- Refresh all patches
- Drop Revert-gh105127-left-tests.patch, in upstream now
- Update to 3.12.0rc1:
- Reverted the :mod:`email.utils` security improvement change
released in 3.12beta4 that unintentionally caused
:mod:`email.utils.getaddresses` to fail to parse email addresses
with a comma in the quoted name field. See :gh:`106669`.
- Start initializing ob_digit during creation of
:c:type:`PyLongObject` objects. Patch by Illia Volochii.
- Increase C recursion limit for functions other than the main
interpreter from 800 to 1500. This should allow functions like
list.__repr__ and json.dumps to handle all the inputs that they
could prior to 3.12
- Fix potential unaligned memory access on C APIs involving returned
sequences of char * pointers within the :mod:`grp` and
:mod:`socket` modules. These were revealed using a
-fsaniziter=alignment build on ARM macOS. Patch by Christopher
Chavez.
- Add the exception as the third argument to PY_UNIND callbacks in
sys.monitoring. This makes the PY_UNWIND callback consistent with
the other exception hanlding callbacks.
- Raise a ValueError when a monitoring callback funtion returns
DISABLE for events that cannot be disabled locally.
- Add a RERAISE event to sys.monitoring, which occurs when an
exception is reraised, either explicitly by a plain raise
statement, or implicitly in an except or finally block.
- Unsupported modules now always fail to be imported.
- Fix classmethod-style :func:`super` method calls (i.e., where the
second argument to :func:`super`, or the implied second argument
drawn from self/cls in the case of zero-arg super, is a type) when
the target of the call is not a classmethod.
- Python no longer crashes due an infrequent race when initialzing
per-interpreter interned strings. The crash would manifest when
the interpreter was finalized.
- Python no longer crashes due to an infrequent race in setting
Py_FileSystemDefaultEncoding and Py_FileSystemDefaultEncodeErrors
(both deprecated), when simultaneously initializing two isolated
subinterpreters. Now they are only set during runtime
initialization.
- Fix a segmentation fault caused by a use-after-free bug in
frame_dealloc when the trashcan delays the deallocation of a
PyFrameObject.
- No longer suppress arbitrary errors in the __annotations__ getter
and setter in the type and module types.
- Propagate frozen_modules to multiprocessing spawned process
interpreters.
- Prevent out-of-bounds memory access during mmap.find() calls.
- Seems that in some conditions, OpenSSL will return
SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification
verification has failed, but the error parameters will still
contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are
now detecting this situation and raising the appropiate
ssl.SSLCertVerificationError. Patch by Pablo Galindo
- Fix :func:`types.get_original_bases` to only return
:attr:`!__orig_bases__` if it is present on cls directly. Patch by
James Hilton-Balfe.
- Prevent memory leak and use-after-free when using pointers to
pointers with ctypes
- Make :func:`gettext.pgettext` search plural definitions when
translation is not found.
- Document behavior of :func:`shutil.disk_usage` for non-mounted
filesystems on Unix.
- Do not report MultipartInvariantViolationDefect defect when the
:class:`email.parser.Parser` class is used to parse emails with
headersonly=True.
- Fix invalid result from :meth:`PurePath.relative_to` method when
attempting to walk a ".." segment in other with walk_up enabled. A
:exc:`ValueError` exception is now raised in this case.
- Fix potential missing NULL check of d2i_SSL_SESSION result in
_ssl.c.
- Update the bundled copy of pip to version 23.2.1.
- Fixed several bugs in zipfile.Path, including: in Path.match`,
Windows separators are no longer honored (and never were meant to
be); Fixed ``name/suffix/suffixes/stem operations when no filename
is present and the Path is not at the root of the zipfile;
Reworked glob for performance and more correct matching behavior.
- Add __copy__ and __deepcopy__ in :mod:`enum`
- Revert a change to :func:`colorsys.rgb_to_hls` that caused
division by zero for certain almost-white inputs. Patch by Terry
Jan Reedy.
- Instances of :class:`typing.TypeVar`, :class:`typing.ParamSpec`,
:class:`typing.ParamSpecArgs`, :class:`typing.ParamSpecKwargs`,
and :class:`typing.TypeVarTuple` once again support weak
references, fixing a regression introduced in Python 3.12.0 beta
1. Patch by Jelle Zijlstra.
- Detect possible memory allocation failure in the libtommath
function :c:func:`mp_init` used by the _tkinter module.
- Fix crash when calling repr with a manually constructed SignalDict
object. Patch by Charlie Zhao.
- Change the default return value of
:meth:`http.client.HTTPConnection.get_proxy_response_headers` to
be None and not {}.
- Ensure gettext(msg) retrieve translations even if a plural form
exists. In other words: gettext(msg) == ngettext(msg, '', 1).
- Add documentation for :c:type:`PyInterpreterConfig` and
:c:func:`Py_NewInterpreterFromConfig`. Also clarify some of the
nearby docs relative to per-interpreter GIL.
- Document the :mod:`curses` module variables :const:`~curses.LINES`
and :const:`~curses.COLS`.
- Add a number of standard external names to nitpick_ignore.
- Add documentation on how to localize the :mod:`argparse` module.
