- Core and Builtins
- gh-109496: On a Python built in debug mode, Py_DECREF() now
calls _Py_NegativeRefcount() if the object is a dangling pointer
to deallocated memory: memory filled with 0xDD “dead byte” by
the debug hook on memory allocators. The fix is to check the
reference count before checking for _Py_IsImmortal(). Patch by
Victor Stinner.
- gh-109371: Deopted instructions correctly for tool
initialization and modified the incorrect assertion in
instrumentation, when a previous tool already sets INSTRUCTION
events
- gh-105658: Fix bug where the line trace of an except block
ending with a conditional includes an excess event with the line
of the conditional expression.
- gh-109219: Fix compiling type param scopes that use a name which
is also free in an inner scope.
- gh-109341: Fix crash when compiling an invalid AST involving a
ast.TypeAlias.
- gh-109195: Fix source location for the LOAD_* instruction
preceding a LOAD_SUPER_ATTR to load the super global (or
shadowing variable) so that it encompasses only the name super
and not the following parentheses.
- gh-109118: Disallow nested scopes (lambdas, generator
expressions, and comprehensions) within PEP 695 annotation
scopes that are nested within classes.
- gh-109114: Relax the detection of the error message for invalid
lambdas inside f-strings to not search for arbitrary replacement
fields to avoid false positives. Patch by Pablo Galindo
- gh-109118: Fix interpreter crash when a NameError is raised
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=23
- Refresh all patches
- Drop Revert-gh105127-left-tests.patch, in upstream now
- Update to 3.12.0rc1:
- Reverted the :mod:`email.utils` security improvement change
released in 3.12beta4 that unintentionally caused
:mod:`email.utils.getaddresses` to fail to parse email addresses
with a comma in the quoted name field. See :gh:`106669`.
- Start initializing ob_digit during creation of
:c:type:`PyLongObject` objects. Patch by Illia Volochii.
- Increase C recursion limit for functions other than the main
interpreter from 800 to 1500. This should allow functions like
list.__repr__ and json.dumps to handle all the inputs that they
could prior to 3.12
- Fix potential unaligned memory access on C APIs involving returned
sequences of char * pointers within the :mod:`grp` and
:mod:`socket` modules. These were revealed using a
-fsaniziter=alignment build on ARM macOS. Patch by Christopher
Chavez.
- Add the exception as the third argument to PY_UNIND callbacks in
sys.monitoring. This makes the PY_UNWIND callback consistent with
the other exception hanlding callbacks.
- Raise a ValueError when a monitoring callback funtion returns
DISABLE for events that cannot be disabled locally.
- Add a RERAISE event to sys.monitoring, which occurs when an
exception is reraised, either explicitly by a plain raise
statement, or implicitly in an except or finally block.
- Unsupported modules now always fail to be imported.
- Fix classmethod-style :func:`super` method calls (i.e., where the
second argument to :func:`super`, or the implied second argument
drawn from self/cls in the case of zero-arg super, is a type) when
the target of the call is not a classmethod.
- Python no longer crashes due an infrequent race when initialzing
per-interpreter interned strings. The crash would manifest when
the interpreter was finalized.
- Python no longer crashes due to an infrequent race in setting
Py_FileSystemDefaultEncoding and Py_FileSystemDefaultEncodeErrors
(both deprecated), when simultaneously initializing two isolated
subinterpreters. Now they are only set during runtime
initialization.
- Fix a segmentation fault caused by a use-after-free bug in
frame_dealloc when the trashcan delays the deallocation of a
PyFrameObject.
- No longer suppress arbitrary errors in the __annotations__ getter
and setter in the type and module types.
- Propagate frozen_modules to multiprocessing spawned process
interpreters.
- Prevent out-of-bounds memory access during mmap.find() calls.
- Seems that in some conditions, OpenSSL will return
SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification
verification has failed, but the error parameters will still
contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are
now detecting this situation and raising the appropiate
ssl.SSLCertVerificationError. Patch by Pablo Galindo
- Fix :func:`types.get_original_bases` to only return
:attr:`!__orig_bases__` if it is present on cls directly. Patch by
James Hilton-Balfe.
- Prevent memory leak and use-after-free when using pointers to
pointers with ctypes
- Make :func:`gettext.pgettext` search plural definitions when
translation is not found.
- Document behavior of :func:`shutil.disk_usage` for non-mounted
filesystems on Unix.
- Do not report MultipartInvariantViolationDefect defect when the
:class:`email.parser.Parser` class is used to parse emails with
headersonly=True.
- Fix invalid result from :meth:`PurePath.relative_to` method when
attempting to walk a ".." segment in other with walk_up enabled. A
:exc:`ValueError` exception is now raised in this case.
- Fix potential missing NULL check of d2i_SSL_SESSION result in
_ssl.c.
- Update the bundled copy of pip to version 23.2.1.
- Fixed several bugs in zipfile.Path, including: in Path.match`,
Windows separators are no longer honored (and never were meant to
be); Fixed ``name/suffix/suffixes/stem operations when no filename
is present and the Path is not at the root of the zipfile;
Reworked glob for performance and more correct matching behavior.
- Add __copy__ and __deepcopy__ in :mod:`enum`
- Revert a change to :func:`colorsys.rgb_to_hls` that caused
division by zero for certain almost-white inputs. Patch by Terry
Jan Reedy.
