SHA256
1
0
forked from pool/python312

134 Commits

Author SHA256 Message Date
ca6722de84 Accepting request 1288598 from devel:languages:python:Factory
Also addresses CVE-2025-4435 (gh#135034, bsc#1244061).

OBS-URL: https://build.opensuse.org/request/show/1288598
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=35
2025-06-26 09:38:04 +00:00
f9e1cf1836 extraction filters (filter="data" and filter="tar")
to be bypassed using crafted symlinks and hard links.
      CVE-2025-4517 (bsc#1244032). Also addresses CVE-2025-4435
      (gh#135034, bsc#1244061).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=149
2025-06-25 19:47:39 +00:00
b96f7f884b Accepting request 1284283 from devel:languages:python:Factory
- Update to 3.12.11:
  - Security
    - gh-135034: Fixes multiple issues that allowed tarfile
      extraction filters (filter="data" and filter="tar") to be
      bypassed using crafted symlinks and hard links.
      Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138
      (bsc#1244059), CVE-2025-4330 (bsc#1244060), and
      CVE-2025-4517 (bsc#1244032).
    - gh-133767: Fix use-after-free in the “unicode-escape”
      decoder with a non-“strict” error handler (CVE-2025-4516,
      bsc#1243273).
    - gh-128840: Short-circuit the processing of long IPv6
      addresses early in ipaddress to prevent excessive memory
      consumption and a minor denial-of-service.
  - Library
    - gh-128840: Fix parsing long IPv6 addresses with embedded
      IPv4 address.
    - gh-134062: ipaddress: fix collisions in __hash__() for
      IPv4Network and IPv6Network objects.
    - gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output
      according to RFC 3596, §2.5. Patch by Bénédikt Tran.
    - bpo-43633: Improve the textual representation of
      IPv4-mapped IPv6 addresses (RFC 4291 Sections 2.2, 2.5.5.2)
      in ipaddress. Patch by Oleksandr Pavliuk.
- Remove upstreamed patches:
  - CVE-2025-4516-DecodeError-handler.patch

- restrict PEP668 to ALP/Tumbleweed
  * Support Expat >= 2.4.5
- allow build with Sphinx >= 3.x

OBS-URL: https://build.opensuse.org/request/show/1284283
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=34
2025-06-11 14:20:11 +00:00
a91a0aca60 - Update to 3.12.11:
- Security
    - gh-135034: Fixes multiple issues that allowed tarfile
      extraction filters (filter="data" and filter="tar") to be
      bypassed using crafted symlinks and hard links.
      Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138
      (bsc#1244059), CVE-2025-4330 (bsc#1244060), and
      CVE-2025-4517 (bsc#1244032).
    - gh-133767: Fix use-after-free in the “unicode-escape”
      decoder with a non-“strict” error handler (CVE-2025-4516,
      bsc#1243273).
    - gh-128840: Short-circuit the processing of long IPv6
      addresses early in ipaddress to prevent excessive memory
      consumption and a minor denial-of-service.
  - Library
    - gh-128840: Fix parsing long IPv6 addresses with embedded
      IPv4 address.
    - gh-134062: ipaddress: fix collisions in __hash__() for
      IPv4Network and IPv6Network objects.
    - gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output
      according to RFC 3596, §2.5. Patch by Bénédikt Tran.
    - bpo-43633: Improve the textual representation of
      IPv4-mapped IPv6 addresses (RFC 4291 Sections 2.2, 2.5.5.2)
      in ipaddress. Patch by Oleksandr Pavliuk.
- Remove upstreamed patches:
  - CVE-2025-4516-DecodeError-handler.patch
- restrict PEP668 to ALP/Tumbleweed
  * Support Expat >= 2.4.5
- allow build with Sphinx >= 3.x
  * remove importlib_resources and importlib-metadata

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=147
2025-06-09 21:22:35 +00:00
8dd75ac7e9 Certainly correct patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=146
2025-05-29 14:09:57 +00:00
01d7c30105 fix the patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=145
2025-05-27 19:36:16 +00:00
3d0b1fd2f3 fix the patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=144
2025-05-27 19:09:08 +00:00
5ffcff295f fix the patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=143
2025-05-27 18:45:33 +00:00
df350a3d04 fix the patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=142
2025-05-27 15:29:36 +00:00
62a8d14b2c Fix the patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=141
2025-05-27 15:09:51 +00:00
37c1d3d2e3 Fix patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=140
2025-05-27 14:38:51 +00:00
36a106a0a7 REmove A0 chars.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=139
2025-05-27 14:10:40 +00:00
8b5d8bb101 Fix patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=138
2025-05-27 13:52:03 +00:00
1ee29c7d85 Accepting request 1279315 from devel:languages:python:Factory
- Add CVE-2025-4516-DecodeError-handler.patch fixing
  CVE-2025-4516 (bsc#1243273) blocking DecodeError handling
  vulnerability, which could lead to DoS.

OBS-URL: https://build.opensuse.org/request/show/1279315
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=33
2025-05-26 16:31:57 +00:00
a5b17ad854 update SPEC (add link to the source PR)
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=136
2025-05-22 15:46:08 +00:00
6441e5a86b Use patch from Fedora project
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=135
2025-05-22 12:39:01 +00:00
af89117d93 Fix patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=134
2025-05-19 14:39:54 +00:00
b179411cca Fix patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=133
2025-05-19 06:20:12 +00:00
f1df581bc1 Fix patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=132
2025-05-19 00:49:25 +00:00
e728127a90 Fix patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=131
2025-05-18 23:08:41 +00:00
2410e499d4 Fix patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=130
2025-05-18 22:43:29 +00:00
730e031b5a Fix patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=129
2025-05-18 22:42:21 +00:00
9b369ae708 Fix patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=128
2025-05-18 22:25:16 +00:00
d915e370e5 Fix patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=127
2025-05-18 21:56:25 +00:00
3f073ea41b Fix patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=126
2025-05-18 20:36:32 +00:00
d2c62b9b77 Fix patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=125
2025-05-18 19:14:03 +00:00
1929c41f46 Fix patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=124
2025-05-18 18:22:15 +00:00
8d147e1486 Fix patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=123
2025-05-18 18:00:27 +00:00
3bf1e1a8e7 Revert the patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=122
2025-05-18 17:09:01 +00:00
3a565bec26 Fix patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=121
2025-05-18 06:12:44 +00:00
ea7b8271b0 Fix patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=120
2025-05-17 21:41:53 +00:00
b814d70dca Fix patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=119
2025-05-17 21:08:41 +00:00
0a23865f82 Fix tests
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=118
2025-05-17 17:39:47 +00:00
4db7913729 Fix tests
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=117
2025-05-17 15:45:24 +00:00
07eef01e76 fix the patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=116
2025-05-17 12:28:05 +00:00
bbb6498fe3 - Add CVE-2025-4516-DecodeError-handler.patch fixing
CVE-2025-4516 (bsc#1243273) blocking DecodeError handling
  vulnerability, which could lead to DoS.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=115
2025-05-17 12:14:17 +00:00
9bf13da52a Accepting request 1276663 from devel:languages:python:Factory
- Remove python-3.3.0b1-test-posix_fadvise.patch (not needed
  since kernel 3.6-rc1)

OBS-URL: https://build.opensuse.org/request/show/1276663
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=32
2025-05-13 18:11:47 +00:00
2cb6f30213 - Remove python-3.3.0b1-test-posix_fadvise.patch (not needed
since kernel 3.6-rc1)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=113
2025-05-10 11:43:23 +00:00
f894003382 Accepting request 1273530 from devel:languages:python:Factory
- New libexpat doesn’t need expectedFailure, it doesn't fail any
  more.
- Remove CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch as
  well.
- doc-py38-to-py36.patch needs to substantially extended.

OBS-URL: https://build.opensuse.org/request/show/1273530
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=31
2025-05-01 13:22:28 +00:00
fa963a9d40 - Remove CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch as
well.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=111
2025-04-29 21:23:32 +00:00
1e0fc4ca6f - New libexpat doesn’t need expectedFailure, it doesn't fail any
more.
- doc-py38-to-py36.patch needs to substantially extended.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=110
2025-04-29 21:21:44 +00:00
c558688a19 Accepting request 1269059 from devel:languages:python:Factory
- Update to 3.12.10:
  - gh-131852: msgfmt no longer adds the POT-Creation-Date to
    generated .mo files for consistency with GNU msgfmt.
  - gh-85012: Correctly reset msgctxt when compiling messages in
    msgfmt.
  - gh-131050: test_ssl.test_dh_params is skipped if the
    underlying TLS library does not support finite-field
    ephemeral Diffie-Hellman.
  - gh-119727: Add --single-process command line option to Python
    test runner (regrtest). Patch by Victor Stinner.
  - gh-131809: Update bundled libexpat to 2.7.1
  - gh-131261: Upgrade to libexpat 2.7.0
  - gh-127371: Avoid unbounded buffering for
    tempfile.SpooledTemporaryFile.writelines(). Previously, disk
    spillover was only checked after the lines iterator had been
    exhausted. This is now done after each line is written.
  - gh-121284: Fix bug in the folding of rfc2047 encoded-words
    when flattening an email message using a modern email
    policy. Previously when an encoded-word was too long for
    a line, it would be decoded, split across lines, and
    re-encoded. But commas and other special characters in the
    original text could be left unencoded and unquoted. This
    could theoretically be used to spoof header lines using a
    carefully constructed encoded-word if the resulting rendered
    email was transmitted or re-parsed.
  - gh-116608: undeprecate functional API for importlib.resources
  - gh-132075: Fix possible use of socket address structures
    with uninitialized members. Now all structure members are
    initialized with zeroes by default.
  - gh-132002: Fix crash when deallocating contextvars.ContextVar

OBS-URL: https://build.opensuse.org/request/show/1269059
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=30
2025-04-18 14:14:39 +00:00
584c05bad9 - Update to 3.12.10:
- gh-131852: msgfmt no longer adds the POT-Creation-Date to
    generated .mo files for consistency with GNU msgfmt.
  - gh-85012: Correctly reset msgctxt when compiling messages in
    msgfmt.
  - gh-131050: test_ssl.test_dh_params is skipped if the
    underlying TLS library does not support finite-field
    ephemeral Diffie-Hellman.
  - gh-119727: Add --single-process command line option to Python
    test runner (regrtest). Patch by Victor Stinner.
  - gh-131809: Update bundled libexpat to 2.7.1
  - gh-131261: Upgrade to libexpat 2.7.0
  - gh-127371: Avoid unbounded buffering for
    tempfile.SpooledTemporaryFile.writelines(). Previously, disk
    spillover was only checked after the lines iterator had been
    exhausted. This is now done after each line is written.
  - gh-121284: Fix bug in the folding of rfc2047 encoded-words
    when flattening an email message using a modern email
    policy. Previously when an encoded-word was too long for
    a line, it would be decoded, split across lines, and
    re-encoded. But commas and other special characters in the
    original text could be left unencoded and unquoted. This
    could theoretically be used to spoof header lines using a
    carefully constructed encoded-word if the resulting rendered
    email was transmitted or re-parsed.
  - gh-116608: undeprecate functional API for importlib.resources
  - gh-132075: Fix possible use of socket address structures
    with uninitialized members. Now all structure members are
    initialized with zeroes by default.
  - gh-132002: Fix crash when deallocating contextvars.ContextVar

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=108
2025-04-11 19:25:19 +00:00
b11adbdea3 Accepting request 1251951 from devel:languages:python:Factory
- Skip PGO with %want_reproducible_builds (bsc#1239210).

      over multiple lines in combination with unicode encoding
      (bsc#1238450, CVE-2025-1795)

OBS-URL: https://build.opensuse.org/request/show/1251951
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=29
2025-03-11 19:42:20 +00:00
e82a230b70 Fix bug reference in the changelog
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=106
2025-03-11 06:42:02 +00:00
e7906b91e2 - Skip PGO with %want_reproducible_builds (bsc#1239210).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=105
2025-03-11 06:14:39 +00:00
07ecf72506 - Skip PGO with %want_reproducible_builds (boo#1040589)
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=104
2025-03-10 19:53:26 +00:00
b45169abf8 Accepting request 1244005 from devel:languages:python:Factory
- Update to 3.12.9:
  - Tests
    - gh-127906: Test the limited C API in test_cppext. Patch by
      Victor Stinner.
    - gh-127906: Backport test_cext from the main branch. Patch
      by Victor Stinner.
    - gh-127637: Add tests for the dis command-line
      interface. Patch by Bénédikt Tran.
  - Security
    - gh-105704: When using urllib.parse.urlsplit() and
      urllib.parse.urlparse() host parsing would not reject
      domain names containing square brackets ([ and ]). Square
      brackets are only valid for IPv6 and IPvFuture hosts
      according to RFC 3986 Section 3.2.2. (CVE-2025-0938,
      bsc#1236705)
    - gh-127655: Fixed the
      asyncio.selector_events._SelectorSocketTransport
      transport not pausing writes for the protocol when
      the buffer reaches the high water mark when using
      asyncio.WriteTransport.writelines() (CVE-2024-12254,
      bsc#1234290).
    - gh-126108: Fix a possible NULL pointer dereference in
      PySys_AddWarnOptionUnicode().
    - gh-80222: Fix bug in the folding of quoted strings
      when flattening an email message using a modern email
      policy. Previously when a quoted string was folded so
      that it spanned more than one line, the surrounding
      quotes and internal escapes would be omitted. This could
      theoretically be used to spoof header lines using a
      carefully constructed quoted string if the resulting

OBS-URL: https://build.opensuse.org/request/show/1244005
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=28
2025-02-09 18:58:58 +00:00
32717178fc Update documentation patch.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=102
2025-02-06 18:39:10 +00:00
f7e695cbd6 Fix changelog
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=101
2025-02-06 08:57:15 +00:00
0496c93f4b Adjust patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=100
2025-02-06 08:56:17 +00:00
30f651fd15 Add missing Source: statement
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=99
2025-02-06 08:48:44 +00:00
eacdd5e9b5 - Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
path names provided when creating a virtual environment
  (bsc#1232241, CVE-2024-9287)
- Update doc-py38-to-py36.patch to include str.removeprefix
  replacement.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=98
2025-02-06 08:47:49 +00:00
bae099bfd7 Update patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=97
2025-02-05 20:50:46 +00:00
c062335ad2 Fix the patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=96
2025-02-05 16:21:38 +00:00
4fcdd05e86 update Doc/conf.py
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=95
2025-02-05 12:37:56 +00:00
24c111965b - Update to 3.12.9:
- Tests
    - gh-127906: Test the limited C API in test_cppext. Patch by
      Victor Stinner.
    - gh-127906: Backport test_cext from the main branch. Patch
      by Victor Stinner.
    - gh-127637: Add tests for the dis command-line
      interface. Patch by Bénédikt Tran.
  - Security
    - gh-105704: When using urllib.parse.urlsplit() and
      urllib.parse.urlparse() host parsing would not reject
      domain names containing square brackets ([ and ]). Square
      brackets are only valid for IPv6 and IPvFuture hosts
      according to RFC 3986 Section 3.2.2. (CVE-2025-0938,
      bsc#1236705)
    - gh-127655: Fixed the
      asyncio.selector_events._SelectorSocketTransport
      transport not pausing writes for the protocol when
      the buffer reaches the high water mark when using
      asyncio.WriteTransport.writelines() (CVE-2024-12254,
      bsc#1234290).
    - gh-126108: Fix a possible NULL pointer dereference in
      PySys_AddWarnOptionUnicode().
    - gh-80222: Fix bug in the folding of quoted strings
      when flattening an email message using a modern email
      policy. Previously when a quoted string was folded so
      that it spanned more than one line, the surrounding
      quotes and internal escapes would be omitted. This could
      theoretically be used to spoof header lines using a
      carefully constructed quoted string if the resulting

