + Beauregard. + - bpo-45948: Fixed a discrepancy in the C implementation of the + xml.etree.ElementTree module. Now, instantiating an + xml.etree.ElementTree.XMLParser with a target=None keyword + provides a default xml.etree.ElementTree.TreeBuilder target + as the Python implementation does. + - bpo-46521: Fix a bug in the codeop module that was + incorrectly identifying invalid code involving string quotes + as valid code. + - bpo-46581: Brings ParamSpec propagation for GenericAlias in + line with Concatenate (and others). + - bpo-46591: Make the IDLE doc URL on the About IDLE dialog + clickable. + - bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 + - bpo-46487: Add the get_write_buffer_limits method to + asyncio.transports.WriteTransport and to the SSL transport. + - bpo-45173: Note the configparser deprecations will be removed + in Python 3.12. + - bpo-46539: In typing.get_type_hints(), support evaluating + stringified ClassVar and Final annotations inside Annotated. + Patch by Gregory Beauregard. + - bpo-46491: Allow typing.Annotated to wrap typing.Final and + typing.ClassVar. Patch by Gregory Beauregard. + - bpo-46436: Fix command-line option -d/--directory in module + http.server which is ignored when combined with command-line + option --cgi. Patch by Géry Ogam. + - bpo-41403: Make mock.patch() raise a TypeError with + a relevant error message on invalid arg. Previously it + allowed a cryptic AttributeError to escape. + - bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid + potential REDoS by limiting ambiguity in consecutive + whitespace. + - bpo-46469: asyncio generic classes now return + types.GenericAlias in __class_getitem__ instead of the same + class. + - bpo-46434: pdb now gracefully handles help when __doc__ is + missing, for example when run with pregenerated optimized + .pyc files. + - bpo-46333: The __eq__() and __hash__() methods of + typing.ForwardRef now honor the module parameter of + typing.ForwardRef. Forward references from different modules + are now differentiated. + - bpo-46246: Add missing __slots__ to + importlib.metadata.DeprecatedList. Patch by Arie Bovenberg. + - bpo-46266: Improve day constants in calendar. + - Now all constants (MONDAY … SUNDAY) are documented, tested, + and added to __all__. + - bpo-46232: The ssl module now handles certificates with bit + strings in DN correctly. + - bpo-43118: Fix a bug in inspect.signature() that was causing + it to fail on some subclasses of classes with + a __text_signature__ referencing module globals. Patch by + Weipeng Hong. + - bpo-26552: Fixed case where failing asyncio.ensure_future() + did not close the coroutine. Patch by Kumar Aditya. + - bpo-21987: Fix an issue with tarfile.TarFile.getmember() + getting a directory name with a trailing slash. + - bpo-20392: Fix inconsistency with uppercase file extensions + in MimeTypes.guess_type(). Patch by Kumar Aditya. + - bpo-46080: Fix exception in argparse help text generation if + a argparse.BooleanOptionalAction argument’s default is + argparse.SUPPRESS and it has help specified. Patch by Felix + Fontein. + - bpo-44439: Fix .write() method of a member file in ZipFile, + when the input data is an object that supports the buffer + protocol, the file length may be wrong. + - bpo-45703: When a namespace package is imported before + another module from the same namespace is created/installed + in a different sys.path location while the program is + running, calling the importlib.invalidate_caches() function + will now also guarantee the new module is noticed. + - bpo-24959: Fix bug where unittest sometimes drops frames from + tracebacks of exceptions raised in tests. + - bpo-44791: Fix substitution of ParamSpec in Concatenate with + different parameter expressions. Substitution with a list of + types returns now a tuple of types. Substitution with + Concatenate returns now a Concatenate with concatenated lists + of arguments. + - bpo-14156: argparse.FileType now supports an argument of ‘-’ + in binary mode, returning the .buffer attribute of + sys.stdin/sys.stdout as appropriate. Modes including ‘x’ and + ‘a’ are treated equivalently to ‘w’ when argument is ‘-’. + Patch contributed by Josh Rosenberg + - bpo-46463: Fixes escape4chm.py script used when building the + CHM documentation file + - bpo-46913: Fix test_faulthandler.test_sigfpe() if Python is + built with undefined behavior sanitizer (UBSAN): disable + UBSAN on the faulthandler_sigfpe() function. Patch by Victor + Stinner. + - bpo-46708: Prevent default asyncio event loop policy + modification warning after test_asyncio execution. + - bpo-46678: The function make_legacy_pyc in + Lib/test/support/import_helper.py no longer fails when + PYTHONPYCACHEPREFIX is set to a directory on a different + device from where tempfiles are stored. + - bpo-46616: Ensures test_importlib.test_windows cleans up + registry keys after completion. + - bpo-44359: test_ftplib now silently ignores socket errors to + prevent logging unhandled threading exceptions. Patch by + Victor Stinner. + - bpo-46542: Fix a Python crash in test_lib2to3 when using + Python built in debug mode: limit the recursion limit. Patch + by Victor Stinner. + - bpo-46576: test_peg_generator now disables compiler + optimization when testing compilation of its own C extensions + to significantly speed up the testing on non-debug builds of + CPython. + - bpo-46542: Fix test_json tests checking for RecursionError: + modify these tests to use support.infinite_recursion(). Patch + by Victor Stinner. + - bpo-13886: Skip test_builtin PTY tests on non-ASCII + characters if the readline module is loaded. The readline + module changes input() behavior, but test_builtin is not + intented to test the readline module. Patch by Victor + Stinner. + - bpo-38472: Fix GCC detection in setup.py when + cross-compiling. The C compiler is now run with LC_ALL=C. + Previously, the detection failed with a German locale. + - bpo-46513: configure no longer uses AC_C_CHAR_UNSIGNED macro + and pyconfig.h no longer defines reserved symbol + __CHAR_UNSIGNED__. + - bpo-45296: Clarify close, quit, and exit in IDLE. In the File + menu, ‘Close’ and ‘Exit’ are now ‘Close Window’ (the current + one) and ‘Exit’ is now ‘Exit IDLE’ (by closing all windows). + In Shell, ‘quit()’ and ‘exit()’ mean ‘close Shell’. If there + are no other windows, this also exits IDLE. + - bpo-45447: Apply IDLE syntax highlighting to pyi files. Patch + by Alex Waygood and Terry Jan Reedy. + - bpo-46433: The internal function _PyType_GetModuleByDef now + correctly handles inheritance patterns involving static + types. + - bpo-14916: Fixed bug in the tokenizer that prevented + PyRun_InteractiveOne from parsing from the provided FD. + +- Remove upstreamed patches: + - support-expat-245.patch + +------------------------------------------------------------------- +Tue Feb 22 05:53:06 UTC 2022 - Steve Kowalik + +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.5 + +------------------------------------------------------------------- +Tue Feb 15 23:05:55 UTC 2022 - Matej Cepl + +- bsc#1195831 Obsolete older "most modern" versions of python + packages (python39 for python310 and so forth). For next + versions it is necessary just to edit the macro. + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python + +------------------------------------------------------------------- +Tue Jan 25 16:09:25 UTC 2022 - Matej Cepl + +- Remove second superfluous BR rpm-build-python +- Add fix_configure_rst.patch, which removes duplicate link + targets and make documentation with old Sphinx in SLE +- Skip test_capi (bsc#1195140 and bpo#37169) + +------------------------------------------------------------------- +Wed Jan 19 22:01:51 UTC 2022 - Matej Cepl + +- Update to 3.10.2: + Bugfix only + - bpo#46347 memory leak in PyEval_EvalCodeEx (especially + visible with Cython code) + - and many others + +------------------------------------------------------------------- +Wed Dec 8 13:07:25 UTC 2021 - Matej Cepl + +- Upgrade to 3.10.1 (jsc#SLE-18038): + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other tools. + - PEP 618 – Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning +- Patches readjusted: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Sat Dec 4 18:40:28 UTC 2021 - Matej Cepl + +- Remove pdb_adjust_breakpoints.patch and instead just adjust location + of the test breakpoint in Lib/test/test_pdb.py via sed, because we + have shortened Lib/pdb.py by removing the shebang (bpo#45964). + +------------------------------------------------------------------- +Thu Dec 2 13:51:57 UTC 2021 - Matej Cepl + +- Add pdb_adjust_breakpoints.patch fixing expectd results in + test_pdb_breakpoints_preserved_across_interactive_sessions + (bpo#45964). + +------------------------------------------------------------------- +Mon Nov 29 00:17:07 UTC 2021 - Matej Cepl + +- Remove shebangs from from python-base libraries in _libdir + (bsc#1193179). +- Readjust patches: + - bpo-31046_ensurepip_honours_prefix.patch + - decimal.patch + - python-3.3.0b1-fix_date_time_compiler.patch + +------------------------------------------------------------------- +Tue Nov 16 16:03:43 UTC 2021 - Matej Cepl + +- Move rpm-build-python construct to correct place. + +------------------------------------------------------------------- +Wed Oct 13 08:52:47 UTC 2021 - Dominique Leuenberger + +- BuildRequire rpm-build-python: The provider to inject python(abi) + has been moved there. rpm-build pulls rpm-build-python + automatically in when building anything against python3-base, but + this implies that the initial build of python3-base does not + trigger the automatic installation. + +------------------------------------------------------------------- +Tue Oct 5 22:36:51 UTC 2021 - Matej Cepl + +- Final release of 3.10.0: + Complete list on https://www.python.org/downloads/release/python-3100/, + but highlights are: + - PEP 623 – Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 – Allow writing union types as X | Y + - PEP 612 – Parameter Specification Variables + - PEP 626 – Precise line numbers for debugging and other + tools. + - PEP 618 – Add Optional Length-Checking To zip. + - PEP 632 – Deprecate distutils module. + - PEP 613 – Explicit Type Aliases + - PEP 634 – Structural Pattern Matching: Specification + - PEP 635 – Structural Pattern Matching: Motivation and + Rationale + - PEP 636 – Structural Pattern Matching: Tutorial + - PEP 644 – Require OpenSSL 1.1.1 or newer + - PEP 624 – Remove Py_UNICODE encoder APIs + - PEP 597 – Add optional EncodingWarning + - bpo-12782: Parenthesized context managers are now officially + allowed. + +------------------------------------------------------------------- +Mon Aug 30 12:48:25 UTC 2021 - Matej Cepl + +- Switch on option --with-system-libmpdec (bsc#1189356). + +------------------------------------------------------------------- +Fri Aug 27 13:15:03 UTC 2021 - Andreas Schwab + +- Reenable profileopt with qemu emulation, test_faulthandler is no longer + run during profiling + +------------------------------------------------------------------- +Thu Aug 12 15:11:39 UTC 2021 - Andreas Schwab + +- test_faulthandler is still problematic under qemu linux-user emulation, + disable it there + +------------------------------------------------------------------- +Wed Aug 11 05:57:11 UTC 2021 - Matej Cepl + +- Update to 3.10.0rc1 (the penultimate prerelease), which contains + plenty of small bugfixes among others: + - bpo#38605: from __future__ import annotations (PEP 563) used to be + on this list in previous pre-releases but it has been postponed to + Python 3.11 due to some compatibility concerns. + - bpo-44600: Fix incorrect line numbers while tracing some failed + patterns in match statements. Patch by Charles Burkland. + - plenty of modifications in types.Union + +------------------------------------------------------------------- +Wed Jul 21 13:44:48 UTC 2021 - Matej Cepl + +- Update to 3.10.0b4: + https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-0-beta-4 +- Remove python3-imp-returntype.patch which has been upstreamed. + +------------------------------------------------------------------- +Mon Jun 7 15:52:44 UTC 2021 - Matej Cepl + +- Update to 3.10.0b2: + - PEP 623 -- Deprecate and prepare for the removal of the wstr + member in PyUnicodeObject. + - PEP 604 -- Allow writing union types as X | Y + - PEP 612 -- Parameter Specification Variables + - PEP 626 -- Precise line numbers for debugging and other + tools. + - PEP 618 -- Add Optional Length-Checking To zip. + - bpo-12782: Parenthesized context managers are now officially + allowed. + - PEP 632 -- Deprecate distutils module. + - PEP 613 -- Explicit Type Aliases + - PEP 634 -- Structural Pattern Matching: Specification + - PEP 635 -- Structural Pattern Matching: Motivation and + Rationale + - PEP 636 -- Structural Pattern Matching: Tutorial + - PEP 644 -- Require OpenSSL 1.1.1 or newer + - PEP 624 -- Remove Py_UNICODE encoder APIs + - PEP 597 -- Add optional EncodingWarning +- Removed patches (assumed upstream): + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Sat Jun 5 21:21:38 UTC 2021 - Matej Cepl + +- Revert previous skip over test_capi +- Add skip-test_pyobject_freed_is_freed.patch to skip failing + test on SLE-15. + +------------------------------------------------------------------- +Fri Jun 4 21:36:30 UTC 2021 - Dirk Müller + +- allow build with Sphinx >= 3.x + +------------------------------------------------------------------- +Wed Jun 2 13:12:04 UTC 2021 - Dan Čermák + +- Exclude test_capi on Leap (test fails there) + +------------------------------------------------------------------- +Fri May 21 15:13:59 UTC 2021 - Matej Cepl + +- Stop providing "python" symbol (bsc#1185588), which means + python2 currently. + +------------------------------------------------------------------- +Wed May 5 15:16:58 UTC 2021 - Matej Cepl + +- Update to 3.9.5: + * Security + - bpo-43434: Creating a sqlite3.Connection object now also + produces a sqlite3.connect auditing event. Previously this + event was only produced by sqlite3.connect() calls. Patch + by Erlend E. Aasland. + - bpo-43882: The presence of newline or tab characters in + parts of a URL could allow some forms of attacks. + - Following the controlling specification for URLs defined by + WHATWG urllib.parse() now removes ASCII newlines and tabs + from URLs, preventing such attacks. + - bpo-43472: Ensures interpreter-level audit hooks receive + the cpython.PyInterpreterState_New event when called + through the _xxsubinterpreters module. + - bpo-36384: ipaddress module no longer accepts any leading + zeros in IPv4 address strings. Leading zeros are ambiguous + and interpreted as octal notation by some libraries. For + example the legacy function socket.inet_aton() treats + leading zeros as octal notatation. glibc implementation of + modern inet_pton() does not accept any leading zeros. For + a while the ipaddress module used to accept ambiguous + leading zeros. + - bpo-43075: Fix Regular Expression Denial of Service (ReDoS) + vulnerability in urllib.request.AbstractBasicAuthHandler. + The ReDoS-vulnerable regex has quadratic worst-case + complexity and it allows cause a denial of service when + identifying crafted invalid RFCs. This ReDoS issue is on + the client side and needs remote attackers to control the + HTTP server. + - bpo-42800: Audit hooks are now fired for frame.f_code, + traceback.tb_frame, and generator code/frame attribute + access. + * Core and Builtins + - bpo-43105: Importlib now resolves relative paths when + creating module spec objects from file locations. + - bpo-42924: Fix bytearray repetition incorrectly copying + data from the start of the buffer, even if the data is + offset within the buffer (e.g. after reassigning a slice at + the start of the bytearray to a shorter byte string). + * Library + - bpo-43993: Update bundled pip to 21.1.1. + - bpo-43937: Fixed the turtle module working with non-default + root window. + - bpo-43930: Update bundled pip to 21.1 and setuptools to + 56.0.0 + - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now + returns a consistent error message when cadata contains no + valid certificate. + - bpo-43607: urllib can now convert Windows paths with \\?\ + prefixes into URL paths. + - bpo-43284: platform.win32_ver derives the windows version + from sys.getwindowsversion().platform_version which in turn + derives the version from kernel32.dll (which can be of + a different version than Windows itself). Therefore change + the platform.win32_ver to determine the version using the + platform module’s _syscmd_ver private function to return an + accurate version. + - bpo-42248: [Enum] ensure exceptions raised in _missing__ + are released + - bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 + to suppress deprecation warnings. Python requires OpenSSL + 1.1.1 APIs. + - bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants + (OpenSSL 3.0.0) + - bpo-43789: OpenSSL 3.0.0: Don’t call the password callback + function a second time when first call has signaled an + error condition. + - bpo-43788: The header files for ssl error codes are now + OpenSSL version-specific. Exceptions will now show correct + reason and library codes. The make_ssl_data.py script has + been rewritten to use OpenSSL’s text file with error codes. + - bpo-43655: tkinter dialog windows are now recognized as + dialogs by window managers on macOS and X Window. + - bpo-43534: turtle.textinput() and turtle.numinput() create + now a transient window working on behalf of the canvas + window. + - bpo-43522: Fix problem with hostname_checks_common_name. + OpenSSL does not copy hostflags from struct SSL_CTX to + struct SSL. + - bpo-42967: Allow bytes separator argument in + urllib.parse.parse_qs and urllib.parse.parse_qsl when + parsing str query strings. Previously, this raised + a TypeError. + - bpo-43176: Fixed processing of a dataclass that inherits + from a frozen dataclass with no fields. It is now correctly + detected as an error. + - bpo-41735: Fix thread locks in zlib module may go wrong in + rare case. Patch by Ma Lin. + - bpo-36470: Fix dataclasses with InitVars and replace(). + Patch by Claudiu Popa. + - bpo-32745: Fix a regression in the handling of ctypes’ + ctypes.c_wchar_p type: embedded null characters would cause + a ValueError to be raised. Patch by Zackery Spytz. + * Documentation + - bpo-43959: The documentation on the PyContextVar C-API was + clarified. + - bpo-43938: Update dataclasses documentation to express that + FrozenInstanceError is derived from AttributeError. + - bpo-43755: Update documentation to reflect that + unparenthesized lambda expressions can no longer be the + expression part in an if clause in comprehensions and + generator expressions since Python 3.9. + - bpo-43739: Fixing the example code in + Doc/extending/extending.rst to declare and initialize the + pmodule variable to be of the right type. + * Tests + - bpo-43961: Fix + test_logging.test_namer_rotator_inheritance() on Windows: + use os.replace() rather than os.rename(). Patch by Victor + Stinner. + - bpo-43842: Fix a race condition in the SMTP test of + test_logging. Don’t close a file descriptor (socket) from + a different thread while asyncore.loop() is polling the + file descriptor. Patch by Victor Stinner. + - bpo-43811: Tests multiple OpenSSL versions on GitHub + Actions. Use ccache to speed up testing. + - bpo-43791: OpenSSL 3.0.0: Disable testing of legacy + protocols TLS 1.0 and 1.1. Tests are failing with + TLSV1_ALERT_INTERNAL_ERROR. +- Refreshed patches: + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch +- Add vendorized files from bluez-devel to enable building support for + Bluetooth. + +------------------------------------------------------------------- +Sun May 2 09:20:06 UTC 2021 - Ben Greiner + +- Make sure to close the import_failed.map file after the exception + has been raised in order to avoid ResourceWarnings when the + failing import is part of a try...except block. + +------------------------------------------------------------------- +Wed Apr 28 16:39:54 UTC 2021 - Matej Cepl + +- Update to 3.9.4: + - bpo#43710: Reverted the fix for https://bugs.python.org/issue42500 + as it changed the PyThreadState struct size and broke the 3.9.x ABI + in the 3.9.3 release (visible on 32-bit platforms using binaries + compiled using an earlier version of Python 3.9.x headers). + - bpo#26053: Fixed bug where the pdb interactive run command echoed + the args from the shell command line, even if those have been + overridden at the pdb prompt. + - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile + feature of the pydoc module which could be abused to read + arbitrary files on the disk (directory traversal + vulnerability). Moreover, even source code of Python modules + can contain sensitive data like passwords. Vulnerability + reported by David Schwörer. + - bpo#43285: ftplib no longer trusts the IP address value + returned from the server in response to the PASV command by + default. This prevents a malicious FTP server from using the + response to probe IPv4 address and port combinations on the + client network. Code that requires the former vulnerable + behavior may set a trust_server_pasv_ipv4_address attribute + on their ftplib.FTP instances to True to re-enable it. + - bpo#43439: Add audit hooks for gc.get_objects(), + gc.get_referrers() and gc.get_referents(). Patch by Pablo + Galindo. + - bpo#43660: Fix crash that happens when replacing sys.stderr + with a callable that can remove the object while an exception + is being printed. Patch by Pablo Galindo. + - bpo#43555: Report the column offset for SyntaxError for + invalid line continuation characters. Patch by Pablo Galindo. + - bpo#43517: Fix misdetection of circular imports when using + from pkg.mod import attr, which caused false positives in + non-trivial multi-threaded code. + - bpo#35883: Python no longer fails at startup with a fatal + error if a command line argument contains an invalid Unicode + character. The Py_DecodeLocale() function now escapes byte + sequences which would be decoded as Unicode characters + outside the [U+0000; U+10ffff] range. + - bpo#43406: Fix a possible race condition where + PyErr_CheckSignals tries to execute a non-Python signal + handler. + - bpo#42500: Improve handling of exceptions near recursion + limit. Converts a number of Fatal Errors in RecursionErrors. + - bpo#43433: xmlrpc.client.ServerProxy no longer ignores query + and fragment in the URL of the server. + - bpo#35930: Raising an exception raised in a “future” instance + will create reference cycles. + - bpo#43577: Fix deadlock when using ssl.SSLContext debug + callback with ssl.SSLContext.sni_callback(). + - bpo#43521: ast.unparse can now render NaNs and empty sets. + - bpo#43423: subprocess.communicate() no longer raises an + IndexError when there is an empty stdout or stderr IO buffer + during a timeout on Windows. + - bpo#27820: Fixed long-standing bug of smtplib.SMTP where + doing AUTH LOGIN with initial_response_ok=False will fail. + The cause is that SMTP.auth_login _always_ returns a password + if provided with a challenge string, thus non-compliant with + the standard for AUTH LOGIN. Also fixes bug with the test for + smtpd. + - bpo#43332: Improves the networking efficiency of http.client + when using a proxy via set_tunnel(). Fewer small send calls + are made during connection setup. + - bpo#43399: Fix ElementTree.extend not working on iterators + when using the Python implementation + - bpo#43316: The python -m gzip command line application now + properly fails when detecting an unsupported extension. It + exits with a non-zero exit code and prints an error message + to stderr. + - bpo#43260: Fix TextIOWrapper can not flush internal buffer + forever after very large text is written. + - bpo#42782: Fail fast in shutil.move() to avoid creating + destination directories on failure. + - bpo#37193: Fixed memory leak in socketserver.ThreadingMixIn + introduced in Python 3.7. + - bpo#43199: Answer “Why is there no goto?” in the Design and + History FAQ. + - bpo#43407: Clarified that a result from time.monotonic(), + time.perf_counter(), time.process_time(), or + time.thread_time() can be compared with the result from any + following call to the same function - not just the next + immediate call. + - bpo#27646: Clarify that ‘yield from ’ works with any + iterable, not just iterators. + - bpo#36346: Update some deprecated unicode APIs which are + documented as “will be removed in 4.0” to “3.12”. See PEP 623 + for detail. + - bpo#37945: Fix test_getsetlocale_issue1813() of test_locale: + skip the test if setlocale() fails. Patch by Victor Stinner. + - bpo#41561: Add workaround for Ubuntu’s custom OpenSSL + security level policy. + - bpo#43288: Fix test_importlib to correctly skip Unicode file + tests if the fileystem does not support them. + - bpo#43617: Improve configure.ac: Check for presence of + autoconf-archive package and remove our copies of M4 macros. + - bpo#42225: Document that IDLE can fail on Unix either from + misconfigured IP masquerage rules or failure displaying + complex colored (non-ascii) characters. + - bpo#43283: Document why printing to IDLE’s Shell is often + slower than printing to a system terminal and that it can be + made faster by pre-formatting a single string before + printing. + +------------------------------------------------------------------- +Fri Feb 19 16:58:38 UTC 2021 - Matej Cepl + +- Update to 3.9.2: + - bpo#42938 (bsc#1181126): Avoid static buffers when computing + the repr of ctypes.c_double and ctypes.c_longdouble + values. This issue was assigned CVE-2021-3177. + - bpo#42967 (bsc#1182379): Fix web cache poisoning + vulnerability by defaulting the query args separator to &, + and allowing the user to choose a custom separator. This + issue was assigned CVE-2021-23336. +- Upstreamed patches were removed: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bsc1167501-invalid-alignment.patch + - skip_random_failing_tests.patch + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + +------------------------------------------------------------------- +Tue Feb 9 01:37:59 UTC 2021 - Steve Kowalik + +- Add Obsoletes for python3-base when primary interpreter is set to + properly replace it during upgrades. (bsc#1181324) + +------------------------------------------------------------------- +Mon Feb 8 22:02:03 UTC 2021 - Matej Cepl + +- Update to 3.9.1: + Security bugs: + - Prevented potential DoS attack via CPU and RAM exhaustion + when processing malformed Apple Property List files in binary + format. + - The plistlib module no longer accepts entity declarations in + XML plist files to avoid XML vulnerabilities. This should not + affect users as entity declarations are not used in regular + plist files. + - Add volatile to the accumulator variable in + hmac.compare_digest, making constant-time-defeating + optimizations less likely. + Core and Builtins + - Allow assignment expressions in set literals and set + comprehensions as per PEP 572. Patch by Pablo Galindo. + - Fix a regression introduced by the new parser, where an + unparenthesized walrus operator was not allowed within + generator expressions. + - types.GenericAlias objects can now be the targets of + weakrefs. + - Fixed a bug in the PEG parser that was causing crashes in + debug mode. Now errors are checked in left-recursive rules to + avoid cases where such errors do not get handled in time and + appear as long-distance crashes in other places. + - Fixed a possible crash in the PEG parser when checking for + the ‘!=’ token in the barry_as_flufl rule. Patch by Pablo + Galindo. + - Fix handling of errors during creation of PyFunctionObject, + which resulted in operations on uninitialized memory. Patch + by Yonatan Goldschmidt. + - Fix a bug in the parser, where a curly brace following + a primary didn’t fail immediately. This led to invalid + expressions like a {b} to throw a SyntaxError with a wrong + offset, or invalid expressions ending with a curly brace like + a { to not fail immediately in the REPL. + - Fix possible buffer overflow in the new parser when checking + for continuation lines. Patch by Pablo Galindo. + - Run the parser two times. On the first run, disable all the + rules that only generate better error messages to gain + performance. If there’s a parse failure, run the parser + a second time with those enabled. + - Document the default implementation of object.