- Instances of :class:`typing.TypeVar`, :class:`typing.ParamSpec`,
:class:`typing.ParamSpecArgs`, :class:`typing.ParamSpecKwargs`,
and :class:`typing.TypeVarTuple` once again support weak
references, fixing a regression introduced in Python 3.12.0 beta
1. Patch by Jelle Zijlstra.
- Detect possible memory allocation failure in the libtommath
function :c:func:`mp_init` used by the _tkinter module.
- Fix crash when calling repr with a manually constructed SignalDict
object. Patch by Charlie Zhao.
- Change the default return value of
:meth:`http.client.HTTPConnection.get_proxy_response_headers` to
be None and not {}.
- Ensure gettext(msg) retrieve translations even if a plural form
exists. In other words: gettext(msg) == ngettext(msg, '', 1).
- Add documentation for :c:type:`PyInterpreterConfig` and
:c:func:`Py_NewInterpreterFromConfig`. Also clarify some of the
nearby docs relative to per-interpreter GIL.
- Document the :mod:`curses` module variables :const:`~curses.LINES`
and :const:`~curses.COLS`.
- Add a number of standard external names to nitpick_ignore.
- Add documentation on how to localize the :mod:`argparse` module.
- test_logging: Fix test_udp_reconnection() by increasing the
timeout from 100 ms to 5 minutes (LONG_TIMEOUT). Patch by Victor
Stinner.
- test_capi: Fix test_no_FatalError_infinite_loop() to no longer
write a coredump, by using test.support.SuppressCrashReport. Patch
by Victor Stinner.
- Avoid creating a reference to the test object in
:meth:`~unittest.TestResult.collectedDurations`.
- Moved tests for zipfile.Path into Lib/test/test_zipfile/_path.
Made zipfile._path a package.
- Check for linux/limits.h before including it in
Modules/posixmodule.c.
- Detect MPI compilers in :file:`configure`.
- Add experimental wasi-threads support. Patch by Takashi Yamamoto.
- Update Windows build to use OpenSSL 3.0.9
- Update macOS installer to use OpenSSL 3.0.9.
- Fix bugs in the Argument Clinic destination <name> clear command;
the destination buffers would never be cleared, and the
destination directive parser would simply continue to the fault
handler after processing the command. Patch by Erlend E. Aasland.
- freeze now fetches CONFIG_ARGS from the original CPython instance
the Makefile uses to call utility scripts. Patch by Ijtaba
Hussain.
- :c:func:`PyModule_AddObjectRef` is now only available in the
limited API version 3.10 or later.
OBS-URL: https://build.opensuse.org/request/show/1102652
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=19
- gh-issue-102988: CVE-2023-27043: Prevent
:func:`email.utils.parseaddr` and
:func:`email.utils.getaddresses` from returning the realname
portion of an invalid RFC2822 email header in the email
address portion of the 2-tuple returned after being parsed by
:class:`email._parseaddr.AddressList`.
- gh-issue-106396: When the format specification of an
f-string expression is empty, the parser now generates an
empty :class:`ast.JoinedStr` node for it instead of an
one-element :class:`ast.JoinedStr` with an empty string
:class:`ast.Constant`.
- gh-issue-106145: Make ``end_lineno`` and ``end_col_offset``
required on ``type_param`` ast nodes.
- gh-issue-105979: Fix crash in :func:`!_imp.get_frozen_object`
due to improper exception handling.
- gh-issue-98931: Ensure custom :exc:`SyntaxError` error
messages are raised for invalid imports with multiple
targets. Patch by Pablo Galindo
- gh-issue-105908: Fixed bug where :gh:`99111` breaks future
import ``barry_as_FLUFL`` in the Python REPL.
- gh-issue-105340: Include the comprehension iteration
variable in ``locals()`` inside a module- or class-scope
comprehension.
- gh-issue-105486: Change the repr of ``ParamSpec`` list of
args in ``types.GenericAlias``.
- gh-issue-101006: Improve error handling when read
:mod:`marshal` data.
- gh-issue-106524: Fix crash in :func:`!_sre.template` with
templates containing invalid group indices.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=12
- gh-103142: The version of OpenSSL used in Windows and
Mac installers has been upgraded to 1.1.1u to address
CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
fixed previously in 1.1.1t (gh-101727).
- gh-102153: urllib.parse.urlsplit() now strips leading C0
control and space characters following the specification for
URLs defined by WHATWG in response to CVE-2023-24329.
- gh-99889: Fixed a security in flaw in uu.decode() that could
allow for directory traversal based on the input if no
out_file was specified.
- gh-104049: Do not expose the local on-disk
location in directory indexes produced by
http.client.SimpleHTTPRequestHandler.
- gh-103935: trace.__main__ now uses io.open_code() for files
to be executed instead of raw open().
- gh-102953: The extraction methods in tarfile, and
shutil.unpack_archive(), have a new filter argument that
allows limiting tar features than may be surprising or
dangerous, such as creating files outside the destination
directory. See Extraction filters for details.
- Remove upstreamed patches:
- 00398-fix-stack-overwrite-on-32-bit-in-perf-map-test-harness-gh-104811-104823.patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=9