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=94
2025-02-05 11:02:29 +00:00
c4b3c6583b Accepting request 1241508 from devel:languages:python:Factory
OBS-URL: https://build.opensuse.org/request/show/1241508
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=27
2025-02-03 20:40:33 +00:00
d058a99b8a - Configure externally_managed with a bcond
https://en.opensuse.org/openSUSE:Python:Externally_managed
  bsc#1228165

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=92
2025-01-30 17:34:53 +00:00
9431cf257f Accepting request 1228975 from devel:languages:python:Factory
- Add CVE-2024-12254-unbound-mem-buffering-SelectorSocketTransport.writelines.patch
  preventing exhaustion of memory (gh#python/cpython#127655,
  bsc#1234290, CVE-2024-12254).
- Update to 3.12.8:
  - Tools/Demos
    - gh-126807: Fix extraction warnings in pygettext.py caused
      by mistaking function definitions for function calls.
  - Tests
    - gh-126909: Fix test_os extended attribute tests to work on
      filesystems with 1 KiB xattr size limit.
    - gh-125041: Re-enable skipped tests for zlib on the
      s390x architecture: only skip checks of the compressed
      bytes, which can be different between zlib’s software
      implementation and the hardware-accelerated implementation.
    - gh-124295: Add translation tests to the argparse module.
  - Security
    - gh-126623: Upgrade libexpat to 2.6.4
  - Library
    - gh-127303: Publicly expose EXACT_TOKEN_TYPES in
      token.__all__.
    - gh-123967: Fix faulthandler for trampoline frames. If the
      top-most frame is a trampoline frame, skip it. Patch by
      Victor Stinner.
    - gh-127182: Fix io.StringIO.__setstate__() crash, when None
      was passed as the first value.
    - gh-127217: Fix urllib.request.pathname2url() for paths
      starting with multiple slashes on Posix.
    - gh-127035: Fix shutil.which on Windows. Now it looks at
      direct match if and only if the command ends with a PATHEXT
      extension or X_OK is not in mode. Support extensionless
      files if “.” is in PATHEXT. Support PATHEXT extensions that
      end with a dot.
    - gh-127078: Fix issue where urllib.request.url2pathname()
      failed to discard an extra slash before a UNC drive in the
      URL path on Windows.
    - gh-126766: Fix issue where urllib.request.url2pathname()
      failed to discard any ‘localhost’ authority present in the
      URL.
    - gh-126997: Fix support of STRING and GLOBAL opcodes with
      non-ASCII arguments in pickletools. pickletools.dis()
      now outputs non-ASCII bytes in STRING, BINSTRING and
      SHORT_BINSTRING arguments as escaped (\xXX).
    - gh-126618: Fix the representation of itertools.count
      objects when the count value is sys.maxsize.
    - gh-85168: Fix issue where urllib.request.url2pathname() and
      pathname2url() always used UTF-8 when quoting and unquoting
      file URIs. They now use the filesystem encoding and error
      handler.
    - gh-67877: Fix memory leaks when regular expression matching
      terminates abruptly, either because of a signal or because
      memory allocation fails.
    - gh-126789: Fixed the values of sysconfig.get_config_vars(),
      sysconfig.get_paths(), and their siblings when the site
      initialization happens after sysconfig has built a cache
      for sysconfig.get_config_vars().
    - gh-126188: Update bundled pip to 24.3.1
    - gh-126766: Fix issue where urllib.request.url2pathname()
      failed to discard two leading slashes introducing an empty
      authority section.
    - gh-126727: locale.nl_langinfo(locale.ERA) now returns
      multiple era description segments separated by
      semicolons. Previously it only returned the first segment
      on platforms with Glibc.
    - gh-126699: Allow collections.abc.AsyncIterator to be a base
      for Protocols.
    - gh-104745: Limit starting a patcher (from
      unittest.mock.patch() or unittest.mock.patch.object()) more
      than once without stopping it
    - gh-126595: Fix a crash when instantiating itertools.count
      with an initial count of sys.maxsize on debug builds. Patch
      by Bénédikt Tran.
    - gh-120423: Fix issue where urllib.request.pathname2url()
      mishandled Windows paths with embedded forward slashes.
    - gh-126565: Improve performances of zipfile.Path.open() for
      non-reading modes.
    - gh-126505: Fix bugs in compiling case-insensitive regular
      expressions with character classes containing non-BMP
      characters: upper-case non-BMP character did was ignored
      and the ASCII flag was ignored when matching a character
      range whose upper bound is beyond the BMP region.
    - gh-117378: Fixed the multiprocessing "forkserver"
      start method forkserver process to correctly inherit
      the parent’s sys.path during the importing of
      multiprocessing.set_forkserver_preload() modules in the
      same manner as sys.path is configured in workers before
      executing work items.
      This bug caused some forkserver module preloading to silently
      fail to preload. This manifested as a performance degration
      in child processes when the sys.path was required due to
      additional repeated work in every worker.
      It could also have a side effect of "" remaining in
      sys.path during forkserver preload imports instead of the
      absolute path from os.getcwd() at multiprocessing import time
      used in the worker sys.path.
      The sys.path differences between phases in the child
      process could potentially have caused preload to import incorrect
      things from the wrong location. We are unaware of that actually
      having happened in practice.
    - gh-125679: The multiprocessing.Lock and
      multiprocessing.RLock repr values no longer say “unknown”
      on macOS.
    - gh-126476: Raise calendar.IllegalMonthError (now a subclass
      of IndexError) for calendar.month() when the input month is
      not correct.
    - gh-126489: The Python implementation of pickle no longer
      calls pickle.Pickler.persistent_id() for the result of
      persistent_id().
    - gh-126303: Fix pickling and copying of os.sched_param
      objects.
    - gh-126138: Fix a use-after-free crash on asyncio.Task
      objects whose underlying coroutine yields an object that
      implements an evil __getattribute__(). Patch by Nico
      Posada.
    - gh-126220: Fix crash in cProfile.Profile and
      _lsprof.Profiler when their callbacks were directly called
      with 0 arguments.
    - gh-126212: Fix issue where urllib.request.pathname2url()
      and url2pathname() removed slashes from Windows DOS drive
      paths and URLs.
    - gh-126205: Fix issue where urllib.request.pathname2url()
      generated URLs beginning with four slashes (rather than
      two) when given a Windows UNC path.
    - gh-126105: Fix a crash in ast when the ast.AST._fields
      attribute is deleted.
    - gh-126106: Fixes a possible NULL pointer dereference in
      ssl.
    - gh-126080: Fix a use-after-free crash on asyncio.Task
      objects for which the underlying event loop implements an
      evil __getattribute__(). Reported by Nico-Posada. Patch by
      Bénédikt Tran.
    - gh-126083: Fixed a reference leak in asyncio.Task objects
      when reinitializing the same object with a non-None
      context. Patch by Nico Posada.
    - gh-125984: Fix use-after-free crashes on asyncio.Future
      objects for which the underlying event loop implements an
      evil __getattribute__(). Reported by Nico-Posada. Patch by
      Bénédikt Tran.
    - gh-125969: Fix an out-of-bounds crash when an evil
      asyncio.loop.call_soon() mutates the length of the internal
      callbacks list. Patch by Bénédikt Tran.
    - gh-125966: Fix a use-after-free crash in
      asyncio.Future.remove_done_callback(). Patch by Bénédikt
      Tran.
    - gh-125789: Fix possible crash when mutating list of
      callbacks returned by asyncio.Future._callbacks. It
      now always returns a new copy in C implementation
      _asyncio. Patch by Kumar Aditya.
    - gh-124452: Fix an issue in
      email.policy.EmailPolicy.header_source_parse() and
      email.policy.Compat32.header_source_parse() that introduced
      spurious leading whitespaces into header values when the
      header includes a newline character after the header name
      delimiter (:) and before the value.
    - gh-125884: Fixed the bug for pdb where it can’t set
      breakpoints on functions with certain annotations.
    - gh-125355: Fix several bugs in
      argparse.ArgumentParser.parse_intermixed_args().
        The parser no longer changes temporarily during parsing.
        Default values are not processed twice.
        Required mutually exclusive groups containing positional
        arguments are now supported.
        The missing arguments report now includes the names of
        all required optional and positional arguments.
        Unknown options can be intermixed with positional
        arguments in parse_known_intermixed_args().
    - gh-125682: Reject non-ASCII digits in the Python
      implementation of json.loads() conforming to the JSON
      specification.
    - gh-125660: Reject invalid unicode escapes for Python
      implementation of json.loads().
    - gh-125259: Fix the notes removal logic for errors thrown in
      enum initialization.
    - gh-125519: Improve traceback if importlib.reload() is
      called with an object that is not a module. Patch by Alex
      Waygood.
    - gh-125451: Fix deadlock when
      concurrent.futures.ProcessPoolExecutor shuts down
      concurrently with an error when feeding a job to a worker
      process.
    - gh-125422: Fixed the bug where pdb and bdb can step into
      the bottom caller frame.
    - gh-100141: Fixed the bug where pdb will be stuck in an
      infinite loop when debugging an empty file.
    - gh-53203: Fix time.strptime() for %c, %x and %X formats
      in many locales that use non-ASCII digits, like Persian,
      Burmese, Odia and Shan.
    - gh-125254: Fix a bug where ArgumentError includes the
      incorrect ambiguous option in argparse.
    - gh-61011: Fix inheritance of nested mutually
      exclusive groups from parent parser in
      argparse.ArgumentParser. Previously, all nested mutually
      exclusive groups lost their connection to the group
      containing them and were displayed as belonging directly to
      the parser.
    - gh-52551: Fix encoding issues in time.strftime(), the
      strftime() method of the datetime classes datetime, date
      and time and formatting of these classes. Characters
      not encodable in the current locale are now acceptable
      in the format string. Surrogate pairs and sequence
      of surrogatescape-encoded bytes are no longer
      recombinated. Embedded null character no longer terminates
      the format string.
    - gh-125118: Don’t copy arbitrary values to _Bool in the
      struct module.
    - gh-125069: Fix an issue where providing a pathlib.PurePath
      object as an initializer argument to a second PurePath
      object with a different flavour resulted in arguments to
      the former object’s initializer being joined by the latter
      object’s flavour.
    - gh-124969: Fix locale.nl_langinfo(locale.ALT_DIGITS) on
      platforms with glibc. Now it returns a string consisting of
      up to 100 semicolon-separated symbols (an empty string in
      most locales) on all Posix platforms. Previously it only
      returned the first symbol or an empty string.
    - gh-124958: Fix refcycles in exceptions raised from
      asyncio.TaskGroup and the python implementation of
      asyncio.Future
    - gh-53203: Fix time.strptime() for %c and %x formats in many
      locales: Arabic, Bislama, Breton, Bodo, Kashubian, Chuvash,
      Estonian, French, Irish, Ge’ez, Gurajati, Manx Gaelic,
      Hebrew, Hindi, Chhattisgarhi, Haitian Kreyol, Japanese,
      Kannada, Korean, Marathi, Malay, Norwegian, Nynorsk,
      Punjabi, Rajasthani, Tok Pisin, Yoruba, Yue Chinese,
      Yau/Nungon and Chinese.
    - gh-124917: Allow calling os.path.exists() and
      os.path.lexists() with keyword arguments on Windows. Fixes
      a regression in 3.12.4.
    - gh-124653: Fix detection of the minimal Queue API needed by
      the logging module. Patch by Bénédikt Tran.
    - gh-124858: Fix reference cycles left in tracebacks
      in asyncio.open_connection() when used with
      happy_eyeballs_delay
    - gh-124390: Fixed AssertionError when using
      asyncio.staggered.staggered_race() with
      asyncio.eager_task_factory.
    - gh-124651: Properly quote template strings in venv
      activation scripts.
    - gh-124594: All asyncio REPL prompts run in the same
      context. Contributed by Bartosz Sławecki.
    - gh-120378: Fix a crash related to an integer overflow in
      curses.resizeterm() and curses.resize_term().
    - gh-123884: Fixed bug in itertools.tee() handling of other
      tee inputs (a tee in a tee). The output now has the
      promised n independent new iterators. Formerly, the first
      iterator was identical (not independent) to the input
      iterator. This would sometimes give surprising results.
    - gh-123978: Remove broken time.thread_time() and
      time.thread_time_ns() on NetBSD.
    - gh-124008: Fix possible crash (in debug build), incorrect
      output or returning incorrect value from raw binary write()
      when writing to console on Windows.
    - gh-123370: Fix the canvas not clearing after running
      turtledemo clock.
    - gh-120754: Update unbounded read calls in zipfile to
      specify an explicit size putting a limit on how much data
      they may read. This also updates handling around ZIP max
      comment size to match the standard instead of reading
      comments that are one byte too long.
    - gh-70764: Fixed an issue where inspect.getclosurevars()
      would incorrectly classify an attribute name as a global
      variable when the name exists both as an attribute name and
      a global variable.
    - gh-119826: Always return an absolute path for
      os.path.abspath() on Windows.
    - gh-117766: Always use str() to print choices in argparse.
    - gh-101955: Fix SystemError when match regular expression
      pattern containing some combination of possessive
      quantifier, alternative and capture group.
    - gh-88110: Fixed multiprocessing.Process reporting a
      .exitcode of 1 even on success when using the "fork" start
      method while using a concurrent.futures.ThreadPoolExecutor.
    - gh-71936: Fix a race condition in
      multiprocessing.pool.Pool.
    - bpo-46128: Strip unittest.IsolatedAsyncioTestCase stack
      frames from reported stacktraces.
    - bpo-14074: Fix argparse metavar processing to allow
      positional arguments to have a tuple metavar.
  - IDLE
    - gh-122392: Increase currently inadequate vertical spacing
      for the IDLE browsers (path, module, and stack) on
      high-resolution monitors.
  - Documentation
    - gh-125277: Require Sphinx 7.2.6 or later to build the
      Python documentation. Patch by Adam Turner.
    - gh-125018: The importlib.metadata documentation now
      includes semantic cross-reference targets for the
      significant documented APIs. This means intersphinx
      references like importlib.metadata.version() will now work
      as expected.
    - gh-121277: Writers of CPython’s documentation can now use
      next as the version for the versionchanged, versionadded,
      deprecated directives.
    - gh-60712: Include the object type in the lists of
      documented types. Change by Furkan Onder and Martin Panter.
  - Core and Builtins
    - gh-113841: Fix possible undefined behavior division by zero
      in complex’s _Py_c_pow().
    - gh-126341: Now ValueError is raised instead of SystemError
      when trying to iterate over a released memoryview object.
    - gh-126066: Fix importlib to not write an incomplete
      .pyc files when a ulimit or some other operating system
      mechanism is preventing the write to go through fully.
    - gh-126139: Provide better error location when attempting to
      use a future statement with an unknown future feature.
    - gh-125008: Fix tokenize.untokenize() producing invalid
      syntax for double braces preceded by certain escape
      characters.
    - gh-123378: Fix a crash in the __str__() method of
      UnicodeError objects when the UnicodeError.start and
      UnicodeError.end values are invalid or out-of-range. Patch
      by Bénédikt Tran.
    - gh-116510: Fix a crash caused by immortal interned strings
      being shared between sub-interpreters that use basic
      single-phase init. In that case, the string can be used
      by an interpreter that outlives the interpreter that
      created and interned it. For interpreters that share
      obmalloc state, also share the interned dict with the main
      interpreter.
    - gh-118950: Fix bug where SSLProtocol.connection_lost wasn’t
      getting called when OSError was thrown on writing to
      socket.
    - gh-113570: Fixed a bug in reprlib.repr where it incorrectly
      called the repr method on shadowed Python built-in types.
    - gh-109746: If _thread.start_new_thread() fails to start a
      new thread, it deletes its state from interpreter and thus
      avoids its repeated cleanup on finalization.
  - C API
    - gh-113601: Removed debug build assertions related to
      interning strings, which were falsely triggered by stable
      ABI extensions.
  - Build
    - gh-89640: Hard-code float word ordering as little endian on
      WASM.
    - gh-89640: Improve detection of float word ordering on Linux
      when link-time optimizations are enabled.
- Remove upstreamed patches:
  - CVE-2024-9287-venv_path_unquoted.patch