__eq__. + - Fix peephole optimizer misoptimize conditional jump + + JUMP_IF_NOT_EXC_MATCH pair. + - The garbage collector now tracks all user-defined classes. + Patch by Brandt Bucher. + - Fixed potential issues with removing not completely + initialized module from sys.modules when import fails. + - Star-unpacking is now allowed for with item’s targets in the + PEG parser. + - Fixed stack overflow in issubclass() and isinstance() when + getting the __bases__ attribute leads to infinite recursion. + - When loading a native module and a load failure occurs, + prevent a possible UnicodeDecodeError when not running in + a UTF-8 locale by decoding the load error message using the + current locale’s encoding. + - Correctly count control blocks in ‘except’ in compiler. + Ensures that a syntax error, rather a fatal error, occurs for + deeply nested, named exception handlers. + Library + - types.GenericAlias will now raise a TypeError when attempting + to initialize with a keyword argument. Previously, this would + cause the interpreter to crash if the interpreter was + compiled with debug symbols. This does not affect + interpreters compiled for release. Patch by Ken Jin. + - CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly + parsed. Replace the special purpose getallmatchingheaders + with generic get_all method and add relevant tests. + - inspect.findsource() now raises OSError instead of IndexError + when co_lineno of a code object is greater than the file + length. This can happen, for example, when a file is edited + after it was imported. PR by Irit Katriel. + - Fix handling of trailing comments by inspect.getsource(). + - ChainMap.__iter__ no longer calls __getitem__ on underlying + maps + - TracebackException no longer holds a reference to the + exception’s traceback object. Consequently, instances of + TracebackException for equivalent but non-equal exceptions + now compare as equal. + - We fixed an issue in pickle.whichmodule in which importing + multiprocessing could change the how pickle identifies which + module an object belongs to, potentially breaking the + unpickling of those objects. + - Clarify the error message for asyncio.IncompleteReadError + when expected is None. + - Extracting a symlink from a tarball should succeed and + overwrite the symlink if it already exists. The fix is to + remove the existing file or symlink before extraction. Based + on patch by Chris AtLee, Jeffrey Kintscher, and Senthil + Kumaran. + - Fixed tkinter.ttk.Style.map(). The function accepts now the + representation of the default state as empty sequence (as + returned by Style.map()). The structure of the result is now + the same on all platform and does not depend on the value of + wantobjects. + - Fix various issues with typing.Literal parameter handling + (flatten, deduplicate, use type to cache key). Patch provided + by Yurii Karabas. + - Fix the threading.Thread class at fork: do nothing if the + thread is already stopped (ex: fork called at Python exit). + Previously, an error was logged in the child process. + - The onerror callback from shutil.rmtree now receives correct + function when os.open fails. + - Fix os.sendfile() on illumos. + - Fixed writing binary Plist files larger than 4 GiB. + - The repr() of typing types containing Generic Alias Types + previously did not show the parameterized types in the + GenericAlias. They have now been changed to do so. + - webbrowser: Ignore NotADirectoryError when calling + xdg-settings. + - binhex.binhex() consisently writes macOS 9 line endings. + - Fix a stack overflow error for asyncio Task or Future repr(). + - The overflow occurs under some circumstances when a Task or + Future recursively returns itself. + - Fix memory leak in subprocess.Popen() in case an uid (gid) + specified in user (group, extra_groups) overflows uid_t + (gid_t). + - Improve asyncio.wait function to create the futures set just + one time. + - InvalidFileException and RecursionError are now the only + errors caused by loading malformed binary Plist file + (previously ValueError and TypeError could be raised in some + specific cases). + - Pickling heap types implemented in C with protocols 0 and + 1 raises now an error instead of producing incorrect data. + - plistlib: fix parsing XML plists with hexadecimal integer + values + - Fix an incorrectly formatted error from + _codecs.charmap_decode() when called with a mapped value + outside the range of valid Unicode code points. PR by Max + Bernstein. + - Fix pickling pure Python datetime.time subclasses. Patch by + Dean Inwood. + - Fixed a bug that was causing ctypes.util.find_library() to + return None when triying to locate a library in an + environment when gcc>=9 is available and ldconfig is not. + Patch by Pablo Galindo + - C14N 2.0 serialisation in xml.etree.ElementTree failed for + unprefixed attributes when a default namespace was defined. + - Fix a bug in the symtable module that was causing + module-scope global variables to not be reported as both + local and global. Patch by Pablo Galindo. + - str() for the type attribute of the tkinter.Event object + always returns now the numeric code returned by Tk instead of + the name of the event type. + - fix tkinter.EventType Enum so all members are strings, and + none are tuples + - Fix SQLite3 segfault when backing up closed database. Patch + contributed by Peter David McCormick. + - Fix the tarfile module to write only basename of TAR file to + GZIP compression header. + - Allow ctypes.wintypes to be imported on non-Windows systems. + - shutil.which() now ignores empty entries in PATHEXT instead + of treating them as a match. + - Fix time-of-check/time-of-action issue in + subprocess.Popen.send_signal. + - Fix --outfile for cProfile / profile not writing the output + file in the original directory when the program being + profiled changes the working directory. PR by Anthony + Sottile. + - ZipFile truncates files to avoid corruption when a shorter + comment is provided in append (“a”) mode. Patch by Jan Mazur. + - Fixed KeyError exception when flattening an email to a string + attempts to replace a non-existent Content-Transfer-Encoding + header. + Documentation + - Fix the URL for the IMAP protocol documents. + - Document __format__ functionality for IP addresses. + - Clarify that subscription expressions are also valid for + certain classes and types in the standard library, and for + user-defined classes and types if the classmethod + __class_getitem__() is provided. + - Documented generic alias type and types.GenericAlias. Also + added an entry in glossary for generic types. + - In Programming FAQ “Sequences (Tuples/Lists)” section, add + “How do you remove multiple items from a list”. + - Fix RemovedInSphinx40Warning when building the documentation. + Patch by Dong-hee Na. + - Update the refcounts info of PyType_FromModuleAndSpec. + - Fix tarfile’s extractfile documentation + - Document some restrictions on the default string + representations of numeric classes. + Tests + - Reenable test_gdb on gdb 9.2 and newer: + https://bugzilla.redhat.com/show_bug.cgi?id=1866884 bug is + fixed in gdb 10.1. + - Fix test_asyncio.test_call_later() race condition: don’t + measure asyncio performance in the call_later() unit test. + The test failed randomly on the CI. + - Include _testinternalcapi module in Windows installer for + test suite + - Fix test_logging.test_race_between_set_target_and_flush(): + the test now waits until all threads complete to avoid + leaking running threads. + - Avoid a test failure in test_lib2to3 if the module has + already imported at the time the test executes. Patch by + Pablo Galindo. + - Tests for CJK codecs no longer call eval() on content + received via HTTP. + - Fix test_site.test_license_exists_at_url(): call + urllib.request.urlcleanup() to reset the global + urllib.request._opener. Patch by Victor Stinner. + - test_ssl: skip test_min_max_version_mismatch when TLS 1.0 is + not available + - Add tests for SIGINT handling in the runpy module. + - Fixed a failure in test_tk.test_widgets.ScaleTest happening + when executing the test with Tk 8.6.10. + Build + - Fix a race condition in “make regen-all” when make -jN option + is used to run jobs in parallel. The clinic.py script now + only use atomic write to write files. Moveover, generated + files are now left unchanged if the content does not change, + to not change the file modification time. + - Update Py_UNREACHABLE to use __builtin_unreachable() if only + the compiler is able to use it. Patch by Dong-hee Na. + - Addressed three compiler warnings found by undefined behavior + sanitizer (ubsan). + IDLE + - Fix reporting offset of the RE error in searchengine. + - Get docstrings for IDLE calltips more often by using + inspect.getdoc. + - Mostly finish using ttk widgets, mainly for editor, settings, + and searches. Some patches by Mark Roseman. + - Use ‘IDLE Shell’ as shell title + - Rewrite the Calltips doc section. + - In calltips, stop reminding that ‘/’ marks the end of + positional-only arguments. + - Typing opening and closing parentheses inside the parentheses + of a function call will no longer cause unnecessary + “flashing” off and on of an existing open call-tip, e.g. when + typed in a string literal. + C API + - Fix potential crash in deallocating method objects when + dynamically allocated PyMethodDef’s lifetime is managed + through the self argument of a PyCFunction. + - Py_FileSystemDefaultEncodeErrors and Py_UTF8Mode are + available again in limited API. +- Readjustet and reapplied patches: + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + - bpo-31046_ensurepip_honours_prefix.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - skip_random_failing_tests.patch + - sphinx-update-removed-function.patch + +------------------------------------------------------------------- +Fri Jan 29 17:22:48 UTC 2021 - Matej Cepl + +- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing + bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in + _ctypes/callproc.c, which may lead to remote code execution. + +------------------------------------------------------------------- +Tue Jan 5 09:15:36 UTC 2021 - Matej Cepl + +- (bsc#1180125) We really don't Require python-rpm-macros package. + Unnecessary dependency. + +------------------------------------------------------------------- +Wed Dec 16 16:08:42 UTC 2020 - Matej Cepl + +- Make python39-doc building again +- Add no-skipif-doctests.patch, because SLE-15 version of Sphinx + doesn't know about skipif directive in doctests. + +------------------------------------------------------------------- +Sat Dec 12 14:29:33 UTC 2020 - Matej Cepl + +- Update sphinx-update-removed-function.patch patch to the latest + version in python36. + +------------------------------------------------------------------- +Thu Dec 10 00:26:51 UTC 2020 - Benjamin Greiner + +- Last try before this results in an editwar: + * remove importlib_resources and importlib-metadata + provides/obsoletes + * import importlib_resources is not the same as + import importlib.resources, same for metadata + * The backport packages from PyPI needed for older flavors are + specified as such for setuptools or in pyproject.toml. If a + package requires them they typically add them with a python + version qualifier and the packages have their own version + numbers. + +------------------------------------------------------------------- +Sat Dec 5 16:55:12 UTC 2020 - Matej Cepl + +- Add patch sphinx-update-removed-function.patch to no longer call + a now removed function and to make documentation build independent of + the Sphinx version (bsc#1179630, gh#python/cpython#13236). + +------------------------------------------------------------------- +Fri Nov 13 17:20:08 UTC 2020 - Matej Cepl + +- Don't require packages which break build on SLE-15 although we really + don't need them (python3-python-docs-theme and + python3-sphinxcontrib-qthelp). + +------------------------------------------------------------------- +Fri Oct 9 16:05:50 UTC 2020 - Dominique Leuenberger + +- Fix build with RPM 4.16: error: bare words are no longer + supported, please use "...": x86 == ppc. + +------------------------------------------------------------------- +Tue Oct 6 07:30:56 UTC 2020 - Matej Cepl + +- Update to the final version 3.9.0: + Complete changelog with all (many) + changes from previous version is on + https://docs.python.org/release/3.9.0/whatsnew/3.9.html + Changes from the previous RC versions (not that many) are on + https://docs.python.org/release/3.9.0/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Fri Sep 25 06:58:03 UTC 2020 - Dominique Leuenberger + +- Buildrequire timezone only for general flavor. It's used in this + flavor for the test suite. + +------------------------------------------------------------------- +Wed Sep 2 14:39:44 UTC 2020 - Matej Cepl + +- Update to 3.9.0rc1: + * Core and Builtins + - bpo-38156: Handle interrupts that come after EOF + correctly in PyOS_StdioReadline. + * Library + - bpo-41497: Fix potential UnicodeDecodeError in dis + module. + - bpo-41490: Update ensurepip to install pip 20.2.1 and + setuptools 49.2.1. + - bpo-41467: On Windows, fix asyncio recv_into() return + value when the socket/pipe is closed (BrokenPipeError): + return 0 rather than an empty byte string (b''). + - bpo-41425: Make tkinter doc example runnable. + - bpo-41384: Raise TclError instead of TypeError when an + unknown option is passed to tkinter.OptionMenu. + - bpo-38731: Fix NameError in command-line interface of + py_compile. + - bpo-41317: Use add_done_callback() in + asyncio.loop.sock_accept() to unsubscribe reader early on + cancellation. + - bpo-41364: Reduce import overhead of uuid. + - bpo-41341: Recursive evaluation of typing.ForwardRef in + get_type_hints. + - bpo-41182: selector: use DefaultSelector based upon + implementation + - bpo-40726: Handle cases where the end_lineno is None on + ast.increment_lineno(). + * Documentation + - bpo-41045: Add documentation for debug feature of + f-strings. + - bpo-41314: Changed the release when from __future__ + import annotations becomes the default from 4.0 to 3.10 + (following a change in PEP 563). + * Windows + - bpo-41492: Fixes the description that appears in UAC + prompts. + - bpo-40948: Improve post-install message to direct people + to the “py” command. + - bpo-41412: The installer will now fail to install on + Windows 7 and Windows 8. Further, the UCRT dependency is + now always downloaded on demand. + - bpo-40741: Update Windows release to include SQLite + 3.32.3. + * IDLE + - bpo-41468: Improve IDLE run crash error message (which + users should never see). + - bpo-41373: Save files loaded with no line ending, as when + blank, or different line endings, by setting its line + ending to the system default. Fix regression in 3.8.4 and + 3.9.0b4. + +------------------------------------------------------------------- +Tue Sep 1 10:15:06 UTC 2020 - Matej Cepl + +- Synchronize formatting and fixes with python38. + +------------------------------------------------------------------- +Thu Aug 20 15:41:28 UTC 2020 - Andreas Schwab + +- Increase testsuite timeout to account for super long running + test_peg_generator + +------------------------------------------------------------------- +Tue Jul 21 09:53:06 UTC 2020 - Callum Farmer + +- Removed CVE-2019-20907_tarfile-inf-loop.patch: fixed in upstream +- Removed recursion.tar: contained in upstream +- Update to 3.9.0b5: + - bpo-41304: Fixes python3x._pth being ignored on Windows, caused + by the fix for bpo-29778 (CVE-2020-15801). + - bpo-41162: Audit hooks are now cleared later during + finalization to avoid missing events. + - bpo-29778: Ensure python3.dll is loaded from correct locations + when Python is embedded (CVE-2020-15523). + - bpo-39603: Prevent http header injection by rejecting control + characters in http.client.putrequest(…). + - bpo-41295: Resolve a regression in CPython 3.8.4 where defining + “__setattr__” in a multi-inheritance setup and + calling up the hierarchy chain could fail if builtins/extension + types were involved in the base types. + - bpo-41247: Always cache the running loop holder when running + asyncio.set_running_loop. + - bpo-41252: Fix incorrect refcounting in + _ssl.c’s _servername_callback(). + - bpo-41215: Use non-NULL default values in the PEG parser + keyword list to overcome a bug that was ' + preventing Python from being properly compiled when using the + XLC compiler. Patch by Pablo Galindo. + - bpo-41218: Python 3.8.3 had a regression where compiling with + ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would + aggressively mark list comprehension with CO_COROUTINE. Now only + list comprehension making use of async/await will tagged as so. + - bpo-41175: Guard against a NULL pointer dereference within + bytearrayobject triggered by the bytearray() + bytearray() operation. + - bpo-39960: The “hackcheck” that prevents sneaking around a type’s + __setattr__() by calling the superclass method was + rewritten to allow C implemented heap types. + - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the + C implementation raises now UnpicklingError instead of crashing. + - bpo-39017: Avoid infinite loop when reading specially crafted + TAR files using the tarfile module (CVE-2019-20907, bsc#1174091). + - bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params(). + - bpo-41207: In distutils.spawn, restore expectation that + DistutilsExecError is raised when the command is not found. + - bpo-39168: Remove the __new__ method of typing.Generic. + - bpo-41194: Fix a crash in the _ast module: it can no longer be + loaded more than once. It now uses a global state rather than a module state. + - bpo-39384: Fixed email.contentmanager to allow set_content() to set a + null string. + - bpo-41300: Save files with non-ascii chars. + Fix regression released in 3.9.0b4 and 3.8.4. + - bpo-37765: Add keywords to module name completion list. + Rewrite Completions section of IDLE doc. + - bpo-40170: Revert PyType_HasFeature() change: it reads + again directly the PyTypeObject.tp_flags + member when the limited C API is not used, rather than always calling + PyType_GetFlags() which hides implementation details. + +------------------------------------------------------------------- +Mon Jul 20 12:06:41 UTC 2020 - Matej Cepl + +- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 + (CVE-2019-20907, bpo#39017) avoiding possible infinite loop + in specifically crafted tarball. + Add recursion.tar as a testing tarball for the patch. + +------------------------------------------------------------------- +Fri Jul 17 07:07:19 UTC 2020 - Callum Farmer + +- Changed bpo-31046_ensurepip_honours_prefix.patch to include fix from py3.8 + +------------------------------------------------------------------- +Thu Jul 16 21:45:50 UTC 2020 - Callum Farmer + +- Spec file fixes +- Re-added subprocess-raise-timeout.patch: now compatible +- Removed bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch: contained in upstream + +------------------------------------------------------------------- +Wed Jul 15 09:10:42 UTC 2020 - Tomáš Chvátal + +- Fix minor issues found in the staging. + +------------------------------------------------------------------- +Wed Jul 15 06:13:33 UTC 2020 - Tomáš Chvátal + +- Do not set ourselves as primary interpreter + +------------------------------------------------------------------- +Tue Jul 14 20:45:11 UTC 2020 - Matej Cepl + +- Update to 3.9.0b4: + - PEP 584, Union Operators in dict + - PEP 585, Type Hinting Generics In Standard Collections + - PEP 593, Flexible function and variable annotations + - PEP 602, Python adopts a stable annual release cadence + - PEP 615, Support for the IANA Time Zone Database in the + Standard Library + - PEP 616, String methods to remove prefixes and suffixes + - PEP 617, New PEG parser for CPython + - bpo#38379, garbage collection does not block on resurrected + objects; + - bpo#38692, os.pidfd_open added that allows process + management without races and signals; + - bpo#39926, Unicode support updated to version 13.0.0; + - bpo#1635741, when Python is initialized multiple times in + the same process, it does not leak memory anymore; + - A number of Python builtins (range, tuple, set, frozenset, + list, dict) are now sped up using PEP 590 vectorcall; + - A number of Python modules (_abc, audioop, _bz2, _codecs, + _contextvars, _crypt, _functools, _json, _locale, operator, + resource, time, _weakref) now use multiphase initialization + as defined by PEP 489; + - A number of standard library modules (audioop, ast, grp, + _hashlib, pwd, _posixsubprocess, random, select, struct, + termios, zlib) are now using the stable ABI defined by + PEP 384. +- Remove upstreamed patches: + - F00102-lib64.patch + - SUSE-FEDORA-multilib.patch + - OBS_dev-shm.patch + - subprocess-raise-timeout.patch + - bpo36302-sort-module-sources.patch + - bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Fri Jul 10 10:55:15 UTC 2020 - Tomáš Chvátal + +- Update pre_checkin.sh and regenerate + +------------------------------------------------------------------- +Fri Jul 10 10:11:39 UTC 2020 - Tomáš Chvátal + +- Convert few dependencies to their pkgconfig counterparts + +------------------------------------------------------------------- +Fri Jul 10 10:08:48 UTC 2020 - Tomáš Chvátal + +- Remove release requirement on libpython, it is not really needed + to be equal as the abi changes with versions + +------------------------------------------------------------------- +Fri Jul 10 10:07:50 UTC 2020 - Tomáš Chvátal + +- Add provides python3-bla on all the subpkgs in case we are + primary provider of the functionality + +------------------------------------------------------------------- +Fri Jul 10 10:02:01 UTC 2020 - Tomáš Chvátal + +- Remove unversioned files from devel subpkg too +- Remove main python3 files from -base based whether we are + primary interpreter or not +- Fix idle to be co-installable +- Add condition to be primary to provide/obsolete python3-* +- Fix doc to build in versioned folder so the pythons can be + installed next to each other + +------------------------------------------------------------------- +Fri Jul 10 07:57:10 UTC 2020 - Tomáš Chvátal + +- Revert the full versioning of calls on the macros. These + are generic so they should really just call python3 X + +------------------------------------------------------------------- +Fri Jul 10 07:56:11 UTC 2020 - Tomáš Chvátal + +- For the doc package we can build with generic flavor, we don't + need the our-interpreter based one + +------------------------------------------------------------------- +Fri Jul 10 07:18:53 UTC 2020 - Tomáš Chvátal + +- Add provides for pytohn3X-typing/etc to allow BR on those still + to work when needed + +------------------------------------------------------------------- +Fri Jul 10 07:14:33 UTC 2020 - Tomáš Chvátal + +- Change macros.python3 to use full versioned 3.8 instead of just 3 + for python interpreter + +------------------------------------------------------------------- +Wed Jul 1 11:50:19 UTC 2020 - Tomáš Chvátal + +- Reduce some now unused conditionals + +------------------------------------------------------------------- +Wed Jul 1 11:00:40 UTC 2020 - Tomáš Chvátal + +- Redux the -base dependencies to match up pre-merge layout + +------------------------------------------------------------------- +Wed Jul 1 09:24:39 UTC 2020 - Tomáš Chvátal + +- Generate baselibs in pre-checkin too + +------------------------------------------------------------------- +Wed Jul 1 09:14:33 UTC 2020 - Tomáš Chvátal + +- Generate the importlib-failed using pre_checking again +- Add back the information about skipped tests on the pre_checkin + output + +------------------------------------------------------------------- +Tue Jun 30 07:11:19 UTC 2020 - Tomáš Chvátal + +- Use %python_pkg_name instead of hardcoding python3 where + applicable +- Sort out preamble with spec-cleaner + +------------------------------------------------------------------- +Mon Jun 29 14:36:10 UTC 2020 - Matej Cepl + +- Calculate required variables instead of relying on their continuous manual update + +------------------------------------------------------------------- +Thu Jun 25 10:44:08 UTC 2020 - Tomáš Chvátal + +- Fix the -base module build again to generate only the deps + we need + +------------------------------------------------------------------- +Wed Jun 17 18:42:51 UTC 2020 - Matej Cepl + +- Replace OBS_dev-shm.patch with the upstream PR#20944 + +------------------------------------------------------------------- +Thu Jun 10 14:30:15 UTC 2020 - Tomáš Chvátal + +- Use the %{python_pkg_name} on more places to allow easier + multiversioning +- Switch to _multibuild approach for easier maintenance of this + package. All is now in one spec file with 3 conditionals: + * bcond_with base + * bcond_with doc + * bcond_with general + +------------------------------------------------------------------- +Mon Jun 8 14:26:00 UTC 2020 - Matej Cepl + +- add requires python3-base on libpython subpackage (bsc#1167008) + +------------------------------------------------------------------- +Fri Jun 5 06:08:12 UTC 2020 - Dirk Mueller + +- build against Sphinx 2.x until python is compatible with + Sphinx 3.x (see gh#python/cpython#19397, bpo#40204) + +------------------------------------------------------------------- +Fri May 29 19:59:01 UTC 2020 - Andreas Stieger + +- Fix build with SQLite 3.32 (bpo#40783) + add bpo40784-Fix-sqlite3-deterministic-test.patch + +------------------------------------------------------------------- +Sun May 17 15:37:35 UTC 2020 - Callum Farmer + +- Update to version 3.8.3: + - Complete list of changes is available at + https://docs.python.org/release/3.8.3/whatsnew/changelog.html#python-3-8-3-final, + but most of them are just bugfixes. + - Removed patch CVE-2020-8492-urllib-ReDoS.patch: contained in upstream + +------------------------------------------------------------------- +Thu Apr 16 12:06:01 UTC 2020 - Matej Cepl + +- Add #!BuildIgnore: gdk-pixbuf-loader-rsvg to python3 SPEC + +------------------------------------------------------------------- +Thu Mar 26 15:36:55 UTC 2020 - Matej Cepl + +- Add patch bsc1167501-invalid-alignment.patch + (bsc#1167501, bpo#40052) to fix alignment in abstract.h header file. + +------------------------------------------------------------------- +Wed Mar 11 11:09:41 UTC 2020 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build, test_setegid + (test.test_os.PosixUidGidTests) is confusing it + +------------------------------------------------------------------- +Thu Mar 5 18:40:29 UTC 2020 - Matej Cepl + +- Update to 3.8.2: + - Complete list of changes is available at + https://docs.python.org/release/3.8.2/whatsnew/changelog.html#python-3-8-2-final, + but most of them are just bugfixes. + - Updated patches: + - F00102-lib64.patch + - OBS_dev-shm.patch + - SUSE-FEDORA-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Sun Feb 9 00:14:24 CET 2020 - Matej Cepl + +- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug + "Python urrlib allowed an HTTP server to conduct Regular + Expression Denial of Service (ReDoS)" (bsc#1162367) + +------------------------------------------------------------------- +Sat Feb 8 22:21:10 CET 2020 - Matej Cepl + +- Add Requires: libpython%{so_version} == %{version}-%{release} + to python3-base to keep both packages always synchronized + (bsc#1162224). + +------------------------------------------------------------------- +Mon Feb 3 20:27:54 UTC 2020 - Tomáš Chvátal + +- Do not pull in bluez in base again, explain the cycle, + it needs to be solved by bluez maintainer for us by providing + just the headers separately + +------------------------------------------------------------------- +Mon Feb 3 19:54:25 UTC 2020 - Tomáš Chvátal + +- Reame idle icons to idle3 in order to not conflict with python2 + variant of the package + * renamed the icons + * renamed icon load in desktop file + +------------------------------------------------------------------- +Thu Jan 16 09:50:03 UTC 2020 - Tomáš Chvátal + +- Add importlib_resources provide/obsolete as it is integral + part of the lang since 3.7 release + +------------------------------------------------------------------- +Mon Jan 13 11:10:47 UTC 2020 - Martin Liška + +- Add -fno-semantic-interposition as it brings speed up: + https://fedoraproject.org/wiki/Changes/PythonNoSemanticInterpositionSpeedup + +------------------------------------------------------------------- +Thu Dec 19 16:25:26 CET 2019 - Matej Cepl + +- Update to 3.8.1: + - This is mainly bugfix release and no significant changes to + API are expected. The full changelog is available on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-1 + - Remove bpo-38688_shutil.copytree_prevent-infinite-recursion.patch, + which is included in the upstream tarball. + +------------------------------------------------------------------- +Thu Dec 19 14:57:32 CET 2019 - Matej Cepl + +- Add bpo-31046_ensurepip_honours_prefix.patch which makes + ensurepip to honour the value of $(prefix). Proposed fix for + bpo#31046.. + +------------------------------------------------------------------- +Tue Dec 10 11:07:16 UTC 2019 - Tomáš Chvátal + +- Move bluez-devel dependency to base as it is needed for + socket.AF_BLUETOOTH and otherwise does not work + +------------------------------------------------------------------- +Mon Dec 2 16:52:32 CET 2019 - Matej Cepl + +- Reintroduce QtHelp with the help of the new BR + python-sphinxcontrib-qthelp. + +------------------------------------------------------------------- +Mon Oct 21 18:51:00 UTC 2019 - Stefan Brüns + +- Fix SUSE-FEDORA-multilib.patch, the platform agnostic infix for + library installation is "lib", not "dir". + +------------------------------------------------------------------- +Thu Oct 17 14:19:20 UTC 2019 - Stefan Brüns + +- Move idle subpackage build from python3-base to python3. + appstream-glib required for packaging introduces considerable + extra dependencies and a build loop via rust/librsvg. +- Correct installation of idle IDE icons: + + idle.png is not the target directory + + non-GNOME-specific icons belong into icons/hicolor +- Add required Name key to idle3 desktop file + +------------------------------------------------------------------- +Tue Oct 15 16:39:12 CEST 2019 - Matej Cepl + +- Update to the final release 3.8.0. . + - New Features: + - Assignment expressions + - Positional-only parameters + - Parallel filesystem cache for compiled bytecode files + - Debug build uses the same ABI as release build + - f-strings support = for self-documenting expressions and + debugging + - PEP 578: Python Runtime Audit Hooks + - PEP 587: Python Initialization Configuration + - Vectorcall: a fast calling protocol for CPython + - Pickle protocol 5 with out-of-band data buffers + - New modules: + - importlib.metadata + - Improved modules: + - ast asyncio, builtins, collections, curses, ctypes, + datetime, functools, gc, gettext, gzip, idelib and IDLE, + inspect, io, json.tool, math, mmap, multiprocessing, os, + os.path, pathlib, pickle, plistlib, py_compile, shlex, + shutil, socket, ssl, statistics, sys, tarfile, threading, + tokenize, tkinter, time, typing, unicodedata, unittest, + venv, weakref, xml + - C API improvements + - bdist_winnst command has been deprecated (use bdist_wheel) +- https://docs.python.org/3.8/whatsnew/3.8.html remains rest of + changes including documentation on how to port your programs to + the current version of Python. + +------------------------------------------------------------------- +Mon Oct 14 15:02:08 CEST 2019 - Matej Cepl + +- Add idle3.appdata.xml and idle3.desktop (originally from + Fedora) to make Idle3 full GUI desktop application. + (bsc#1153830) + +------------------------------------------------------------------- +Wed Oct 9 19:09:16 UTC 2019 - Michael Gorse + +- Drop intltool from BuildRequires. Doesn't appear to be used. + +------------------------------------------------------------------- +Wed Oct 9 10:37:59 UTC 2019 - Tomáš Chvátal + +- Add folder version to allow tarball downloads even for beta/rc + releases + +------------------------------------------------------------------- +Tue Oct 8 14:53:54 CEST 2019 - Matej Cepl + +- Revert patches from Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch) into their original + prisitine Fedora versions, SUSE-FEDORA-multilib.patch refreshed + accordingly. + +------------------------------------------------------------------- +Mon Oct 7 14:33:30 UTC 2019 - Matej Cepl + +- Correct quotation of platsubdir in Lib/distutils/command/install.py + +------------------------------------------------------------------- +Thu Oct 3 13:59:57 CEST 2019 - Matej Cepl + +- Replace python-3.6.0-multilib.patch with two patches from + Fedora (F00102-lib64.patch and + F00251-change-user-install-location.patch), and our own + SUSE-FEDORA-multilib.patch to allow better cooperation with + Fedora and better upstreaming. +- Add OBS_dev-shm.patch fixing bpo#38377 + +------------------------------------------------------------------- +Thu Oct 3 08:39:18 UTC 2019 - Tomáš Chvátal + +- Pull in just gettext and let solver to sort out between: + gettext-runtime-mini and gettext-runtime + +------------------------------------------------------------------- +Wed Oct 2 15:00:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0rc1. Overall changes from 3.7: + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved + embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds, also the 'm' ABI + tag was removed (irrelevant since 3.4), bpo#36707 + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - on Windows, the default asyncio event loop is now + ProactorEventLoop + - on macOS, the spawn start method is now used by default in + multiprocessing + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Refreshed patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Wed Sep 25 09:46:41 UTC 2019 - Bernhard Wiedemann + +- Add bpo36302-sort-module-sources.patch (boo#1041090) + +------------------------------------------------------------------- +Tue Sep 10 13:43:18 UTC 2019 - Tomáš Chvátal + +- Try harder obsoleting importlib-metadata + +------------------------------------------------------------------- +Sat Aug 31 00:16:47 CEST 2019 - Matej Cepl + +- Update to 3.8.0b4: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-4 + +------------------------------------------------------------------- +Thu Aug 29 06:28:15 UTC 2019 - Guillaume GARDET + +- Re-enable test_threading on aarch64 + +------------------------------------------------------------------- +Sat Aug 17 13:21:15 UTC 2019 - John Vandenberg + +- Remove xrpm from subpackage tk description + +------------------------------------------------------------------- +Tue Aug 6 14:24:55 CEST 2019 - Matej Cepl + +- Update to 3.8.0b3: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-3 +- Patches reapplied: + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.3.0b1-test-posix_fadvise.patch + - python-3.6.0-multilib.patch + - subprocess-raise-timeout.patch + +------------------------------------------------------------------- +Tue Jul 23 13:20:49 UTC 2019 - Matej Cepl + +- Add Provides: python3-importlib-metadata + +------------------------------------------------------------------- +Sun Jul 7 19:08:48 CEST 2019 - Matej Cepl + +- Update to 3.8.0b2: + Many bugfixes, full list on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-beta-2 +- Patches included in upstream: + - bpo-37169_PyObject_IsFreed.patch +- Patches reapplied: + - 00251-change-user-install-location.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-localpath.patch + - python-3.6.0-multilib.patch + +------------------------------------------------------------------- +Tue Jul 2 09:03:04 UTC 2019 - Andreas Schwab + +- Update list of skipped tests for qemu linux-user build +- Don't do profiling in qemu linux-user build + +------------------------------------------------------------------- +Wed Jun 5 12:19:09 CEST 2019 - Matej Cepl + +- Update to 3.8.0b1 (changes since 3.7.*): + - PEP 572, Assignment expressions + - PEP 570, Positional-only arguments + - PEP 587, Python Initialization Configuration (improved embedding) + - PEP 590, Vectorcall: a fast calling protocol for CPython + - PEP 578, Runtime audit hooks + - PEP 574, Pickle protocol 5 with out-of-band data + - Typing-related: PEP 591 (Final qualifier), PEP 586 (Literal + types), and PEP 589 (TypedDict) + - Parallel filesystem cache for compiled bytecode + - Debug builds share ABI as release builds + - f-strings support a handy = specifier for debugging + - continue is now legal in finally: blocks + - multiprocessing can now use shared memory segments to avoid + pickling costs between processes + - typed_ast is merged back to CPython + - LOAD_GLOBAL is now 40% faster + - pickle now uses Protocol 4 by default, improving performance +- Remove patches which were included in the upstream: + - 00251-change-user-install-location.patch + - 00316-mark-bdist_wininst-unsupported.patch + - CVE-2019-9947-no-ctrl-char-http.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed May 22 10:53:03 UTC 2019 - Martin Liška + +- Set _lto_cflags to nil as the package is using LTO via --enable-lto. + That will prevent to propage LTO for Python modules that are + built in a separate package. + +------------------------------------------------------------------- +Sat May 4 21:29:20 CEST 2019 - Matej Cepl + +- Update to 3.8.0.a3: + - PEP 572: Assignment Expressions. + - Other (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-3 + +------------------------------------------------------------------- +Mon Apr 29 15:40:34 CEST 2019 - Matej Cepl + +- bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch + Address the issue by disallowing URL paths with embedded + whitespace or control characters through into the underlying + http client request. Such potentially malicious header + injection URLs now cause a ValueError to be raised. + +------------------------------------------------------------------- +Wed Apr 10 10:22:58 CEST 2019 - Matej Cepl + +- Fix metadata of patches. +- Rename boo1071941-make-install-in-sep-loc.patch to + 00251-change-user-install-location.patch which is the original + name, so it can be looked up in the Fedora VCS. + +------------------------------------------------------------------- +Tue Apr 9 04:55:24 UTC 2019 - John Vandenberg + +- Mark distutils bdist_wininst command unsupported + with 00316-mark-bdist_wininst-unsupported.patch +- Remove Windows bdist_wininst executables from runtime package + +------------------------------------------------------------------- +Tue Apr 9 01:21:45 CEST 2019 - Matej Cepl + +- Update to 3.7.3, which is the maintenance release without any + significant changes in API. + - Updated patches: + - CVE-2019-5010-null-defer-x509-cert-DOS.patch + - distutils-reproducible-compile.patch + - python-3.3.0b1-fix_date_time_compiler.patch + - python-3.6.0-multilib.patch + - raise_SIGING_not_handled.patch + +------------------------------------------------------------------ +Wed Mar 20 14:59:58 UTC 2019 - Matěj Cepl + +- Remove building of Qt Develop help files. + +------------------------------------------------------------------- +Fri Mar 15 15:10:30 CET 2019 - Matej Cepl + +- Return distutils-reproducible-compile.patch which is still + missing (still unfinished bpo#29708). + +------------------------------------------------------------------- +Mon Feb 25 23:30:56 CET 2019 - Matej Cepl + +- Update to 3.8.0a2: + * List of all (mostly small) changes are on + https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-0-alpha-2 + +------------------------------------------------------------------- +Tue Feb 12 10:25:52 CET 2019 - Matej Cepl + +- Build nis module again. + +------------------------------------------------------------------- +Tue Feb 12 10:06:17 CET 2019 - Matej Cepl + +- Update to 3.8.0a1: + * The most visible change so far is probably the + implementation of PEP 572: Assignment Expressions. For + a detailed list of changes, see: + https://docs.python.org/3.8/whatsnew/changelog.html + * Recover building of nis module properly in python3 package +- Update patches: + * CVE-2019-5010-null-defer-x509-cert-DOS.patch + * python-3.3.0b1-fix_date_time_compiler.patch + * python-3.3.0b1-test-posix_fadvise.patch + * python-3.6.0-multilib.patch + * raise_SIGING_not_handled.patch + +------------------------------------------------------------------- +Wed Jan 30 18:07:49 CET 2019 - mcepl@suse.com + +- Put LICENSE file where it belongs (bsc#1121852) + +------------------------------------------------------------------- +Sat Jan 19 16:19:38 CET 2019 - mcepl@suse.com + +- bsc#1122191: add CVE-2019-5010-null-defer-x509-cert-DOS.patch + fixing bpo-35746. + An exploitable denial-of-service vulnerability exists in the + X509 certificate parser of Python.org Python 2.7.11 / 3.7.2. + A specially crafted X509 certificate can cause a NULL pointer + dereference, resulting in a denial of service. An attacker can + initiate or accept TLS connections using crafted certificates + to trigger this vulnerability. + +------------------------------------------------------------------- +Tue Jan 8 12:51:01 UTC 2019 - Tomáš Chvátal + +- Do not require full gettext in order to avoid pulling in the + glib2 as a dependency + +------------------------------------------------------------------- +Tue Jan 8 12:25:27 UTC 2019 - Tomáš Chvátal + +- Update to 3.7.2: + * bugfix release: + https://docs.python.org/3.7/whatsnew/changelog.html#changelog + +------------------------------------------------------------------- +Wed Jan 2 12:51:48 CET 2019 - mcepl@suse.com + +- Stop applying python-3.6.0-multilib-new.patch (which is still + WIP), and apply the old proven python-3.6.0-multilib.patch + instead. + +------------------------------------------------------------------- +Wed Dec 19 19:29:44 UTC 2018 - Todd R + +- Use upstream-recommended %{_rpmconfigdir}/macros.d directory + for the rpm macros. + +------------------------------------------------------------------- +Mon Dec 17 17:24:49 CET 2018 - mcepl@suse.com + +- Upgrade to 3.7.2rc1: + * bugfix release, for the full list of all changes see + https://docs.python.org/3.7/whatsnew/changelog.html#changelog +- Make run of the test suite more verbose + +------------------------------------------------------------------- +Tue Dec 11 01:52:45 UTC 2018 - Jan Engelhardt + +- Write summaries without em dashes. + +------------------------------------------------------------------- +Mon Dec 3 13:27:54 UTC 2018 - Matěj Cepl + +- Remove python-3.3.0b1-curses-panel.patch it is unnecessary anymore. +- Add boo1071941-make-install-in-sep-loc.patch to make pip and + distutils in user environment install into separate location + (boo#1071941) + + Set values of prefix and exec_prefix in distutils install + command to /usr/local if executable is /usr/bin/python* and RPM + build is not detected to make pip and distutils install into + separate location +- Remove finally python-3.3.3-skip-distutils-test_sysconfig_module.patch +- Remove distutils-reproducible-compile.patch which doesn't make + really much difference in reproducibility (see + gh#python/cpython#8057 and discussion there). + +------------------------------------------------------------------- +Sat Dec 1 00:14:28 CET 2018 - mcepl@suse.com + +- Rename Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + to bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + +------------------------------------------------------------------- +Wed Nov 7 12:10:41 CET 2018 - mcepl@suse.com + +- Add dependency on bluez-devel to build support for Bluetooth + (boo#1109998) + +------------------------------------------------------------------- +Tue Nov 6 13:52:45 CET 2018 - mcepl@suse.com + +- Add devhelp subpackage and split qthelp into another + subpackage. + +------------------------------------------------------------------- +Wed Oct 24 12:38:00 UTC 2018 - Matěj Cepl + +- Remove python-3.0b1-record-rpm.patch and + Python-3.0b1-record-rpm.patch, as they are not needed anymore + +------------------------------------------------------------------- +Tue Oct 23 14:14:16 UTC 2018 - Matej Cepl + +- Switch off test_threading for optimization builds. + +------------------------------------------------------------------- +Mon Oct 22 14:41:59 CEST 2018 - mcepl@suse.com + +- Update to python-3.7.1. This is just a brief overview, complete + changelog available at + https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-1-final: + Library + bpo-34970: Protect tasks weak set manipulation in asyncio.all_tasks() +- Patches already accepted upstream are removed: + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + * 00308-tls-1.3.patch +- New patches added: + * Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch + * raise_SIGING_not_handled.patch +- All other patches refreshed via quilt. + +------------------------------------------------------------------- +Mon Oct 22 12:22:19 UTC 2018 - Matej Cepl + +- Add raise_SIGING_not_handled.patch to fix bsc#1094814 + +------------------------------------------------------------------- +Wed Oct 17 14:04:35 UTC 2018 - Tomáš Chvátal + +- Add patch to fix importlib return types: + * python3-imp-returntype.patch + +------------------------------------------------------------------- +Mon Oct 15 13:46:32 CEST 2018 - mcepl@suse.com + +- bpo-34022 still not completely fixed, so we have to keep + excluding test_cmd_line_script, + test_multiprocessing_main_handling, and test_runpy from the + test suite. + +------------------------------------------------------------------- +Sun Oct 14 15:57:24 UTC 2018 - Matej Cepl + +- Update to python 3.7.1~rc2: + Core and Builtins + bpo-34879: Fix a possible null pointer dereference in + bytesobject.c. Patch by Zackery Spytz. + bpo-34854: Fixed a crash in compiling string annotations + containing a lambda with a keyword-only argument that + doesn’t have a default value. + bpo-34320: Fix dict(od) didn’t copy iteration order of + OrderedDict. + Library + bpo-34769: Fix for async generators not finalizing when event + loop is in debug mode and garbage collector runs in another + thread. + bpo-34922: Fixed integer overflow in the digest() and + hexdigest() methods for the SHAKE algorithm in the hashlib + module. + bpo-34900: Fixed unittest.TestCase.debug() when used to call + test methods with subtests. Patch by Bruno Oliveira. + bpo-34871: Fix inspect module polluted sys.modules when parsing + __text_signature__ of callable. + bpo-34872: Fix self-cancellation in C implementation of + asyncio.Task + bpo-34819: Use a monotonic clock to compute timeouts in + Executor.map() and as_completed(), in order to prevent + timeouts from deviating when the system clock is adjusted. + bpo-34334: In QueueHandler, clear exc_text from LogRecord to + prevent traceback from being written twice. + bpo-6721: Acquire the logging module’s commonly used internal + locks while fork()ing to avoid deadlocks in the child + process. + bpo-34172: Fix a reference issue inside multiprocessing.Pool + that caused the pool to remain alive if it was deleted + without being closed or terminated explicitly. + Documentation + bpo-32174: chm document displays non-ASCII charaters properly on + some MBCS Windows systems. + Tests + bpo-32962: Fixed test_gdb when Python is compiled with flags + -mcet -fcf-protection -O0. + C API + bpo-34910: Ensure that PyObject_Print() always returns -1 on + error. Patch by Zackery Spytz. + +------------------------------------------------------------------- +Fri Oct 12 20:46:58 CEST 2018 - mcepl@suse.com + +- Add Stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch to + fix problems with SOURCE_DATE_EPOCH variable (bpo-34022) + +------------------------------------------------------------------- +Mon Sep 17 09:44:02 UTC 2018 - Tomáš Chvátal + +- Add patch to fix build with tls1.3 supported openssl + * 00308-tls-1.3.patch +- Add patch to fix Py_Main calls after Py_initialize + * 00307-allow-to-call-Py_Main-after-Py_Initialize.patch + +------------------------------------------------------------------- +Mon Sep 3 15:22:42 UTC 2018 - Matěj Cepl + +- Add -fwrapv to OPTS, which is default for python3 anyway + See for example https://github.com/zopefoundation/persistent/issues/86 + for bugs which are caused by avoiding it. + +------------------------------------------------------------------- +Tue Jul 10 11:12:32 UTC 2018 - mcepl@suse.com + +- Fix ownership of _contextvars, _queue, and _xxtestfuzz + +------------------------------------------------------------------- +Tue Jul 3 15:04:48 UTC 2018 - mcepl@suse.com + +- Switch off LTO for distros with older GCC +- Fix %files + +------------------------------------------------------------------- +Fri Jun 29 14:20:03 UTC 2018 - tchvatal@suse.com + +- Add dependency over libuuid-devel + +------------------------------------------------------------------- +Thu Jun 28 10:42:15 UTC 2018 - mimi.vx@gmail.com + +- update to python 3.7.0 + Complete overview of changes is available on + https://docs.python.org/3/whatsnew/3.7.html, these are just + highlights: + * PEP 563, postponed evaluation of type annotations. + * async and await are now reserved keywords. + * New library modules: + contextvars: PEP 567 – Context Variables + dataclasses: PEP 557 – Data Classes + importlib.resources + * New built-in features: + PEP 553, the new breakpoint() function. + * Python data model improvements: + PEP 562, customization of access to module attributes. + PEP 560, core support for typing module and generic types. + the insertion-order preservation nature of dict objects + has been declared to be an official part of the Python + language spec. + * Significant improvements in the standard library: + The asyncio module has received new features, significant + usability and performance improvements. + The time module gained support for functions with + nanosecond resolution. + * CPython implementation improvements: + Avoiding the use of ASCII as a default text encoding: + PEP 538, legacy C locale coercion + PEP 540, forced UTF-8 runtime mode + PEP 552, deterministic .pycs + the new development runtime mode + PEP 565, improved DeprecationWarning handling + * C API improvements: + PEP 539, new C API for thread-local storage + * Documentation improvements: + PEP 545, Python documentation translations + New documentation translations: Japanese, French, and Korean. +- drop python3-sorted_tar.patch +- drop 0001-allow-for-reproducible-builds-of-python-packages.patch +- refresh python-3.6.0-multilib-new.patch +- refresh subprocess-raise-timeout.patch + * new C API for thread-local storage + * Deterministic pyc files + * Built-in breakpoint() + * Data Classes + * Core support for typing module and generic types + * Customization of access to module attributes + * Postponed evaluation of annotations + * Time functions with nanosecond resolution + * Improved DeprecationWarning handling + * Context Variables + * Avoiding the use of ASCII as a default text encoding + (PEP 538, legacy C locale coercion and PEP 540, forced UTF-8 runtime mode) + * The insertion-order preservation nature of dict objects is now + an official part of the Python language spec. + * Notable performance improvements in many areas. + +------------------------------------------------------------------- +Thu May 17 18:26:42 UTC 2018 - hpj@urpla.net + +- disable lto with gcc versions below 7 (results in link failures) + +------------------------------------------------------------------- +Mon Apr 30 15:23:24 UTC 2018 - jengelh@inai.de + +- Use faster find subcommand execution strategies. + +------------------------------------------------------------------- +Fri Apr 20 16:17:29 UTC 2018 - tchvatal@suse.com + +- Do not mention the testsuite disabling in opts as it was moved to + main pkg so base is test-free + +------------------------------------------------------------------- +Tue Apr 17 08:36:08 UTC 2018 - tchvatal@suse.com + +- As we run in main python package do not generate the pre_checkin + from both now + +------------------------------------------------------------------- +Mon Apr 16 14:11:56 UTC 2018 - tchvatal@suse.com + +- Move the tests from base to generic package wrt bsc#1088573 + * We still fail the whole distro if python3 is not build + * The other archs than x86_64 took couple of hours to unblock + build of other software, this way we work around the issue +- Some tests are still run in -base for the LTO tweaking, but at + least it is not run twice + +------------------------------------------------------------------- +Sat Mar 31 19:41:12 UTC 2018 - mimi.vx@gmail.com + +- update to 3.6.5 + * bugfix release + * see Misc/NEWS for details +- drop ctypes-pass-by-value.patch +- drop fix-localeconv-encoding-for-LC_NUMERIC.patch +- refresh python-3.6.0-multilib-new.patch + +------------------------------------------------------------------ +Wed Mar 7 09:16:39 UTC 2018 - adam@mizerski.pl + +- Created %so_major and %so_minor macros +- Put Tools/gdb/libpython.py script into proper place and ship it with devel + subpackage. + +------------------------------------------------------------------- +Tue Feb 20 15:04:56 UTC 2018 - schwab@suse.de + +- ctypes-pass-by-value.patch: Fix pass by value for structs on aarch64 + +------------------------------------------------------------------- +Tue Feb 20 14:28:00 UTC 2018 - bwiedemann@suse.com + +- Add python3-sorted_tar.patch (boo#1081750) + +------------------------------------------------------------------- +Tue Feb 20 14:08:57 UTC 2018 - tchvatal@suse.com + +- Drop python3-tk and python3-idle recommends to reduce python3 + always pulling X stack bsc#1081751 + +------------------------------------------------------------------- +Wed Feb 7 09:10:03 UTC 2018 - tchvatal@suse.com + +- Add patch to fix glibc 2.27 fail bsc#1079761: + * fix-localeconv-encoding-for-LC_NUMERIC.patch + +------------------------------------------------------------------- +Mon Feb 5 17:14:43 UTC 2018 - normand@linux.vnet.ibm.com + +- Update skip_random_failing_tests.patch (for PowerPC) + to avoid test_call_later failure + +------------------------------------------------------------------- +Wed Jan 24 14:35:58 UTC 2018 - jmatejek@suse.com + +- move XML modules and python3-xml provide to python3-base + (fixes bsc#1077230) +- move ensurepip to base + +------------------------------------------------------------------- +Thu Jan 18 12:31:47 UTC 2018 - normand@linux.vnet.ibm.com + +- Add skip_random_failing_tests.patch only for PowerPC + +------------------------------------------------------------------- +Wed Jan 3 12:18:51 UTC 2018 - jmatejek@suse.com + +- update to 3.6.4 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed python3-ncurses-6.0-accessors.patch +- drop PYTHONSTARTUP hooks that cause spurious startup errors + * fixes bsc#1070738 + * the relevant feature (REPL history) is now built into Python itself + +------------------------------------------------------------------- +Sat Dec 2 11:11:46 UTC 2017 - dimstar@opensuse.org + +- Install 2to3-%{python_version} executable (override defattr of + the -tools package). 