- test_logging: Fix test_udp_reconnection() by increasing the
timeout from 100 ms to 5 minutes (LONG_TIMEOUT). Patch by Victor
Stinner.
- test_capi: Fix test_no_FatalError_infinite_loop() to no longer
write a coredump, by using test.support.SuppressCrashReport. Patch
by Victor Stinner.
- Avoid creating a reference to the test object in
:meth:`~unittest.TestResult.collectedDurations`.
- Moved tests for zipfile.Path into Lib/test/test_zipfile/_path.
Made zipfile._path a package.
- Check for linux/limits.h before including it in
Modules/posixmodule.c.
- Detect MPI compilers in :file:`configure`.
- Add experimental wasi-threads support. Patch by Takashi Yamamoto.
- Update Windows build to use OpenSSL 3.0.9
- Update macOS installer to use OpenSSL 3.0.9.
- Fix bugs in the Argument Clinic destination <name> clear command;
the destination buffers would never be cleared, and the
destination directive parser would simply continue to the fault
handler after processing the command. Patch by Erlend E. Aasland.
- freeze now fetches CONFIG_ARGS from the original CPython instance
the Makefile uses to call utility scripts. Patch by Ijtaba
Hussain.
- :c:func:`PyModule_AddObjectRef` is now only available in the
limited API version 3.10 or later.
OBS-URL: https://build.opensuse.org/request/show/1102652
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=19
- Update to 3.12.0b4:
- gh-issue-102988: CVE-2023-27043 (bsc#1210638): Prevent
:func:`email.utils.parseaddr` and
:func:`email.utils.getaddresses` from returning the realname
portion of an invalid RFC2822 email header in the email
address portion of the 2-tuple returned after being parsed by
:class:`email._parseaddr.AddressList`.
- gh-issue-106396: When the format specification of an
f-string expression is empty, the parser now generates an
empty :class:`ast.JoinedStr` node for it instead of an
one-element :class:`ast.JoinedStr` with an empty string
:class:`ast.Constant`.
- gh-issue-106145: Make ``end_lineno`` and ``end_col_offset``
required on ``type_param`` ast nodes.
- gh-issue-105979: Fix crash in :func:`!_imp.get_frozen_object`
due to improper exception handling.
- gh-issue-98931: Ensure custom :exc:`SyntaxError` error
messages are raised for invalid imports with multiple
targets. Patch by Pablo Galindo
- gh-issue-105908: Fixed bug where :gh:`99111` breaks future
import ``barry_as_FLUFL`` in the Python REPL.
- gh-issue-105340: Include the comprehension iteration
variable in ``locals()`` inside a module- or class-scope
comprehension.
- gh-issue-105486: Change the repr of ``ParamSpec`` list of
args in ``types.GenericAlias``.
- gh-issue-101006: Improve error handling when read
:mod:`marshal` data.
- gh-issue-106524: Fix crash in :func:`!_sre.template` with
templates containing invalid group indices.
- gh-issue-106510: Improve debug output for atomic groups in
regular expressions.
- gh-issue-106503: Fix ref cycle in
:class:`!asyncio._SelectorSocketTransport` by removing
``_write_ready`` in ``close``.
- gh-issue-105497: Fix flag mask inversion when unnamed flags
exist.
- gh-issue-90876: Prevent :mod:`multiprocessing.spawn` from
failing to *import* in environments where ``sys.executable``
is ``None``. This regressed in 3.11 with the addition of
support for path-like objects in multiprocessing.
- gh-issue-106292: Check for an instance-dict
cached value in the :meth:`__get__` method of
:func:`functools.cached_property`. This better matches the
pre-3.12 behavior and improves compatibility for users
subclassing :func:`functools.cached_property` and adding a
:meth:`__set__` method.
- gh-issue-106330: Fix incorrect matching of empty paths in
:meth:`pathlib.PurePath.match`. This bug was introduced in
Python 3.12.0 beta 1.
- gh-issue-102541: Make pydoc.doc catch bad module ImportError
when output stream is not None.
- gh-issue-106152: Added PY_THROW event hook for
:mod:`cProfile` for generators
- gh-issue-106075: Added `asyncio.taskgroups.__all__` to
`asyncio.__all__` for export in star imports.
- gh-issue-105987: Fix crash due to improper reference counting
in :mod:`asyncio` eager task factory internal routines.
- gh-issue-105974: Fix bug where a :class:`typing.Protocol`
class that had one or more non-callable members would
raise :exc:`TypeError` when :func:`issubclass` was called
against it, even if it defined a custom ``__subclasshook__``
method. The behaviour in Python 3.11 and lower -- which has
now been restored -- was not to raise :exc:`TypeError` in
these situations if a custom ``__subclasshook__`` method was
defined. Patch by Alex Waygood.
- gh-issue-96145: Reverted addition of ``json.AttrDict``.
- gh-issue-105497: Fix flag inversion when alias/mask members
exist.
- gh-issue-104554: Add RTSPS scheme support in urllib.parse
- gh-issue-94777: Fix hanging :mod:`multiprocessing`
``ProcessPoolExecutor`` when a child process crashes while
data is being written in the call queue.