OBS-URL: https://build.opensuse.org/request/show/1228975
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=26
2024-12-13 21:33:05 +00:00
e85ec7c286 Fix documentation
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=90
2024-12-06 22:39:25 +00:00
652065b794 Fix SPEC
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=89
2024-12-06 20:45:54 +00:00
a7439aaf5b - Add CVE-2024-12254-unbound-mem-buffering-SelectorSocketTransport.writelines.patch
preventing exhaustion of memory (gh#python/cpython#127655,
  bsc#1234290, CVE-2024-12254).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=88
2024-12-06 20:41:43 +00:00
694498a6a8 Update patches
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=87
2024-12-05 21:49:05 +00:00
8a08246ce9 Recalculate patches
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=86
2024-12-04 22:03:33 +00:00
b9104c7cad - Update to 3.12.8:
- Tools/Demos
    - gh-126807: Fix extraction warnings in pygettext.py caused
      by mistaking function definitions for function calls.
  - Tests
    - gh-126909: Fix test_os extended attribute tests to work on
      filesystems with 1 KiB xattr size limit.
    - gh-125041: Re-enable skipped tests for zlib on the
      s390x architecture: only skip checks of the compressed
      bytes, which can be different between zlib’s software
      implementation and the hardware-accelerated implementation.
    - gh-124295: Add translation tests to the argparse module.
  - Security
    - gh-126623: Upgrade libexpat to 2.6.4
  - Library
    - gh-127303: Publicly expose EXACT_TOKEN_TYPES in
      token.__all__.
    - gh-123967: Fix faulthandler for trampoline frames. If the
      top-most frame is a trampoline frame, skip it. Patch by
      Victor Stinner.
    - gh-127182: Fix io.StringIO.__setstate__() crash, when None
      was passed as the first value.
    - gh-127217: Fix urllib.request.pathname2url() for paths
      starting with multiple slashes on Posix.
    - gh-127035: Fix shutil.which on Windows. Now it looks at
      direct match if and only if the command ends with a PATHEXT
      extension or X_OK is not in mode. Support extensionless
      files if “.” is in PATHEXT. Support PATHEXT extensions that
      end with a dot.
    - gh-127078: Fix issue where urllib.request.url2pathname()

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=85
2024-12-04 21:53:57 +00:00
d5a3615b78 Accepting request 1227202 from devel:languages:python:Factory
- Update doc-py38-to-py36.patch to include str.removeprefix
  replacement.

OBS-URL: https://build.opensuse.org/request/show/1227202
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=25
2024-11-30 12:27:21 +00:00
82050fef68 - Update doc-py38-to-py36.patch to include str.removeprefix
replacement.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=83
2024-11-28 22:25:57 +00:00
094ec27e0f Accepting request 1224261 from devel:languages:python:Factory
- Remove -IVendor/ from python-config boo#1231795

OBS-URL: https://build.opensuse.org/request/show/1224261
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=24
2024-11-15 14:37:41 +00:00
f07b688f29 - Remove -IVendor/ from python-config boo#1231795
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=81
2024-11-14 16:23:58 +00:00
06a5cb31be Accepting request 1220158 from devel:languages:python:Factory
- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
  path names provided when creating a virtual environment
  (bsc#1232241, CVE-2024-9287)

OBS-URL: https://build.opensuse.org/request/show/1220158
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=23
2024-11-03 06:17:02 +00:00
803cb95998 Update the patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=79
2024-11-02 00:55:18 +00:00
cd88adc808 - Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
path names provided when creating a virtual environment
  (bsc#1232241, CVE-2024-9287)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=78
2024-10-25 13:01:30 +00:00
118ac765b0 Accepting request 1205549 from devel:languages:python:Factory
- Update to 3.12.7:
  - Tests
    - gh-124378: Updated test_ttk to pass with Tcl/Tk 8.6.15.
  - Security
    - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to
      consistently use the mapped IPv4 address value for deciding
      properties. Properties which have their behavior fixed are
      is_multicast, is_reserved, is_link_local, is_global, and
      is_unspecified.
  - Library
    - gh-116850: Fix argparse for namespaces with not directly
      writable dict (e.g. classes).
    - gh-58573: Fix conflicts between abbreviated long options in
      the parent parser and subparsers in argparse.
    - gh-61181: Fix support of choices with string value in
      argparse. Substrings of the specified string no longer
      considered valid values.
    - gh-80259: Fix argparse support of positional arguments with
      nargs='?', default=argparse.SUPPRESS and specified type.
    - gh-124498: Fix typing.TypeAliasType not to be generic, when
      type_params is an empty tuple.
    - gh-124345: argparse vim supports abbreviated single-dash
      long options separated by = from its value.
    - gh-104860: Fix disallowing abbreviation of single-dash long
      options in argparse with allow_abbrev=False.
    - gh-63143: Fix parsing mutually exclusive arguments in
      argparse. Arguments with the value identical to the default
      value (e.g. booleans, small integers, empty or 1-character
      strings) are no longer considered “not present”.
    - gh-72795: Positional arguments with nargs equal to '*' or

OBS-URL: https://build.opensuse.org/request/show/1205549
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=22
2024-10-06 15:51:43 +00:00
2f2e126886 Fix the changelog
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=76
2024-10-03 15:01:05 +00:00
8c2f054df4 Fix the command
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=75
2024-10-01 23:45:48 +00:00
957ff77855 Fix the command
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=74
2024-10-01 23:44:23 +00:00
2aeb619628 Fix the command
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=73
2024-10-01 23:40:43 +00:00
38ff7e3150 Fix the command
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=72
2024-10-01 21:16:07 +00:00
ec208c83f9 - Update to 3.12.7:
- Tests
    - gh-124378: Updated test_ttk to pass with Tcl/Tk 8.6.15.
  - Security
    - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to
      consistently use the mapped IPv4 address value for deciding
      properties. Properties which have their behavior fixed are
      is_multicast, is_reserved, is_link_local, is_global, and
      is_unspecified.
  - Library
    - gh-116850: Fix argparse for namespaces with not directly
      writable dict (e.g. classes).
    - gh-58573: Fix conflicts between abbreviated long options in
      the parent parser and subparsers in argparse.
    - gh-61181: Fix support of choices with string value in
      argparse. Substrings of the specified string no longer
      considered valid values.
    - gh-80259: Fix argparse support of positional arguments with
      nargs='?', default=argparse.SUPPRESS and specified type.
    - gh-124498: Fix typing.TypeAliasType not to be generic, when
      type_params is an empty tuple.
    - gh-124345: argparse vim supports abbreviated single-dash
      long options separated by = from its value.
    - gh-104860: Fix disallowing abbreviation of single-dash long
      options in argparse with allow_abbrev=False.
    - gh-63143: Fix parsing mutually exclusive arguments in
      argparse. Arguments with the value identical to the default
      value (e.g. booleans, small integers, empty or 1-character
      strings) are no longer considered “not present”.
    - gh-72795: Positional arguments with nargs equal to '*' or

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=71
2024-10-01 15:35:43 +00:00
e64f032e0a Accepting request 1204807 from devel:languages:python:Factory
OBS-URL: https://build.opensuse.org/request/show/1204807
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=21
2024-10-01 15:11:37 +00:00
a00145be7f Drop .pyc files from docdir for reproducible builds
without this change, 2 files varied between builds:
/usr/share/doc/packages/python312-core/Tools/build/__pycache__/generate_global_objects.cpython-312.pyc
/usr/share/doc/packages/python312-core/Tools/build/__pycache__/umarshal.cpython-312.pyc

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=69
2024-09-30 16:48:11 +00:00
5d2f502703 Accepting request 1200888 from devel:languages:python:Factory
- Add doc-py38-to-py36.patch making building documentation
  compatible with Python 3.6, which runs Sphinx on SLE.
- Update to 3.12.6:
  - Tests
    - gh-101525: Skip test_gdb if the binary is relocated by
      BOLT. Patch by Donghee Na.
  - Security
    - gh-123678: Upgrade libexpat to 2.6.3
    - gh-121285: Remove backtracking from tarfile header parsing
      for hdrcharset, PAX, and GNU sparse headers (bsc#1230227,
      CVE-2024-6232).
  - Library
    - gh-123270: Applied a more surgical fix for malformed
      payloads in zipfile.Path causing infinite loops (gh-122905)
      without breaking contents using legitimate characters
      (bsc#1229704, CVE-2024-8088).
    - gh-123213: xml.etree.ElementTree.Element.extend() and
      Element assignment no longer hide the internal exception if
      an erronous generator is passed. Patch by Bar Harel.
    - gh-85110: Preserve relative path in URL without netloc in
      urllib.parse.urlunsplit() and urllib.parse.urlunparse().
    - gh-123067: Fix quadratic complexity in parsing "-quoted
      cookie values with backslashes by http.cookies
      (bsc#1229596, CVE-2024-7592)
    - gh-122903: zipfile.Path.glob now correctly matches
      directories instead of silently omitting them.
    - gh-122905: zipfile.Path objects now sanitize names from the
      zipfile.
    - gh-122695: Fixed double-free when using gc.get_referents()
      with a freed asyncio.Future iterator.
    - gh-116263: logging.handlers.RotatingFileHandler no longer
      rolls over empty log files.
    - gh-118814: Fix the typing.TypeVar constructor when name is
      passed by keyword.
    - gh-122478: Remove internal frames from tracebacks
      shown in code.InteractiveInterpreter with non-default
      sys.excepthook(). Save correct tracebacks in
      sys.last_traceback and update __traceback__ attribute of
      sys.last_value and sys.last_exc.
    - gh-113785: csv now correctly parses numeric fields (when
      used with csv.QUOTE_NONNUMERIC) which start with an escape
      character.
    - gh-112182: asyncio.futures.Future.set_exception() now
      transforms StopIteration into RuntimeError instead of
      hanging or other misbehavior. Patch contributed by Jamie
      Phan.
    - gh-108172: webbrowser honors OS preferred browser on Linux
      when its desktop entry name contains the text of a known
      browser name.
    - gh-102988: email.utils.getaddresses() and
      email.utils.parseaddr() now return ('', '') 2-tuples
      in more situations where invalid email addresses are
      encountered instead of potentially inaccurate values. Add
      optional strict parameter to these two functions: use
      strict=False to get the old behavior, accept malformed
      inputs. getattr(email.utils, 'supports_strict_parsing',
      False) can be use to check if the strict paramater is
      available. Patch by Thomas Dwyer and Victor Stinner to
      improve the CVE-2023-27043 fix.
    - gh-99437: runpy.run_path() now decodes path-like objects,
      making sure __file__ and sys.argv[0] of the module being
      run are always strings.
  - IDLE
    - gh-120083: Add explicit black IDLE Hovertip foreground
      color needed for recent macOS. Fixes Sonoma showing
      unreadable white on pale yellow. Patch by John Riggles.
  - Core and Builtins
    - gh-123321: Prevent Parser/myreadline race condition from
      segfaulting on multi-threaded use. Patch by Bar Harel and
      Amit Wienner.
    - gh-122982: Extend the deprecation period for bool inversion
      (~) by two years.
    - gh-123229: Fix valgrind warning by initializing the
      f-string buffers to 0 in the tokenizer. Patch by Pablo
      Galindo
    - gh-123142: Fix too-wide source location in exception
      tracebacks coming from broken iterables in comprehensions.
    - gh-123048: Fix a bug where pattern matching code could emit
      a JUMP_FORWARD with no source location.
    - gh-123083: Fix a potential use-after-free in
      STORE_ATTR_WITH_HINT.
    - gh-122527: Fix a crash that occurred when a
      PyStructSequence was deallocated after its type’s
      dictionary was cleared by the GC. The type’s tp_basicsize
      now accounts for non-sequence fields that aren’t included
      in the Py_SIZE of the sequence.
    - gh-93691: Fix source locations of instructions generated
      for with statements.
  - Build
    - gh-123297: Propagate the value of LDFLAGS to LDCXXSHARED in
      sysconfig. Patch by Pablo Galindo
- Remove upstreamed patches:
  - CVE-2023-27043-email-parsing-errors.patch
  - CVE-2024-8088-inf-loop-zipfile_Path.patch
  - CVE-2023-6597-TempDir-cleaning-symlink.patch
  - gh120226-fix-sendfile-test-kernel-610.patch
- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid
  failing test_sendfile_close_peer_in_the_middle_of_receiving
  tests on Linux >= 6.10 (GH-120227).

OBS-URL: https://build.opensuse.org/request/show/1200888
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=20
2024-09-26 16:52:41 +00:00
c75ef22ae5 - Add doc-py38-to-py36.patch making building documentation
compatible with Python 3.6, which runs Sphinx on SLE.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=67
2024-09-13 17:10:18 +00:00
10154267fc - Update to 3.12.6:
- Tests
    - gh-101525: Skip test_gdb if the binary is relocated by
      BOLT. Patch by Donghee Na.
  - Security
    - gh-123678: Upgrade libexpat to 2.6.3
    - gh-121285: Remove backtracking from tarfile header parsing
      for hdrcharset, PAX, and GNU sparse headers (bsc#1230227,
      CVE-2024-6232).
  - Library
    - gh-123270: Applied a more surgical fix for malformed
      payloads in zipfile.Path causing infinite loops (gh-122905)
      without breaking contents using legitimate characters
      (bsc#1229704, CVE-2024-8088).
    - gh-123213: xml.etree.ElementTree.Element.extend() and
      Element assignment no longer hide the internal exception if
      an erronous generator is passed. Patch by Bar Harel.
    - gh-85110: Preserve relative path in URL without netloc in
      urllib.parse.urlunsplit() and urllib.parse.urlunparse().
    - gh-123067: Fix quadratic complexity in parsing "-quoted
      cookie values with backslashes by http.cookies
      (bsc#1229596, CVE-2024-7592)
    - gh-122903: zipfile.Path.glob now correctly matches
      directories instead of silently omitting them.
    - gh-122905: zipfile.Path objects now sanitize names from the
      zipfile.
    - gh-122695: Fixed double-free when using gc.get_referents()
      with a freed asyncio.Future iterator.
    - gh-116263: logging.handlers.RotatingFileHandler no longer
      rolls over empty log files.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=66
2024-09-07 21:56:48 +00:00
456c5f3ff6 - Add gh120226-fix-sendfile-test-kernel-610.patch to avoid
failing test_sendfile_close_peer_in_the_middle_of_receiving
  tests on Linux >= 6.10 (GH-120227).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=65
2024-09-02 10:08:57 +00:00
a7e33ce6b6 Accepting request 1197474 from devel:languages:python:Factory
- Add CVE-2024-8088-inf-loop-zipfile_Path.patch to prevent
  malformed payload to cause infinite loops in zipfile.Path
  (bsc#1229704, CVE-2024-8088).