2to3 (unversioned) is a symlink and does not + carry permissions (bsc#1070853). + +------------------------------------------------------------------- +Thu Nov 16 11:02:18 UTC 2017 - mimi.vx@gmail.com + +- move 2to3 to python3-tools package + +------------------------------------------------------------------- +Wed Oct 11 13:15:23 UTC 2017 - jmatejek@suse.com + +- update to 3.6.3 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Wed Sep 20 09:54:05 UTC 2017 - dmueller@suse.com + +- drop python-2.7-libffi-aarch64.patch: this patches the intree + copy of libffi which is unused/deleted in the line afterwards +- fix build against system libffi: include flags weren't set + so it actually used the in-tree libffi headers. + +------------------------------------------------------------------- +Thu Sep 14 13:23:10 UTC 2017 - vcizek@suse.com + +- Fix test broken with OpenSSL 1.1 (bsc#1042670) + * add 0001-3.6-bpo-30714-ALPN-changes-for-OpenSSL-1.1.0f-3093.patch + +------------------------------------------------------------------- +Tue Sep 5 11:47:05 UTC 2017 - jengelh@inai.de + +- Update RPM group for python documentation. + +------------------------------------------------------------------- +Thu Aug 31 08:39:31 UTC 2017 - schwab@suse.de + +- fix missing %{?armsuffix} + +------------------------------------------------------------------- +Wed Aug 30 13:41:38 UTC 2017 - jmatejek@suse.com + +- distutils-reproducible-compile.patch: ensure distutils order files + before compiling, which works around bsc#1049186 + +------------------------------------------------------------------- +Thu Aug 17 08:59:05 CEST 2017 - kukuk@suse.de + +- Add libnsl-devel build requires for glibc obsoleting libnsl + +------------------------------------------------------------------- +Thu Aug 3 16:09:26 UTC 2017 - jmatejek@suse.com + +- update to 3.6.2 + * bugfix release, over a hundred bugs fixed + * see Misc/NEWS for details +- drop upstreamed test-socket-aead-kernel49.patch +- add Provides: python3-typing (fixes bsc#1050653) +- drop duplicate Provides: python3 + +------------------------------------------------------------------- +Mon Jun 26 12:10:07 UTC 2017 - jmatejek@suse.com + +- drop db-devel from requirements + +------------------------------------------------------------------- +Tue Jun 20 09:26:52 UTC 2017 - asn@cryptomilk.org + +- Add missing link to python library in config dir (bsc#1040164) + +------------------------------------------------------------------- +Thu Mar 23 12:42:59 UTC 2017 - jmatejek@suse.com + +- update to 3.6.1 + * bugfix release, over a hundred bugs fixed + * never add import location's parent directory to sys.path + * switch to git for version control, build changes related to that + * fix "failed to get random numbers" on old kernels (bsc#1029902) + * several crashes and memory leaks corrected + * f-string are no longer accepted as docstrings + +------------------------------------------------------------------- +Mon Mar 13 14:04:22 UTC 2017 - jmatejek@suse.com + +- prevent regenerating AST at build-time more robustly +- add "--without profileopt" and "--without testsuite" options to python3-base + to allow short circuiting when working on the package + +------------------------------------------------------------------- +Sat Feb 25 20:55:57 UTC 2017 - bwiedemann@suse.com + +- Add 0001-allow-for-reproducible-builds-of-python-packages.patch + upstream https://github.com/python/cpython/pull/296 + +------------------------------------------------------------------- +Wed Feb 8 12:30:20 UTC 2017 - jmatejek@suse.com + +- reenable test_socket with AEAD patch (test-socket-aead-kernel49.patch) +- reintroduce %py3_soflags macro (and better named %cpython3_soabi equivalent) + +------------------------------------------------------------------- +Wed Jan 11 14:57:07 UTC 2017 - jmatejek@suse.com + +- update to 3.6.0 + * PEP 498 Formated string literals + * PEP 515 Underscores in numeric literals + * PEP 526 Syntax for variable annotations + * PEP 525 Asynchronous generators + * PEP 530 Asynchronous comprehensions + * PEP 506 New "secrets" module for safe key generation + * less memory consumed by dicts + * dtrace and systemtap support + * improved asyncio module + * better defaults for ssl + * new hashing algorithms in hashlib + * bytecode format changed to allow more optimizations + * "async" and "await" are on track to be reserved words + * StopIteration from generators is deprecated + * support for openssl < 1.0.2 is deprecated + * os.urandom now blocks when getrandom() blocks + * huge number of new features, bugfixes and optimizations + * see https://docs.python.org/3.6/whatsnew/3.6.html for details +- rework multilib patch: drop Python-3.5.0-multilib.patch, implement + upstreamable python-3.6.0-multilib-new.patch +- refresh python-3.3.0b1-localpath.patch, subprocess-raise-timeout.patch +- drop upstreamed Python-3.5.1-fix_lru_cache_copying.patch +- finally drop python-2.6b1-canonicalize2.patch that was not applied in source + and only kept around in case we needed it in the future. (which we don't, as it seems) +- update import_failed map and baselibs +- build ctypes against system libffi + (buildrequire libffi-devel in python3-base) +- add new key to keyring (signed by keys already in keyring) +- introduced common configure section between python3 and python3-base +- moved pyconfig.h and Makefile to devel subpackage as distutils no longer + need it at runtime +- added python-rpm-macros dependency, regenerated macros file, drop macros.python3.py + because it is not used now +- improve summaries and descriptions (fixes bsc#917607) +- enabled Link-Time Optimization, see what happens +- including skipped_tests.py in pre_checkin.sh run +- run specs through spec-cleaner, rearrange sections + +------------------------------------------------------------------- +Fri Apr 22 17:20:29 UTC 2016 - jmatejek@suse.com + +- move _hashlib and _ssl modules and tests to python3-base +- recommend python3 + +------------------------------------------------------------------- +Tue Mar 15 15:05:23 UTC 2016 - schwab@suse.de + +- Skip test_asyncio under qemu_user_space_build + +------------------------------------------------------------------- +Mon Mar 7 20:38:11 UTC 2016 - toddrme2178@gmail.com + +- Add Python-3.5.1-fix_lru_cache_copying.patch + Fix copying the lru_cache() wrapper object. + Fixes deep-copying lru_cache regression, which worked on + previous versions of python but fails on python 3.5. + This fixes a bunch of packages in devel:languages:python3. + See: https://bugs.python.org/issue25447 + +------------------------------------------------------------------- +Sun Jan 24 00:44:08 UTC 2016 - arichardson.kde@gmail.com + +- Build the docs in .qch format as well + +------------------------------------------------------------------- +Wed Dec 9 07:35:20 UTC 2015 - toddrme2178@gmail.com + +- update to 3.5.1 + * bugfix-only release, dozens of bugs fixed +- Drop upstreamed Python-3.5.0-_Py_atomic_xxx-symbols.patch +- "Python3" to "Python 3" in summary + * This seems cleaner and fixes and rpmlint warning + +------------------------------------------------------------------- +Wed Oct 14 20:21:52 UTC 2015 - toddrme2178@gmail.com + +- Add Python-3.5.0-_Py_atomic_xxx-symbols.patch + This fixes a build error for many packages that use the Python, + C-API. + This patch is already accepted upstream and is slated to appear in + python 3.5.1. + +------------------------------------------------------------------- +Tue Sep 29 15:53:24 UTC 2015 - jmatejek@suse.com + +- update to 3.5.0 + * coroutines with async/await syntax + * matrix multiplication operator `@` + * unpacking generalizations + * new modules `typing` and `zipapp` + * type annotations + * .pyo files replaced by custom suffixes for optimization levels in __pycache__ + * support for memory BIO in ssl module + * performance improvements in several modules + * and many more +- removals and behavior changes + * deprecated `__version__` is removed + * support for .pyo files was removed + * system calls are auto-retried on EINTR + * bare generator expressions in function calls now cause SyntaxError + (change "f(x for x in i)" to "f((x for x in i))" to fix) + * removed undocumented `format` member of private `PyMemoryViewObject` struct + * renamed `PyMemAllocator` to `PyMemAllocatorEx` +- redefine %dynlib macro to reflect that modules now have arch+os as part of name +- module `time` is now built-in +- dropped upstreamed patches: + python-3.4.1-fix-faulthandler.patch + python-3.4.3-test-conditional-ssl.patch + python-fix-short-dh.patch (also dropped dh2048.pem required for this patch) +- updated patch Python-3.3.0b2-multilib.patch to Python-3.5.0-multilib.patch +- python-ncurses-6.0-accessors.patch taken from python 2 to fix build failure + with new gcc + ncurses + +------------------------------------------------------------------- +Wed Sep 9 11:51:22 UTC 2015 - dimstar@opensuse.org + +- Add python3-ncurses-6.0-accessors.patch: Fix build with + NCurses 6.0 and OPAQUE_WINDOW set to 1. + +------------------------------------------------------------------- +Mon Aug 24 17:02:08 UTC 2015 - jmatejek@suse.com + +- improve import_failed hook to do the right thing when invoking + missing modules with "python3 -m modulename" (boo#942751) + +------------------------------------------------------------------- +Thu Jul 23 22:08:10 UTC 2015 - fisiu@opensuse.org + +- Build with --enable-loadable-sqlite-extensions to make it works + as geospatial database. + +------------------------------------------------------------------- +Wed Jul 1 07:07:26 UTC 2015 - dimstar@opensuse.org + +- Fix source list for previous change (add dh2048.pem). + +------------------------------------------------------------------- +Wed Jun 24 06:54:30 UTC 2015 - meissner@suse.com + +- dh2048.pem: added generated 2048 dh parameter set to fix + ssl test (bsc#935856) +- python-fix-short-dh.patch: replace the 512 bits dh parameter set + by 2048 bits to fix build with new openssl 1.0.2c (bsc#935856) + +------------------------------------------------------------------- +Tue May 19 14:59:30 UTC 2015 - schwab@suse.de + +- ctypes-libffi-aarch64.patch: remove upstreamed patch +- python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for + aarch64 + +------------------------------------------------------------------- +Thu May 14 10:58:36 UTC 2015 - jmatejek@suse.com + +- drop the PDF subpackage + (removes the massive texlive dependency, and most likely nobody is + using the PDFs anyway) + +------------------------------------------------------------------- +Thu May 14 09:53:29 UTC 2015 - jmatejek@suse.com + +- python-3.4.3-test-conditional-ssl.patch - restore tests failing because + test_urllib was unconditionally importing ssl (without really needing it) +- restore functionality of multilib patch +- drop libffi-ppc64le.diff because upstream completely changed everything + yet again (sorry ppc64 folks :| ) + + +------------------------------------------------------------------- +Fri May 1 15:11:21 UTC 2015 - mailaender@opensuse.org + +- Update to version 3.4.3 +- Drop upstreamed CVE-2014-4650-CGIHTTPServer-traversal.patch + (bpo#21766) + +------------------------------------------------------------------- +Wed Mar 25 10:57:28 UTC 2015 - rguenther@suse.com + +- Add python-3.4.1-fix-faulthandler.patch, upstream patch for bogus + faulthandler which fails with GCC 5. + +------------------------------------------------------------------- +Sun Jan 11 13:01:30 UTC 2015 - p.drouand@gmail.com + +- asyncio has been merged in python3 main package; provide and + obsolete it +- Remove obsolete AUTHORS section +- Remove redundant %clean section + +------------------------------------------------------------------- +Sat Oct 18 20:14:54 UTC 2014 - crrodriguez@opensuse.org + +- Only pkgconfig(x11) is required for build, not the whole + set of packages provided by xorg-x11-devel metapackage. + +------------------------------------------------------------------- +Mon Oct 13 13:38:20 UTC 2014 - jmatejek@suse.com + +- add %python3_version rpm macro for Fedora compatibility +- add missing argument in import_failed, rename Novell Bugzilla + to SUSE Bugzilla + +------------------------------------------------------------------- +Thu Jul 31 17:24:59 UTC 2014 - dimstar@opensuse.org + +- Rename rpmlintrc to %{name}-rpmlintrc. + Follow the packaging guidelines. + +------------------------------------------------------------------- +Wed Jul 23 16:31:02 UTC 2014 - jmatejek@suse.com + +- CVE-2014-4650-CGIHTTPServer-traversal.patch: CGIHTTPServer file + disclosure and directory traversal through URL-encoded characters + (CVE-2014-4650, bnc#885882) + +------------------------------------------------------------------- +Tue Jul 22 13:55:57 UTC 2014 - jmatejek@suse.com + +- drop python-3.4.1-SUSE-ensurepip.patch for compatibility reasons, + reinstate bundled copies of pip and setuptools + (fixes bnc#885662) +- add more files as sources to silence the validator + +------------------------------------------------------------------- +Wed May 21 11:01:56 UTC 2014 - jmatejek@suse.com + +- update to 3.4.1 + * bugfix-only release, over 300 bugs fixed +- drop upstreamed python-3.4.0rc2-sqlite-3.8.4-tests.patch +- drop upstreamed CVE-2014-2667-mkdir.patch +- include Python release manager keyring and signature file + for the source archive (thus renumbering of source files) + (see https://www.python.org/download/#openpgp-public-keys ) +- move ensurepip to python3, because it transitively requires ssl + +------------------------------------------------------------------- +Fri Apr 4 16:21:40 UTC 2014 - jmatejek@suse.com + +- CVE-2014-2667-mkdir.patch: race condition with reseting umask + in os.makedirs + (CVE-2014-2667, bnc#871152) +- updated multilib patch to include ~/.local/lib64 (bnc#637176) + +------------------------------------------------------------------- +Wed Mar 26 15:24:46 UTC 2014 - jmatejek@suse.com + +- raise timeout value for test_subprocess to 10s (might fix + intermittent build failures in OBS) + +------------------------------------------------------------------- +Mon Mar 24 17:29:31 UTC 2014 - dmueller@suse.com + +- remove blacklisting of test_posix on aarch64: qemu bug is fixed + +------------------------------------------------------------------- +Mon Mar 17 18:26:58 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 final +- drop upstreamed python-3.4rc2-importlib.patch + +------------------------------------------------------------------- +Sun Mar 16 16:33:25 UTC 2014 - schwab@suse.de + +- Only build with profile-opt if profiling is enabled +- Update test exclusion lists: + * test_ctypes no longer fails on arm + * test_io no longer fails on ppc* + * test_multiprocessing has been split in multiple tests + * test_posix and test_signal fail due to qemu bugs + +------------------------------------------------------------------- +Fri Mar 14 20:26:03 UTC 2014 - andreas.stieger@gmx.de + +- Fix build with SQLite 3.8.4 [bnc#867887], fixing SQLite tests, + adding python-2.7.6-sqlite-3.8.4-tests.patch + +------------------------------------------------------------------- +Thu Feb 27 14:08:40 UTC 2014 - jmatejek@suse.com + +- update to 3.4.0 rc2 + * pre-release bugfixes + * improvements to asyncio library +- drop upstreamed tracemalloc_gcov.patch +- python-3.4rc2-importlib.patch fixes backwards-incompatibility + in the reworked importlib module that blocks build of vim + +------------------------------------------------------------------- +Fri Jan 17 18:45:27 UTC 2014 - jmatejek@suse.com + +- initial commit of 3.4.0 beta 3 + * new stdlib modules: pathlib, enum, statistics, tracemalloc + * asynchronous IO with new asyncio module + * introspection data for builtins + * subprocesses no longer inherit open file descriptors + * standardized metadata for packages + * internal hashing changed to SipHash + * new pickle protocol + * improved handling of codecs + * TLS 1.2 support + * major speed improvements for internal unicode handling + * many bugfixes and optimizations +- see porting guide at: + http://docs.python.org/3.4/whatsnew/3.4.html#porting-to-python-3-4 +- moved several modules to -testsuite subpackage +- updated list of binary extensions, refreshed patches +- tracemalloc_gcov.patch fixes profile-based optimization build +- updated packages and pre_checkin.sh to use ~-version notation + for prereleases +- fix-shebangs part of build process moved to common %prep +- drop python-3.3.2-no-REUSEPORT.patch (upstreamed) +- update baselibs for new soname + +- TODOs: + * require python-pip, make ensurepip work with zypper + +------------------------------------------------------------------- +Wed Dec 4 13:21:26 UTC 2013 - matz@suse.de + +- add ppc64le (ELFv2) support for libffi copy for ctypes module +- Adjust Python-3.3.0b2-multilib.patch for ppc64le (make sys.lib be + "lib64"). +- added patches: + * libffi-ppc64le.diff +------------------------------------------------------------------- +Tue Dec 3 09:51:43 UTC 2013 - adrian@suse.de + +- add ppc64le rules + +------------------------------------------------------------------- +Fri Nov 22 13:17:23 UTC 2013 - speilicke@suse.com + +- Add python-3.3.3-skip-distutils-test_sysconfig_module.patch: + + Disable global and distutils sysconfig comparison test, we deviate + from the default depending on optflags + +------------------------------------------------------------------- +Tue Nov 19 14:28:41 UTC 2013 - jmatejek@suse.com + +- update to 3.3.3 + * bugfix-only release + * many SSL-related fixes + * upstream fix for CVE-2013-4238 + * upstream fixes for CVE-2013-1752 +- move example module xxlimited to python3-testsuite +- drop CVE-2013-4238_py33.patch - it is upstreamed +- remove --with-wide-unicode config option, it is now the default + (and only) choice +- don't touch anything between make and makeinstall +- drop python-3.2b2-buildtime-generate.patch - the issue was caused + by touching things between make and makeinstall +- link pycache entries for import_failed hooks properly + +------------------------------------------------------------------- +Tue Oct 15 17:44:08 UTC 2013 - crrodriguez@opensuse.org + +- build with -DOPENSSL_LOAD_CONF for the same reasons + described in the python2 package. + +------------------------------------------------------------------- +Fri Aug 16 11:35:15 UTC 2013 - jmatejek@suse.com + +- handle NULL bytes in certain fields of SSL certificates + (CVE-2013-4238, bnc#834601) + +------------------------------------------------------------------- +Thu Aug 8 14:54:49 UTC 2013 - dvaleev@suse.com + +- Exclue test_faulthandler from tests on powerpc due to bnc#831629 + +------------------------------------------------------------------- +Thu Jun 13 15:05:34 UTC 2013 - jmatejek@suse.com + +- update to 3.3.2 + * bugfix-only release + * fixes several regressions introduced in 3.3.1 +- switch to xz compression +- move _lzma module to python3-base +- python-3.3.2-no-REUSEPORT.patch to fix build on kernels without SO_REUSEPORT + +------------------------------------------------------------------- +Mon Apr 29 22:32:43 UTC 2013 - schwab@suse.de + +- Readd missing bits from ctypes-libffi-aarch64.patch + +------------------------------------------------------------------- +Sat Apr 13 07:56:51 UTC 2013 - idonmez@suse.com + +- Update to version 3.3.1 + * Fix the –enable-profiling configure switch. + * In IDLE, close the replace dialog after it is used. +- Too many bugfixes to list here, + see See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS +- Refresh Python-3.3.0b2-multilib.patch +- Refresh python-3.2b2-buildtime-generate.patch +- Drop upstream patches: ctypes-libffi-aarch64.patch, + python-3.2.3rc2-pypirc-secure.patch, python-3.3.0-getdents64.patch + +------------------------------------------------------------------- +Mon Apr 8 11:25:30 UTC 2013 - speilicke@suse.com + +- Exclude sqlite/test and tk/test directories from the respective + sub-packages. These are owned by the testsuite sub-package already + +------------------------------------------------------------------- +Fri Apr 5 12:59:20 UTC 2013 - idonmez@suse.com + +- Add Source URL, see https://en.opensuse.org/title=SourceUrls + +------------------------------------------------------------------- +Wed Apr 3 15:36:04 UTC 2013 - jmatejek@suse.com + +- remove spurious modification of python-3.3.0b1-localpath.patch + that would force installation into /usr/local. + this fixes bnc#809831 + +------------------------------------------------------------------- +Thu Mar 28 18:38:51 UTC 2013 - jmatejek@suse.com + +- replace broken movetogetdents64.diff patch with a correct one + from upstream repo (python-3.3.0-getdents64.patch) + +------------------------------------------------------------------- +Fri Mar 1 07:42:21 UTC 2013 - dmueller@suse.com + +- add ctypes-libffi-aarch64.patch: + * import aarch64 support for libffi in _ctypes module +- add aarch64 to the list of lib64 based archs +- add movetogetdents64.diff: + * port to getdents64, as SYS_getdents is not implemented everywhere + +------------------------------------------------------------------- +Tue Feb 26 08:57:55 UTC 2013 - saschpe@suse.de + +- /etc/rpm/macros.python3 is no %config, it is not meant to be changed + by users. +- Add rpmlintrc with some obvious filters + +------------------------------------------------------------------- +Mon Jan 28 18:14:39 UTC 2013 - jmatejek@suse.com + +- update baselibs for new version of libpython3 + +------------------------------------------------------------------- +Thu Nov 29 17:02:37 UTC 2012 - jmatejek@suse.com + +- fix include path in macros (bnc#787526) +- implement failed import handlers for modules that live in + subpackages - e.g. "import ssl" will now throw a sensible error + message telling you to install "python3" + +------------------------------------------------------------------- +Wed Nov 28 17:02:07 UTC 2012 - jmatejek@suse.com + +- merge python3-xml into python3 +- merge python3-2to3 library into python3-base + and the 2to3 binary into python3-devel + (python3-devel is now in conflict with python-2to3, which + will be dropped) +- enable --with-system-expat for python3, making the xml modules + (and thus python3) depend on expat +- reconfigure tests to disable network and GUI resources, which + the upstream apparently thought is a good idea to enable by default. + this fixes build failures in Factory +- add lzma-devel to build the _lzma module +- moved %dynlib macro definition to common section + +------------------------------------------------------------------- +Mon Nov 5 20:01:46 UTC 2012 - coolo@suse.com + +- buildrequire timezone for the test suite + +------------------------------------------------------------------- +Mon Oct 29 18:21:45 UTC 2012 - dmueller@suse.com + +- disable more checks for qemu builds as they use syscalls not + implemented yet + +------------------------------------------------------------------- +Thu Oct 25 08:14:36 UTC 2012 - Rene.vanPaassen@gmail.com + +- exclude test_math for SLE 11; math library fails on negative + gamma function values close to integers and 0, probably + due to imprecision in -lm on SLE_11_SP2. + +------------------------------------------------------------------- +Tue Oct 16 12:15:34 UTC 2012 - coolo@suse.com + +- buildrequire libbz2-devel explicitly + +------------------------------------------------------------------- +Mon Oct 8 14:33:08 UTC 2012 - jmatejek@suse.com + +- remove distutils.cfg (bnc#658604) + * this changes default prefix for distutils to /usr + * see ML for details: +http://lists.opensuse.org/opensuse-packaging/2012-09/msg00254.html + +------------------------------------------------------------------- +Mon Oct 1 08:53:03 UTC 2012 - idonmez@suse.com + +- Update to final 3.3.0 release + * See http://hg.python.org/cpython/file/v3.3.0/Misc/NEWS + +------------------------------------------------------------------- +Thu Sep 27 12:35:01 UTC 2012 - idonmez@suse.com + +- Correct dependency for python3-testsuite, + python3-tkinter -> python3-tk + +------------------------------------------------------------------- +Thu Aug 23 13:08:11 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 RC1 + +------------------------------------------------------------------- +Fri Aug 3 12:09:34 UTC 2012 - jmatejek@suse.com + +- update to 3.3.0 beta 1 + * flexible string representation, no longer distinguishing + between wide and narrow Unicode builds + * importlib-based import system + * virtualenv support in core + * namespace packages + * explicit Unicode literals for easier porting + * key-sharing dict implementation reduces memory footprint + of OO code + * hash randomization on by default + * many other new bugfixes and features, check NEWS for details + +- pre_checkin.sh now autofills various version strings in specs +- ship hashlib's fallback modules - those uselessly take up space + when real _hashlib.so from python3 is present, but the space wasted + is only 114kB and it provides python3-base with a working hashlib + module. + (also, this fixes bnc#743787) + +------------------------------------------------------------------- +Fri Jul 27 09:02:41 UTC 2012 - dvaleev@suse.com + +- skip test_io on ppc +- drop test_io ppc patch + +------------------------------------------------------------------- +Thu Jun 28 07:57:58 UTC 2012 - saschpe@suse.de + +- Satisfy source_validator by uncommenting an otherwise unused "Patch" + line + +------------------------------------------------------------------- +Tue Jun 12 15:39:08 UTC 2012 - adrian@suse.de + +- fix logic of checks exclusion + +------------------------------------------------------------------- +Fri May 18 11:50:27 UTC 2012 - idonmez@suse.com + +- update to 3.2.3 + * No changes since rc2 + +------------------------------------------------------------------- +Thu Mar 29 15:44:33 UTC 2012 - jmatejek@suse.com + +- update to 3.2.3rc2 + * fixes several security issues: + * CVE-2012-0845, bnc#747125 + * CVE-2012-1150, bnc#751718 + * CVE-2011-4944, bnc#754447 + * CVE-2011-3389, bnc#754677 +- fix for insecure .pypirc (CVE-2011-4944, bnc#754447) +- disable test_gdb because it is broken by our gdb + +------------------------------------------------------------------- +Thu Feb 16 12:33:12 UTC 2012 - dvaleev@suse.com + +- skip broken test_io test on ppc + +------------------------------------------------------------------- +Wed Jan 18 15:49:47 UTC 2012 - jmatejek@suse.com + +- update to 3.2.2 + * bugfix-only release + * reports "linux2" as sys.platform regardless of Linux kernel +- added pre_checkin.sh to copy common spec sections to python3.spec +- added PACKAGING-NOTES with some helpful info for packagers + +------------------------------------------------------------------- +Sun Dec 25 13:25:01 UTC 2011 - idonmez@suse.com + +- Use system ffi, included one is broken see + http://bugs.python.org/issue11729 and + http://bugs.python.org/issue12081 + +------------------------------------------------------------------- +Fri Dec 9 17:19:55 UTC 2011 - jmatejek@suse.com + +- license.opensuse.org-compatible license headers + +------------------------------------------------------------------- +Fri Dec 2 16:46:44 UTC 2011 - coolo@suse.com + +- add automake as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Thu Nov 24 12:42:25 UTC 2011 - agraf@suse.com + +- fix ARM build (exclude some test cases which break for us) + +------------------------------------------------------------------- +Tue Aug 16 17:02:22 UTC 2011 - termim@gmail.com + +- use sysconfig module to get py3_incdir, py3_abiflags, + py3_soflags, python3_sitelib and python3_sitearch + +------------------------------------------------------------------- +Mon Jul 18 16:22:31 UTC 2011 - jmatejek@novell.com + +- update to 3.2.1 + * bugfix-only release, no major changes +- fix build on linux3 platform +- remove upstreamed pybench patch +- install /usr/lib directories in all cases to prevent spurious + "directory not owned" in dependent packages + +------------------------------------------------------------------- +Wed Jun 15 14:16:38 UTC 2011 - jmatejek@novell.com + +- replaced dynamic so version with manual so version, because + autobuild does not support autogeneration + +------------------------------------------------------------------- +Tue May 24 13:39:06 UTC 2011 - jmatejek@novell.com + +- generate macros.python3 at compile-time with fixed values +- don't include bogus values in pyconfig.h, as they can break + third-party packages (bnc#673071) + +------------------------------------------------------------------- +Tue May 17 12:52:51 UTC 2011 - jmatejek@novell.com + +- added Obsoletes: python3 < 3.1 so that the transition from + non-split to split packages goes smoothly + +------------------------------------------------------------------- +Fri May 13 12:38:19 UTC 2011 - jmatejek@novell.com + +- fixed RPM macros to use python3 instead of python +- updated to build --with-wide-unicode (for compatibility with + fedora and our own python 2.x series) + +------------------------------------------------------------------- +Thu Apr 21 03:39:25 UTC 2011 - termim@gmail.com + +- fix python3-base build failure due to pybench.py crash by + python-3.2-pybench.patch +- move pyconfig.h from python3-devel to python3-base package to + make python3-base functional again + +------------------------------------------------------------------- +Wed Mar 23 04:26:28 UTC 2011 - termim@gmail.com + +- update to python 3.2 + * stable ABI, ABI-tagged .so files + * concurrent.futures and many other new or upgraded modules + * PYC repository directories ( __pycache__ ) + * python WSGI 1.0.1 + * Unicode 6.0.0 support + * a great number of bugfixes and assorted improvements + +------------------------------------------------------------------- +Tue Feb 8 19:42:17 CET 2011 - matejcik@suse.cz + +- update to python 3.2 RC2 +- renamed python3-demo to python3-tools, because the demo part + became much smaller than the tools part +- added rpm macros + +------------------------------------------------------------------- +Tue Jan 18 14:13:04 UTC 2011 - jmatejek@novell.com + +- update to python 3.2 beta 2, see NEWS for details +- split off -base package with less dependencies, and a shlib-policy + compliant libpython3 package +- mostly rewritten the spec file with more detailed comments +- cleaned up lists of patches + diff --git a/python312.spec b/python312.spec new file mode 100644 index 0000000..c35bf59 --- /dev/null +++ b/python312.spec @@ -0,0 +1,1032 @@ +# +# spec file for package python312 +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global flavor @BUILD_FLAVOR@%{nil} +%if "%{flavor}" == "doc" +%define psuffix -documentation +%bcond_without doc +%bcond_with base +%bcond_with general +%endif +%if "%{flavor}" == "base" +%define psuffix -core +%bcond_with doc +%bcond_without base +%bcond_with general +%endif +%if "%{flavor}" == "" +%define psuffix %{nil} +%bcond_with doc +%bcond_with base +%bcond_without general +%endif + +%define python_pkg_name python312 +%if "%{python_pkg_name}" == "%{primary_python}" +%define primary_interpreter 1 +%else +%define primary_interpreter 0 +%endif + +# %%if 0%%{?sle_version} && 0%%{?suse_version} < 1550 +# Obsoleting previous "latest" Python versions +# Next versions will get more lines like for older versions +# %%define obsolete_python_versioned() \ +# Obsoletes: python39%%{?1:-%%{1}} \ +# Obsoletes: python310%%{?1:-%%{1}} \ +# Obsoletes: python311%%{?1:-%%{1}} +# %%else +%define obsolete_python_versioned() %{nil} +# %%endif + +# Setting up variables +%define _version %(c=%{version}; echo ${c/[a-z]*/}) +%define tar_suffix %(c=%{_version}; echo ${c#%{_version}}) +%define python_version %(echo %{_version}|cut -d. -f1-2) +# based on the current source tarball +%define python_version_abitag %(c=%{python_version}; echo ${c//./}) +# FIXME %%define python_version_soname %%(c=%%{python_version}; echo ${c//./_}) +%define python_version_soname 3_12 +%if 0%(test -n "%{tar_suffix}" && echo 1) +%define _version %(echo "%{_version}~%{tar_suffix}") +%define tarversion %{version} +%else +%define tarversion %{version} +%endif +# We don't process beta signs well +%define folderversion %{tarversion} +%define tarname Python-%{tarversion} +%define sitedir %{_libdir}/python%{python_version} +# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149 +%define abi_kind %{nil} +# python ABI version - used in some file names +%define python_abi %{python_version}%{abi_kind} +# soname ABI tag defined in PEP 3149 +%define abi_tag %{python_version_abitag}%{abi_kind} +# version part of "libpython" package +%define so_major 1 +%define so_minor 0 +%define so_version %{python_version_soname}%{abi_kind}-%{so_major}_%{so_minor} +# rpm and python have different ideas about what is an arch-dependent name, so: +%if "%{__isa_name}" == "ppc" +%define archname %(echo %{_arch} | sed s/ppc/powerpc/) +%else +%define archname %{_arch} +%endif +# our arm has Hardware-Floatingpoint +%if "%{_arch}" == "arm" +%define armsuffix hf +%endif +# Decide whether we want to use mpdecimal +%if 0%{?suse_version} >= 1550 +%bcond_without mpdecimal +%else +%bcond_with mpdecimal +%endif +# pyexpat.cpython-35m-x86_64-linux-gnu +# pyexpat.cpython-35m-powerpc64le-linux-gnu +# pyexpat.cpython-35m-armv7-linux-gnueabihf +# _md5.cpython-38m-x86_64-linux-gnu.so +%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so +%bcond_without profileopt +Name: %{python_pkg_name}%{psuffix} +Version: 3.12.4 +Release: 0 +Summary: Python 3 Interpreter +License: Python-2.0 +URL: https://www.python.org/ +Source0: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz +Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.asc +Source2: baselibs.conf +Source3: README.SUSE +Source4: externally_managed.in +Source7: macros.python3 +Source8: import_failed.py +Source9: import_failed.map +Source10: pre_checkin.sh +Source11: skipped_tests.py +Source19: idle3.desktop +Source20: idle3.appdata.xml +# content of bluez-devel: +# 1. sudo zypper --pkg-cache-dir /tmp install -f -d --no-recommends bluez-devel +# 2. rpm2cpio /tmp/*/*/bluez-devel-*.rpm|cpio -idu +# 3. mkdir Vendor && mv usr/include/* Vendor/ +# 4. tar cJf bluez-devel-vendor.tar.xz Vendor/ +Source21: bluez-devel-vendor.tar.xz +Source98: python312-rpmlintrc +# Tarball is signed by the GPG key of Pablo Galindo Salgado (0x64E628F8D684696D) +# https://keybase.io/pablogsal/pgp_keys.asc?fingerprint=a035c8c19219ba821ecea86b64e628f8d684696d +Source99: python.keyring +# The following files are not used in the build. +# They are listed here to work around missing functionality in rpmbuild, +# which would otherwise exclude them from distributed src.rpm files. +Source100: PACKAGING-NOTES +# support finding packages in /usr/local, install to /usr/local by default +Patch07: python-3.3.0b1-localpath.patch +# replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds +Patch08: python-3.3.0b1-fix_date_time_compiler.patch +# POSIX_FADV_WILLNEED throws EINVAL. Use a different constant in test +Patch09: python-3.3.0b1-test-posix_fadvise.patch +# Raise timeout value for test_subprocess +Patch15: subprocess-raise-timeout.patch +# PATCH-FEATURE-UPSTREAM bpo-31046_ensurepip_honours_prefix.patch bpo#31046 mcepl@suse.com +# ensurepip should honour the value of $(prefix) +Patch29: bpo-31046_ensurepip_honours_prefix.patch +# PATCH-FIX-SLE no-skipif-doctests.patch jsc#SLE-13738 mcepl@suse.com +# SLE-15 version of Sphinx doesn't know about skipif directive in doctests. +Patch33: no-skipif-doctests.patch +# PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mcepl@suse.com +# skip a test failing on SLE-15 +Patch34: skip-test_pyobject_freed_is_freed.patch +# PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com +# remove duplicate link targets and make documentation with old Sphinx in SLE +Patch35: fix_configure_rst.patch +# PATCH-FIX-UPSTREAM CVE-2023-27043-email-parsing-errors.patch bsc#1210638 mcepl@suse.com +# Detect email address parsing errors and return empty tuple to +# indicate the parsing error (old API) +Patch36: CVE-2023-27043-email-parsing-errors.patch +# PATCH-FIX-UPSTREAM CVE-2023-6597-TempDir-cleaning-symlink.patch bsc#1219666 mcepl@suse.com +# tempfile.TemporaryDirectory: fix symlink bug in cleanup (from gh#python/cpython!99930) +Patch38: CVE-2023-6597-TempDir-cleaning-symlink.patch +# PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch +# This problem on libexpat is patched on 15.6 without version +# update, this patch changes the tests to match the libexpat provided +# by SUSE +Patch39: CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch +# PATCH-FIX-OPENSUSE fix-test-recursion-limit-15.6.patch gh#python/cpython#115083 +# Skip some failing tests in test_compile for i586 arch in 15.6. +Patch40: fix-test-recursion-limit-15.6.patch +BuildRequires: autoconf-archive +BuildRequires: automake +BuildRequires: fdupes +BuildRequires: gmp-devel +BuildRequires: lzma-devel +BuildRequires: netcfg +BuildRequires: openssl-devel +BuildRequires: pkgconfig +BuildRequires: xz +BuildRequires: pkgconfig(bzip2) +BuildRequires: pkgconfig(expat) +BuildRequires: pkgconfig(libffi) +BuildRequires: pkgconfig(uuid) +BuildRequires: pkgconfig(zlib) +#!BuildIgnore: gdk-pixbuf-loader-rsvg +%if 0%{?suse_version} >= 1550 +# The provider for python(abi) is in rpm-build-python +BuildRequires: rpm-build-python +%endif +%if 0%{?suse_version} >= 1500 && 0%{?suse_version} < 1599 +BuildRequires: pkgconfig(libnsl) +BuildRequires: pkgconfig(libtirpc) +%endif +%if %{with mpdecimal} +BuildRequires: mpdecimal-devel +%endif +%if %{with doc} +BuildRequires: python3-Sphinx >= 4.0.0 +%if 0%{?suse_version} >= 1500 +BuildRequires: python3-python-docs-theme >= 2022.1 +%endif +%endif +%if %{with general} +# required for idle3 (.desktop and .appdata.xml files) +BuildRequires: appstream-glib +BuildRequires: gcc-c++ +BuildRequires: gdbm-devel +BuildRequires: gettext +BuildRequires: readline-devel +BuildRequires: sqlite-devel +BuildRequires: timezone +BuildRequires: update-desktop-files +BuildRequires: pkgconfig(ncurses) +BuildRequires: pkgconfig(tk) +BuildRequires: pkgconfig(x11) +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-readline +Provides: %{python_pkg_name}-sqlite3 +Recommends: %{python_pkg_name}-curses +Recommends: %{python_pkg_name}-dbm +Recommends: %{python_pkg_name}-pip +%obsolete_python_versioned +%if %{primary_interpreter} +Provides: python3 = %{python_version} +Provides: python3-readline +Provides: python3-sqlite3 +%endif +%endif +%{?suse_build_hwcaps_libs} + +%description +Python 3 is modern interpreted, object-oriented programming language, +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python3-doc +package. + +This package supplies rich command line features provided by readline, +and sqlite3 support for the interpreter core, thus forming a so called +"extended" runtime. +Installing "python3" is sufficient for the vast majority of usecases. +In addition, recommended packages provide UI toolkit support (python3-curses, +python3-tk), legacy UNIX database bindings (python3-dbm), and the IDLE +development environment (python3-idle). + +%package -n %{python_pkg_name}-tk +Summary: TkInter, a Python Tk Interface +Requires: %{python_pkg_name} = %{version} +%obsolete_python_versioned tk +%if %{primary_interpreter} +Provides: python3-tk = %{version} +%endif + +%description -n %{python_pkg_name}-tk +Python interface to Tk. Tk is the GUI toolkit that comes with Tcl. + +%package -n %{python_pkg_name}-curses +Summary: Python Interface to the (N)Curses Library +Requires: %{python_pkg_name} = %{version} +%obsolete_python_versioned curses +%if %{primary_interpreter} +Provides: python3-curses +%endif + +%description -n %{python_pkg_name}-curses +An easy to use interface to the (n)curses CUI library. CUI stands for +Console User Interface. + +%package -n %{python_pkg_name}-dbm +Summary: Python Interface to the GDBM Library +Requires: %{python_pkg_name} = %{version} +%obsolete_python_versioned dbm +%if %{primary_interpreter} +Provides: python3-dbm +%endif + +%description -n %{python_pkg_name}-dbm +An easy to use interface for Unix DBM databases, and more specifically, +the GNU implementation GDBM. + +%package -n %{python_pkg_name}-idle +Summary: An Integrated Development Environment for Python +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk +%obsolete_python_versioned idle +%if %{primary_interpreter} +Provides: python3-idle = %{version} +%endif + +%description -n %{python_pkg_name}-idle +IDLE is a Tkinter based integrated development environment for Python. +It features a multi-window text editor with multiple undo, Python +colorizing, and many other things, as well as a Python shell window and +a debugger. + +%package -n %{python_pkg_name}-doc +Summary: Package Documentation for Python 3 +Enhances: %{python_pkg_name} = %{python_version} +%obsolete_python_versioned doc +%if %{primary_interpreter} +Provides: python3-doc = %{version} +%endif + +%description -n %{python_pkg_name}-doc +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in HTML format. + +%package -n %{python_pkg_name}-doc-devhelp +Summary: Additional Package Documentation for Python 3 in devhelp format +%obsolete_python_versioned doc-devhelp +%if %{primary_interpreter} +Provides: python3-doc-devhelp = %{version} +%endif + +%description -n %{python_pkg_name}-doc-devhelp +Tutorial, Global Module Index, Language Reference, Library Reference, +Extending and Embedding Reference, Python/C API Reference, Documenting +Python, and Macintosh Module Reference in format for devhelp. + +%package -n %{python_pkg_name}-base +Summary: Python 3 Interpreter and Stdlib Core +Requires: libpython%{so_version} = %{version} +Recommends: %{python_pkg_name} = %{version} +%obsolete_python_versioned base +#Recommends: python3-ensurepip +# python 3.1 didn't have a separate python-base, so it is wrongly +# not a conflict to have python3-3.1 and python3-base > 3.1 +Obsoletes: python3 < 3.2 +# no Provides, because python3 is obviously provided by package python3 +# python 3.4 provides asyncio +Provides: %{python_pkg_name}-asyncio = %{version} +%obsolete_python_versioned asyncio +# python 3.6 provides typing +Provides: %{python_pkg_name}-typing = %{version} +%obsolete_python_versioned typing +# python3-xml was merged into python3, now moved into -base +Provides: %{python_pkg_name}-xml = %{version} +%if %{primary_interpreter} +Provides: python3-asyncio = %{version} +Obsoletes: python3-asyncio < %{version} +Provides: python3-base = %{version} +Obsoletes: python3-base < %{version} +Provides: python3-typing = %{version} +Obsoletes: python3-typing < %{version} +Provides: python3-xml = %{version} +Obsoletes: python3-xml < %{version} +%endif + +%description -n %{python_pkg_name}-base +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +package. + +This package contains the interpreter core and most commonly used modules +from the standard library. This is sufficient for many usecases, but it +excludes components that depend on external libraries, most notably XML, +database and UI toolkits support. + +%package -n %{python_pkg_name}-tools +Summary: Python Utility and Demonstration Scripts +Requires: %{python_pkg_name}-base = %{version} +Provides: %{python_pkg_name}-2to3 = %{version} +Provides: %{python_pkg_name}-demo = %{version} +%obsolete_python_versioned tools +%if %{primary_interpreter} +Provides: python3-2to3 = %{version} +Provides: python3-demo = %{version} +Provides: python3-tools = %{version} +Obsoletes: python3-2to3 < %{version} +Obsoletes: python3-demo < %{version} +%endif + +%description -n %{python_pkg_name}-tools +A number of scripts that are useful for building, testing or extending Python, +and a set of demonstration programs. + +%package -n %{python_pkg_name}-devel +Summary: Include Files and Libraries Mandatory for Building Python Modules +Requires: %{python_pkg_name}-base = %{version} +%obsolete_python_versioned devel +%if %{primary_interpreter} +Provides: python3-devel = %{version} +%endif + +%description -n %{python_pkg_name}-devel +The Python programming language's interpreter can be extended with +dynamically loaded extensions and can be embedded in other programs. + +This package contains header files, a static library, and development +tools for building Python modules, extending the Python interpreter or +embedding Python in applications. + +This also includes the Python distutils, which were in the Python +package up to version 2.2.2. + +%package -n %{python_pkg_name}-testsuite +Summary: Unit tests for Python and its standard library +Requires: %{python_pkg_name} = %{version} +Requires: %{python_pkg_name}-tk = %{version} +%obsolete_python_versioned testsuite +%if %{primary_interpreter} +Provides: python3-testsuite = %{version} +%endif + +%description -n %{python_pkg_name}-testsuite +Unit tests that are useful for verifying integrity and functionality +of the installed Python interpreter and standard library. +They are a documented part of stdlib, as a module 'test'. + +%package -n libpython%{so_version} +Summary: Python Interpreter shared library +Requires: %{python_pkg_name}-base >= %{version} + +%description -n libpython%{so_version} +Python is an interpreted, object-oriented programming language, and is +often compared to Tcl, Perl, Scheme, or Java. You can find an overview +of Python in the documentation and tutorials included in the python-doc +(HTML) or python-doc-pdf (PDF) packages. + +This package contains libpython3.2 shared library for embedding in +other applications. + +%prep +%setup -q -n %{tarname} +%autopatch -p1 + +# drop Autoconf version requirement +sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac + +%if %{primary_interpreter} +# fix shebangs - convert /usr/local/bin/python and /usr/bin/env/python to /usr/bin/python3 +for dir in Lib Tools; do + # find *.py, filter to files that contain bad shebangs + # break up "/""usr" like this to prevent replacing with %%{_prefix} + find $dir -name '*.py' -type f -print0 \ + | xargs -0 grep -lE '^#! *(/''usr/.*bin/(env +)?)?python' \ + | xargs sed -r -i -e '1s@^#![[:space:]]*(/''usr/(local/)?bin/(env +)?)?python([0-9]+(\.[0-9]+)?)?@#!%{_bindir}/python3@' +done +%else +# For non-primary Python, just don't bother (bsc#1193179) and remove all +# those shebangs +for dir in Lib Tools; do + find $dir -name '*.py' -type f -exec sed -i '1{/^#!.*python/ d}' '{}' \; +done +# We shortened the file Lib/pdb.py so we have to move the test breakpoint location +sed -i -e '/Breakpoint 3 at ...pdb.py:97/s/97/96/' Lib/test/test_pdb.py +%endif + +# Cannot remove it because of gh#python/cpython#92875 +# rm -r Modules/expat + +# drop duplicate README from site-packages +rm Lib/site-packages/README.txt + +# Add vendored bluez-devel files +tar xvf %{SOURCE21} + +# Don't fail on warnings when building documentation +# sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile + +%build +%if %{with doc} +TODAY_DATE=`date -r %{SOURCE0} "+%%B %%d, %%Y"` +# TODO use not date of tarball but date of latest patch + +cd Doc +sed -i "s/^today = .*/today = '$TODAY_DATE'/" conf.py +%make_build -j1 html + +# Build also devhelp files +sphinx-build -a -b devhelp . build/devhelp +rm -rfv build/devhelp/.doctrees +%else +%define _lto_cflags %{nil} +# use rpm_opt_flags +export OPT="%{optflags} -DOPENSSL_LOAD_CONF -fwrapv $(pkg-config --cflags-only-I libffi) -fno-semantic-interposition" + +touch -r %{SOURCE0} Makefile.pre.in + +autoreconf -fvi + +%if 0%{?sles_version} +sed -e 's/-fprofile-correction//' -i Makefile.pre.in +%endif + +export CFLAGS="%{optflags} -IVendor/" + +%configure \ + --with-platlibdir=%{_lib} \ + --docdir=%{_docdir}/python \ + --enable-ipv6 \ + --enable-shared \ + --with-ensurepip=no \ + --with-system-ffi \ + --with-system-expat \ + --with-lto \ +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 + --with-ssl-default-suites=openssl \ +%endif +%if %{with profileopt} + --enable-optimizations \ +%endif +%if %{with mpdecimal} + --with-system-libmpdec \ +%endif + --enable-loadable-sqlite-extensions + +# prevent make from trying to rebuild PYTHON_FOR_GEN stuff +# %%make_build -t Python/Python-ast.c \ + # Include/Python-ast.h \ + # Objects/typeslots.inc \ + # Python/opcode_targets.h \ + # Include/opcode.h +%make_build + +%if %{with general} +%make_build +%endif +%if %{with base} +%if %{with profileopt} + target=profile-opt +%else + target=all +%endif +LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH \ + %make_build $target +%endif +%endif + +%check +export SUSE_VERSION="0%{?suse_version}" +export SLE_VERSION="0%{?sle_version}" +%if %{with general} +# exclude test_gdb -- it doesn't run in buildservice anyway, and fails on missing debuginfos +# when you install gdb into your test env +EXCLUDE="test_gdb" +# we patch out the message to recommend zypper in and thus this would fail +EXCLUDE="$EXCLUDE test_pydoc" + +%ifarch %{arm} s390x +# test_multiprocessing_forkserver is racy +EXCLUDE="$EXCLUDE test_multiprocessing_forkserver" +%endif +%ifarch ppc ppc64 ppc64le +# exclue test_faulthandler due to bnc#831629 +EXCLUDE="$EXCLUDE test_faulthandler" +%endif +# some tests break in QEMU +%if 0%{?qemu_user_space_build} +EXCLUDE="$EXCLUDE test_faulthandler test_multiprocessing_forkserver test_multiprocessing_spawn test_os test_posix test_signal test_socket test_subprocess" +%endif + +# This test (part of test_uuid) requires real network interfaces +# so that ifconfig output has "HWaddr ". Some kvm instances +# done have any such interface breaking the uuid module. +EXCLUDE="$EXCLUDE test_uuid" + +# bsc#1195140 and bpo#37169 - test_capi is failing on openSUSE, and not sure why +EXCLUDE="$EXCLUDE test_capi" + +# Limit virtual memory to avoid spurious failures +if test $(ulimit -v) = unlimited || test $(ulimit -v) -gt 10000000; then + ulimit -v 11000000 || : +fi + +export PYTHONPATH="$(pwd -P)/Lib" +# Use timeout, like make target buildbottest +# We cannot run tests parallel, because osc build environment doesn’t +# have /dev/shm + +# test_freeze_simple_script is skipped, because it fails without bundled libs. +%make_build -j1 test TESTOPTS="-u curses -v -i test_freeze_simple_script -x $EXCLUDE --timeout=5400" +# use network, be verbose: +#make test TESTOPTS="-l -u network -v" +%endif + +%install +%if %{with doc} +export PDOCS=%{buildroot}%{_docdir}/python%{python_version} +mkdir -p $PDOCS +# generated docs +rm Doc/build/*/.buildinfo +cp -r Doc/build/html $PDOCS +# misc +install -d -m 755 $PDOCS/Misc +rm Misc/README.AIX +for i in Misc/* ; do + [ -f $i ] && install -c -m 644 $i $PDOCS/Misc/ +done +# devhelp +mkdir -p %{buildroot}%{_datadir}/gtk-doc/html +cp -r Doc/build/devhelp %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version} +rm -rf %{buildroot}%{_datadir}/gtk-doc/html/Python%{python_version}/.doctrees +%endif +%if %{with general} +%make_install + +# clean out stuff that is in python-base and subpackages + +find %{buildroot}%{_bindir} -mindepth 1 -not -name "*idle3*" -print -delete +rm %{buildroot}%{_libdir}/lib* +rm -r %{buildroot}%{_libdir}/pkgconfig +rm -r %{buildroot}%{_mandir}/* +rm -r %{buildroot}%{_includedir}/* + +rm -r %{buildroot}%{sitedir}/config* +find %{buildroot}%{sitedir} -name "*.egg-info" -delete +rm -r %{buildroot}%{sitedir}/__pycache__ +rm -r %{buildroot}%{sitedir}/site-packages +rm %{buildroot}%{sitedir}/*.* + +for module in \ + asyncio ctypes collections concurrent email encodings \ + ensurepip html http re \ + importlib json logging multiprocessing pydoc_data unittest \ + urllib venv wsgiref lib2to3 test tomllib turtledemo \ + xml xmlrpc zipfile zoneinfo __phello__ +do + rm -r %{buildroot}%{sitedir}/$module +done + +for library in \ + array _asyncio audioop binascii _bisect _bz2 cmath _codecs_* \ + _contextvars _crypt _csv _ctypes _datetime _decimal fcntl grp \ + _hashlib _heapq _json _lsprof _lzma math mmap _multibytecodec \ + _multiprocessing _opcode ossaudiodev _pickle _posixshmem \ + _posixsubprocess _queue _random resource select _ssl _socket spwd \ + _statistics _struct syslog termios _testbuffer _testimportmultiple \ + _testmultiphase unicodedata zlib _ctypes_test _testinternalcapi _testcapi \ + _testclinic xxlimited xxlimited_35 \ + _xxtestfuzz _xxsubinterpreters _elementtree pyexpat _md5 _sha1 \ + _sha2 _blake2 _sha3 _uuid _zoneinfo \ + _testsinglephase _xxinterpchannels xxsubtype +do + eval rm "%{buildroot}%{sitedir}/lib-dynload/$library.*" +done + +# Idle is not packaged in base due to the appstream-glib dependency +# move idle config into /etc +install -d -m 755 %{buildroot}%{_sysconfdir}/idle%{python_version} +( + cd %{buildroot}/%{sitedir}/idlelib/ + for file in *.def ; do + mv $file %{buildroot}%{_sysconfdir}/idle%{python_version}/ + ln -sf %{_sysconfdir}/idle%{python_version}/$file %{buildroot}/%{sitedir}/idlelib/ + done +) + +# keep just idle3.X +rm %{buildroot}%{_bindir}/idle3 + +# install idle icons +for size in 16 32 48 ; do + install -m 644 -D Lib/idlelib/Icons/idle_${size}.png \ + %{buildroot}%{_datadir}/icons/hicolor/${size}x${size}/apps/idle%{python_version}.png +done + +# install idle desktop file +cp %{SOURCE19} idle%{python_version}.desktop +sed -i -e 's:idle3:idle%{python_version}:g' idle%{python_version}.desktop +install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_version}.desktop +%suse_update_desktop_file idle%{python_version} + +cp %{SOURCE20} idle%{python_version}.appdata.xml +sed -i -e 's:idle3.desktop:idle%{python_version}.desktop:g' idle%{python_version}.appdata.xml +install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_version}.appdata.xml +appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle%{python_version}.appdata.xml + +%fdupes %{buildroot}/%{_libdir}/python%{python_version} +%endif +%if %{with base} +%make_install + +# remove .a +find %{buildroot} -name "*.a" -delete + +# install "site-packages" and __pycache__ for third parties +install -d -m 755 %{buildroot}%{sitedir}/site-packages +install -d -m 755 %{buildroot}%{sitedir}/site-packages/__pycache__ +# and their 32bit counterparts explicitly +mkdir -p %{buildroot}%{_prefix}/lib/python%{python_version}/site-packages/__pycache__ + +# cleanup parts that don't belong +for dir in curses dbm sqlite3 tkinter idlelib; do + find "%{buildroot}/%{sitedir}/$dir"/* -maxdepth 0 -name "test" -o -exec rm -rf {} + +done +rm -fv %{buildroot}%{dynlib nis} + +# overwrite the copied binary with a link +ln -sf python%{python_version} %{buildroot}%{_bindir}/python3 + +# decide to ship python3 or just python3.X +%if !%{primary_interpreter} +# base +rm %{buildroot}%{_bindir}/python3 +rm %{buildroot}%{_bindir}/pydoc3 +rm %{buildroot}%{_mandir}/man1/python3.1 +# devel +rm %{buildroot}%{_bindir}/python3-config +rm %{buildroot}%{_libdir}/libpython3.so +rm %{buildroot}%{_libdir}/pkgconfig/{python3,python3-embed}.pc +%endif + +%if %{suse_version} > 1550 +# PEP-0668 mark this as a distro maintained python +sed -e 's,__PYTHONPREFIX__,%{python_pkg_name},' -e 's,__PYTHON__,python%{python_version},' < %{SOURCE4} > %{buildroot}%{sitedir}/EXTERNALLY-MANAGED +%endif + +# link shared library instead of static library that tools expect +ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_version}/config-%{python_abi}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}/libpython%{python_abi}.so + +# delete idle3, which has to many packaging dependencies for base +rm %{buildroot}%{_bindir}/idle3* + +# delete the generic 2to3 binary if we are not primary +%if !%{primary_interpreter} +rm %{buildroot}%{_bindir}/2to3 +%endif + +# replace duplicate .pyo/.pyc with hardlinks +%fdupes %{buildroot}/%{sitedir} + +# documentation +export PDOCS=%{buildroot}%{_docdir}/%{name} +install -d -m 755 $PDOCS +install -c -m 644 %{SOURCE3} $PDOCS/ +install -c -m 644 README.rst $PDOCS/ + +# tools +for x in `find Tools/ \( -not -name Makefile \) -print | sort` ; do + test -d $x && ( install -c -m 755 -d $PDOCS/$x ) \ + || ( install -c -m 644 $x $PDOCS/$x ) +done +# gdb script is shipped with devel subpackage +rm -r $PDOCS/Tools/gdb +# clean up the bat files +find "$PDOCS" -name "*.bat" -delete + +# put gdb helper script into place +install -m 755 -D Tools/gdb/libpython.py %{buildroot}%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +# install devel files to /config +#cp Makefile Makefile.pre.in Makefile.pre $RPM_BUILD_ROOT%{sitedir}/config-%{python_abi}/ + +# RPM macros +%if %{primary_interpreter} +mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d/ +install -m 644 %{SOURCE7} %{buildroot}%{_rpmconfigdir}/macros.d/ # macros.python3 +%endif + +# import_failed hooks +FAILDIR=%{buildroot}/%{sitedir}/_import_failed +mkdir $FAILDIR +install -m 644 %{SOURCE8} %{SOURCE9} $FAILDIR # import_failed.* +LD_LIBRARY_PATH=. ./python -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +LD_LIBRARY_PATH=. ./python -O -c "from py_compile import compile; compile('$FAILDIR/import_failed.py', dfile='%{sitedir}/_import_failed/import_failed.py')" +( + cd $FAILDIR + while read package modules; do + for module in $modules; do + ln import_failed.py $module.py + pushd __pycache__ + for i in import_failed*; do + ln $i "$module${i#import_failed}" + done + popd + done + done < %{SOURCE9} +) +echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +%endif + +%if %{with general} +%files -n %{python_pkg_name}-tk +%defattr(644, root, root, 755) +%{sitedir}/tkinter +%{dynlib _tkinter} + +%files -n %{python_pkg_name}-curses +%defattr(644, root, root, 755) +%{sitedir}/curses +%{dynlib _curses} + +%files -n %{python_pkg_name}-dbm +%defattr(644, root, root, 755) +%{sitedir}/dbm +%{dynlib _dbm} +%{dynlib _gdbm} + +%files -n %{python_pkg_name} +%defattr(644, root, root, 755) +%dir %{sitedir} +%dir %{sitedir}/lib-dynload +%{sitedir}/sqlite3 +%{dynlib readline} +%{dynlib _sqlite3} +%if 0%{?suse_version} < 1599 +%{dynlib nis} +%endif + +%files -n %{python_pkg_name}-idle +%defattr(644, root, root, 755) +%{sitedir}/idlelib +%dir %{_sysconfdir}/idle%{python_version} +%config %{_sysconfdir}/idle%{python_version}/* +%doc Lib/idlelib/README.txt +%doc Lib/idlelib/TODO.txt +%doc Lib/idlelib/extend.txt +%doc Lib/idlelib/ChangeLog +%{_bindir}/idle%{python_version} +%{_datadir}/applications/idle%{python_version}.desktop +%{_datadir}/metainfo/idle%{python_version}.appdata.xml +%{_datadir}/icons/hicolor/*/apps/idle%{python_version}.png +%dir %{_datadir}/icons/hicolor +%dir %{_datadir}/icons/hicolor/16x16 +%dir %{_datadir}/icons/hicolor/32x32 +%dir %{_datadir}/icons/hicolor/48x48 +%dir %{_datadir}/icons/hicolor/*/apps +# endif for if general +%endif + +%if %{with doc} +%files -n %{python_pkg_name}-doc +%dir %{_docdir}/python%{python_version} +%doc %{_docdir}/python%{python_version}/Misc +%doc %{_docdir}/python%{python_version}/html + +%files -n %{python_pkg_name}-doc-devhelp +%dir %{_datadir}/gtk-doc +%dir %{_datadir}/gtk-doc/html +%doc %{_datadir}/gtk-doc/html/Python%{python_version} +%endif + +%if %{with base} +%post -n libpython%{so_version} -p /sbin/ldconfig +%postun -n libpython%{so_version} -p /sbin/ldconfig + +%files -n libpython%{so_version} +%defattr(644, root,root) +%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor} + +%files -n %{python_pkg_name}-tools +%defattr(644, root, root, 755) +%{sitedir}/turtledemo +%if %{primary_interpreter} +%{_bindir}/2to3 +%endif +%attr(755, root, root)%{_bindir}/2to3-%{python_version} +%doc %{_docdir}/%{name}/Tools + +%files -n %{python_pkg_name}-devel +%defattr(644, root, root, 755) +%{_libdir}/libpython%{python_abi}.so +%if %{primary_interpreter} +%{_libdir}/libpython3.so +%endif +%{_libdir}/pkgconfig/* +%{_includedir}/python%{python_abi} +%{sitedir}/config-%{python_abi}-* +%defattr(755, root, root) +%{_bindir}/python%{python_abi}-config +%if %{primary_interpreter} +%{_bindir}/python3-config +%endif +# Own these directories to not depend on gdb +%dir %{_datadir}/gdb +%dir %{_datadir}/gdb/auto-load +%dir %{_datadir}/gdb/auto-load%{_prefix} +%dir %{_datadir}/gdb/auto-load%{_libdir} +%{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py + +%files -n %{python_pkg_name}-testsuite +%defattr(644, root, root, 755) +%{sitedir}/test +# %%{sitedir}/*/test +# %%{sitedir}/*/tests +%{dynlib _ctypes_test} +%{dynlib _testbuffer} +%{dynlib _testcapi} +%{dynlib _testclinic} +%{dynlib _testinternalcapi} +%{dynlib _testimportmultiple} +%{dynlib _testmultiphase} +%{dynlib _testsinglephase} +%{dynlib _xxinterpchannels} +%{dynlib _xxtestfuzz} +# workaround for missing packages +%dir %{sitedir}/sqlite3 +%dir %{sitedir}/tkinter + +%files -n %{python_pkg_name}-base +%defattr(644, root, root, 755) +# docs +%dir %{_docdir}/%{name} +%doc %{_docdir}/%{name}/README.rst +%license LICENSE +%doc %{_docdir}/%{name}/README.SUSE +%if %{primary_interpreter} +%{_mandir}/man1/python3.1%{?ext_man} +%endif +%{_mandir}/man1/python%{python_version}.1%{?ext_man} +%if %{suse_version} > 1550 +# PEP-0668 +%{sitedir}/EXTERNALLY-MANAGED +%endif +# license text, not a doc because the code can use it at run-time +%{sitedir}/LICENSE.txt +# RPM macros +%if %{primary_interpreter} +%{_rpmconfigdir}/macros.d/macros.python3 +%endif +# binary parts +%dir %{sitedir}/lib-dynload +%{dynlib array} +%{dynlib _asyncio} +%{dynlib audioop} +%{dynlib binascii} +%{dynlib _bisect} +%{dynlib _bz2} +%{dynlib cmath} +%{dynlib _codecs_cn} +%{dynlib _codecs_hk} +%{dynlib _codecs_iso2022} +%{dynlib _codecs_jp} +%{dynlib _codecs_kr} +%{dynlib _codecs_tw} +%{dynlib _contextvars} +%{dynlib _crypt} +%{dynlib _csv} +%{dynlib _ctypes} +%{dynlib _datetime} +%{dynlib _decimal} +%{dynlib _elementtree} +%{dynlib fcntl} +%{dynlib grp} +%{dynlib _hashlib} +%{dynlib _heapq} +%{dynlib _json} +%{dynlib _lsprof} +%{dynlib _lzma} +%{dynlib math} +%{dynlib mmap} +%{dynlib _multibytecodec} +%{dynlib _multiprocessing} +%{dynlib _opcode} +%{dynlib ossaudiodev} +%{dynlib _pickle} +%{dynlib _posixshmem} +%{dynlib _posixsubprocess} +%{dynlib pyexpat} +%{dynlib _queue} +%{dynlib _random} +%{dynlib resource} +%{dynlib select} +%{dynlib _socket} +%{dynlib spwd} +%{dynlib _ssl} +%{dynlib _statistics} +%{dynlib _struct} +%{dynlib syslog} +%{dynlib termios} +%{dynlib unicodedata} +%{dynlib _uuid} +%{dynlib xxlimited} +%{dynlib xxlimited_35} +%{dynlib _xxsubinterpreters} +%{dynlib xxsubtype} +%{dynlib zlib} +%{dynlib _zoneinfo} +# hashlib fallback modules +%{dynlib _blake2} +%{dynlib _md5} +%{dynlib _sha1} +%{dynlib _sha2} +%{dynlib _sha3} +# python parts +%dir %{_prefix}/lib/python%{python_version} +%dir %{_prefix}/lib/python%{python_version}/site-packages +%dir %{_prefix}/lib/python%{python_version}/site-packages/__pycache__ +%dir %{sitedir} +%dir %{sitedir}/site-packages +%dir %{sitedir}/site-packages/__pycache__ +# %%exclude %%{sitedir}/*/test +# %%exclude %%{sitedir}/*/tests +%{sitedir}/*.py +%{sitedir}/asyncio +%{sitedir}/ctypes +%{sitedir}/collections +%{sitedir}/concurrent +%{sitedir}/email +%{sitedir}/encodings +%{sitedir}/ensurepip +%{sitedir}/html +%{sitedir}/http +%{sitedir}/importlib +%{sitedir}/json +%{sitedir}/lib2to3 +%{sitedir}/logging +%{sitedir}/multiprocessing +%{sitedir}/pydoc_data +%{sitedir}/re +%{sitedir}/tomllib +%{sitedir}/unittest +%{sitedir}/urllib +%{sitedir}/venv +%{sitedir}/wsgiref +%{sitedir}/xml +%{sitedir}/xmlrpc +%{sitedir}/zoneinfo +%{sitedir}/zipfile +%{sitedir}/__phello__ +%{sitedir}/__pycache__ +# import-failed hooks +%{sitedir}/_import_failed +%{sitedir}/site-packages/zzzz-import-failed-hooks.pth +# symlinks +%if %{primary_interpreter} +%{_bindir}/python3 +%{_bindir}/pydoc3 +%endif +# executables +%attr(755, root, root) %{_bindir}/pydoc%{python_version} +# %%attr(755, root, root) %%{_bindir}/python%%{python_abi} +%attr(755, root, root) %{_bindir}/python%{python_version} +# endif for if base +%endif + +%changelog diff --git a/skip-test_pyobject_freed_is_freed.patch b/skip-test_pyobject_freed_is_freed.patch new file mode 100644 index 0000000..f71abcf --- /dev/null +++ b/skip-test_pyobject_freed_is_freed.patch @@ -0,0 +1,16 @@ +--- + Lib/test/test_capi/test_mem.py | 1 + + 1 file changed, 1 insertion(+) + +Index: Python-3.12.2/Lib/test/test_capi/test_mem.py +=================================================================== +--- Python-3.12.2.orig/Lib/test/test_capi/test_mem.py ++++ Python-3.12.2/Lib/test/test_capi/test_mem.py +@@ -110,6 +110,7 @@ class PyMemDebugTests(unittest.TestCase) + def test_pyobject_forbidden_bytes_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_forbidden_bytes_is_freed') + ++ @unittest.skip('Failing on Leap 15.