- gh-issue-106232: Make timeit doc command lines compatible
with Windows by using double quotes for arguments. This
works on linux and macOS also.
- gh-issue-101634: When running the Python test suite with
``-jN`` option, if a worker stdout cannot be decoded from
the locale encoding report a failed testn so the exitcode is
non-zero. Patch by Victor Stinner.
- gh-issue-106118: Fix compilation for platforms without
:data:`!O_CLOEXEC`. The issue was introduced with Python
3.12b1 in :gh:`103295`. Patch by Erlend Aasland.
- gh-issue-104692: Include ``commoninstall`` as a prerequisite
for ``bininstall``
This ensures that ``commoninstall`` is completed before
``bininstall`` is started when parallel builds are used (``make
-j install``), and so the ``python3`` symlink is only installed
after all standard library modules are installed.
- gh-issue-106359: Argument Clinic now explicitly forbids
"kwarg splats" in function calls used as annotations.
- gh-issue-105227: The new :c:func:`PyType_GetDict` provides
the dictionary for the given type object that is normally
exposed by ``cls.__dict__``. Normally it's sufficient to
use :c:member:`~PyTypeObject.tp_dict`, but for the static
builtin types :c:member:`!tp_dict` is now always ``NULL``.
:c:func:`!PyType_GetDict()` provides the correct dict object
instead.
OBS-URL: https://build.opensuse.org/request/show/1098684
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=4
- gh-issue-102988: CVE-2023-27043: Prevent
:func:`email.utils.parseaddr` and
:func:`email.utils.getaddresses` from returning the realname
portion of an invalid RFC2822 email header in the email
address portion of the 2-tuple returned after being parsed by
:class:`email._parseaddr.AddressList`.
- gh-issue-106396: When the format specification of an
f-string expression is empty, the parser now generates an
empty :class:`ast.JoinedStr` node for it instead of an
one-element :class:`ast.JoinedStr` with an empty string
:class:`ast.Constant`.
- gh-issue-106145: Make ``end_lineno`` and ``end_col_offset``
required on ``type_param`` ast nodes.
- gh-issue-105979: Fix crash in :func:`!_imp.get_frozen_object`
due to improper exception handling.
- gh-issue-98931: Ensure custom :exc:`SyntaxError` error
messages are raised for invalid imports with multiple
targets. Patch by Pablo Galindo
- gh-issue-105908: Fixed bug where :gh:`99111` breaks future
import ``barry_as_FLUFL`` in the Python REPL.
- gh-issue-105340: Include the comprehension iteration
variable in ``locals()`` inside a module- or class-scope
comprehension.
- gh-issue-105486: Change the repr of ``ParamSpec`` list of
args in ``types.GenericAlias``.
- gh-issue-101006: Improve error handling when read
:mod:`marshal` data.
- gh-issue-106524: Fix crash in :func:`!_sre.template` with
templates containing invalid group indices.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=12
- Update to 3.12.0b3:
- gh-103142: The version of OpenSSL used in Windows and
Mac installers has been upgraded to 1.1.1u to address
CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
fixed previously in 1.1.1t (gh-101727).
- gh-102153: urllib.parse.urlsplit() now strips leading C0
control and space characters following the specification for
URLs defined by WHATWG in response to CVE-2023-24329.
- gh-99889: Fixed a security in flaw in uu.decode() that could
allow for directory traversal based on the input if no
out_file was specified.
- gh-104049: Do not expose the local on-disk
location in directory indexes produced by
http.client.SimpleHTTPRequestHandler.
- gh-103935: trace.__main__ now uses io.open_code() for files
to be executed instead of raw open().
- gh-102953: The extraction methods in tarfile, and
shutil.unpack_archive(), have a new filter argument that
allows limiting tar features than may be surprising or
dangerous, such as creating files outside the destination
directory. See Extraction filters for details.
- Remove upstreamed patches:
- 00398-fix-stack-overwrite-on-32-bit-in-perf-map-test-harness-gh-104811-104823.patch
OBS-URL: https://build.opensuse.org/request/show/1096094
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=3
- gh-103142: The version of OpenSSL used in Windows and
Mac installers has been upgraded to 1.1.1u to address
CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
fixed previously in 1.1.1t (gh-101727).
- gh-102153: urllib.parse.urlsplit() now strips leading C0
control and space characters following the specification for
URLs defined by WHATWG in response to CVE-2023-24329.
- gh-99889: Fixed a security in flaw in uu.decode() that could
allow for directory traversal based on the input if no
out_file was specified.
- gh-104049: Do not expose the local on-disk
location in directory indexes produced by
http.client.SimpleHTTPRequestHandler.
- gh-103935: trace.__main__ now uses io.open_code() for files
to be executed instead of raw open().
- gh-102953: The extraction methods in tarfile, and
shutil.unpack_archive(), have a new filter argument that
allows limiting tar features than may be surprising or
dangerous, such as creating files outside the destination
directory. See Extraction filters for details.
- Remove upstreamed patches:
- 00398-fix-stack-overwrite-on-32-bit-in-perf-map-test-harness-gh-104811-104823.patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=9