OBS-URL: https://build.opensuse.org/request/show/1197474
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=19
2024-08-30 11:25:40 +00:00
e33fbc932e Accepting request 1192365 from devel:languages:python:Factory
- Update to 3.12.5:
  - Tests
    - gh-59022: Add tests for pkgutil.extend_path(). Patch by
      Andreas Stocker.
    - gh-99242: os.getloadavg() may throw OSError when
      running regression tests under certain conditions (e.g.
      chroot). This error is now caught and ignored, since
      reporting load average is optional.
    - gh-121084: Fix test_typing random leaks. Clear typing ABC
      caches when running tests for refleaks (-R option): call
      _abc_caches_clear() on typing abstract classes and their
      subclasses. Patch by Victor Stinner.
    - gh-121160: Add a test for
      readline.set_history_length(). Note that this test may fail
      on readline libraries.
    - gh-121200: Fix test_expanduser_pwd2() of
      test_posixpath. Call getpwnam() to get pw_dir, since it
      can be different than getpwall() pw_dir. Patch by Victor
      Stinner.
    - gh-121188: When creating the JUnit XML file, regrtest
      now escapes characters which are invalid in XML, such
      as the chr(27) control character used in ANSI escape
      sequences. Patch by Victor Stinner.
  - Security
    - gh-121957: Fixed missing audit events around interactive
      use of Python, now also properly firing for python -i, as
      well as for python -m asyncio. The event in question is
      cpython.run_stdin.
    - gh-122133: Authenticate the socket connection for the
      socket.socketpair() fallback on platforms where AF_UNIX is

OBS-URL: https://build.opensuse.org/request/show/1192365
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=18
2024-08-29 13:42:27 +00:00
5aec8eeba8 Accepting request 1168659 from devel:languages:python:Factory
OBS-URL: https://build.opensuse.org/request/show/1168659
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=17
2024-04-23 16:55:03 +00:00
781fdc451d Accepting request 1168530 from home:dgarcia:branches:devel:languages:python:Factory
- Add CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch to fix tests with
  patched libexpat below 2.6.0 that doesn't update the version number,
  just in 15.6.
- Drop libexpat260.patch, not needed anymore. This patch is merged
  with the CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch to keep
  working on 15.6.
- Add fix-test-recursion-limit-15.6.patch, gh#python/cpython#115083.

OBS-URL: https://build.opensuse.org/request/show/1168530
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=45
2024-04-17 21:21:31 +00:00
2cda1ab826 Clean changelog
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=44
2024-04-11 20:21:37 +00:00
e62ac867bc - Update to 3.12.3:
- Security¶
    - gh-115398: Allow controlling Expat >=2.6.0 reparse deferral
      (CVE-2023-52425, bsc#1219559) by adding five new methods:
          xml.etree.ElementTree.XMLParser.flush()
          xml.etree.ElementTree.XMLPullParser.flush()
          xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
          xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
          xml.sax.expatreader.ExpatParser.flush()
    - gh-115399: Update bundled libexpat to 2.6.0 (bsc#1222075)
    - gh-115243: Fix possible crashes in
      collections.deque.index() when the deque is concurrently
      modified.
    - gh-114572: ssl.SSLContext.cert_store_stats() and
      ssl.SSLContext.get_ca_certs() now correctly lock access to
      the certificate store, when the ssl.SSLContext is shared
      across multiple threads.
  - Core and Builtins
    - gh-109120: Added handle of incorrect star expressions, e.g
      f(3, *). Patch by Grigoryev Semyon
    - gh-99108: Updated the hashlib built-in HACL* project C code
      from upstream that we use for many implementations when
      they are not present via OpenSSL in a given build. This
      also avoids the rare potential for a C symbol name one
      definition rule linking issue.
    - gh-116735: For INSTRUMENTED_CALL_FUNCTION_EX, set arg0 to
      sys.monitoring.MISSING instead of None for CALL event.
    - gh-113964: Starting new threads and process creation
      through os.fork() are now only prevented once all
      non-daemon threads exit.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=43
2024-04-10 14:51:57 +00:00
aa6257f71a Accepting request 1157646 from devel:languages:python:Factory
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1157646
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=16
2024-03-14 16:42:38 +00:00
ded1f6d8f3 Accepting request 1155683 from home:pmonrealgonzalez:branches:devel:languages:python:Factory
OBS-URL: https://build.opensuse.org/request/show/1155683
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=41
2024-03-06 21:50:49 +00:00
1b3ecdbd21 Accepting request 1153616 from devel:languages:python:Factory
- (bsc#1219666, CVE-2023-6597) Add
  CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from
  gh#python/cpython!99930) fixing symlink bug in cleanup of
  tempfile.TemporaryDirectory.

OBS-URL: https://build.opensuse.org/request/show/1153616
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=15
2024-03-03 19:18:35 +00:00
2a55620864 - (bsc#1219666, CVE-2023-6597) Add
CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from
  gh#python/cpython!99930) fixing symlink bug in cleanup of
  tempfile.TemporaryDirectory.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=39
2024-02-29 21:00:39 +00:00
6fb45ea97f Accepting request 1148455 from devel:languages:python:Factory
- Switch to %%autopatch. Let’s try it as an experiment, and if we
  need conditional patch, we should put condition inside of it.
- Remove double definition of /usr/bin/idle%%{version} in
  %%files.

OBS-URL: https://build.opensuse.org/request/show/1148455
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=14
2024-02-22 19:55:26 +00:00
87dab76d59 - Switch to %%autopatch. Let’s try it as an experiment, and if we
need conditional patch, we should put condition inside of it.
- Remove double definition of /usr/bin/idle%%{version} in
  %%files.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=37
2024-02-20 22:10:13 +00:00
858e326499 Accepting request 1146839 from devel:languages:python:Factory
Forwarded request #1146789 from dgarcia

- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
    with Expat 2.6.0, gh#python/cpython#115288

OBS-URL: https://build.opensuse.org/request/show/1146839
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=13
2024-02-15 19:59:19 +00:00
e7723bea01 Accepting request 1146789 from home:dgarcia:branches:devel:languages:python:Factory
- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
  with Expat 2.6.0, gh#python/cpython#115288

OBS-URL: https://build.opensuse.org/request/show/1146789
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=35
2024-02-15 12:59:08 +00:00
600a900c7b Update the patch
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=34
2024-02-12 13:36:22 +00:00
3e5f9031be - (bsc#1210638, CVE-2023-27043) Add
CVE-2023-27043-email-parsing-errors.patch, which rejects
  malformed addresses in email.parseaddr() (gh#python/cpython!111116)
  Detect email address parsing errors and return empty tuple to
  indicate the parsing error (old API). Add an optional 'strict'
  parameter to getaddresses() and parseaddr() functions. Patch by
  Thomas Dwyer.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=33
2024-02-12 13:35:44 +00:00
43433c648f Accepting request 1145177 from devel:languages:python:Factory
OBS-URL: https://build.opensuse.org/request/show/1145177
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=12
2024-02-09 22:52:00 +00:00
120d8db339 Accepting request 1145175 from home:dgarcia:branches:devel:languages:python:Factory
- Update to 3.12.2:
  - Security
    - gh-113659: Skip .pth files with names starting with a dot or
      hidden file attribute.
  - Core and Builtins
    - gh-114887: Changed socket type validation in
      create_datagram_endpoint() to accept all non-stream sockets.
      This fixes a regression in compatibility with raw sockets.
    - gh-114388: Fix a RuntimeWarning emitted when assign an
      integer-like value that is not an instance of int to an
      attribute that corresponds to a C struct member of type T_UINT
      and T_ULONG. Fix a double RuntimeWarning emitted when assign a
      negative integer value to an attribute that corresponds to a C
      struct member of type T_UINT.
    - gh-113703: Fix a regression in the codeop module that was
      causing it to incorrectly identify incomplete f-strings. Patch
      by Pablo Galindo
    - gh-89811: Check for a valid tp_version_tag before performing
      bytecode specializations that rely on this value being usable.
    - gh-113602: Fix an error that was causing the parser to try to
      overwrite existing errors and crashing in the process. Patch by
      Pablo Galindo
    - gh-113297: Fix segfault in the compiler on with statement with
      19 context managers.
    - gh-106905: Use per AST-parser state rather than global state to
      track recursion depth within the AST parser to prevent potential
      race condition due to simultaneous parsing.
    - The issue primarily showed up in 3.11 by multithreaded users of
      ast.parse(). In 3.12 a change to when garbage collection can be
      triggered prevented the race condition from occurring.
    - gh-112943: Correctly compute end column offsets for multiline
      tokens in the tokenize module. Patch by Pablo Galindo
    - gh-112716: Fix SystemError in the import statement and in
      __reduce__() methods of builtin types when __builtins__ is not a
      dict.
    - gh-94606: Fix UnicodeEncodeError when
      email.message.get_payload() reads a message with a Unicode
      surrogate character and the message content is not well-formed
      for surrogateescape encoding. Patch by Sidney Markowitz.
  - Library
    - gh-114965: Update bundled pip to 24.0
    - gh-114959: tarfile no longer ignores errors when trying to
      extract a directory on top of a file.
    - gh-109475: Fix support of explicit option value “–” in argparse
      (e.g. --option=--).
    - gh-110190: Fix ctypes structs with array on Windows ARM64
      platform by setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by
      Diego Russo
    - gh-113280: Fix a leak of open socket in rare cases when error
      occurred in ssl.SSLSocket creation.
    - gh-77749: email.policy.EmailPolicy.fold() now always encodes
      non-ASCII characters in headers if utf8 is false.
    - gh-114492: Make the result of termios.tcgetattr() reproducible
      on Alpine Linux. Previously it could leave a random garbage in
      some fields.
    - gh-113267: Revert changes in gh-106584 which made calls of
      TestResult methods startTest() and stopTest() unbalanced.
    - gh-75128: Ignore an OSError in
      asyncio.BaseEventLoop.create_server() when IPv6 is available but
      the interface cannot actually support it.
    - gh-114257: Dismiss the FileNotFound error in
      ctypes.util.find_library() and just return None on Linux.
    - gh-114328: The tty.setcbreak() and new tty.cfmakecbreak() no
      longer clears the terminal input ICRLF flag. This fixes a
      regression introduced in 3.12 that no longer matched how OSes
      define cbreak mode in their stty(1) manual pages.
    - gh-101438: Avoid reference cycle in ElementTree.iterparse. The
      iterator returned by ElementTree.iterparse may hold on to a file
      descriptor. The reference cycle prevented prompt clean-up of the
      file descriptor if the returned iterator was not exhausted.
    - gh-104522: OSError raised when run a subprocess now only has
      filename attribute set to cwd if the error was caused by a
      failed attempt to change the current directory.
    - gh-114149: Enum: correctly handle tuple subclasses in custom
      __new__.
    - gh-109534: Fix a reference leak in
      asyncio.selector_events.BaseSelectorEventLoop when SSL
      handshakes fail. Patch contributed by Jamie Phan.
    - gh-114077: Fix possible OverflowError in
      socket.socket.sendfile() when pass count larger than 2 GiB on
      32-bit platform.
    - gh-114014: Fixed a bug in fractions.Fraction where an invalid
      string using d in the decimals part creates a different error
      compared to other invalid letters/characters. Patch by Jeremiah
      Gabriel Pascual.
    - gh-113951: Fix the behavior of tag_unbind() methods of
      tkinter.Text and tkinter.Canvas classes with three arguments.
      Previously, widget.tag_unbind(tag, sequence, funcid) destroyed
      the current binding for sequence, leaving sequence unbound, and
      deleted the funcid command. Now it removes only funcid from the
      binding for sequence, keeping other commands, and deletes the
      funcid command. It leaves sequence unbound only if funcid was
      the last bound command.
    - gh-113877: Fix tkinter method winfo_pathname() on 64-bit
      Windows.
    - gh-113661: unittest runner: Don’t exit 5 if tests were skipped.
      The intention of exiting 5 was to detect issues where the test
      suite wasn’t discovered at all. If we skipped tests, it was
      correctly discovered.
    - gh-113781: Silence unraisable AttributeError when warnings are
      emitted during Python finalization.
    - gh-112932: Restore the ability for zipfile to extractall from
      zip files with a “/” directory entry in them as is commonly
      added to zips by some wiki or bug tracker data exporters.
    - gh-113594: Fix UnicodeEncodeError in email when re-fold lines
      that contain unknown-8bit encoded part followed by
      non-unknown-8bit encoded part.
    - gh-113538: In asyncio.StreamReaderProtocol.connection_made(),
      there is callback that logs an error if the task wrapping the
      “connected callback” fails. This callback would itself fail if
      the task was cancelled. Prevent this by checking whether the
      task was cancelled first. If so, close the transport but don’t
      log an error.
    - gh-85567: Fix resource warnings for unclosed files in pickle and
      pickletools command line interfaces.
    - gh-101225: Increase the backlog for
      multiprocessing.connection.Listener objects created by
      multiprocessing.manager and multiprocessing.resource_sharer to
      significantly reduce the risk of getting a connection refused
      error when creating a multiprocessing.connection.Connection to
      them.
    - gh-113543: Make sure that webbrowser.MacOSXOSAScript sends
      webbrowser.open audit event.
    - gh-113028: When a second reference to a string appears in the
      input to pickle, and the Python implementation is in use, we are
      guaranteed that a single copy gets pickled and a single object
      is shared when reloaded. Previously, in protocol 0, when a
      string contained certain characters (e.g. newline) it resulted
      in duplicate objects.
    - gh-113421: Fix multiprocessing logger for %(filename)s.
    - gh-111784: Fix segfaults in the _elementtree module. Fix first
      segfault during deallocation of _elementtree.XMLParser instances
      by keeping strong reference to pyexpat module in module state
      for capsule lifetime. Fix second segfault which happens in the
      same deallocation process by keeping strong reference to
      _elementtree module in XMLParser structure for _elementtree
      module lifetime.
    - gh-113407: Fix import of unittest.mock when CPython is built
      without docstrings.
    - gh-113320: Fix regression in Python 3.12 where Protocol classes
      that were not marked as runtime-checkable would be unnecessarily
      introspected, potentially causing exceptions to be raised if the
      protocol had problematic members. Patch by Alex Waygood.
    - gh-113358: Fix rendering tracebacks for exceptions with a broken
      __getattr__.
    - gh-113214: Fix an AttributeError during asyncio SSL protocol
      aborts in SSL-over-SSL scenarios.
    - gh-113246: Update bundled pip to 23.3.2.
    - gh-113199: Make http.client.HTTPResponse.read1 and
      http.client.HTTPResponse.readline close IO after reading all
      data when content length is known. Patch by Illia Volochii.
    - gh-113188: Fix shutil.copymode() and shutil.copystat() on
      Windows. Previously they worked differenly if dst is a symbolic
      link: they modified the permission bits of dst itself rather
      than the file it points to if follow_symlinks is true or src is
      not a symbolic link, and did not modify the permission bits if
      follow_symlinks is false and src is a symbolic link.
    - gh-61648: Detect line numbers of properties in doctests.
    - gh-112559: signal.signal() and signal.getsignal() no longer call
      repr on callable handlers. asyncio.run() and
      asyncio.Runner.run() no longer call repr on the task results.
      Patch by Yilei Yang.
    - gh-110190: Fix ctypes structs with array on PPC64LE platform by
      setting MAX_STRUCT_SIZE to 64 in stgdict. Patch by Diego Russo.
    - gh-79429: Ignore FileNotFoundError when remove a temporary
      directory in the multiprocessing finalizer.
    - gh-81194: Fix a crash in socket.if_indextoname() with specific
      value (UINT_MAX). Fix an integer overflow in
      socket.if_indextoname() on 64-bit non-Windows platforms.
    - gh-112343: Improve handling of pdb convenience variables to
      avoid replacing string contents.
    - gh-111615: Fix a regression caused by a fix to gh-93162 whereby
      you couldn’t configure a QueueHandler without specifying
      handlers.
    - gh-111049: Fix crash during garbage collection of the io.BytesIO
      buffer object.
    - gh-110345: Show the Tcl/Tk patchlevel (rather than version) in
      tkinter._test().
    - gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now
      raises BadZipFile when try to read an entry that overlaps with
      other entry or central directory.
    - gh-114440: On Windows, closing the connection writer when
      cleaning up a broken multiprocessing.Queue queue is now done for
      all queues, rather than only in concurrent.futures manager
      thread. This can prevent a deadlock when a multiprocessing
      worker process terminates without cleaning up. This completes
      the backport of patches by Victor Stinner and Serhiy Storchaka.
    - gh-38807: Fix race condition in trace. Instead of checking if a
      directory exists and creating it, directly call os.makedirs()
      with the kwarg exist_ok=True.
    - gh-75705: Set unixfrom envelope in mailbox.mbox and
      mailbox.MMDF.
    - gh-106233: Fix stacklevel in InvalidTZPathWarning during
      zoneinfo module import.
    - gh-105102: Allow ctypes.Union to be nested in ctypes.Structure
      when the system endianness is the opposite of the classes.
    - gh-104282: Fix null pointer dereference in
      lzma._decode_filter_properties() due to improper handling of BCJ
      filters with properties of zero length. Patch by Radislav
      Chugunov.
    - gh-102512: When os.fork() is called from a foreign thread (aka
      _DummyThread), the type of the thread in a child process is
      changed to _MainThread. Also changed its name and daemonic
      status, it can be now joined.
    - bpo-35928: io.TextIOWrapper now correctly handles the decoding
      buffer after read() and write().
    - bpo-26791: shutil.move() now moves a symlink into a directory
      when that directory is the target of the symlink. This provides
      the same behavior as the mv shell command. The previous behavior
      raised an exception. Patch by Jeffrey Kintscher.
    - bpo-36959: Fix some error messages for invalid ISO format string
      combinations in strptime() that referred to directives not
      contained in the format string. Patch by Gordon P. Hemsley.
    - bpo-18060: Fixed a class inheritance issue that can cause
      segfaults when deriving two or more levels of subclasses from a
      base class of Structure or Union.
  - Documentation
    - gh-110746: Improved markup for valid options/values for methods
      ttk.treeview.column and ttk.treeview.heading, and for Layouts.
    - gh-95649: Document that the asyncio module contains code taken
      from v0.16.0 of the uvloop project, as well as the required MIT
      licensing information.
  - Tests
    - gh-109980: Fix test_tarfile_vs_tar in test_shutil for macOS,
      where system tar can include more information in the archive
      than shutil.make_archive.
    - gh-105089: Fix
      test.test_zipfile.test_core.TestWithDirectory.test_create_directory_with_write
      test in AIX by doing a bitwise AND of 0xFFFF on mode , so that
      it will be in sync with zinfo.external_attr
    - bpo-40648: Test modes that file can get with chmod() on Windows.
  - Build
    - gh-112305: Fixed the check-clean-src step performed on out of
      tree builds to detect errant $(srcdir)/Python/frozen_modules/*.h
      files and recommend appropriate source tree cleanup steps to get
      a working build again.
    - gh-112867: Fix the build for the case that
      WITH_PYMALLOC_RADIX_TREE=0 set.
    - bpo-11102: The os.major(), os.makedev(), and os.minor()
      functions are now available on HP-UX v3.
    - bpo-36351: Do not set ipv6type when cross-compiling.
  - IDLE
    - gh-96905: In idlelib code, stop redefining built-ins ‘dict’ and
      ‘object’.
    - gh-72284: Improve the lists of features, editor key bindings,
      and shell key bingings in the IDLE doc.
    - gh-113903: Fix rare failure of test.test_idle, in
      test_configdialog.
    - gh-113729: Fix the “Help -> IDLE Doc” menu bug in 3.11.7 and
      3.12.1.
    - gh-113269: Fix test_editor hang on macOS Catalina.
    - gh-112898: Fix processing unsaved files when quitting IDLE on
      macOS.
    - gh-103820: Revise IDLE bindings so that events from mouse button
      4/5 on non-X11 windowing systems (i.e. Win32 and Aqua) are not
      mistaken for scrolling.
    - bpo-13586: Enter the selected text when opening the “Replace”
      dialog.
  - Tools/Demos
    - gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.13 and
      multissltests to use 1.1.1w, 3.0.13, 3.1.5, and 3.2.1.
    - gh-115015: Fix a bug in Argument Clinic that generated incorrect
      code for methods with no parameters that use the METH_METHOD |
      METH_FASTCALL | METH_KEYWORDS calling convention. Only the
      positional parameter count was checked; any keyword argument
      passed would be silently accepted.
- Refresh patches:
  - bpo-31046_ensurepip_honours_prefix.patch
  - fix_configure_rst.patch
  - no-skipif-doctests.patch
  - python-3.3.0b1-fix_date_time_compiler.patch
  - python-3.3.0b1-localpath.patch
  - python-3.3.0b1-test-posix_fadvise.patch
  - skip-test_pyobject_freed_is_freed.patch
  - subprocess-raise-timeout.patch