*') + def test_pyobject_freed_is_freed(self): + self.check_pyobject_is_freed('check_pyobject_freed_is_freed') + diff --git a/skipped_tests.py b/skipped_tests.py new file mode 100644 index 0000000..47002e6 --- /dev/null +++ b/skipped_tests.py @@ -0,0 +1,69 @@ +#!/usr/bin/python3 +""" +Simple regexp-based skipped test checker. +It lists tests that are mentioned (presumably for exclusion) +in BASE, and in MAIN (presumably for inclusion) +and reports discrepancies. + +This will have a number of +""" + +MAIN = "python39.spec" + +import glob +import re +from os.path import basename + +alltests = set() +qemu_exclusions = set() + +for item in glob.glob("Python-*/Lib/test/test_*"): + testname = basename(item) + if testname.endswith(".py"): + testname = testname[:-3] + alltests.add(testname) + +testre = re.compile(r'[\s"](test_\w+)\b') + +def find_tests_in_spec(specname): + global qemu_exclusions + + found_tests = set() + with open(specname) as spec: + in_qemu = False + for line in spec: + line = line.strip() + if "#" in line: + line = line[:line.index("#")] + tests = set(testre.findall(line)) + found_tests |= tests + if line == "%if 0%{?qemu_user_space_build} > 0": + in_qemu = True + if in_qemu: + if line == "%endif": + in_qemu = False + qemu_exclusions |= tests + return found_tests + +excluded = find_tests_in_spec(MAIN) + +#print("--- excluded tests:", " ".join(sorted(excluded))) +#print("--- included tests:", " ".join(sorted(included))) + +mentioned = excluded +nonexistent = mentioned - alltests +missing = excluded - qemu_exclusions + +print("--- the following tests are excluded for QEMU and not tested in python") +print("--- (that probably means we don't need to worry about them)") +for test in sorted(qemu_exclusions - excluded): + print(test) + +print("--- the following tests might be excluded in python:") +for test in sorted(missing): + print(test) + +if nonexistent: + print("--- the following tests don't exist:") + for test in sorted(nonexistent): + print(test) diff --git a/subprocess-raise-timeout.patch b/subprocess-raise-timeout.patch new file mode 100644 index 0000000..a15acaa --- /dev/null +++ b/subprocess-raise-timeout.patch @@ -0,0 +1,18 @@ +--- + Lib/test/test_subprocess.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: Python-3.12.4/Lib/test/test_subprocess.py +=================================================================== +--- Python-3.12.4.orig/Lib/test/test_subprocess.py ++++ Python-3.12.4/Lib/test/test_subprocess.py +@@ -280,7 +280,8 @@ class ProcessTestCase(BaseTestCase): + "time.sleep(3600)"], + # Some heavily loaded buildbots (sparc Debian 3.x) require + # this much time to start and print. +- timeout=3) ++ # OBS might require even more ++ timeout=10) + self.fail("Expected TimeoutExpired.") + self.assertEqual(c.exception.output, b'BDFL') + From b3854911070d0daa6c48340842678b38c5103ec3f7249c846f9215f7e0a1b104 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 25 Jun 2024 16:08:01 +0000 Subject: [PATCH 02/15] Accepting request 1183151 from home:Andreas_Schwab:riscv:python - Reenable test_multiprocessing_forkserver test_multiprocessing_spawn test_subprocess tests in qemu build OBS-URL: https://build.opensuse.org/request/show/1183151 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=48 --- python312.changes | 6 ++++++ python312.spec | 7 ++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/python312.changes b/python312.changes index 91345ed..523902f 100644 --- a/python312.changes +++ b/python312.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Jun 24 12:14:52 UTC 2024 - Andreas Schwab + +- Reenable test_multiprocessing_forkserver test_multiprocessing_spawn + test_subprocess tests in qemu build + ------------------------------------------------------------------- Fri Jun 7 10:44:55 UTC 2024 - Matej Cepl diff --git a/python312.spec b/python312.spec index c35bf59..0ef7d9b 100644 --- a/python312.spec +++ b/python312.spec @@ -551,7 +551,12 @@ EXCLUDE="$EXCLUDE test_faulthandler" %endif # some tests break in QEMU %if 0%{?qemu_user_space_build} -EXCLUDE="$EXCLUDE test_faulthandler test_multiprocessing_forkserver test_multiprocessing_spawn test_os test_posix test_signal test_socket test_subprocess" +# test_faulthandler: test_register_chain is racy +# test_os: test_fork_warns_when_non_python_thread_exists fails +# test_posix: qemu does not support fexecve in test_fexecve +# test_signal: qemu crashes in test_stress_modifying_handlers +# test_socket: many CmsgTrunc tests fail +EXCLUDE="$EXCLUDE test_faulthandler test_os test_posix test_signal test_socket" %endif # This test (part of test_uuid) requires real network interfaces From 5465cd240fd9ff9846bc6a701bae5ffd9d8ebc51c7e4bd2d63b800903a211351 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Tue, 25 Jun 2024 22:06:54 +0000 Subject: [PATCH 03/15] - gh-113171 (bsc#1226448, CVE-2024-4032): Fixed various false positives and false negatives in OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=49 --- python312.changes | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/python312.changes b/python312.changes index 523902f..04408c0 100644 --- a/python312.changes +++ b/python312.changes @@ -163,8 +163,8 @@ Fri Jun 7 10:44:55 UTC 2024 - Matej Cepl control characters '\v', '\f', '\x1c', '\x1d' and '\x1e' and Unicode line separators '\x85', '\u2028' and '\u2029' as is. - - gh-113171: Fixed various false positives and false - negatives in + - gh-113171 (bsc#1226448, CVE-2024-4032): Fixed various false + positives and false negatives in ipaddress.IPv4Address.is_private (see these docs for details) ipaddress.IPv4Address.is_global ipaddress.IPv6Address.is_private From 4bca3b25891c74750408e1ace2c9e521b9db17d164629b824cc8194f9bb6eee5 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 26 Jun 2024 20:10:05 +0000 Subject: [PATCH 04/15] - Add docs-docutils_014-Sphinx_420.patch make building docs compatible with Sphinx 4_2_0 and docutils 0.14. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=50 --- docs-docutils_014-Sphinx_420.patch | 78 ++++++++++++++++++++++++++++++ python312.changes | 6 +++ python312.spec | 6 +++ 3 files changed, 90 insertions(+) create mode 100644 docs-docutils_014-Sphinx_420.patch diff --git a/docs-docutils_014-Sphinx_420.patch b/docs-docutils_014-Sphinx_420.patch new file mode 100644 index 0000000..26563f5 --- /dev/null +++ b/docs-docutils_014-Sphinx_420.patch @@ -0,0 +1,78 @@ +--- + Doc/tools/extensions/c_annotations.py | 6 +++++- + Doc/tools/extensions/glossary_search.py | 12 ++++++++++-- + Doc/tools/extensions/pyspecific.py | 13 ++++++++++--- + 3 files changed, 25 insertions(+), 6 deletions(-) + +--- a/Doc/tools/extensions/c_annotations.py ++++ b/Doc/tools/extensions/c_annotations.py +@@ -84,7 +84,11 @@ class Annotations: + self.stable_abi_data[name] = record + + def add_annotations(self, app, doctree): +- for node in doctree.findall(addnodes.desc_content): ++ try: ++ findall = doctree.findall ++ except AttributeError: ++ findall = doctree.traverse ++ for node in findall(addnodes.desc_content): + par = node.parent + if par['domain'] != 'c': + continue +--- a/Doc/tools/extensions/glossary_search.py ++++ b/Doc/tools/extensions/glossary_search.py +@@ -25,8 +25,16 @@ def process_glossary_nodes(app, doctree, + + terms = {} + +- for node in doctree.findall(glossary): +- for glossary_item in node.findall(definition_list_item): ++ try: ++ findall = doctree.findall ++ except AttributeError: ++ findall = doctree.traverse ++ for node in findall(glossary): ++ try: ++ node_findall = node.findall ++ except AttributeError: ++ node_findall = node.traverse ++ for glossary_item in node_findall(definition_list_item): + term = glossary_item[0].astext().lower() + definition = glossary_item[1] + +--- a/Doc/tools/extensions/pyspecific.py ++++ b/Doc/tools/extensions/pyspecific.py +@@ -27,7 +27,10 @@ from sphinx.locale import _ as sphinx_ge + from sphinx.util import logging + from sphinx.util.docutils import SphinxDirective + from sphinx.writers.text import TextWriter, TextTranslator +-from sphinx.util.display import status_iterator ++try: ++ from sphinx.util.display import status_iterator ++except ModuleNotFoundError: ++ from sphinx.util import status_iterator + + + ISSUE_URI = 'https://bugs.python.org/issue?@action=redirect&bpo=%s' +@@ -604,7 +607,11 @@ def parse_monitoring_event(env, sig, sig + + + def process_audit_events(app, doctree, fromdocname): +- for node in doctree.findall(audit_event_list): ++ try: ++ findall = doctree.findall ++ except AttributeError: ++ findall = doctree.traverse ++ for node in findall(audit_event_list): + break + else: + return +@@ -663,7 +670,7 @@ def process_audit_events(app, doctree, f + + body += row + +- for node in doctree.findall(audit_event_list): ++ for node in findall(audit_event_list): + node.replace_self(table) + + diff --git a/python312.changes b/python312.changes index 04408c0..756b362 100644 --- a/python312.changes +++ b/python312.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Jun 26 20:00:38 UTC 2024 - Matej Cepl + +- Add docs-docutils_014-Sphinx_420.patch make building docs + compatible with Sphinx 4_2_0 and docutils 0.14. + ------------------------------------------------------------------- Mon Jun 24 12:14:52 UTC 2024 - Andreas Schwab diff --git a/python312.spec b/python312.spec index 0ef7d9b..5e2eafc 100644 --- a/python312.spec +++ b/python312.spec @@ -171,6 +171,9 @@ Patch39: CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch # PATCH-FIX-OPENSUSE fix-test-recursion-limit-15.6.patch gh#python/cpython#115083 # Skip some failing tests in test_compile for i586 arch in 15.6. Patch40: fix-test-recursion-limit-15.6.patch +# PATCH-FIX-SLE docs-docutils_014-Sphinx_420.patch bsc#[0-9]+ mcepl@suse.com +# related to gh#python/cpython#119317 +Patch41: docs-docutils_014-Sphinx_420.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes @@ -428,6 +431,9 @@ other applications. %setup -q -n %{tarname} %autopatch -p1 +# Fix devhelp doc build gh#python/cpython#120150 +echo "master_doc = 'contents'" >> Doc/conf.py + # drop Autoconf version requirement sed -i 's/^AC_PREREQ/dnl AC_PREREQ/' configure.ac From 26b708641ef51904883414dbcf9741f7985dc990a915c9dbef8025a9e2b560da Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 26 Jun 2024 20:11:23 +0000 Subject: [PATCH 05/15] Accepting request 1183433 from home:Andreas_Schwab:Factory - Update import_failed.map for python 3.12 OBS-URL: https://build.opensuse.org/request/show/1183433 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=51 --- import_failed.map | 14 +++++++------- python312.changes | 5 +++++ python312.spec | 3 +++ 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/import_failed.map b/import_failed.map index f33690c..7cba163 100644 --- a/import_failed.map +++ b/import_failed.map @@ -1,7 +1,7 @@ -python311-curses: curses _curses _curses_panel -python311-dbm: dbm _dbm _gdbm -python311-idle: idlelib -python311-testsuite: test _ctypes_test _testbuffer _testcapi _testinternalcapi _testimportmultiple _testmultiphase xxlimited -python311-tk: tkinter _tkinter -python311-tools: turtledemo -python311: sqlite3 readline _sqlite3 nis +python312-curses: curses _curses +python312-dbm: dbm _dbm _gdbm +python312-idle: idlelib +python312-testsuite: test _ctypes_test _testbuffer _testcapi _testclinic _testinternalcapi _testimportmultiple _testmultiphase _testsinglephase _xxinterpchannels _xxtestfuzz +python312-tk: tkinter _tkinter +python312-tools: turtledemo +python312: sqlite3 readline _sqlite3 nis diff --git a/python312.changes b/python312.changes index 756b362..987716f 100644 --- a/python312.changes +++ b/python312.changes @@ -4,6 +4,11 @@ Wed Jun 26 20:00:38 UTC 2024 - Matej Cepl - Add docs-docutils_014-Sphinx_420.patch make building docs compatible with Sphinx 4_2_0 and docutils 0.14. +------------------------------------------------------------------- +Wed Jun 26 08:08:19 UTC 2024 - Andreas Schwab + +- Update import_failed.map for python 3.12 + ------------------------------------------------------------------- Mon Jun 24 12:14:52 UTC 2024 - Andreas Schwab diff --git a/python312.spec b/python312.spec index 5e2eafc..da7cb74 100644 --- a/python312.spec +++ b/python312.spec @@ -773,6 +773,9 @@ LD_LIBRARY_PATH=. ./python -O -c "from py_compile import compile; compile('$FAIL cd $FAILDIR while read package modules; do for module in $modules; do +%if 0%{?suse_version} >= 1599 + test $module = nis && continue +%endif ln import_failed.py $module.py pushd __pycache__ for i in import_failed*; do From 7dcd5b1426b79d63bf412df559854f84f6fbb41ac59c2496cfbebf37b4bb1f59 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 26 Jun 2024 20:34:48 +0000 Subject: [PATCH 06/15] Add CVE-2024-0397 to changelog. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=52 --- python312.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python312.changes b/python312.changes index 987716f..c0fa746 100644 --- a/python312.changes +++ b/python312.changes @@ -268,7 +268,7 @@ Wed Apr 10 14:41:07 UTC 2024 - Matej Cepl - gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() now correctly lock access to the certificate store, when the ssl.SSLContext is shared - across multiple threads. + across multiple threads (bsc#1226447, CVE-2024-0397). - Core and Builtins - gh-109120: Added handle of incorrect star expressions, e.g f(3, *). Patch by Grigoryev Semyon From bde1a4521fe16fcc82861c32210fe04fff5c6614f9663832120dc137bd8803bd Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 4 Jul 2024 13:16:57 +0000 Subject: [PATCH 07/15] Accepting request 1184846 from home:dgarcia:usr-local-cpython - Add F00251-change-user-install-location.patch to make pip and modern tools install directly in /usr/local when used by the user. bsc#1225660 OBS-URL: https://build.opensuse.org/request/show/1184846 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=53 --- F00251-change-user-install-location.patch | 152 ++++++++++++++++++++++ python312.changes | 7 + python312.spec | 7 + 3 files changed, 166 insertions(+) create mode 100644 F00251-change-user-install-location.patch diff --git a/F00251-change-user-install-location.patch b/F00251-change-user-install-location.patch new file mode 100644 index 0000000..bdab695 --- /dev/null +++ b/F00251-change-user-install-location.patch @@ -0,0 +1,152 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Mon, 15 Feb 2021 12:19:27 +0100 +Subject: [PATCH] 00251: Change user install location +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Set values of base and platbase in sysconfig from /usr +to /usr/local when RPM build is not detected +to make pip and similar tools install into separate location. + +Fedora Change: https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe +Downstream only. + +We've tried to rework in Fedora 36/Python 3.10 to follow https://bugs.python.org/issue43976 +but we have identified serious problems with that approach, +see https://bugzilla.redhat.com/2026979 or https://bugzilla.redhat.com/2097183 + +pypa/distutils integration: https://github.com/pypa/distutils/pull/70 + +Co-authored-by: Petr Viktorin +Co-authored-by: Miro Hrončok +Co-authored-by: Michal Cyprian +Co-authored-by: Lumír Balhar +--- + Lib/site.py | 9 ++++++- + Lib/sysconfig.py | 49 +++++++++++++++++++++++++++++++++++++- + Lib/test/test_sysconfig.py | 17 +++++++++++-- + 3 files changed, 71 insertions(+), 4 deletions(-) + +Index: Python-3.12.4/Lib/sysconfig.py +=================================================================== +--- Python-3.12.4.orig/Lib/sysconfig.py ++++ Python-3.12.4/Lib/sysconfig.py +@@ -104,6 +104,11 @@ if os.name == 'nt': + else: + _INSTALL_SCHEMES['venv'] = _INSTALL_SCHEMES['posix_venv'] + ++# For a brief period of time in the Fedora 36 life cycle, ++# this installation scheme existed and was documented in the release notes. ++# For backwards compatibility, we keep it here (at least on 3.10 and 3.11). ++_INSTALL_SCHEMES['rpm_prefix'] = _INSTALL_SCHEMES['posix_prefix'] ++ + + # NOTE: site.py has copy of this function. + # Sync it when modify this function. +@@ -163,6 +168,19 @@ if _HAS_USER_BASE: + }, + } + ++# This is used by distutils.command.install in the stdlib ++# as well as pypa/distutils (e.g. bundled in setuptools). ++# The self.prefix value is set to sys.prefix + /local/ ++# if neither RPM build nor virtual environment is ++# detected to make distutils install packages ++# into the separate location. ++# https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++if (not (hasattr(sys, 'real_prefix') or ++ sys.prefix != sys.base_prefix) and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _prefix_addition = '/local' ++ ++ + _SCHEME_KEYS = ('stdlib', 'platstdlib', 'purelib', 'platlib', 'include', + 'scripts', 'data') + +@@ -263,11 +281,40 @@ def _extend_dict(target_dict, other_dict + target_dict[key] = value + + ++_CONFIG_VARS_LOCAL = None ++ ++ ++def _config_vars_local(): ++ # This function returns the config vars with prefixes amended to /usr/local ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ global _CONFIG_VARS_LOCAL ++ if _CONFIG_VARS_LOCAL is None: ++ _CONFIG_VARS_LOCAL = dict(get_config_vars()) ++ _CONFIG_VARS_LOCAL['base'] = '/usr/local' ++ _CONFIG_VARS_LOCAL['platbase'] = '/usr/local' ++ return _CONFIG_VARS_LOCAL ++ ++ + def _expand_vars(scheme, vars): + res = {} + if vars is None: + vars = {} +- _extend_dict(vars, get_config_vars()) ++ ++ # when we are not in a virtual environment or an RPM build ++ # we change '/usr' to '/usr/local' ++ # to avoid surprises, we explicitly check for the /usr/ prefix ++ # Python virtual environments have different prefixes ++ # we only do this for posix_prefix, not to mangle the venv scheme ++ # posix_prefix is used by sudo pip install ++ # we only change the defaults here, so explicit --prefix will take precedence ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if (scheme == 'posix_prefix' and ++ _PREFIX == '/usr' and ++ 'RPM_BUILD_ROOT' not in os.environ): ++ _extend_dict(vars, _config_vars_local()) ++ else: ++ _extend_dict(vars, get_config_vars()) ++ + if os.name == 'nt': + # On Windows we want to substitute 'lib' for schemes rather + # than the native value (without modifying vars, in case it +Index: Python-3.12.4/Lib/test/test_sysconfig.py +=================================================================== +--- Python-3.12.4.orig/Lib/test/test_sysconfig.py ++++ Python-3.12.4/Lib/test/test_sysconfig.py +@@ -110,8 +110,19 @@ class TestSysConfig(unittest.TestCase): + for scheme in _INSTALL_SCHEMES: + for name in _INSTALL_SCHEMES[scheme]: + expected = _INSTALL_SCHEMES[scheme][name].format(**config_vars) ++ tested = get_path(name, scheme) ++ # https://fedoraproject.org/wiki/Changes/Making_sudo_pip_safe ++ if tested.startswith('/usr/local'): ++ # /usr/local should only be used in posix_prefix ++ self.assertEqual(scheme, 'posix_prefix') ++ # Fedora CI runs tests for venv and virtualenv that check for other prefixes ++ self.assertEqual(sys.prefix, '/usr') ++ # When building the RPM of Python, %check runs this with RPM_BUILD_ROOT set ++ # Fedora CI runs this with RPM_BUILD_ROOT unset ++ self.assertNotIn('RPM_BUILD_ROOT', os.environ) ++ tested = tested.replace('/usr/local', '/usr') + self.assertEqual( +- os.path.normpath(get_path(name, scheme)), ++ os.path.normpath(tested), + os.path.normpath(expected), + ) + +@@ -344,7 +355,7 @@ class TestSysConfig(unittest.TestCase): + self.assertTrue(os.path.isfile(config_h), config_h) + + def test_get_scheme_names(self): +- wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv'] ++ wanted = ['nt', 'posix_home', 'posix_prefix', 'posix_venv', 'nt_venv', 'venv', 'rpm_prefix'] + if HAS_USER_BASE: + wanted.extend(['nt_user', 'osx_framework_user', 'posix_user']) + self.assertEqual(get_scheme_names(), tuple(sorted(wanted))) +@@ -356,6 +367,8 @@ class TestSysConfig(unittest.TestCase): + cmd = "-c", "import sysconfig; print(sysconfig.get_platform())" + self.assertEqual(py.call_real(*cmd), py.call_link(*cmd)) + ++ @unittest.skipIf('RPM_BUILD_ROOT' not in os.environ, ++ "Test doesn't expect Fedora's paths") + def test_user_similar(self): + # Issue #8759: make sure the posix scheme for the users + # is similar to the global posix_prefix one diff --git a/python312.changes b/python312.changes index c0fa746..ee332c0 100644 --- a/python312.changes +++ b/python312.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Jul 2 10:33:52 UTC 2024 - Daniel Garcia + +- Add F00251-change-user-install-location.patch to make pip and + modern tools install directly in /usr/local when used by the user. + bsc#1225660 + ------------------------------------------------------------------- Wed Jun 26 20:00:38 UTC 2024 - Matej Cepl diff --git a/python312.spec b/python312.spec index da7cb74..20c073a 100644 --- a/python312.spec +++ b/python312.spec @@ -136,6 +136,13 @@ Source99: python.keyring # They are listed here to work around missing functionality in rpmbuild, # which would otherwise exclude them from distributed src.rpm files. Source100: PACKAGING-NOTES +# PATCH-FEATURE-UPSTREAM F00251-change-user-install-location.patch bsc#[0-9]+ mcepl@suse.com +# Fix installation in /usr/local (boo#1071941), originally from Fedora +# https://src.fedoraproject.org/rpms/python3.12/blob/rawhide/f/00251-change-user-install-location.patch +# Set values of prefix and exec_prefix in distutils install command +# to /usr/local if executable is /usr/bin/python* and RPM build +# is not detected to make pip and distutils install into separate location +Patch02: F00251-change-user-install-location.patch # support finding packages in /usr/local, install to /usr/local by default Patch07: python-3.3.0b1-localpath.patch # replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds From 4b714bca06bf9a5442deaafa1bb5d0e06dd143157b774fda555227462d061c12 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Thu, 4 Jul 2024 18:31:02 +0000 Subject: [PATCH 08/15] - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=54 --- python312.changes | 6 ++++++ python312.spec | 11 ----------- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/python312.changes b/python312.changes index ee332c0..871f5ae 100644 --- a/python312.changes +++ b/python312.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Jul 4 16:04:05 UTC 2024 - Matej Cepl + +- Stop using %%defattr, it seems to be breaking proper executable + attributes on /usr/bin/ scripts (bsc#1227378). + ------------------------------------------------------------------- Tue Jul 2 10:33:52 UTC 2024 - Daniel Garcia diff --git a/python312.spec b/python312.spec index 20c073a..2e9c9a6 100644 --- a/python312.spec +++ b/python312.spec @@ -797,23 +797,19 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %if %{with general} %files -n %{python_pkg_name}-tk -%defattr(644, root, root, 755) %{sitedir}/tkinter %{dynlib _tkinter} %files -n %{python_pkg_name}-curses -%defattr(644, root, root, 755) %{sitedir}/curses %{dynlib _curses} %files -n %{python_pkg_name}-dbm -%defattr(644, root, root, 755) %{sitedir}/dbm %{dynlib _dbm} %{dynlib _gdbm} %files -n %{python_pkg_name} -%defattr(644, root, root, 755) %dir %{sitedir} %dir %{sitedir}/lib-dynload %{sitedir}/sqlite3 @@ -824,7 +820,6 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %endif %files -n %{python_pkg_name}-idle -%defattr(644, root, root, 755) %{sitedir}/idlelib %dir %{_sysconfdir}/idle%{python_version} %config %{_sysconfdir}/idle%{python_version}/* @@ -861,11 +856,9 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %postun -n libpython%{so_version} -p /sbin/ldconfig %files -n libpython%{so_version} -%defattr(644, root,root) %{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor} %files -n %{python_pkg_name}-tools -%defattr(644, root, root, 755) %{sitedir}/turtledemo %if %{primary_interpreter} %{_bindir}/2to3 @@ -874,7 +867,6 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %doc %{_docdir}/%{name}/Tools %files -n %{python_pkg_name}-devel -%defattr(644, root, root, 755) %{_libdir}/libpython%{python_abi}.so %if %{primary_interpreter} %{_libdir}/libpython3.so @@ -882,7 +874,6 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %{_libdir}/pkgconfig/* %{_includedir}/python%{python_abi} %{sitedir}/config-%{python_abi}-* -%defattr(755, root, root) %{_bindir}/python%{python_abi}-config %if %{primary_interpreter} %{_bindir}/python3-config @@ -895,7 +886,6 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %{_datadir}/gdb/auto-load/%{_libdir}/libpython%{python_abi}.so.%{so_major}.%{so_minor}-gdb.py %files -n %{python_pkg_name}-testsuite -%defattr(644, root, root, 755) %{sitedir}/test # %%{sitedir}/*/test # %%{sitedir}/*/tests @@ -914,7 +904,6 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo %dir %{sitedir}/tkinter %files -n %{python_pkg_name}-base -%defattr(644, root, root, 755) # docs %dir %{_docdir}/%{name} %doc %{_docdir}/%{name}/README.rst From 0790b98fac88e2f3eef7156601d1a847d70e61621d273d5b02f023f1b129c50a Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 10 Jul 2024 05:44:28 +0000 Subject: [PATCH 09/15] permissive than the default (bsc#1227152). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=55 --- python312.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python312.changes b/python312.changes index 871f5ae..a10527d 100644 --- a/python312.changes +++ b/python312.changes @@ -37,7 +37,7 @@ Fri Jun 7 10:44:55 UTC 2024 - Matej Cepl to restrict the new directory to the current user. This fixes CVE-2024-4030 affecting tempfile.mkdtemp() in scenarios where the base temporary directory is more - permissive than the default. + permissive than the default (bsc#1227152). - gh-116741: Update bundled libexpat to 2.6.2 - gh-117233: Detect BLAKE2, SHA3, Shake, & truncated SHA512 support in the OpenSSL-ish libcrypto library at build From ff39bb892fa3b4a82edbc57423a312415c5526ef7e6bce28cad888e260cfc133 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Mon, 22 Jul 2024 21:31:13 +0000 Subject: [PATCH 10/15] - Remove %suse_update_desktop_file macro as it is not useful any more. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=56 --- python312.changes | 6 ++++++ python312.spec | 2 -- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/python312.changes b/python312.changes index a10527d..64456b2 100644 --- a/python312.changes +++ b/python312.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Jul 22 21:20:55 UTC 2024 - Matej Cepl + +- Remove %suse_update_desktop_file macro as it is not useful any + more. + ------------------------------------------------------------------- Thu Jul 4 16:04:05 UTC 2024 - Matej Cepl diff --git a/python312.spec b/python312.spec index 2e9c9a6..7ea3da4 100644 --- a/python312.spec +++ b/python312.spec @@ -222,7 +222,6 @@ BuildRequires: gettext BuildRequires: readline-devel BuildRequires: sqlite-devel BuildRequires: timezone -BuildRequires: update-desktop-files BuildRequires: pkgconfig(ncurses) BuildRequires: pkgconfig(tk) BuildRequires: pkgconfig(x11) @@ -681,7 +680,6 @@ done cp %{SOURCE19} idle%{python_version}.desktop sed -i -e 's:idle3:idle%{python_version}:g' idle%{python_version}.desktop install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_version}.desktop -%suse_update_desktop_file idle%{python_version} cp %{SOURCE20} idle%{python_version}.appdata.xml sed -i -e 's:idle3.desktop:idle%{python_version}.desktop:g' idle%{python_version}.appdata.xml From e52f34b4c17e4819a51bb6fa81abe0e3d925920fc536b2129afa8f667d7be792 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 7 Aug 2024 15:01:40 +0000 Subject: [PATCH 11/15] - Add CVE-2024-6923-email-hdr-inject.patch to prevent email header injection due to unquoted newlines (bsc#1228780, CVE-2024-6923). - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999) - Update bluez-devel-vendor.tar.xz OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=57 --- CVE-2024-6923-email-hdr-inject.patch | 387 +++++++++++++++++++++++++++ python312.changes | 10 + python312.spec | 10 +- 3 files changed, 406 insertions(+), 1 deletion(-) create mode 100644 CVE-2024-6923-email-hdr-inject.patch diff --git a/CVE-2024-6923-email-hdr-inject.patch b/CVE-2024-6923-email-hdr-inject.patch new file mode 100644 index 0000000..d12a54e --- /dev/null +++ b/CVE-2024-6923-email-hdr-inject.patch @@ -0,0 +1,387 @@ +From e58aec9cbfdebf45ee863eded142358e9e98531d Mon Sep 17 00:00:00 2001 +From: Petr Viktorin +Date: Wed, 31 Jul 2024 00:19:48 +0200 +Subject: [PATCH 1/2] gh-121650: Encode newlines in headers, and verify headers + are sound (GH-122233) + +- Encode header parts that contain newlines + +Per RFC 2047: + +> [...] these encoding schemes allow the +> encoding of arbitrary octet values, mail readers that implement this +> decoding should also ensure that display of the decoded data on the +> recipient's terminal will not cause unwanted side-effects + +It seems that the "quoted-word" scheme is a valid way to include +a newline character in a header value, just like we already allow +undecodable bytes or control characters. +They do need to be properly quoted when serialized to text, though. + +- Verify that email headers are well-formed + +This should fail for custom fold() implementations that aren't careful +about newlines. + +Co-authored-by: Bas Bloemsaat +Co-authored-by: Serhiy Storchaka +(cherry picked from commit 097633981879b3c9de9a1dd120d3aa585ecc2384) +--- + Doc/library/email.errors.rst | 7 +++ + Doc/library/email.policy.rst | 18 ++++++ + Lib/email/_header_value_parser.py | 12 +++- + Lib/email/_policybase.py | 8 +++ + Lib/email/errors.py | 4 ++ + Lib/email/generator.py | 13 +++- + Lib/test/test_email/test_generator.py | 62 +++++++++++++++++++ + Lib/test/test_email/test_policy.py | 26 ++++++++ + ...-07-27-16-10-41.gh-issue-121650.nf6oc9.rst | 5 ++ + 9 files changed, 151 insertions(+), 4 deletions(-) + create mode 100644 Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst + +diff --git a/Doc/library/email.errors.rst b/Doc/library/email.errors.rst +index 33ab4265116178..f8f43d82a3df2e 100644 +--- a/Doc/library/email.errors.rst ++++ b/Doc/library/email.errors.rst +@@ -58,6 +58,13 @@ The following exception classes are defined in the :mod:`email.errors` module: + :class:`~email.mime.nonmultipart.MIMENonMultipart` (e.g. + :class:`~email.mime.image.MIMEImage`). + ++ ++.. exception:: HeaderWriteError() ++ ++ Raised when an error occurs when the :mod:`~email.generator` outputs ++ headers. ++ ++ + .. exception:: MessageDefect() + + This is the base class for all defects found when parsing email messages. +diff --git a/Doc/library/email.policy.rst b/Doc/library/email.policy.rst +index 83feedf728351e..314767d0802a08 100644 +--- a/Doc/library/email.policy.rst ++++ b/Doc/library/email.policy.rst +@@ -229,6 +229,24 @@ added matters. To illustrate:: + + .. versionadded:: 3.6 + ++ ++ .. attribute:: verify_generated_headers ++ ++ If ``True`` (the default), the generator will raise ++ :exc:`~email.errors.HeaderWriteError` instead of writing a header ++ that is improperly folded or delimited, such that it would ++ be parsed as multiple headers or joined with adjacent data. ++ Such headers can be generated by custom header classes or bugs ++ in the ``email`` module. ++ ++ As it's a security feature, this defaults to ``True`` even in the ++ :class:`~email.policy.Compat32` policy. ++ For backwards compatible, but unsafe, behavior, it must be set to ++ ``False`` explicitly. ++ ++ .. versionadded:: 3.13 ++ ++ + The following :class:`Policy` method is intended to be called by code using + the email library to create policy instances with custom settings: + +diff --git a/Lib/email/_header_value_parser.py b/Lib/email/_header_value_parser.py +index 7da1bbaf8a80d7..ec2215a5e5f33c 100644 +--- a/Lib/email/_header_value_parser.py ++++ b/Lib/email/_header_value_parser.py +@@ -92,6 +92,8 @@ + ASPECIALS = TSPECIALS | set("*'%") + ATTRIBUTE_ENDS = ASPECIALS | WSP + EXTENDED_ATTRIBUTE_ENDS = ATTRIBUTE_ENDS - set('%') ++NLSET = {'\n', '\r'} ++SPECIALSNL = SPECIALS | NLSET + + def quote_string(value): + return '"'+str(value).replace('\\', '\\\\').replace('"', r'\"')+'"' +@@ -2802,9 +2804,13 @@ def _refold_parse_tree(parse_tree, *, policy): + wrap_as_ew_blocked -= 1 + continue + tstr = str(part) +- if part.token_type == 'ptext' and set(tstr) & SPECIALS: +- # Encode if tstr contains special characters. +- want_encoding = True ++ if not want_encoding: ++ if part.token_type == 'ptext': ++ # Encode if tstr contains special characters. ++ want_encoding = not SPECIALSNL.isdisjoint(tstr) ++ else: ++ # Encode if tstr contains newlines. ++ want_encoding = not NLSET.isdisjoint(tstr) + try: + tstr.encode(encoding) + charset = encoding +diff --git a/Lib/email/_policybase.py b/Lib/email/_policybase.py +index 2ec54fbabae83c..5f9aa9fb091fa2 100644 +--- a/Lib/email/_policybase.py ++++ b/Lib/email/_policybase.py +@@ -157,6 +157,13 @@ class Policy(_PolicyBase, metaclass=abc.ABCMeta): + message_factory -- the class to use to create new message objects. + If the value is None, the default is Message. + ++ verify_generated_headers ++ -- if true, the generator verifies that each header ++ they are properly folded, so that a parser won't ++ treat it as multiple headers, start-of-body, or ++ part of another header. ++ This is a check against custom Header & fold() ++ implementations. + """ + + raise_on_defect = False +@@ -165,6 +172,7 @@ class Policy(_PolicyBase, metaclass=abc.ABCMeta): + max_line_length = 78 + mangle_from_ = False + message_factory = None ++ verify_generated_headers = True + + def handle_defect(self, obj, defect): + """Based on policy, either raise defect or call register_defect. +diff --git a/Lib/email/errors.py b/Lib/email/errors.py +index 3ad00565549968..02aa5eced6ae46 100644 +--- a/Lib/email/errors.py ++++ b/Lib/email/errors.py +@@ -29,6 +29,10 @@ class CharsetError(MessageError): + """An illegal charset was given.""" + + ++class HeaderWriteError(MessageError): ++ """Error while writing headers.""" ++ ++ + # These are parsing defects which the parser was able to work around. + class MessageDefect(ValueError): + """Base class for a message defect.""" +diff --git a/Lib/email/generator.py b/Lib/email/generator.py +index c8056ad47baa0f..47b9df8f4e6090 100644 +--- a/Lib/email/generator.py ++++ b/Lib/email/generator.py +@@ -14,12 +14,14 @@ + from copy import deepcopy + from io import StringIO, BytesIO + from email.utils import _has_surrogates ++from email.errors import HeaderWriteError + + UNDERSCORE = '_' + NL = '\n' # XXX: no longer used by the code below. + + NLCRE = re.compile(r'\r\n|\r|\n') + fcre = re.compile(r'^From ', re.MULTILINE) ++NEWLINE_WITHOUT_FWSP = re.compile(r'\r\n[^ \t]|\r[^ \n\t]|\n[^ \t]') + + + class Generator: +@@ -222,7 +224,16 @@ def _dispatch(self, msg): + + def _write_headers(self, msg): + for h, v in msg.raw_items(): +- self.write(self.policy.fold(h, v)) ++ folded = self.policy.fold(h, v) ++ if self.policy.verify_generated_headers: ++ linesep = self.policy.linesep ++ if not folded.endswith(self.policy.linesep): ++ raise HeaderWriteError( ++ f'folded header does not end with {linesep!r}: {folded!r}') ++ if NEWLINE_WITHOUT_FWSP.search(folded.removesuffix(linesep)): ++ raise HeaderWriteError( ++ f'folded header contains newline: {folded!r}') ++ self.write(folded) + # A blank line always separates headers from body + self.write(self._NL) + +diff --git a/Lib/test/test_email/test_generator.py b/Lib/test/test_email/test_generator.py +index bc6f734d4fd0a9..c75a842c33578e 100644 +--- a/Lib/test/test_email/test_generator.py ++++ b/Lib/test/test_email/test_generator.py +@@ -6,6 +6,7 @@ + from email.generator import Generator, BytesGenerator + from email.headerregistry import Address + from email import policy ++import email.errors + from test.test_email import TestEmailBase, parameterize + + +@@ -249,6 +250,44 @@ def test_rfc2231_wrapping_switches_to_default_len_if_too_narrow(self): + g.flatten(msg) + self.assertEqual(s.getvalue(), self.typ(expected)) + ++ def test_keep_encoded_newlines(self): ++ msg = self.msgmaker(self.typ(textwrap.dedent("""\ ++ To: nobody ++ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com ++ ++ None ++ """))) ++ expected = textwrap.dedent("""\ ++ To: nobody ++ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com ++ ++ None ++ """) ++ s = self.ioclass() ++ g = self.genclass(s, policy=self.policy.clone(max_line_length=80)) ++ g.flatten(msg) ++ self.assertEqual(s.getvalue(), self.typ(expected)) ++ ++ def test_keep_long_encoded_newlines(self): ++ msg = self.msgmaker(self.typ(textwrap.dedent("""\ ++ To: nobody ++ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com ++ ++ None ++ """))) ++ expected = textwrap.dedent("""\ ++ To: nobody ++ Subject: Bad subject ++ =?utf-8?q?=0A?=Bcc: ++ injection@example.com ++ ++ None ++ """) ++ s = self.ioclass() ++ g = self.genclass(s, policy=self.policy.clone(max_line_length=30)) ++ g.flatten(msg) ++ self.assertEqual(s.getvalue(), self.typ(expected)) ++ + + class TestGenerator(TestGeneratorBase, TestEmailBase): + +@@ -273,6 +312,29 @@ def test_flatten_unicode_linesep(self): + g.flatten(msg) + self.assertEqual(s.getvalue(), self.typ(expected)) + ++ def test_verify_generated_headers(self): ++ """gh-121650: by default the generator prevents header injection""" ++ class LiteralHeader(str): ++ name = 'Header' ++ def fold(self, **kwargs): ++ return self ++ ++ for text in ( ++ 'Value\r\nBad Injection\r\n', ++ 'NoNewLine' ++ ): ++ with self.subTest(text=text): ++ message = message_from_string( ++ "Header: Value\r\n\r\nBody", ++ policy=self.policy, ++ ) ++ ++ del message['Header'] ++ message['Header'] = LiteralHeader(text) ++ ++ with self.assertRaises(email.errors.HeaderWriteError): ++ message.as_string() ++ + + class TestBytesGenerator(TestGeneratorBase, TestEmailBase): + +diff --git a/Lib/test/test_email/test_policy.py b/Lib/test/test_email/test_policy.py +index c6b9c80efe1b54..baa35fd68e49c5 100644 +--- a/Lib/test/test_email/test_policy.py ++++ b/Lib/test/test_email/test_policy.py +@@ -26,6 +26,7 @@ class PolicyAPITests(unittest.TestCase): + 'raise_on_defect': False, + 'mangle_from_': True, + 'message_factory': None, ++ 'verify_generated_headers': True, + } + # These default values are the ones set on email.policy.default. + # If any of these defaults change, the docs must be updated. +@@ -294,6 +295,31 @@ def test_short_maxlen_error(self): + with self.assertRaises(email.errors.HeaderParseError): + policy.fold("Subject", subject) + ++ def test_verify_generated_headers(self): ++ """Turning protection off allows header injection""" ++ policy = email.policy.default.clone(verify_generated_headers=False) ++ for text in ( ++ 'Header: Value\r\nBad: Injection\r\n', ++ 'Header: NoNewLine' ++ ): ++ with self.subTest(text=text): ++ message = email.message_from_string( ++ "Header: Value\r\n\r\nBody", ++ policy=policy, ++ ) ++ class LiteralHeader(str): ++ name = 'Header' ++ def fold(self, **kwargs): ++ return self ++ ++ del message['Header'] ++ message['Header'] = LiteralHeader(text) ++ ++ self.assertEqual( ++ message.as_string(), ++ f"{text}\nBody", ++ ) ++ + # XXX: Need subclassing tests. + # For adding subclassed objects, make sure the usual rules apply (subclass + # wins), but that the order still works (right overrides left). +diff --git a/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst b/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst +new file mode 100644 +index 00000000000000..83dd28d4ac575b +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst +@@ -0,0 +1,5 @@ ++:mod:`email` headers with embedded newlines are now quoted on output. The ++:mod:`~email.generator` will now refuse to serialize (write) headers that ++are unsafely folded or delimited; see ++:attr:`~email.policy.Policy.verify_generated_headers`. (Contributed by Bas ++Bloemsaat and Petr Viktorin in :gh:`121650`.) + +From 7e3b0413643c574ce42b8a1e2c48a1fb0f45d385 Mon Sep 17 00:00:00 2001 +From: Petr Viktorin +Date: Fri, 2 Aug 2024 11:28:33 +0200 +Subject: [PATCH 2/2] Document changes as made in 3.12.5 + +--- + Doc/library/email.policy.rst | 2 +- + Doc/whatsnew/3.12.rst | 17 +++++++++++++++++ + 2 files changed, 18 insertions(+), 1 deletion(-) + +diff --git a/Doc/library/email.policy.rst b/Doc/library/email.policy.rst +index 314767d0802a08..51d65dc5ba94ee 100644 +--- a/Doc/library/email.policy.rst ++++ b/Doc/library/email.policy.rst +@@ -244,7 +244,7 @@ added matters. To illustrate:: + For backwards compatible, but unsafe, behavior, it must be set to + ``False`` explicitly. + +- .. versionadded:: 3.13 ++ .. versionadded:: 3.12.5 + + + The following :class:`Policy` method is intended to be called by code using +diff --git a/Doc/whatsnew/3.12.rst b/Doc/whatsnew/3.12.rst +index 8ed3b3c6f2387c..98d5b7a2c62b73 100644 +--- a/Doc/whatsnew/3.12.rst ++++ b/Doc/whatsnew/3.12.rst +@@ -2260,3 +2260,20 @@ ipaddress + + * Fixed ``is_global`` and ``is_private`` behavior in ``IPv4Address``, + ``IPv6Address``, ``IPv4Network`` and ``IPv6Network``. ++ ++ ++Notable changes in 3.12.5 ++========================= ++ ++email ++----- ++ ++ ++* Headers with embedded newlines are now quoted on output. ++ ++ The :mod:`~email.generator` will now refuse to serialize (write) headers ++ that are improperly folded or delimited, such that they would be parsed as ++ multiple headers or joined with adjacent data. ++ If you need to turn this safety feature off, ++ set :attr:`~email.policy.Policy.verify_generated_headers`. ++ (Contributed by Bas Bloemsaat and Petr Viktorin in :gh:`121650`.) diff --git a/python312.changes b/python312.changes index 64456b2..3129229 100644 --- a/python312.changes +++ b/python312.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Wed Aug 7 13:40:44 UTC 2024 - Matej Cepl + +- Add CVE-2024-6923-email-hdr-inject.patch to prevent email + header injection due to unquoted newlines (bsc#1228780, + CVE-2024-6923). +- %{profileopt} variable is set according to the variable + %{do_profiling} (bsc#1227999) +- Update bluez-devel-vendor.tar.xz + ------------------------------------------------------------------- Mon Jul 22 21:20:55 UTC 2024 - Matej Cepl diff --git a/python312.spec b/python312.spec index 7ea3da4..d720957 100644 --- a/python312.spec +++ b/python312.spec @@ -36,6 +36,12 @@ %bcond_without general %endif +%if 0%{?do_profiling} +%bcond_without profileopt +%else +%bcond_with profileopt +%endif + %define python_pkg_name python312 %if "%{python_pkg_name}" == "%{primary_python}" %define primary_interpreter 1 @@ -103,7 +109,6 @@ # pyexpat.cpython-35m-armv7-linux-gnueabihf # _md5.cpython-38m-x86_64-linux-gnu.so %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so -%bcond_without profileopt Name: %{python_pkg_name}%{psuffix} Version: 3.12.4 Release: 0 @@ -181,6 +186,9 @@ Patch40: fix-test-recursion-limit-15.6.patch # PATCH-FIX-SLE docs-docutils_014-Sphinx_420.patch bsc#[0-9]+ mcepl@suse.com # related to gh#python/cpython#119317 Patch41: docs-docutils_014-Sphinx_420.patch +# PATCH-FIX-UPSTREAM CVE-2024-6923-email-hdr-inject.patch bsc#1228780 mcepl@suse.com +# prevent email header injection, patch from gh#python/cpython!122608 +Patch42: CVE-2024-6923-email-hdr-inject.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes From 1df7c73f9ca4b01bfe7d33d4a4aa68f414b21189db1f9073ab0185aa5d8ed2d7 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 7 Aug 2024 15:02:10 +0000 Subject: [PATCH 12/15] Update bluez-devel-vendor.tar.xz OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=58 --- bluez-devel-vendor.tar.xz | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bluez-devel-vendor.tar.xz b/bluez-devel-vendor.tar.xz index d4d3912..bb4fd89 100644 --- a/bluez-devel-vendor.tar.xz +++ b/bluez-devel-vendor.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:a17f3fb420bf6bd577dde9e2b256cdb1df179ba552abb7172863321208a4713f -size 25308 +oid sha256:4624c6ab6543ec4875bdd5c6c58c874d487128e44e54c8ef1924ec1d48e35928 +size 25328 From 822e5022b58c17b1dc2fb5a3803537e728f2a3bd7b1ad90c8d410281bd3ff336 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 7 Aug 2024 18:04:39 +0000 Subject: [PATCH 13/15] - Remove %suse_update_desktop_file macro as it is not useful any more. - Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 adding reproducibility patches from gh#python/cpython!121872 and gh#python/cpython!121883. - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=59 --- bso1227999-reproducible-builds.patch | 37 ++++++++++++++++++++++++++++ python312.changes | 13 ++++++++++ python312.spec | 3 +++ 3 files changed, 53 insertions(+) create mode 100644 bso1227999-reproducible-builds.patch diff --git a/bso1227999-reproducible-builds.patch b/bso1227999-reproducible-builds.patch new file mode 100644 index 0000000..fb33d18 --- /dev/null +++ b/bso1227999-reproducible-builds.patch @@ -0,0 +1,37 @@ +From ac2b8869724d7a57d9b5efbdce2f20423214e8bb Mon Sep 17 00:00:00 2001 +From: "Bernhard M. Wiedemann" +Date: Tue, 16 Jul 2024 21:39:33 +0200 +Subject: [PATCH] Allow to override build date with SOURCE_DATE_EPOCH + +to make builds reproducible. +See https://reproducible-builds.org/ for why this is good +and https://reproducible-builds.org/specs/source-date-epoch/ +for the definition of this variable. +--- + Doc/conf.py | 3 ++- + Doc/library/functions.rst | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/Doc/conf.py ++++ b/Doc/conf.py +@@ -316,7 +316,8 @@ html_context = { + } + + # This 'Last updated on:' timestamp is inserted at the bottom of every page. +-html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime()) ++html_time = int(os.environ.get('SOURCE_DATE_EPOCH', time.time())) ++html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime(html_time)) + + # Path to find HTML templates. + templates_path = ['tools/templates'] +--- a/Doc/library/functions.rst ++++ b/Doc/library/functions.rst +@@ -1356,7 +1356,7 @@ are always available. They are listed h + (where :func:`open` is declared), :mod:`os`, :mod:`os.path`, :mod:`tempfile`, + and :mod:`shutil`. + +- .. audit-event:: open file,mode,flags open ++ .. audit-event:: open path,mode,flags open + + The ``mode`` and ``flags`` arguments may have been modified or inferred from + the original call. diff --git a/python312.changes b/python312.changes index 3129229..abeec29 100644 --- a/python312.changes +++ b/python312.changes @@ -14,6 +14,19 @@ Mon Jul 22 21:20:55 UTC 2024 - Matej Cepl - Remove %suse_update_desktop_file macro as it is not useful any more. +------------------------------------------------------------------- +Thu Jul 18 22:37:07 UTC 2024 - Matej Cepl + +- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 + adding reproducibility patches from gh#python/cpython!121872 + and gh#python/cpython!121883. + +------------------------------------------------------------------- +Mon Jul 15 12:14:05 UTC 2024 - Matej Cepl + +- Stop using %%defattr, it seems to be breaking proper executable + attributes on /usr/bin/ scripts (bsc#1227378). + ------------------------------------------------------------------- Thu Jul 4 16:04:05 UTC 2024 - Matej Cepl diff --git a/python312.spec b/python312.spec index d720957..ad8116f 100644 --- a/python312.spec +++ b/python312.spec @@ -189,6 +189,9 @@ Patch41: docs-docutils_014-Sphinx_420.patch # PATCH-FIX-UPSTREAM CVE-2024-6923-email-hdr-inject.patch bsc#1228780 mcepl@suse.com # prevent email header injection, patch from gh#python/cpython!122608 Patch42: CVE-2024-6923-email-hdr-inject.patch +# PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 mcepl@suse.com +# reproducibility patches +Patch43: bso1227999-reproducible-builds.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes From 31e91ac78278b3bc46c6aeec0b16816f90c7dbd37a33eb1e1a5b83d4c679548a Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 7 Aug 2024 18:22:59 +0000 Subject: [PATCH 14/15] - Update to 3.12.5: - Tests - gh-59022: Add tests for pkgutil.extend_path(). Patch by Andreas Stocker. - gh-99242: os.getloadavg() may throw OSError when running regression tests under certain conditions (e.g. chroot). This error is now caught and ignored, since reporting load average is optional. - gh-121084: Fix test_typing random leaks. Clear typing ABC caches when running tests for refleaks (-R option): call _abc_caches_clear() on typing abstract classes and their subclasses. Patch by Victor Stinner. - gh-121160: Add a test for readline.set_history_length(). Note that this test may fail on readline libraries. - gh-121200: Fix test_expanduser_pwd2() of test_posixpath. Call getpwnam() to get pw_dir, since it can be different than getpwall() pw_dir. Patch by Victor Stinner. - gh-121188: When creating the JUnit XML file, regrtest now escapes characters which are invalid in XML, such as the chr(27) control character used in ANSI escape sequences. Patch by Victor Stinner. - Security - gh-121957: Fixed missing audit events around interactive use of Python, now also properly firing for python -i, as well as for python -m asyncio. The event in question is cpython.run_stdin. - gh-122133: Authenticate the socket connection for the socket.socketpair() fallback on platforms where AF_UNIX is OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=60 --- CVE-2024-6923-email-hdr-inject.patch | 387 --------------------------- Python-3.12.4.tar.xz | 3 - Python-3.12.4.tar.xz.asc | 18 -- Python-3.12.5.tar.xz | 3 + Python-3.12.5.tar.xz.asc | 18 ++ bso1227999-reproducible-builds.patch | 37 --- docs-docutils_014-Sphinx_420.patch | 64 ++--- fix_configure_rst.patch | 14 +- python312.changes | 224 ++++++++++++++-- python312.spec | 8 +- 10 files changed, 256 insertions(+), 520 deletions(-) delete mode 100644 CVE-2024-6923-email-hdr-inject.patch delete mode 100644 Python-3.12.4.tar.xz delete mode 100644 Python-3.12.4.tar.xz.asc create mode 100644 Python-3.12.5.tar.xz create mode 100644 Python-3.12.5.tar.xz.asc delete mode 100644 bso1227999-reproducible-builds.patch diff --git a/CVE-2024-6923-email-hdr-inject.patch b/CVE-2024-6923-email-hdr-inject.patch deleted file mode 100644 index d12a54e..0000000 --- a/CVE-2024-6923-email-hdr-inject.patch +++ /dev/null @@ -1,387 +0,0 @@ -From e58aec9cbfdebf45ee863eded142358e9e98531d Mon Sep 17 00:00:00 2001 -From: Petr Viktorin -Date: Wed, 31 Jul 2024 00:19:48 +0200 -Subject: [PATCH 1/2] gh-121650: Encode newlines in headers, and verify headers - are sound (GH-122233) - -- Encode header parts that contain newlines - -Per RFC 2047: - -> [...] these encoding schemes allow the -> encoding of arbitrary octet values, mail readers that implement this -> decoding should also ensure that display of the decoded data on the -> recipient's terminal will not cause unwanted side-effects - -It seems that the "quoted-word" scheme is a valid way to include -a newline character in a header value, just like we already allow -undecodable bytes or control characters. -They do need to be properly quoted when serialized to text, though. - -- Verify that email headers are well-formed - -This should fail for custom fold() implementations that aren't careful -about newlines. - -Co-authored-by: Bas Bloemsaat -Co-authored-by: Serhiy Storchaka -(cherry picked from commit 097633981879b3c9de9a1dd120d3aa585ecc2384) ---- - Doc/library/email.errors.rst | 7 +++ - Doc/library/email.policy.rst | 18 ++++++ - Lib/email/_header_value_parser.py | 12 +++- - Lib/email/_policybase.py | 8 +++ - Lib/email/errors.py | 4 ++ - Lib/email/generator.py | 13 +++- - Lib/test/test_email/test_generator.py | 62 +++++++++++++++++++ - Lib/test/test_email/test_policy.py | 26 ++++++++ - ...-07-27-16-10-41.gh-issue-121650.nf6oc9.rst | 5 ++ - 9 files changed, 151 insertions(+), 4 deletions(-) - create mode 100644 Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst - -diff --git a/Doc/library/email.errors.rst b/Doc/library/email.errors.rst -index 33ab4265116178..f8f43d82a3df2e 100644 ---- a/Doc/library/email.errors.rst -+++ b/Doc/library/email.errors.rst -@@ -58,6 +58,13 @@ The following exception classes are defined in the :mod:`email.errors` module: - :class:`~email.mime.nonmultipart.MIMENonMultipart` (e.g. - :class:`~email.mime.image.MIMEImage`). - -+ -+.. exception:: HeaderWriteError() -+ -+ Raised when an error occurs when the :mod:`~email.generator` outputs -+ headers. -+ -+ - .. exception:: MessageDefect() - - This is the base class for all defects found when parsing email messages. -diff --git a/Doc/library/email.policy.rst b/Doc/library/email.policy.rst -index 83feedf728351e..314767d0802a08 100644 ---- a/Doc/library/email.policy.rst -+++ b/Doc/library/email.policy.rst -@@ -229,6 +229,24 @@ added matters. To illustrate:: - - .. versionadded:: 3.6 - -+ -+ .. attribute:: verify_generated_headers -+ -+ If ``True`` (the default), the generator will raise -+ :exc:`~email.errors.HeaderWriteError` instead of writing a header -+ that is improperly folded or delimited, such that it would -+ be parsed as multiple headers or joined with adjacent data. -+ Such headers can be generated by custom header classes or bugs -+ in the ``email`` module. -+ -+ As it's a security feature, this defaults to ``True`` even in the -+ :class:`~email.policy.Compat32` policy. -+ For backwards compatible, but unsafe, behavior, it must be set to -+ ``False`` explicitly. -+ -+ .. versionadded:: 3.13 -+ -+ - The following :class:`Policy` method is intended to be called by code using - the email library to create policy instances with custom settings: - -diff --git a/Lib/email/_header_value_parser.py b/Lib/email/_header_value_parser.py -index 7da1bbaf8a80d7..ec2215a5e5f33c 100644 ---- a/Lib/email/_header_value_parser.py -+++ b/Lib/email/_header_value_parser.py -@@ -92,6 +92,8 @@ - ASPECIALS = TSPECIALS | set("*'%") - ATTRIBUTE_ENDS = ASPECIALS | WSP - EXTENDED_ATTRIBUTE_ENDS = ATTRIBUTE_ENDS - set('%') -+NLSET = {'\n', '\r'} -+SPECIALSNL = SPECIALS | NLSET - - def quote_string(value): - return '"'+str(value).replace('\\', '\\\\').replace('"', r'\"')+'"' -@@ -2802,9 +2804,13 @@ def _refold_parse_tree(parse_tree, *, policy): - wrap_as_ew_blocked -= 1 - continue - tstr = str(part) -- if part.token_type == 'ptext' and set(tstr) & SPECIALS: -- # Encode if tstr contains special characters. -- want_encoding = True -+ if not want_encoding: -+ if part.token_type == 'ptext': -+ # Encode if tstr contains special characters. -+ want_encoding = not SPECIALSNL.isdisjoint(tstr) -+ else: -+ # Encode if tstr contains newlines. -+ want_encoding = not NLSET.isdisjoint(tstr) - try: - tstr.encode(encoding) - charset = encoding -diff --git a/Lib/email/_policybase.py b/Lib/email/_policybase.py -index 2ec54fbabae83c..5f9aa9fb091fa2 100644 ---- a/Lib/email/_policybase.py -+++ b/Lib/email/_policybase.py -@@ -157,6 +157,13 @@ class Policy(_PolicyBase, metaclass=abc.ABCMeta): - message_factory -- the class to use to create new message objects. - If the value is None, the default is Message. - -+ verify_generated_headers -+ -- if true, the generator verifies that each header -+ they are properly folded, so that a parser won't -+ treat it as multiple headers, start-of-body, or -+ part of another header. -+ This is a check against custom Header & fold() -+ implementations. - """ - - raise_on_defect = False -@@ -165,6 +172,7 @@ class Policy(_PolicyBase, metaclass=abc.ABCMeta): - max_line_length = 78 - mangle_from_ = False - message_factory = None -+ verify_generated_headers = True - - def handle_defect(self, obj, defect): - """Based on policy, either raise defect or call register_defect. -diff --git a/Lib/email/errors.py b/Lib/email/errors.py -index 3ad00565549968..02aa5eced6ae46 100644 ---- a/Lib/email/errors.py -+++ b/Lib/email/errors.py -@@ -29,6 +29,10 @@ class CharsetError(MessageError): - """An illegal charset was given.""" - - -+class HeaderWriteError(MessageError): -+ """Error while writing headers.""" -+ -+ - # These are parsing defects which the parser was able to work around. - class MessageDefect(ValueError): - """Base class for a message defect.""" -diff --git a/Lib/email/generator.py b/Lib/email/generator.py -index c8056ad47baa0f..47b9df8f4e6090 100644 ---- a/Lib/email/generator.py -+++ b/Lib/email/generator.py -@@ -14,12 +14,14 @@ - from copy import deepcopy - from io import StringIO, BytesIO - from email.utils import _has_surrogates -+from email.errors import HeaderWriteError - - UNDERSCORE = '_' - NL = '\n' # XXX: no longer used by the code below. - - NLCRE = re.compile(r'\r\n|\r|\n') - fcre = re.compile(r'^From ', re.MULTILINE) -+NEWLINE_WITHOUT_FWSP = re.compile(r'\r\n[^ \t]|\r[^ \n\t]|\n[^ \t]') - - - class Generator: -@@ -222,7 +224,16 @@ def _dispatch(self, msg): - - def _write_headers(self, msg): - for h, v in msg.raw_items(): -- self.write(self.policy.fold(h, v)) -+ folded = self.policy.fold(h, v) -+ if self.policy.verify_generated_headers: -+ linesep = self.policy.linesep -+ if not folded.endswith(self.policy.linesep): -+ raise HeaderWriteError( -+ f'folded header does not end with {linesep!r}: {folded!r}') -+ if NEWLINE_WITHOUT_FWSP.search(folded.removesuffix(linesep)): -+ raise HeaderWriteError( -+ f'folded header contains newline: {folded!r}') -+ self.write(folded) - # A blank line always separates headers from body - self.write(self._NL) - -diff --git a/Lib/test/test_email/test_generator.py b/Lib/test/test_email/test_generator.py -index bc6f734d4fd0a9..c75a842c33578e 100644 ---- a/Lib/test/test_email/test_generator.py -+++ b/Lib/test/test_email/test_generator.py -@@ -6,6 +6,7 @@ - from email.generator import Generator, BytesGenerator - from email.headerregistry import Address - from email import policy -+import email.errors - from test.test_email import TestEmailBase, parameterize - - -@@ -249,6 +250,44 @@ def test_rfc2231_wrapping_switches_to_default_len_if_too_narrow(self): - g.flatten(msg) - self.assertEqual(s.getvalue(), self.typ(expected)) - -+ def test_keep_encoded_newlines(self): -+ msg = self.msgmaker(self.typ(textwrap.dedent("""\ -+ To: nobody -+ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com -+ -+ None -+ """))) -+ expected = textwrap.dedent("""\ -+ To: nobody -+ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com -+ -+ None -+ """) -+ s = self.ioclass() -+ g = self.genclass(s, policy=self.policy.clone(max_line_length=80)) -+ g.flatten(msg) -+ self.assertEqual(s.getvalue(), self.typ(expected)) -+ -+ def test_keep_long_encoded_newlines(self): -+ msg = self.msgmaker(self.typ(textwrap.dedent("""\ -+ To: nobody -+ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com -+ -+ None -+ """))) -+ expected = textwrap.dedent("""\ -+ To: nobody -+ Subject: Bad subject -+ =?utf-8?q?