OBS-URL: https://build.opensuse.org/request/show/1145175
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=31
2024-02-08 12:49:08 +00:00
ec28b63cd7 Accepting request 1133398 from devel:languages:python:Factory
- Update patch fix_configure_rst.patch
- Update to 3.12.1 (CVE-2023-6507, bsc#1217939):
  - Core and Builtins
    - gh-112125: Fix None.__ne__(None) returning NotImplemented
      instead of False
    - gh-112625: Fixes a bug where a bytearray object could be
      cleared while iterating over an argument in the
      bytearray.join() method that could result in reading memory
      after it was freed.
    - gh-105967: Workaround a bug in Apple’s macOS platform zlib
      library where zlib.crc32() and binascii.crc32() could produce
      incorrect results on multi-gigabyte inputs. Including when
      using zipfile on zips containing large data.
    - gh-112356: Stopped erroneously deleting a LOAD_NULL bytecode
      instruction when optimized twice.
    - gh-111058: Change coro.cr_frame/gen.gi_frame to return None
      after the coroutine/generator has been closed. This fixes a bug
      where getcoroutinestate() and getgeneratorstate() return the
      wrong state for a closed coroutine/generator.
    - gh-112388: Fix an error that was causing the parser to try to
      overwrite tokenizer errors. Patch by pablo Galindo
    - gh-112387: Fix error positions for decoded strings with
      backwards tokenize errors. Patch by Pablo Galindo
    - gh-112367: Avoid undefined behaviour when using the perf
      trampolines by not freeing the code arenas until shutdown.
      Patch by Pablo Galindo
    - gh-112243: Don’t include comments in f-string debug
      expressions. Patch by Pablo Galindo
    - gh-112266: Change docstrings of __dict__ and __weakref__.
    - gh-111654: Fix runtime crash when some error happens in opcode
      LOAD_FROM_DICT_OR_DEREF.
    - gh-109181: Speed up Traceback object creation by lazily compute
      the line number. Patch by Pablo Galindo
    - gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004
      codecs read out of bounds
    - gh-111366: Fix an issue in the codeop that was causing
      SyntaxError exceptions raised in the presence of invalid syntax
      to not contain precise error messages. Patch by Pablo Galindo
    - gh-111380: Fix a bug that was causing SyntaxWarning to appear
      twice when parsing if invalid syntax is encountered later.
      Patch by Pablo galindo
    - gh-94438: Fix a regression that prevented jumping across is
      None and is not None when debugging. Patch by Savannah
      Ostrowski.
    - gh-110938: Fix error messages for indented blocks with
      functions and classes with generic type parameters. Patch by
      Pablo Galindo
    - gh-109894: Fixed crash due to improperly initialized static
      MemoryError in subinterpreter.
    - gh-110782: Fix crash when typing.TypeVar is constructed with a
      keyword argument. Patch by Jelle Zijlstra.
    - gh-110696: Fix incorrect error message for invalid argument
      unpacking. Patch by Pablo Galindo
    - gh-110543: Fix regression in Python 3.12 where
      types.CodeType.replace() would produce a broken code object if
      called on a module or class code object that contains a
      comprehension. Patch by Jelle Zijlstra.
    - gh-110514: Add PY_THROW to sys.setprofile() events
    - gh-110455: Guard assert(tstate->thread_id > 0) with #ifndef
      HAVE_PTHREAD_STUBS. This allows for for pydebug builds to work
      under WASI which (currently) lacks thread support.
    - gh-110259: Correctly identify the format spec in f-strings
      (with single or triple quotes) that have multiple lines in the
      expression part and include a formatting spec. Patch by Pablo
      Galindo
    - gh-110237: Fix missing error checks for calls to PyList_Append
      in _PyEval_MatchClass.
    - gh-109889: Fix the compiler’s redundant NOP detection algorithm
      to skip over NOPs with no line number when looking for the next
      instruction’s lineno.
    - gh-109853: sys.path[0] is now set correctly for
      subinterpreters.
    - gh-105716: Subinterpreters now correctly handle the case where
      they have threads running in the background. Before, such
      threads would interfere with cleaning up and destroying them,
      as well as prevent running another script.
    - gh-109793: The main thread no longer exits prematurely when a
      subinterpreter is cleaned up during runtime finalization. The
      bug was a problem particularly because, when triggered, the
      Python process would always return with a 0 exitcode, even if
      it failed.
    - gh-109596: Fix some tokens in the grammar that were incorrectly
      marked as soft keywords. Also fix some repeated rule names and
      ensure that repeated rules are not allowed. Patch by Pablo
      Galindo
    - gh-109351: Fix crash when compiling an invalid AST involving a
      named (walrus) expression.
    - gh-109216: Fix possible memory leak in BUILD_MAP.
    - gh-109207: Fix a SystemError in __repr__ of symtable entry
      object.
    - gh-109179: Fix bug where the C traceback display drops notes
      from SyntaxError.
    - gh-109052: Use the base opcode when comparing code objects to
      avoid interference from instrumentation
    - gh-88943: Improve syntax error for non-ASCII character that
      follows a numerical literal. It now points on the invalid
      non-ASCII character, not on the valid numerical literal.
    - gh-106931: Statically allocated string objects are now interned
      globally instead of per-interpreter. This fixes a situation
      where such a string would only be interned in a single
      interpreter. Normal string objects are unaffected.
  - Library
    - gh-79325: Fix an infinite recursion error in
      tempfile.TemporaryDirectory() cleanup on Windows.
    - gh-112645: Remove deprecation error on passing onerror to
      shutil.rmtree().
    - gh-112618: Fix a caching bug relating to typing.Annotated.
      Annotated[str, True] is no longer identical to Annotated[str,
      1].
    - gh-112334: Fixed a performance regression in 3.12’s subprocess
      on Linux where it would no longer use the fast-path vfork()
      system call when it should have due to a logic bug, instead
      always falling back to the safe but slower fork().
    - Also fixed a related 3.12 security regression: If a value of
      extra_groups=[] was passed to subprocess.Popen or related APIs,
      the underlying setgroups(0, NULL) system call to clear the
      groups list would not be made in the child process prior to
      exec(). This has been assigned CVE-2023-6507.
    - This was identified via code inspection in the process of fixing
      the first bug.
    - gh-110190: Fix ctypes structs with array on Arm platform by
      setting MAX_STRUCT_SIZE to 32 in stgdict. Patch by Diego Russo.
    - gh-112578: Fix a spurious RuntimeWarning when executing the
      zipfile module.
    - gh-112509: Fix edge cases that could cause a key to be present
      in both the __required_keys__ and __optional_keys__ attributes
      of a typing.TypedDict. Patch by Jelle Zijlstra.
    - gh-112414: Fix regression in Python 3.12 where calling repr() on
      a module that had been imported using a custom loader could fail
      with AttributeError. Patch by Alex Waygood.
    - gh-112358: Revert change to struct.Struct initialization that
      broke some cases of subclassing.
    - gh-94722: Fix bug where comparison between instances of DocTest
      fails if one of them has None as its lineno.
    - gh-112105: Make readline.set_completer_delims() work with
      libedit
    - gh-111942: Fix SystemError in the TextIOWrapper constructor with
      non-encodable “errors” argument in non-debug mode.
    - gh-109538: Issue warning message instead of having RuntimeError
      be displayed when event loop has already been closed at
      StreamWriter.__del__().
    - gh-111942: Fix crashes in io.TextIOWrapper.reconfigure() when
      pass invalid arguments, e.g. non-string encoding.
    - gh-111460: curses: restore wide character support (including
      curses.unget_wch() and get_wch()) on macOS, which was
      unavailable due to a regression in Python 3.12.
    - gh-103791: contextlib.suppress now supports suppressing
      exceptions raised as part of a BaseExceptionGroup, in addition
      to the recent support for ExceptionGroup.
    - gh-111804: Remove posix.fallocate() under WASI as the underlying
      posix_fallocate() is not available in WASI preview2.
    - gh-111841: Fix truncating arguments on an embedded null
      character in os.putenv() and os.unsetenv() on Windows.
    - gh-111541: Fix doctest for SyntaxError not-builtin subclasses.
    - gh-110894: Call loop exception handler for exceptions in
      client_connected_cb of asyncio.start_server() so that
      applications can handle it. Patch by Kumar Aditya.
    - gh-111531: Fix reference leaks in bind_class() and bind_all()
      methods of tkinter widgets.
    - gh-111356: Added io.text_encoding(), io.DEFAULT_BUFFER_SIZE, and
      io.IncrementalNewlineDecoder to io.__all__.
    - gh-111342: Fixed typo in math.sumprod().
    - gh-68166: Remove mention of not supported “vsapi” element type
      in tkinter.ttk.Style.element_create(). Add tests for
      element_create() and other ttk.Style methods. Add examples for
      element_create() in the documentation.
    - gh-75666: Fix the behavior of tkinter widget’s unbind() method
      with two arguments. Previously, widget.unbind(sequence, funcid)
      destroyed the current binding for sequence, leaving sequence
      unbound, and deleted the funcid command. Now it removes only
      funcid from the binding for sequence, keeping other commands,
      and deletes the funcid command. It leaves sequence unbound only
      if funcid was the last bound command.
    - gh-79033: Another attempt at fixing
      asyncio.Server.wait_closed(). It now blocks until both
      conditions are true: the server is closed, and there are no more
      active connections. (This means that in some cases where in
      3.12.0 this function would incorrectly have returned
      immediately, it will now block; in particular, when there are no
      active connections but the server hasn’t been closed yet.)
    - gh-111295: Fix time not checking for errors when initializing.
    - gh-111253: Add error checking during _socket module init.
    - gh-111251: Fix _blake2 not checking for errors when
      initializing.
    - gh-111174: Fix crash in io.BytesIO.getbuffer() called repeatedly
      for empty BytesIO.
    - gh-111187: Postpone removal version for
      locale.getdefaultlocale() to Python 3.15.
    - gh-111159: Fix doctest output comparison for exceptions with
      notes.
    - gh-110910: Fix invalid state handling in asyncio.TaskGroup and
      asyncio.Timeout. They now raise proper RuntimeError if they are
      improperly used and are left in consistent state after this.
    - gh-111092: Make turtledemo run without default root enabled.
    - gh-110488: Fix a couple of issues in
      pathlib.PurePath.with_name(): a single dot was incorrectly
      considered a valid name, and in PureWindowsPath, a name with an
      NTFS alternate data stream, like a:b, was incorrectly considered
      invalid.
    - gh-110392: Fix tty.setraw() and tty.setcbreak(): previously they
      returned partially modified list of the original tty attributes.
      tty.cfmakeraw() and tty.cfmakecbreak() now make a copy of the
      list of special characters before modifying it.
    - gh-110590: Fix a bug in _sre.compile() where TypeError would be
      overwritten by OverflowError when the code argument was a list
      of non-ints.
    - gh-65052: Prevent pdb from crashing when trying to display
      undisplayable objects
    - gh-110519: Deprecation warning about non-integer number in
      gettext now alwais refers to the line in the user code where
      gettext function or method is used. Previously it could refer to
      a line in gettext code.
    - gh-110395: Ensure that select.kqueue() objects correctly appear
      as closed in forked children, to prevent operations on an
      invalid file descriptor.
    - gh-110378: contextmanager() and asynccontextmanager() context
      managers now close an invalid underlying generator object that
      yields more then one value.
    - gh-110365: Fix termios.tcsetattr() bug that was overwritting
      existing errors during parsing integers from term list.
    - gh-109653: Fix a Python 3.12 regression in the import time of
      random. Patch by Alex Waygood.
    - gh-110196: Add __reduce__ method to IPv6Address in order to keep
      scope_id
    - gh-110036: On Windows, multiprocessing Popen.terminate() now
      catchs PermissionError and get the process exit code. If the
      process is still running, raise again the PermissionError.
      Otherwise, the process terminated as expected: store its exit
      code. Patch by Victor Stinner.
    - gh-110038: Fixed an issue that caused KqueueSelector.select() to
      not return all the ready events in some cases when a file
      descriptor is registered for both read and write.
    - gh-109631: re functions such as re.findall(), re.split(),
      re.search() and re.sub() which perform short repeated matches
      can now be interrupted by user.
    - gh-109747: Improve errors for unsupported look-behind patterns.
      Now re.error is raised instead of OverflowError or RuntimeError
      for too large width of look-behind pattern.
    - gh-109818: Fix reprlib.recursive_repr() not copying
      __type_params__ from decorated function.
    - gh-109047: concurrent.futures: The executor manager thread now
      catches exceptions when adding an item to the call queue. During
      Python finalization, creating a new thread can now raise
      RuntimeError. Catch the exception and call terminate_broken() in
      this case. Patch by Victor Stinner.
    - gh-109782: Ensure the signature of os.path.isdir() is identical
      on all platforms. Patch by Amin Alaee.
    - gh-109590: shutil.which() will prefer files with an extension in
      PATHEXT if the given mode includes os.X_OK on win32. If no
      PATHEXT match is found, a file without an extension in PATHEXT
      can be returned. This change will have shutil.which() act more
      similarly to previous behavior in Python 3.11.
    - gh-109786: Fix possible reference leaks and crash when re-enter
      the __next__() method of itertools.pairwise.
    - gh-109593: Avoid deadlocking on a reentrant call to the
      multiprocessing resource tracker. Such a reentrant call, though
      unlikely, can happen if a GC pass invokes the finalizer for a
      multiprocessing object such as SemLock.
    - gh-109613: Fix os.stat() and os.DirEntry.stat(): check for
      exceptions. Previously, on Python built in debug mode, these
      functions could trigger a fatal Python error (and abort the
      process) when a function succeeded with an exception set. Patch
      by Victor Stinner.
    - gh-109375: The pdb alias command now prevents registering
      aliases without arguments.
    - gh-107219: Fix a race condition in concurrent.futures. When a
      process in the process pool was terminated abruptly (while the
      future was running or pending), close the connection write end.
      If the call queue is blocked on sending bytes to a worker
      process, closing the connection write end interrupts the send,
      so the queue can be closed. Patch by Victor Stinner.
    - gh-50644: Attempts to pickle or create a shallow or deep copy of
      codecs streams now raise a TypeError. Previously, copying failed
      with a RecursionError, while pickling produced wrong results
      that eventually caused unpickling to fail with a RecursionError.
    - gh-108987: Fix _thread.start_new_thread() race condition. If a
      thread is created during Python finalization, the newly spawned
      thread now exits immediately instead of trying to access freed
      memory and lead to a crash. Patch by Victor Stinner.
    - gh-108791: Improved error handling in pdb command line
      interface, making it produce more concise error messages.
    - gh-105829: Fix concurrent.futures.ProcessPoolExecutor deadlock
    - gh-106584: Fix exit code for unittest if all tests are skipped.
      Patch by Egor Eliseev.
    - gh-102956: Fix returning of empty byte strings after seek in
      zipfile module
    - gh-84867: unittest.TestLoader no longer loads test cases from
      exact unittest.TestCase and unittest.FunctionTestCase classes.
    - gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup,
      which now no longer dereferences symlinks when working around
      file system permission errors.
    - gh-73561: Omit the interface scope from an IPv6 address when
      used as Host header by http.client.
    - gh-86826: zipinfo now supports the full range of values in the
      TZ string determined by RFC 8536 and detects all invalid
      formats. Both Python and C implementations now raise exceptions
      of the same type on invalid data.
    - bpo-43153: On Windows, tempfile.TemporaryDirectory previously
      masked a PermissionError with NotADirectoryError during
      directory cleanup. It now correctly raises PermissionError if
      errors are not ignored. Patch by Andrei Kulakov and Ken Jin.
    - bpo-35332: The shutil.rmtree() function now ignores errors when
      calling os.close() when ignore_errors is True, and os.close() no
      longer retried after error.
    - bpo-41422: Fixed memory leaks of pickle.Pickler and
      pickle.Unpickler involving cyclic references via the internal
      memo mapping.
    - bpo-40262: The ssl.SSLSocket.recv_into() method no longer
      requires the buffer argument to implement __len__ and supports
      buffers with arbitrary item size.
  - Documentation
    - gh-111699: Relocate smtpd deprecation notice to its own section
      rather than under locale in What’s New in Python 3.12 document
    - gh-108826: dis module command-line interface is now mentioned in
      documentation. Test- s
    - gh-112769: The tests now correctly compare zlib version when
      zlib.ZLIB_RUNTIME_VERSION contains non-integer suffixes. For
      example zlib-ng defines the version as 1.3.0.zlib-ng.
    - gh-110367: Make regrtest --verbose3 option compatible with
      --huntrleaks -jN options. The ./python -m test -j1 -R 3:3
      --verbose3 command now works as expected. Patch by Victor
      Stinner.
    - gh-111165: Remove no longer used functions run_unittest() and
      run_doctest() from the test.support module.
    - gh-110932: Fix regrtest if the SOURCE_DATE_EPOCH environment
      variable is defined: use the variable value as the random seed.
      Patch by Victor Stinner.
    - gh-110995: test_gdb: Fix detection of gdb built without Python
      scripting support. Patch by Victor Stinner.
    - gh-110918: Test case matching patterns specified by options
      --match, --ignore, --matchfile and --ignorefile are now tested
      in the order of specification, and the last match determines
      whether the test case be run or ignored.
    - gh-110647: Fix test_stress_modifying_handlers() of test_signal.
      Patch by Victor Stinner.
    - gh-103053: Fix test_tools.test_freeze on FreeBSD: run “make
      distclean” instead of “make clean” in the copied source
      directory to remove also the “python” program. Patch by Victor
      Stinner.
    - gh-110167: Fix a deadlock in test_socket when server fails with
      a timeout but the client is still running in its thread. Don’t
      hold a lock to call cleanup functions in doCleanups(). One of
      the cleanup function waits until the client completes, whereas
      the client could deadlock if it called addCleanup() in such
      situation. Patch by Victor Stinner.
    - gh-110388: Add tests for tty.
    - gh-81002: Add tests for termios.
    - gh-110267: Add tests for pickling and copying PyStructSequence
      objects. Patched by Xuehai Pan.
    - gh-110031: Skip test_threading tests using thread+fork if Python
      is built with Address Sanitizer (ASAN). Patch by Victor Stinner.
    - gh-110088: Fix test_asyncio timeouts: don’t measure the maximum
      duration, a test should not measure a CI performance. Only
      measure the minimum duration when a task has a timeout or delay.
      Add CLOCK_RES to test_asyncio.utils. Patch by Victor Stinner.
    - gh-109974: Fix race conditions in test_threading lock tests.
      Wait until a condition is met rather than using time.sleep()
      with a hardcoded number of seconds. Patch by Victor Stinner.
    - gh-110033: Fix test_interprocess_signal() of test_signal. Make
      sure that the subprocess.Popen object is deleted before the test
      raising an exception in a signal handler. Otherwise,
      Popen.__del__() can get the exception which is logged as
      Exception ignored in: ... and the test fails. Patch by Victor
      Stinner.
    - gh-109594: Fix test_timeout() of
      test_concurrent_futures.test_wait. Remove the future which may
      or may not complete depending if it takes longer than the
      timeout ot not. Keep the second future which does not complete
      before wait() timeout. Patch by Victor Stinner.
    - gh-109972: Split test_gdb.py file into a test_gdb package made
      of multiple tests, so tests can now be run in parallel. Patch by
      Victor Stinner.
    - gh-103053: Skip test_freeze_simple_script() of
      test_tools.test_freeze if Python is built with ./configure
      --enable-optimizations, which means with Profile Guided
      Optimization (PGO): it just makes the test too slow. The freeze
      tool is tested by many other CIs with other (faster) compiler
      flags. Patch by Victor Stinner.
    - gh-109580: Skip test_perf_profiler if Python is built with ASAN,
      MSAN or UBSAN sanitizer. Python does crash randomly in this test
      on such build. Patch by Victor Stinner.
    - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on
      Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt”
      command output to detect when gdb fails to retrieve the
      traceback. For example, skip a test if Backtrace stopped: frame
      did not save the PC is found. Patch by Victor Stinner.
    - gh-108927: Fixed order dependence in running tests in the same
      process when a test that has submodules (e.g. test_importlib)
      follows a test that imports its submodule (e.g.
      test_importlib.util) and precedes a test (e.g. test_unittest or
      test_compileall) that uses that submodule.
  - Build
    - gh-112088: Add Tools/build/regen-configure.sh script to
      regenerate the configure with an Ubuntu container image. The
      quay.io/tiran/cpython_autoconf:271 container image
      (tiran/cpython_autoconf) is no longer used. Patch by Victor
      Stinner.
    - gh-111046: For wasi-threads, memory is now exported to fix
      compatibility issues with some wasm runtimes.
    - gh-103053: “make check-clean-src” now also checks if the
      “python” program is found in the source directory: fail with an
      error if it does exist. Patch by Victor Stinner.
    - gh-109191: Fix compile error when building with recent versions
      of libedit.
  - IDLE
    - bpo-35668: Add docstrings to the IDLE debugger module. Fix two
      bugs: initialize Idb.botframe (should be in Bdb); in
      Idb.in_rpc_code, check whether prev_frame is None before trying
      to use it. Greatly expand test_debugger.
  - C API
    - gh-106560: Fix redundant declarations in the public C API.
      Declare PyBool_Type and PyLong_Type only once. Patch by Victor
      Stinner.
    - gh-112438: Fix support of format units “es”, “et”, “es#”, and
      “et#” in nested tuples in PyArg_ParseTuple()-like functions.
    - gh-109521: PyImport_GetImporter() now sets RuntimeError if it
      fails to get sys.path_hooks or sys.path_importer_cache or they
      are not list and dict correspondingly. Previously it could
      return NULL without setting error in obscure cases, crash or
      raise SystemError if these attributes have wrong type.

OBS-URL: https://build.opensuse.org/request/show/1133398
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=11
2023-12-15 20:50:03 +00:00
08ae864ead - Update patch fix_configure_rst.patch
- Update to 3.12.1 (CVE-2023-6507, bsc#1217939):
  - Core and Builtins
    - gh-112125: Fix None.__ne__(None) returning NotImplemented
      instead of False
    - gh-112625: Fixes a bug where a bytearray object could be
      cleared while iterating over an argument in the
      bytearray.join() method that could result in reading memory
      after it was freed.
    - gh-105967: Workaround a bug in Apple’s macOS platform zlib
      library where zlib.crc32() and binascii.crc32() could produce
      incorrect results on multi-gigabyte inputs. Including when
      using zipfile on zips containing large data.
    - gh-112356: Stopped erroneously deleting a LOAD_NULL bytecode
      instruction when optimized twice.
    - gh-111058: Change coro.cr_frame/gen.gi_frame to return None
      after the coroutine/generator has been closed. This fixes a bug
      where getcoroutinestate() and getgeneratorstate() return the
      wrong state for a closed coroutine/generator.
    - gh-112388: Fix an error that was causing the parser to try to
      overwrite tokenizer errors. Patch by pablo Galindo
    - gh-112387: Fix error positions for decoded strings with
      backwards tokenize errors. Patch by Pablo Galindo
    - gh-112367: Avoid undefined behaviour when using the perf
      trampolines by not freeing the code arenas until shutdown.
      Patch by Pablo Galindo
    - gh-112243: Don’t include comments in f-string debug
      expressions. Patch by Pablo Galindo
    - gh-112266: Change docstrings of __dict__ and __weakref__.
    - gh-111654: Fix runtime crash when some error happens in opcode

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=29
2023-12-15 10:49:52 +00:00
bed78a368a Accepting request 1126824 from devel:languages:python:Factory
- Remove F00251-change-user-install-location.patch, that patch breaks
  the python-rpm-macros usage with multibuild

OBS-URL: https://build.opensuse.org/request/show/1126824
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=10
2023-11-16 19:29:17 +00:00
d6f2a15b17 - Remove F00251-change-user-install-location.patch, that patch breaks
the python-rpm-macros usage with multibuild

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=27
2023-11-16 10:03:01 +00:00
772909188b Accepting request 1114870 from devel:languages:python:Factory
- Update to the final release of 3.12.0:
  Python 3.12 is the latest stable release of the Python
  programming language, with a mix of changes to the language and
  the standard library. The library changes focus on cleaning up
  deprecated APIs, usability, and correctness. Of note, the
  distutils package has been removed from the standard library.
  Filesystem support in os and pathlib has seen a number of
  improvements, and several modules have better performance.
  The language changes focus on usability, as f-strings have had
  many limitations removed and ‘Did you mean …’ suggestions
  continue to improve. The new type parameter syntax and type
  statement improve ergonomics for using generic types and type
  aliases with static type checkers.
  This article doesn’t attempt to provide a complete
  specification of all new features, but instead gives
  a convenient overview. For full details, you should refer to
  the documentation, such as the Library Reference and Language
  Reference. If you want to understand the complete
  implementation and design rationale for a change, refer to the
  PEP for a particular new feature; but note that PEPs usually
  are not kept up-to-date once a feature has been fully
  implemented.
  - New syntax features:
      - PEP 695, type parameter syntax and the type statement
  - New grammar features:
      - PEP 701, f-strings in the grammar
  - Interpreter improvements:
      - PEP 684, a unique per-interpreter GIL
      - PEP 669, low impact monitoring
      - Improved ‘Did you mean …’ suggestions for NameError,
        ImportError, and SyntaxError exceptions
  - Python data model improvements:
      - PEP 688, using the buffer protocol from Python
  - Significant improvements in the standard library:
      - The pathlib.Path class now supports subclassing
      - The os module received several improvements for Windows
        support
      - A command-line interface has been added to the sqlite3
        module
      - isinstance() checks against runtime-checkable protocols
        enjoy a speed up of between two and 20 times
      - The asyncio package has had a number of performance
        improvements, with some benchmarks showing a 75% speed
        up.
      - A command-line interface has been added to the uuid
        module
      - Due to the changes in PEP 701, producing tokens via the
        tokenize module is up to up to 64% faster.
  - Security improvements:
      - Replace the builtin hashlib implementations of SHA1,
        SHA3, SHA2-384, SHA2-512, and MD5 with formally verified
        code from the HACL* project. These builtin
        implementations remain as fallbacks that are only used
        when OpenSSL does not provide them.
  - C API improvements:
      - PEP 697, unstable C API tier
      - PEP 683, immortal objects
  - CPython implementation improvements:
      - PEP 709, comprehension inlining
      - CPython support for the Linux perf profiler
      - Implement stack overflow protection on supported
        platforms
  - New typing features:
      - PEP 692, using TypedDict to annotate **kwargs
      - PEP 698, typing.override() decorator
  - Important deprecations, removals or restrictions:
      - PEP 623: Remove wstr from Unicode objects in Python’s
        C API, reducing the size of every str object by at least
        8 bytes.
      - PEP 632: Remove the distutils package. See the migration
        guide for advice replacing the APIs it provided. The
        third-party Setuptools package continues to provide
        distutils, if you still require it in Python 3.12 and
        beyond.
      - gh-95299: Do not pre-install setuptools in virtual
        environments created with venv. This means that
        distutils, setuptools, pkg_resources, and easy_install
        will no longer available by default; to access these run
        pip install setuptools in the activated virtual
        environment.
      - The asynchat, asyncore, and imp modules have been
        removed, along with several unittest.TestCase method
        aliases.
- Refresh bluez-devel-vendor.tar.xz from bluez-devel 5.69-1.1.