=0A?=Bcc: -+ injection@example.com -+ -+ None -+ """) -+ s = self.ioclass() -+ g = self.genclass(s, policy=self.policy.clone(max_line_length=30)) -+ g.flatten(msg) -+ self.assertEqual(s.getvalue(), self.typ(expected)) -+ - - class TestGenerator(TestGeneratorBase, TestEmailBase): - -@@ -273,6 +312,29 @@ def test_flatten_unicode_linesep(self): - g.flatten(msg) - self.assertEqual(s.getvalue(), self.typ(expected)) - -+ def test_verify_generated_headers(self): -+ """gh-121650: by default the generator prevents header injection""" -+ class LiteralHeader(str): -+ name = 'Header' -+ def fold(self, **kwargs): -+ return self -+ -+ for text in ( -+ 'Value\r\nBad Injection\r\n', -+ 'NoNewLine' -+ ): -+ with self.subTest(text=text): -+ message = message_from_string( -+ "Header: Value\r\n\r\nBody", -+ policy=self.policy, -+ ) -+ -+ del message['Header'] -+ message['Header'] = LiteralHeader(text) -+ -+ with self.assertRaises(email.errors.HeaderWriteError): -+ message.as_string() -+ - - class TestBytesGenerator(TestGeneratorBase, TestEmailBase): - -diff --git a/Lib/test/test_email/test_policy.py b/Lib/test/test_email/test_policy.py -index c6b9c80efe1b54..baa35fd68e49c5 100644 ---- a/Lib/test/test_email/test_policy.py -+++ b/Lib/test/test_email/test_policy.py -@@ -26,6 +26,7 @@ class PolicyAPITests(unittest.TestCase): - 'raise_on_defect': False, - 'mangle_from_': True, - 'message_factory': None, -+ 'verify_generated_headers': True, - } - # These default values are the ones set on email.policy.default. - # If any of these defaults change, the docs must be updated. -@@ -294,6 +295,31 @@ def test_short_maxlen_error(self): - with self.assertRaises(email.errors.HeaderParseError): - policy.fold("Subject", subject) - -+ def test_verify_generated_headers(self): -+ """Turning protection off allows header injection""" -+ policy = email.policy.default.clone(verify_generated_headers=False) -+ for text in ( -+ 'Header: Value\r\nBad: Injection\r\n', -+ 'Header: NoNewLine' -+ ): -+ with self.subTest(text=text): -+ message = email.message_from_string( -+ "Header: Value\r\n\r\nBody", -+ policy=policy, -+ ) -+ class LiteralHeader(str): -+ name = 'Header' -+ def fold(self, **kwargs): -+ return self -+ -+ del message['Header'] -+ message['Header'] = LiteralHeader(text) -+ -+ self.assertEqual( -+ message.as_string(), -+ f"{text}\nBody", -+ ) -+ - # XXX: Need subclassing tests. - # For adding subclassed objects, make sure the usual rules apply (subclass - # wins), but that the order still works (right overrides left). -diff --git a/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst b/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst -new file mode 100644 -index 00000000000000..83dd28d4ac575b ---- /dev/null -+++ b/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst -@@ -0,0 +1,5 @@ -+:mod:`email` headers with embedded newlines are now quoted on output. The -+:mod:`~email.generator` will now refuse to serialize (write) headers that -+are unsafely folded or delimited; see -+:attr:`~email.policy.Policy.verify_generated_headers`. (Contributed by Bas -+Bloemsaat and Petr Viktorin in :gh:`121650`.) - -From 7e3b0413643c574ce42b8a1e2c48a1fb0f45d385 Mon Sep 17 00:00:00 2001 -From: Petr Viktorin -Date: Fri, 2 Aug 2024 11:28:33 +0200 -Subject: [PATCH 2/2] Document changes as made in 3.12.5 - ---- - Doc/library/email.policy.rst | 2 +- - Doc/whatsnew/3.12.rst | 17 +++++++++++++++++ - 2 files changed, 18 insertions(+), 1 deletion(-) - -diff --git a/Doc/library/email.policy.rst b/Doc/library/email.policy.rst -index 314767d0802a08..51d65dc5ba94ee 100644 ---- a/Doc/library/email.policy.rst -+++ b/Doc/library/email.policy.rst -@@ -244,7 +244,7 @@ added matters. To illustrate:: - For backwards compatible, but unsafe, behavior, it must be set to - ``False`` explicitly. - -- .. versionadded:: 3.13 -+ .. versionadded:: 3.12.5 - - - The following :class:`Policy` method is intended to be called by code using -diff --git a/Doc/whatsnew/3.12.rst b/Doc/whatsnew/3.12.rst -index 8ed3b3c6f2387c..98d5b7a2c62b73 100644 ---- a/Doc/whatsnew/3.12.rst -+++ b/Doc/whatsnew/3.12.rst -@@ -2260,3 +2260,20 @@ ipaddress - - * Fixed ``is_global`` and ``is_private`` behavior in ``IPv4Address``, - ``IPv6Address``, ``IPv4Network`` and ``IPv6Network``. -+ -+ -+Notable changes in 3.12.5 -+========================= -+ -+email -+----- -+ -+ -+* Headers with embedded newlines are now quoted on output. -+ -+ The :mod:`~email.generator` will now refuse to serialize (write) headers -+ that are improperly folded or delimited, such that they would be parsed as -+ multiple headers or joined with adjacent data. -+ If you need to turn this safety feature off, -+ set :attr:`~email.policy.Policy.verify_generated_headers`. -+ (Contributed by Bas Bloemsaat and Petr Viktorin in :gh:`121650`.) diff --git a/Python-3.12.4.tar.xz b/Python-3.12.4.tar.xz deleted file mode 100644 index f50cb46..0000000 --- a/Python-3.12.4.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f6d419a6d8743ab26700801b4908d26d97e8b986e14f95de31b32de2b0e79554 -size 20659356 diff --git a/Python-3.12.4.tar.xz.asc b/Python-3.12.4.tar.xz.asc deleted file mode 100644 index bcb0184..0000000 --- a/Python-3.12.4.tar.xz.asc +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmZiK0BfFIAAAAAALgAo -aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx -Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6 -YwXdxg/6A5E54ST8gUxcgC6dsX2mOou/AgtzEiql1azbtK0U6p6v/uZ3JACq4iF2 -5SeXCYIq2Aum+f3FcmZ1gPAhCdSaHUl9i5oJvidW2AOz7E3Q81Kutdu+pKfv8Cwr -srhKBij5EQQH8rSLKK5fWDcoYgS26UQnBISrVb8ye5KC+mU1x0ek49jeRjS3ixim -+/jyRK/MStIjQAqeFMzQgathynYM5DtDEu71QATIWQZ/h78mpBCdrQutXMs10zf8 -fuXI6RP/vkh7q5IUg2KFZaUavPPPMUKJZnYAaTn3JbNXkASuliEyBDzXPhl+/t17 -RxzmlM+foXqxLXmupouRilZE73X7tKI4y1MbFUklFIsZlt+7uyXxAbwIZd3zJQrM -GITttH4tx4q1htZ/G1l6cS99AYUmoZp7rJwgKkiH40W9C+6ye2O2zAk6cEi1796t -RXEUpGupws3/XMofKJ23mE1FGwhcTWvoFgrth5ZM5Ig3A2rb5KIJIbMdEmOOiHV7 -CZ62N29fszwdxtErLpEStv5pZdV8zenucC6FtonyLX47v1VOd+3fyw65SvVXlblp -jeXCDWfhZZpnXw5d++y4kTxiQk8VUgTezB8uQ9Z/gNtdvYxWy8SXXcJoFofOCgo2 -/nLLzlJyRAoAFAXIgyZqdkG+8ZPWTH/Tfxg9UYKKXMcSYqak2EU= -=x5Pr ------END PGP SIGNATURE----- diff --git a/Python-3.12.5.tar.xz b/Python-3.12.5.tar.xz new file mode 100644 index 0000000..abbbe8a --- /dev/null +++ b/Python-3.12.5.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fa8a2e12c5e620b09f53e65bcd87550d2e5a1e2e04bf8ba991dcc55113876397 +size 20422396 diff --git a/Python-3.12.5.tar.xz.asc b/Python-3.12.5.tar.xz.asc new file mode 100644 index 0000000..445454f --- /dev/null +++ b/Python-3.12.5.tar.xz.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmayiFtfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx +Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6 +YwUr4g//VyVs9tvbtiSp8pGe8f1gYErEw54r124sL/CBuNii8Irts1j5ymGxcm+l +hshPK5UlqRnhd5dCJWFTvLTXa5Ko2R1L3JyyxfGd1hmDuMhrWsDHijI0R7L/mGM5 +6X2LTaadBVNvk8HaNKvR8SEWvo68rdnOuYElFA9ir7uqwjO26ZWz9FfH80YDGwo8 +Blef2NYw8rNhiaZMFV0HYV7D+YyUAZnFNfW8M7Fd4oskUyj1tD9J89T9FFLYN09d +BcCIf+EdiEfqRpKxH89bW2g52kDrm4jYGONtpyF8eruyS3YwYSbvbuWioBYKmlxC +s51mieXz6G325GTZnmPxLek3ywPv6Gil9y0wH3fIr2BsWsmXust4LBpjDGt56Fy6 +seokGBg8xzsBSk3iEqNoFmNsy/QOiuCcDejX4XqBDNodOlETQPJb07TkTI2iOmg9 +NG4Atiz1HvGVxK68UuK9IIcNHyaWUmH8h4VQFGvc6KV6feP5Nm21Y12PZ5XIqJBO +Y8M/VJIJ5koaNPQfnBbbI5YBkUr4BVpIXIpY5LM/L5sUo2C3R7hMi0VGK88HGfSQ +KV4JmZgf6RMBNmrWY12sryS1QQ6q3P110GTUGQWB3sxxNbhmfcrK+4viqHc83yDz +ifmk33HuqaQGU7OzUMHeNcoCJIPo3H1FpoHOn9wLLCtA1pT+as4= +=t0Rk +-----END PGP SIGNATURE----- diff --git a/bso1227999-reproducible-builds.patch b/bso1227999-reproducible-builds.patch deleted file mode 100644 index fb33d18..0000000 --- a/bso1227999-reproducible-builds.patch +++ /dev/null @@ -1,37 +0,0 @@ -From ac2b8869724d7a57d9b5efbdce2f20423214e8bb Mon Sep 17 00:00:00 2001 -From: "Bernhard M. Wiedemann" -Date: Tue, 16 Jul 2024 21:39:33 +0200 -Subject: [PATCH] Allow to override build date with SOURCE_DATE_EPOCH - -to make builds reproducible. -See https://reproducible-builds.org/ for why this is good -and https://reproducible-builds.org/specs/source-date-epoch/ -for the definition of this variable. ---- - Doc/conf.py | 3 ++- - Doc/library/functions.rst | 2 +- - 2 files changed, 3 insertions(+), 2 deletions(-) - ---- a/Doc/conf.py -+++ b/Doc/conf.py -@@ -316,7 +316,8 @@ html_context = { - } - - # This 'Last updated on:' timestamp is inserted at the bottom of every page. --html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime()) -+html_time = int(os.environ.get('SOURCE_DATE_EPOCH', time.time())) -+html_last_updated_fmt = time.strftime('%b %d, %Y (%H:%M UTC)', time.gmtime(html_time)) - - # Path to find HTML templates. - templates_path = ['tools/templates'] ---- a/Doc/library/functions.rst -+++ b/Doc/library/functions.rst -@@ -1356,7 +1356,7 @@ are always available. They are listed h - (where :func:`open` is declared), :mod:`os`, :mod:`os.path`, :mod:`tempfile`, - and :mod:`shutil`. - -- .. audit-event:: open file,mode,flags open -+ .. audit-event:: open path,mode,flags open - - The ``mode`` and ``flags`` arguments may have been modified or inferred from - the original call. diff --git a/docs-docutils_014-Sphinx_420.patch b/docs-docutils_014-Sphinx_420.patch index 26563f5..0b5b6fe 100644 --- a/docs-docutils_014-Sphinx_420.patch +++ b/docs-docutils_014-Sphinx_420.patch @@ -1,32 +1,32 @@ --- Doc/tools/extensions/c_annotations.py | 6 +++++- Doc/tools/extensions/glossary_search.py | 12 ++++++++++-- - Doc/tools/extensions/pyspecific.py | 13 ++++++++++--- - 3 files changed, 25 insertions(+), 6 deletions(-) + Doc/tools/extensions/pyspecific.py | 5 ++++- + 3 files changed, 19 insertions(+), 4 deletions(-) --- a/Doc/tools/extensions/c_annotations.py +++ b/Doc/tools/extensions/c_annotations.py -@@ -84,7 +84,11 @@ class Annotations: - self.stable_abi_data[name] = record - - def add_annotations(self, app, doctree): -- for node in doctree.findall(addnodes.desc_content): -+ try: -+ findall = doctree.findall -+ except AttributeError: -+ findall = doctree.traverse -+ for node in findall(addnodes.desc_content): - par = node.parent - if par['domain'] != 'c': - continue +@@ -118,7 +118,11 @@ def add_annotations(app: Sphinx, doctree + state = app.env.domaindata["c_annotations"] + refcount_data = state["refcount_data"] + stable_abi_data = state["stable_abi_data"] +- for node in doctree.findall(addnodes.desc_content): ++ try: ++ findall = doctree.findall ++ except AttributeError: ++ findall = doctree.traverse ++ for node in findall(addnodes.desc_content): + par = node.parent + if par["domain"] != "c": + continue --- a/Doc/tools/extensions/glossary_search.py +++ b/Doc/tools/extensions/glossary_search.py -@@ -25,8 +25,16 @@ def process_glossary_nodes(app, doctree, - - terms = {} +@@ -30,8 +30,16 @@ def process_glossary_nodes( + else: + terms = app.env.glossary_terms = {} - for node in doctree.findall(glossary): -- for glossary_item in node.findall(definition_list_item): +- for glossary_item in node.findall(nodes.definition_list_item): + try: + findall = doctree.findall + except AttributeError: @@ -37,8 +37,8 @@ + except AttributeError: + node_findall = node.traverse + for glossary_item in node_findall(definition_list_item): - term = glossary_item[0].astext().lower() - definition = glossary_item[1] + term = glossary_item[0].astext() + definition = glossary_item[-1] --- a/Doc/tools/extensions/pyspecific.py +++ b/Doc/tools/extensions/pyspecific.py @@ -54,25 +54,3 @@ ISSUE_URI = 'https://bugs.python.org/issue?@action=redirect&bpo=%s' -@@ -604,7 +607,11 @@ def parse_monitoring_event(env, sig, sig - - - def process_audit_events(app, doctree, fromdocname): -- for node in doctree.findall(audit_event_list): -+ try: -+ findall = doctree.findall -+ except AttributeError: -+ findall = doctree.traverse -+ for node in findall(audit_event_list): - break - else: - return -@@ -663,7 +670,7 @@ def process_audit_events(app, doctree, f - - body += row - -- for node in doctree.findall(audit_event_list): -+ for node in findall(audit_event_list): - node.replace_self(table) - - diff --git a/fix_configure_rst.patch b/fix_configure_rst.patch index 88fbe40..d0d9baf 100644 --- a/fix_configure_rst.patch +++ b/fix_configure_rst.patch @@ -3,10 +3,8 @@ Misc/NEWS | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) -Index: Python-3.12.4/Doc/using/configure.rst -=================================================================== ---- Python-3.12.4.orig/Doc/using/configure.rst -+++ Python-3.12.4/Doc/using/configure.rst +--- a/Doc/using/configure.rst ++++ b/Doc/using/configure.rst @@ -640,13 +640,11 @@ macOS Options See ``Mac/README.rst``. @@ -21,11 +19,9 @@ Index: Python-3.12.4/Doc/using/configure.rst .. option:: --enable-framework=INSTALLDIR Create a Python.framework rather than a traditional Unix install. Optional -Index: Python-3.12.4/Misc/NEWS -=================================================================== ---- Python-3.12.4.orig/Misc/NEWS -+++ Python-3.12.4/Misc/NEWS -@@ -13734,7 +13734,7 @@ C API +--- a/Misc/NEWS ++++ b/Misc/NEWS +@@ -13832,7 +13832,7 @@ C API - bpo-40939: Removed documentation for the removed ``PyParser_*`` C API. - bpo-43795: The list in :ref:`limited-api-list` now shows the public name diff --git a/python312.changes b/python312.changes index abeec29..78bed4d 100644 --- a/python312.changes +++ b/python312.changes @@ -1,9 +1,214 @@ +------------------------------------------------------------------- +Wed Aug 7 18:05:57 UTC 2024 - Matej Cepl + +- Update to 3.12.5: + - Tests + - gh-59022: Add tests for pkgutil.extend_path(). Patch by + Andreas Stocker. + - gh-99242: os.getloadavg() may throw OSError when + running regression tests under certain conditions (e.g. + chroot). This error is now caught and ignored, since + reporting load average is optional. + - gh-121084: Fix test_typing random leaks. Clear typing ABC + caches when running tests for refleaks (-R option): call + _abc_caches_clear() on typing abstract classes and their + subclasses. Patch by Victor Stinner. + - gh-121160: Add a test for + readline.set_history_length(). Note that this test may fail + on readline libraries. + - gh-121200: Fix test_expanduser_pwd2() of + test_posixpath. Call getpwnam() to get pw_dir, since it + can be different than getpwall() pw_dir. Patch by Victor + Stinner. + - gh-121188: When creating the JUnit XML file, regrtest + now escapes characters which are invalid in XML, such + as the chr(27) control character used in ANSI escape + sequences. Patch by Victor Stinner. + - Security + - gh-121957: Fixed missing audit events around interactive + use of Python, now also properly firing for python -i, as + well as for python -m asyncio. The event in question is + cpython.run_stdin. + - gh-122133: Authenticate the socket connection for the + socket.socketpair() fallback on platforms where AF_UNIX is + not available like Windows. + - Patch by Gregory P. Smith and Seth Larson + . Reported by Ellie + - Library + - gh-122744: Bump the version of pip bundled in ensurepip to + version 24.2. + - gh-122334: Fix crash when importing ssl after the main + interpreter restarts. + - gh-87320: In code.InteractiveInterpreter, handle exceptions + caused by calling a non-default sys.excepthook(). Before, + the exception bubbled up to the caller, ending the REPL. + - gh-122400: Handle ValueErrors raised by os.stat() in + filecmp.dircmp and filecmp.cmpfiles(). Patch by Bénédikt + Tran. + - gh-122311: Fix some error messages in pickle. + - gh-121650: email headers with embedded newlines are + now quoted on output. The generator will now refuse to + serialize (write) headers that are unsafely folded or + delimited; see verify_generated_headers. (Contributed by + Bas Bloemsaat and Petr Viktorin in gh-121650; bsc#1228780, + CVE-2024-6923). + - gh-122332: Fixed segfault with asyncio.Task.get_coro() when + using an eager task factory. + - gh-122170: Handle ValueErrors raised by os.stat() in + linecache. Patch by Bénédikt Tran. + - gh-121723: Make logging.config.dictConfig() accept any + object implementing the Queue public API. See the queue + configuration section for details. Patch by Bénédikt Tran. + - gh-82951: Serializing objects with complex __qualname__ + (such as unbound methods and nested classes) by name no + longer involves serializing parent objects by value in + pickle protocols < 4. + - gh-120930: Fixed a bug introduced by gh-92081 that added an + incorrect extra blank to encoded words occurring in wrapped + headers. + - gh-121474: Fix missing sanity check for parties arg in + threading.Barrier constructor. Patch by Clinton Christian + (pygeek). + - gh-121025: Improve the __repr__() of + functools.partialmethod. Patch by Bénédikt Tran. + - gh-121018: Fixed issues where + argparse.ArgumentParser.parse_args() did not honor + exit_on_error=False. Based on patch by Ben Hsing. + - gh-119614: Fix truncation of strings with embedded null + characters in some internal operations in tkinter. + - gh-120910: When reading installed files from an egg, use + relative_to(walk_up=True) to honor files installed outside + of the installation root. + - gh-101830: Accessing the tkinter object’s string + representation no longer converts the underlying Tcl object + to a string on Windows. + - gh-120811: Fix possible memory leak in + contextvars.Context.run(). + - gh-120769: Make empty line in pdb repeats the last command + even when the command is from cmdqueue. + - gh-120732: Fix name passing to unittest.mock.Mock object + when using unittest.mock.create_autospec(). + - gh-120495: Fix incorrect exception handling in Tab + Nanny. Patch by Wulian233. + - gh-120343: Fix column offset reporting for tokens that come + after multiline f-strings in the tokenize module. + - gh-119600: Fix unittest.mock.patch() to not read attributes + of the target when new_callable is set. Patch by Robert + Collins. + - gh-120289: Fixed the use-after-free issue in cProfile by + disallowing disable() and clear() in external timers. + - gh-114053: Fix edge-case bug where typing.get_type_hints() + would produce incorrect results if type parameters in a + class scope were overridden by assignments in a class scope + and from __future__ import annotations semantics were + enabled. Patch by Alex Waygood. + - gh-114053: Fix erroneous NameError when calling + inspect.get_annotations() with eval_str=True` on a class + that made use of PEP 695 type parameters in a module that + had from __future__ import annotations at the top of the + file. Patch by Alex Waygood. + - gh-120268: Prohibit passing None to pure-Python + datetime.date.fromtimestamp() to achieve consistency with + C-extension implementation. + - gh-120244: Fix memory leak in re.sub() when the replacement + string contains backreferences. + - gh-120211: Fix tkinter.ttk with Tcl/Tk 9.0. + - gh-71587: Fix crash in C version of + datetime.datetime.strptime() when called again on the + restarted interpreter. + - gh-117983: Defer the threading import in importlib.util + until lazy loading is used. + - gh-119698: Fix symtable.Class.get_methods() and document + its behaviour. Patch by Bénédikt Tran. + - gh-120121: Add concurrent.futures.InvalidStateError to + module’s __all__. + - gh-112672: Support building tkinter with Tcl 9.0. + - gh-65454: unittest.mock.Mock.attach_mock() no longer + triggers a call to a PropertyMock being attached. + - gh-81936: help() and showtopic() methods now respect a + configured output argument to pydoc.Helper and not use the + pager in such cases. Patch by Enrico Tröger. + - gh-119577: The DeprecationWarning emitted when testing + the truth value of an xml.etree.ElementTree.Element now + describes unconditionally returning True in a future + version rather than raising an exception in Python 3.14. + - gh-119506: Fix io.TextIOWrapper.write() method breaks + internal buffer when the method is called again during + flushing internal buffer. + - gh-119189: When using the ** operator or pow() with + Fraction as the base and an exponent that is not rational, + a float, or a complex, the fraction is no longer converted + to a float. + - gh-105623: Fix performance degradation in + logging.handlers.RotatingFileHandler. Patch by Craig + Robson. + - bpo-39324: Add mime type mapping for .md <-> text/markdown + - IDLE + - gh-122482: Change About IDLE to direct users to + discuss.python.org instead of the now unused idle-dev email + and mailing list. + - gh-78889: Stop Shell freezes by blocking user access to + non-method sys.stdout.shell attributes, which are all + private. + - gh-120104: Fix padding in config and search dialog windows + in IDLE. + - Documentation + - gh-121749: Fix documentation for PyModule_AddObjectRef(). + - gh-120012: Clarify the behaviours of + multiprocessing.Queue.empty() and + multiprocessing.SimpleQueue.empty() on closed queues. Patch + by Bénédikt Tran. + - gh-121871: Documentation HTML varies from timestamp. Patch by + Bernhard M. Wiedemann (bsc#1227999). + - Core and Builtins + - gh-122208: Dictionary watchers now only deliver the + PyDict_EVENT_ADDED event when the insertion is in a known + good state to succeed. + - gh-122300: Preserve AST nodes for f-string with + single-element format specifiers. Patch by Pablo Galindo + - gh-122029: Emit c_call events in sys.setprofile() when a + PyMethodObject pointing to a PyCFunction is called. + - gh-122026: Fix a bug that caused the tokenizer to not + correctly identify mismatched parentheses inside f-strings + in some situations. Patch by Pablo Galindo + - gh-121657: Improve the SyntaxError message if the user + tries to use yield from outside a function. + - gh-117482: Unexpected slot wrappers are no longer created + for builtin static types in subinterpreters. + - gh-121439: Allow tuples of length 20 in the freelist to be + reused. + - gh-121130: Fix f-strings with debug expressions in format + specifiers. Patch by Pablo Galindo + - gh-120722: Correctly set the bytecode position on return + instructions within lambdas. Patch by Jelle Zijlstra. + - gh-120384: Fix an array out of bounds crash in + list_ass_subscript, which could be invoked via some + specificly tailored input: including concurrent + modification of a list object, where one thread assigns a + slice and another clears it. + - gh-120380: Fix Python implementation of pickle.Pickler for + bytes and bytearray objects when using protocol version + 5. Patch by Bénédikt Tran. + - gh-93691: Fix source locations of instructions generated + for the iterator of a for statement. + - gh-120198: Fix a crash when multiple threads read and write + to the same __class__ of an object concurrently. + - gh-120298: Fix use-after free in list_richcompare_impl + which can be invoked via some specificly tailored evil + input. + - gh-119666: Fix a compiler crash in the case where two + comprehensions in class scope both reference __class__. + - bpo-24766: Fix handling of doc argument to subclasses of + property. + - Build + - gh-120671: Fix failing configure tests due to a missing + space when appending to CFLAGS. + - gh-115983: Skip building test modules that must be built as + shared under WASI. + ------------------------------------------------------------------- Wed Aug 7 13:40:44 UTC 2024 - Matej Cepl -- Add CVE-2024-6923-email-hdr-inject.patch to prevent email - header injection due to unquoted newlines (bsc#1228780, - CVE-2024-6923). - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999) - Update bluez-devel-vendor.tar.xz @@ -14,19 +219,6 @@ Mon Jul 22 21:20:55 UTC 2024 - Matej Cepl - Remove %suse_update_desktop_file macro as it is not useful any more. -------------------------------------------------------------------- -Thu Jul 18 22:37:07 UTC 2024 - Matej Cepl - -- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999 - adding reproducibility patches from gh#python/cpython!121872 - and gh#python/cpython!121883. - -------------------------------------------------------------------- -Mon Jul 15 12:14:05 UTC 2024 - Matej Cepl - -- Stop using %%defattr, it seems to be breaking proper executable - attributes on /usr/bin/ scripts (bsc#1227378). - ------------------------------------------------------------------- Thu Jul 4 16:04:05 UTC 2024 - Matej Cepl diff --git a/python312.spec b/python312.spec index ad8116f..72db76e 100644 --- a/python312.spec +++ b/python312.spec @@ -110,7 +110,7 @@ # _md5.cpython-38m-x86_64-linux-gnu.so %define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so Name: %{python_pkg_name}%{psuffix} -Version: 3.12.4 +Version: 3.12.5 Release: 0 Summary: Python 3 Interpreter License: Python-2.0 @@ -186,12 +186,6 @@ Patch40: fix-test-recursion-limit-15.6.patch # PATCH-FIX-SLE docs-docutils_014-Sphinx_420.patch bsc#[0-9]+ mcepl@suse.com # related to gh#python/cpython#119317 Patch41: docs-docutils_014-Sphinx_420.patch -# PATCH-FIX-UPSTREAM CVE-2024-6923-email-hdr-inject.patch bsc#1228780 mcepl@suse.com -# prevent email header injection, patch from gh#python/cpython!122608 -Patch42: CVE-2024-6923-email-hdr-inject.patch -# PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 mcepl@suse.com -# reproducibility patches -Patch43: bso1227999-reproducible-builds.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: fdupes From dd7c725bd1d168e5776754c7dd9ae2a0cc07f763f60d2ac939b18ebe096ad8c6 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 7 Aug 2024 19:36:41 +0000 Subject: [PATCH 15/15] Fix the patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=61 --- docs-docutils_014-Sphinx_420.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs-docutils_014-Sphinx_420.patch b/docs-docutils_014-Sphinx_420.patch index 0b5b6fe..ecb3c87 100644 --- a/docs-docutils_014-Sphinx_420.patch +++ b/docs-docutils_014-Sphinx_420.patch @@ -36,7 +36,7 @@ + node_findall = node.findall + except AttributeError: + node_findall = node.traverse -+ for glossary_item in node_findall(definition_list_item): ++ for glossary_item in node_findall(nodes.definition_list_item): term = glossary_item[0].astext() definition = glossary_item[-1]