OBS-URL: https://build.opensuse.org/request/show/1114870
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=9
2023-10-04 20:30:53 +00:00
ddd6994ad4 - Update to the final release of 3.12.0:
Python 3.12 is the latest stable release of the Python
  programming language, with a mix of changes to the language and
  the standard library. The library changes focus on cleaning up
  deprecated APIs, usability, and correctness. Of note, the
  distutils package has been removed from the standard library.
  Filesystem support in os and pathlib has seen a number of
  improvements, and several modules have better performance.
  The language changes focus on usability, as f-strings have had
  many limitations removed and ‘Did you mean …’ suggestions
  continue to improve. The new type parameter syntax and type
  statement improve ergonomics for using generic types and type
  aliases with static type checkers.
  This article doesn’t attempt to provide a complete
  specification of all new features, but instead gives
  a convenient overview. For full details, you should refer to
  the documentation, such as the Library Reference and Language
  Reference. If you want to understand the complete
  implementation and design rationale for a change, refer to the
  PEP for a particular new feature; but note that PEPs usually
  are not kept up-to-date once a feature has been fully
  implemented.
  - New syntax features:
      - PEP 695, type parameter syntax and the type statement
  - New grammar features:
      - PEP 701, f-strings in the grammar
  - Interpreter improvements:
      - PEP 684, a unique per-interpreter GIL
      - PEP 669, low impact monitoring
      - Improved ‘Did you mean …’ suggestions for NameError,

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=25
2023-10-02 17:22:36 +00:00
209f1cd767 Accepting request 1112487 from devel:languages:python:Factory
- Update to 3.12.0rc3:
  - Core and Builtins
    - gh-109496: On a Python built in debug mode, Py_DECREF() now
      calls _Py_NegativeRefcount() if the object is a dangling pointer
      to deallocated memory: memory filled with 0xDD “dead byte” by
      the debug hook on memory allocators. The fix is to check the
      reference count before checking for _Py_IsImmortal(). Patch by
      Victor Stinner.
    - gh-109371: Deopted instructions correctly for tool
      initialization and modified the incorrect assertion in
      instrumentation, when a previous tool already sets INSTRUCTION
      events
    - gh-105658: Fix bug where the line trace of an except block
      ending with a conditional includes an excess event with the line
      of the conditional expression.
    - gh-109219: Fix compiling type param scopes that use a name which
      is also free in an inner scope.
    - gh-109341: Fix crash when compiling an invalid AST involving a
      ast.TypeAlias.
    - gh-109195: Fix source location for the LOAD_* instruction
      preceding a LOAD_SUPER_ATTR to load the super global (or
      shadowing variable) so that it encompasses only the name super
      and not the following parentheses.
    - gh-109118: Disallow nested scopes (lambdas, generator
      expressions, and comprehensions) within PEP 695 annotation
      scopes that are nested within classes.
    - gh-109114: Relax the detection of the error message for invalid
      lambdas inside f-strings to not search for arbitrary replacement
      fields to avoid false positives. Patch by Pablo Galindo
    - gh-109118: Fix interpreter crash when a NameError is raised
      inside the type parameters of a generic class.
    - gh-108976: Fix crash that occurs after de-instrumenting a code
      object in a monitoring callback.
    - gh-108732: Make iteration variables of module- and class-scoped
      comprehensions visible to pdb and other tools that use
      frame.f_locals again.
    - gh-108959: Fix caret placement for error locations for subscript
      and binary operations that involve non-semantic parentheses and
      spaces. Patch by Pablo Galindo
  - Library
    - gh-108682: Enum: require names=() or type=... to create an empty
      enum using the functional syntax.
    - gh-108843: Fix an issue in ast.unparse() when unparsing
      f-strings containing many quote types.
  - Documentation
    - gh-102823: Document the return type of x // y when x and y have
      type float.
  - Tests
    - gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a
      longer key: FIPS mode requires at least of at least 112 bits.
      The previous key was only 32 bits. Patch by Victor Stinner.
    - gh-104736: Fix test_gdb on Python built with LLVM clang 16 on
      Linux ppc64le (ex: Fedora 38). Search patterns in gdb “bt”
      command output to detect when gdb fails to retrieve the
      traceback. For example, skip a test if Backtrace stopped: frame
      did not save the PC is found. Patch by Victor Stinner.
    - gh-109237: Fix test_site.test_underpth_basic() when the working
      directory contains at least one non-ASCII character: encode the
      ._pth file to UTF-8 and enable the UTF-8 Mode to use UTF-8 for
      the child process stdout. Patch by Victor Stinner.
    - gh-109230: Fix test_pyexpat.test_exception(): it can now be run
      from a directory different than Python source code directory.
      Before, the test failed in this case. Skip the test if
      Modules/pyexpat.c source is not available. Skip also the test on
      Python implementations other than CPython. Patch by Victor
      Stinner.
    - gh-109015: Fix test_asyncio, test_imaplib and test_socket tests
      on FreeBSD if the TCP blackhole is enabled (sysctl
      net.inet.tcp.blackhole). Skip the few tests which failed with
      ETIMEDOUT which such non standard configuration. Currently, the
      FreeBSD GCP image enables TCP and UDP blackhole (sysctl
      net.inet.tcp.blackhole=2 and sysctl net.inet.udp.blackhole=1).
      Patch by Victor Stinner.
    - gh-91960: Skip test_gdb if gdb is unable to retrieve Python
      frame objects: if a frame is <optimized out>. When Python is
      built with “clang -Og”, gdb can fail to retrive the frame
      parameter of _PyEval_EvalFrameDefault(). In this case, tests
      like py_bt() are likely to fail. Without getting access to
      Python frames, python-gdb.py is mostly clueless on retrieving
      the Python traceback. Moreover, test_gdb is no longer skipped on
      macOS if Python is built with Clang. Patch by Victor Stinner.
    - gh-108962: Skip test_tempfile.test_flags() if chflags() fails
      with “OSError: [Errno 45] Operation not supported” (ex: on
      FreeBSD 13). Patch by Victor Stinner.
    - gh-108851: Fix test_tomllib recursion tests for WASI buildbots:
      reduce the recursion limit and compute the maximum nested
      array/dict depending on the current available recursion limit.
      Patch by Victor Stinner.
    - gh-108851: Add get_recursion_available() and
      get_recursion_depth() functions to the test.support module.
      Patch by Victor Stinner.
    - gh-108834: Add --fail-rerun option option to regrtest: if a test
      failed when then passed when rerun in verbose mode, exit the
      process with exit code 2 (error), instead of exit code 0
      (success). Patch by Victor Stinner.
    - gh-108834: Rename regrtest --verbose2 option (-w) to --rerun.
      Keep --verbose2 as a deprecated alias. Patch by Victor Stinner.
    - gh-108834: When regrtest reruns failed tests in verbose mode
      (./python -m test --rerun), tests are now rerun in fresh worker
      processes rather than being executed in the main process. If a
      test does crash or is killed by a timeout, the main process can
      detect and handle the killed worker process. Tests are rerun in
      parallel if the -jN option is used to run tests in parallel.
      Patch by Victor Stinner.
    - gh-103186: Suppress and assert expected RuntimeWarnings in
      test_sys_settrace.py
  - Build
    - gh-108740: Fix a race condition in make regen-all. The
      deepfreeze.c source and files generated by Argument Clinic are
      now generated or updated before generating “global objects”.
      Previously, some identifiers may miss depending on the order in
      which these files were generated. Patch by Victor Stinner.
- Python 3.12.0 release candidate 2:
  - Security
    - gh-108310: Fixed an issue where instances of ssl.SSLSocket were
      vulnerable to a bypass of the TLS handshake and included
      protections (like certificate verification) and treating sent
      unencrypted data as if it were post-handshake TLS encrypted
      data. Security issue reported as CVE-2023-40217 by Aapo Oksman.
      Patch by Gregory P. Smith.
    - gh-107774: PEP 669 specifies that
      sys.monitoring.register_callback will generate an audit event.
      Pre-releases of Python 3.12 did not generate the audit event.
      This is now fixed.
  - Core and Builtins
    - gh-108520: Fix
      multiprocessing.synchronize.SemLock.__setstate__() to properly
      initialize multiprocessing.synchronize.SemLock._is_fork_ctx.
      This fixes a regression when passing a SemLock accross nested
      processes.
    - Rename multiprocessing.synchronize.SemLock.is_fork_ctx to
      multiprocessing.synchronize.SemLock._is_fork_ctx to avoid
      exposing it as public API.
    - gh-108654: Restore locals shadowed by an inlined comprehension
      if the comprehension raises an exception.
    - gh-108487: Change an assert that would cause a spurious crash in
      a devious case that should only trigger deoptimization.
    - gh-106176: Use a WeakValueDictionary to track the lists
      containing the modules each thread is currently importing. This
      helps avoid a reference leak from keeping the list around longer
      than necessary. Weakrefs are used as GC can’t interrupt the
      cleanup.
    - gh-107901: Fix missing line number on JUMP_BACKWARD at the end
      of a for loop.
    - gh-108390: Raise an exception when setting a non-local event
      (RAISE, EXCEPTION_HANDLED, etc.) in
      sys.monitoring.set_local_events.
    - Fixes crash when tracing in recursive calls to Python classes.
    - gh-91051: Fix abort / segfault when using all eight type watcher
      slots, on platforms where char is signed by default.
    - gh-107724: In pre-release versions of 3.12, up to rc1, the
      sys.monitoring callback function for the PY_THROW event was
      missing the third, exception argument. That is now fixed.
    - gh-107080: Trace refs builds (--with-trace-refs) were crashing
      when used with isolated subinterpreters. The problematic global
      state has been isolated to each interpreter. Other fixing the
      crashes, this change does not affect users.
    - gh-77377: Ensure that multiprocessing synchronization objects
      created in a fork context are not sent to a different process
      created in a spawn context. This changes a segfault into an
      actionable RuntimeError in the parent process.
  - Library
    - gh-108469: ast.unparse() now supports new f-string syntax
      introduced in Python 3.12. Note that the f-string quotes are
      reselected for simplicity under the new syntax. (Patch by Steven
      Sun)
    - gh-108682: Enum: raise TypeError if super().__new__() is called
      from a custom __new__.
    - gh-108295: Fix crashes related to use of weakrefs on
      typing.TypeVar.
    - gh-64662: Fix support for virtual tables in
      sqlite3.Connection.iterdump(). Patch by Aviv Palivoda.
    - gh-108111: Fix a regression introduced in gh-101251 for 3.12,
      resulting in an incorrect offset calculation in
      gzip.GzipFile.seek().
    - gh-105736: Harmonized the pure Python version of OrderedDict
      with the C version. Now, both versions set up their internal
      state in __new__. Formerly, the pure Python version did the set
      up in __init__.
    - gh-108083: Fix bugs in the constructor of sqlite3.Connection and
      sqlite3.Connection.close() where exceptions could be leaked.
      Patch by Erlend E. Aasland.
    - gh-107963: Fix multiprocessing.set_forkserver_preload() to check
      the given list of modules names. Patch by Dong-hee Na.
    - gh-106242: Fixes os.path.normpath() to handle embedded null
      characters without truncating the path.
    - gh-107913: Fix possible losses of errno and winerror values in
      OSError exceptions if they were cleared or modified by the
      cleanup code before creating the exception object.
    - gh-107845: tarfile.data_filter() now takes the location of
      symlinks into account when determining their target, so it will
      no longer reject some valid tarballs with
      LinkOutsideDestinationError.
    - gh-107805: Fix signatures of module-level generated functions in
      turtle.
    - gh-107715: Fix doctest.DocTestFinder.find() in presence of class
      names with special characters. Patch by Gertjan van Zwieten.
    - gh-100814: Passing a callable object as an option value to a
      Tkinter image now raises the expected TclError instead of an
      AttributeError.
    - gh-106684: Close asyncio.StreamWriter when it is not closed by
      application leading to memory leaks. Patch by Kumar Aditya.
    - gh-107396: tarfiles; Fixed use before assignment of
      self.exception for gzip decompression
    - gh-106052: re module: fix the matching of possessive quantifiers
      in the case of a subpattern containing backtracking.
    - gh-100061: Fix a bug that causes wrong matches for regular
      expressions with possessive qualifier.
    - gh-99203: Restore following CPython <= 3.10.5 behavior of
      shutil.make_archive(): do not create an empty archive if
      root_dir is not a directory, and, in that case, raise
      FileNotFoundError or NotADirectoryError regardless of format
      choice. Beyond the brought-back behavior, the function may now
      also raise these exceptions in dry_run mode.
  - Documentation
    - gh-105052: Update timeit doc to specify that time in seconds is just the default.
  - Tests
    - gh-89392: Removed support of test_main() function in tests. They
      now always use normal unittest test runner.
    - gh-108388: Convert test_concurrent_futures to a package of 7
      sub-tests. Patch by Victor Stinner.
    - gh-108388: Split test_multiprocessing_fork,
      test_multiprocessing_forkserver and test_multiprocessing_spawn
      into test packages. Each package is made of 4 sub-tests:
      processes, threads, manager and misc. It allows running more
      tests in parallel and so reduce the total test duration. Patch
      by Victor Stinner.
    - gh-105776: Fix test_cppext when the C compiler command -std=c11
      option: remove -std= options from the compiler command. Patch by
      Victor Stinner.
    - gh-107178: Add the C API test for functions in the Mapping
      Protocol, the Sequence Protocol and some functions in the Object
      Protocol.
  - Build
    - gh-63760: Fix Solaris build: no longer redefine the
      gethostname() function. Solaris defines the function since 2005.
      Patch by Victor Stinner, original patch by Jakub Kulík.
    - gh-107814: When calling find_python.bat with -q it did not
      properly silence the output of nuget. That is now fixed.
  - Windows
    - gh-107565: Update Windows build to use OpenSSL 3.0.10.
    - gh-106242: Fixes realpath() to behave consistently when passed a
      path containing an embedded null character on Windows. In strict
      mode, it now raises OSError instead of the unexpected
      ValueError, and in non-strict mode will make the path absolute.
    - gh-106844: Fix integer overflow and truncating by the null
      character in _winapi.LCMapStringEx() which affects
      ntpath.normcase().
  - macOS
    - gh-107565: Update macOS installer to use OpenSSL 3.0.10.
  - Tools/Demos
    - gh-107565: Update multissltests and GitHub CI workflows to use
      OpenSSL 1.1.1v, 3.0.10, and 3.1.2.
    - gh-95065: Argument Clinic now supports overriding automatically
      generated signature by using directive @text_signature.
  - C API
    - gh-107916: C API functions PyErr_SetFromErrnoWithFilename(),
      PyErr_SetExcFromWindowsErrWithFilename() and
      PyErr_SetFromWindowsErrWithFilename() save now the error code
      before calling PyUnicode_DecodeFSDefault().
    - gh-107915: Such C API functions as PyErr_SetString(),
      PyErr_Format(), PyErr_SetFromErrnoWithFilename() and many others
      no longer crash or ignore errors if it failed to format the
      error message or decode the filename. Instead, they keep a
      corresponding error.
    - gh-107810: Improve DeprecationWarning for uses of PyType_Spec
      with metaclasses that have custom tp_new.

OBS-URL: https://build.opensuse.org/request/show/1112487
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=8
2023-09-21 20:13:43 +00:00
64144183a9 - Update to 3.12.0rc3:
- Core and Builtins
    - gh-109496: On a Python built in debug mode, Py_DECREF() now
      calls _Py_NegativeRefcount() if the object is a dangling pointer
      to deallocated memory: memory filled with 0xDD “dead byte” by
      the debug hook on memory allocators. The fix is to check the
      reference count before checking for _Py_IsImmortal(). Patch by
      Victor Stinner.
    - gh-109371: Deopted instructions correctly for tool
      initialization and modified the incorrect assertion in
      instrumentation, when a previous tool already sets INSTRUCTION
      events
    - gh-105658: Fix bug where the line trace of an except block
      ending with a conditional includes an excess event with the line
      of the conditional expression.
    - gh-109219: Fix compiling type param scopes that use a name which
      is also free in an inner scope.
    - gh-109341: Fix crash when compiling an invalid AST involving a
      ast.TypeAlias.
    - gh-109195: Fix source location for the LOAD_* instruction
      preceding a LOAD_SUPER_ATTR to load the super global (or
      shadowing variable) so that it encompasses only the name super
      and not the following parentheses.
    - gh-109118: Disallow nested scopes (lambdas, generator
      expressions, and comprehensions) within PEP 695 annotation
      scopes that are nested within classes.
    - gh-109114: Relax the detection of the error message for invalid
      lambdas inside f-strings to not search for arbitrary replacement
      fields to avoid false positives. Patch by Pablo Galindo
    - gh-109118: Fix interpreter crash when a NameError is raised

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=23
2023-09-20 07:52:20 +00:00
307a89a3d6 Accepting request 1103380 from devel:languages:python:Factory
- restrict PEP668 to ALP/Tumbleweed

OBS-URL: https://build.opensuse.org/request/show/1103380
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=7
2023-08-11 13:55:58 +00:00
6ec3b33143 - restrict PEP668 to ALP/Tumbleweed
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=21
2023-08-10 19:28:55 +00:00
1ff7c3b41f Accepting request 1102750 from devel:languages:python:Factory
OBS-URL: https://build.opensuse.org/request/show/1102750
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=6
2023-08-08 13:54:45 +00:00
c86d523da5 Accepting request 1102652 from home:dgarcia:branches:devel:languages:python:Factory
- Refresh all patches
- Drop Revert-gh105127-left-tests.patch, in upstream now
- Update to 3.12.0rc1:
  - Reverted the :mod:`email.utils` security improvement change
    released in 3.12beta4 that unintentionally caused
    :mod:`email.utils.getaddresses` to fail to parse email addresses
    with a comma in the quoted name field. See :gh:`106669`.
  - Start initializing ob_digit during creation of
    :c:type:`PyLongObject` objects. Patch by Illia Volochii.
  - Increase C recursion limit for functions other than the main
    interpreter from 800 to 1500. This should allow functions like
    list.__repr__ and json.dumps to handle all the inputs that they
    could prior to 3.12
  - Fix potential unaligned memory access on C APIs involving returned
    sequences of char * pointers within the :mod:`grp` and
    :mod:`socket` modules. These were revealed using a
    -fsaniziter=alignment build on ARM macOS. Patch by Christopher
    Chavez.
  - Add the exception as the third argument to PY_UNIND callbacks in
    sys.monitoring. This makes the PY_UNWIND callback consistent with
    the other exception hanlding callbacks.
  - Raise a ValueError when a monitoring callback funtion returns
    DISABLE for events that cannot be disabled locally.
  - Add a RERAISE event to sys.monitoring, which occurs when an
    exception is reraised, either explicitly by a plain raise
    statement, or implicitly in an except or finally block.
  - Unsupported modules now always fail to be imported.
  - Fix classmethod-style :func:`super` method calls (i.e., where the
    second argument to :func:`super`, or the implied second argument
    drawn from self/cls in the case of zero-arg super, is a type) when
    the target of the call is not a classmethod.
  - Python no longer crashes due an infrequent race when initialzing
    per-interpreter interned strings. The crash would manifest when
    the interpreter was finalized.
  - Python no longer crashes due to an infrequent race in setting
    Py_FileSystemDefaultEncoding and Py_FileSystemDefaultEncodeErrors
    (both deprecated), when simultaneously initializing two isolated
    subinterpreters. Now they are only set during runtime
    initialization.
  - Fix a segmentation fault caused by a use-after-free bug in
    frame_dealloc when the trashcan delays the deallocation of a
    PyFrameObject.
  - No longer suppress arbitrary errors in the __annotations__ getter
    and setter in the type and module types.
  - Propagate frozen_modules to multiprocessing spawned process
    interpreters.
  - Prevent out-of-bounds memory access during mmap.find() calls.
  - Seems that in some conditions, OpenSSL will return
    SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification
    verification has failed, but the error parameters will still
    contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are
    now detecting this situation and raising the appropiate
    ssl.SSLCertVerificationError. Patch by Pablo Galindo
  - Fix :func:`types.get_original_bases` to only return
    :attr:`!__orig_bases__` if it is present on cls directly. Patch by
    James Hilton-Balfe.
  - Prevent memory leak and use-after-free when using pointers to
    pointers with ctypes
  - Make :func:`gettext.pgettext` search plural definitions when
    translation is not found.
  - Document behavior of :func:`shutil.disk_usage` for non-mounted
    filesystems on Unix.
  - Do not report MultipartInvariantViolationDefect defect when the
    :class:`email.parser.Parser` class is used to parse emails with
    headersonly=True.
  - Fix invalid result from :meth:`PurePath.relative_to` method when
    attempting to walk a ".." segment in other with walk_up enabled. A
    :exc:`ValueError` exception is now raised in this case.
  - Fix potential missing NULL check of d2i_SSL_SESSION result in
    _ssl.c.
  - Update the bundled copy of pip to version 23.2.1.
  - Fixed several bugs in zipfile.Path, including: in Path.match`,
    Windows separators are no longer honored (and never were meant to
    be); Fixed ``name/suffix/suffixes/stem operations when no filename
    is present and the Path is not at the root of the zipfile;
    Reworked glob for performance and more correct matching behavior.
  - Add __copy__ and __deepcopy__ in :mod:`enum`
  - Revert a change to :func:`colorsys.rgb_to_hls` that caused
    division by zero for certain almost-white inputs. Patch by Terry
    Jan Reedy.
  - Instances of :class:`typing.TypeVar`, :class:`typing.ParamSpec`,
    :class:`typing.ParamSpecArgs`, :class:`typing.ParamSpecKwargs`,
    and :class:`typing.TypeVarTuple` once again support weak
    references, fixing a regression introduced in Python 3.12.0 beta
    1. Patch by Jelle Zijlstra.
  - Detect possible memory allocation failure in the libtommath
    function :c:func:`mp_init` used by the _tkinter module.
  - Fix crash when calling repr with a manually constructed SignalDict
    object. Patch by Charlie Zhao.
  - Change the default return value of
    :meth:`http.client.HTTPConnection.get_proxy_response_headers` to
    be None and not {}.
  - Ensure gettext(msg) retrieve translations even if a plural form
    exists. In other words: gettext(msg) == ngettext(msg, '', 1).
  - Add documentation for :c:type:`PyInterpreterConfig` and
    :c:func:`Py_NewInterpreterFromConfig`. Also clarify some of the
    nearby docs relative to per-interpreter GIL.
  - Document the :mod:`curses` module variables :const:`~curses.LINES`
    and :const:`~curses.COLS`.
  - Add a number of standard external names to nitpick_ignore.
  - Add documentation on how to localize the :mod:`argparse` module.
  - test_logging: Fix test_udp_reconnection() by increasing the
    timeout from 100 ms to 5 minutes (LONG_TIMEOUT). Patch by Victor
    Stinner.
  - test_capi: Fix test_no_FatalError_infinite_loop() to no longer
    write a coredump, by using test.support.SuppressCrashReport. Patch
    by Victor Stinner.
  - Avoid creating a reference to the test object in
    :meth:`~unittest.TestResult.collectedDurations`.
  - Moved tests for zipfile.Path into Lib/test/test_zipfile/_path.
    Made zipfile._path a package.
  - Check for linux/limits.h before including it in
    Modules/posixmodule.c.
  - Detect MPI compilers in :file:`configure`.
  - Add experimental wasi-threads support. Patch by Takashi Yamamoto.
  - Update Windows build to use OpenSSL 3.0.9
  - Update macOS installer to use OpenSSL 3.0.9.
  - Fix bugs in the Argument Clinic destination <name> clear command;
    the destination buffers would never be cleared, and the
    destination directive parser would simply continue to the fault
    handler after processing the command. Patch by Erlend E. Aasland.
  - freeze now fetches CONFIG_ARGS from the original CPython instance
    the Makefile uses to call utility scripts. Patch by Ijtaba
    Hussain.
  - :c:func:`PyModule_AddObjectRef` is now only available in the
    limited API version 3.10 or later.

OBS-URL: https://build.opensuse.org/request/show/1102652
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=19
2023-08-07 15:58:04 +00:00
40bc8f0d89 Accepting request 1102688 from home:dirkmueller:Factory
- add externally_managed.in to label this build as PEP-668 managed

OBS-URL: https://build.opensuse.org/request/show/1102688
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=18
2023-08-07 14:46:36 +00:00
6f707a1287 Accepting request 1102238 from devel:languages:python:Factory
- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED!
- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941)
  partially reverting CVE-2023-27043-email-parsing-errors.patch,
  because of the regression in gh#python/cpython#106669.

OBS-URL: https://build.opensuse.org/request/show/1102238
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=5
2023-08-04 13:03:45 +00:00
2604aa82df - IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED!
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=16
2023-08-03 15:27:58 +00:00
b5061de09f - Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941)
partially reverting CVE-2023-27043-email-parsing-errors.patch,
  because of the regression in gh#python/cpython#106669.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=15
2023-08-03 15:06:43 +00:00
b3d4802698 Accepting request 1098684 from devel:languages:python:Factory
- Update to 3.12.0b4:
  - gh-issue-102988: CVE-2023-27043 (bsc#1210638): Prevent
    :func:`email.utils.parseaddr` and
    :func:`email.utils.getaddresses` from returning the realname
    portion of an invalid RFC2822 email header in the email
    address portion of the 2-tuple returned after being parsed by
    :class:`email._parseaddr.AddressList`.
  - gh-issue-106396: When the format specification of an
    f-string expression is empty, the parser now generates an
    empty :class:`ast.JoinedStr` node for it instead of an
    one-element :class:`ast.JoinedStr` with an empty string
    :class:`ast.Constant`.
  - gh-issue-106145: Make ``end_lineno`` and ``end_col_offset``
    required on ``type_param`` ast nodes.
  - gh-issue-105979: Fix crash in :func:`!_imp.get_frozen_object`
    due to improper exception handling.
  - gh-issue-98931: Ensure custom :exc:`SyntaxError` error
    messages are raised for invalid imports with multiple
    targets. Patch by Pablo Galindo
  - gh-issue-105908: Fixed bug where :gh:`99111` breaks future
    import ``barry_as_FLUFL`` in the Python REPL.
  - gh-issue-105340: Include the comprehension iteration
    variable in ``locals()`` inside a module- or class-scope
    comprehension.
  - gh-issue-105486: Change the repr of ``ParamSpec`` list of
    args in ``types.GenericAlias``.
  - gh-issue-101006: Improve error handling when read
    :mod:`marshal` data.
  - gh-issue-106524: Fix crash in :func:`!_sre.template` with
    templates containing invalid group indices.
  - gh-issue-106510: Improve debug output for atomic groups in
    regular expressions.
  - gh-issue-106503: Fix ref cycle in
    :class:`!asyncio._SelectorSocketTransport` by removing
    ``_write_ready`` in ``close``.
  - gh-issue-105497: Fix flag mask inversion when unnamed flags
    exist.
  - gh-issue-90876: Prevent :mod:`multiprocessing.spawn` from
    failing to *import* in environments where ``sys.executable``
    is ``None``.  This regressed in 3.11 with the addition of
    support for path-like objects in multiprocessing.
  - gh-issue-106292: Check for an instance-dict
    cached value in the :meth:`__get__` method of
    :func:`functools.cached_property`. This better matches the
    pre-3.12 behavior and improves compatibility for users
    subclassing :func:`functools.cached_property` and adding a
    :meth:`__set__` method.
  - gh-issue-106330: Fix incorrect matching of empty paths in
    :meth:`pathlib.PurePath.match`. This bug was introduced in
    Python 3.12.0 beta 1.
  - gh-issue-102541: Make pydoc.doc catch bad module ImportError
    when output stream is not None.
  - gh-issue-106152: Added PY_THROW event hook for
    :mod:`cProfile` for generators
  - gh-issue-106075: Added `asyncio.taskgroups.__all__` to
    `asyncio.__all__` for export in star imports.
  - gh-issue-105987: Fix crash due to improper reference counting
    in :mod:`asyncio` eager task factory internal routines.
  - gh-issue-105974: Fix bug where a :class:`typing.Protocol`
    class that had one or more non-callable members would
    raise :exc:`TypeError` when :func:`issubclass` was called
    against it, even if it defined a custom ``__subclasshook__``
    method. The behaviour in Python 3.11 and lower -- which has
    now been restored -- was not to raise :exc:`TypeError` in
    these situations if a custom ``__subclasshook__`` method was
    defined. Patch by Alex Waygood.
  - gh-issue-96145: Reverted addition of ``json.AttrDict``.
  - gh-issue-105497: Fix flag inversion when alias/mask members
    exist.
  - gh-issue-104554: Add RTSPS scheme support in urllib.parse
  - gh-issue-94777: Fix hanging :mod:`multiprocessing`
    ``ProcessPoolExecutor`` when a child process crashes while
    data is being written in the call queue.
  - gh-issue-106232: Make timeit doc command lines compatible
    with Windows by using double quotes for arguments.  This
    works on linux and macOS also.
  - gh-issue-101634: When running the Python test suite with
    ``-jN`` option, if a worker stdout cannot be decoded from
    the locale encoding report a failed testn so the exitcode is
    non-zero. Patch by Victor Stinner.
  - gh-issue-106118: Fix compilation for platforms without
    :data:`!O_CLOEXEC`. The issue was introduced with Python
    3.12b1 in :gh:`103295`. Patch by Erlend Aasland.
  - gh-issue-104692: Include ``commoninstall`` as a prerequisite
    for ``bininstall``
    This ensures that ``commoninstall`` is completed before
    ``bininstall`` is started when parallel builds are used (``make
    -j install``), and so the ``python3`` symlink is only installed
    after all standard library modules are installed.
  - gh-issue-106359: Argument Clinic now explicitly forbids
    "kwarg splats" in function calls used as annotations.
  - gh-issue-105227: The new :c:func:`PyType_GetDict` provides
    the dictionary for the given type object that is normally
    exposed by ``cls.__dict__``. Normally it's sufficient to
    use :c:member:`~PyTypeObject.tp_dict`, but for the static
    builtin types :c:member:`!tp_dict` is now always ``NULL``.
    :c:func:`!PyType_GetDict()` provides the correct dict object
    instead.

OBS-URL: https://build.opensuse.org/request/show/1098684
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=4
2023-07-15 21:15:11 +00:00
d1e027307e - gh-issue-102988: CVE-2023-27043 (bsc#1210638): Prevent
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=13
2023-07-11 22:31:39 +00:00
372e582b7e - Update to 3.12.0b4:
- gh-issue-102988: CVE-2023-27043: Prevent
    :func:`email.utils.parseaddr` and
    :func:`email.utils.getaddresses` from returning the realname
    portion of an invalid RFC2822 email header in the email
    address portion of the 2-tuple returned after being parsed by
    :class:`email._parseaddr.AddressList`.
  - gh-issue-106396: When the format specification of an
    f-string expression is empty, the parser now generates an
    empty :class:`ast.JoinedStr` node for it instead of an
    one-element :class:`ast.JoinedStr` with an empty string
    :class:`ast.Constant`.
  - gh-issue-106145: Make ``end_lineno`` and ``end_col_offset``
    required on ``type_param`` ast nodes.
  - gh-issue-105979: Fix crash in :func:`!_imp.get_frozen_object`
    due to improper exception handling.
  - gh-issue-98931: Ensure custom :exc:`SyntaxError` error
    messages are raised for invalid imports with multiple
    targets. Patch by Pablo Galindo
  - gh-issue-105908: Fixed bug where :gh:`99111` breaks future
    import ``barry_as_FLUFL`` in the Python REPL.
  - gh-issue-105340: Include the comprehension iteration
    variable in ``locals()`` inside a module- or class-scope
    comprehension.
  - gh-issue-105486: Change the repr of ``ParamSpec`` list of
    args in ``types.GenericAlias``.
  - gh-issue-101006: Improve error handling when read
    :mod:`marshal` data.
  - gh-issue-106524: Fix crash in :func:`!_sre.template` with
    templates containing invalid group indices.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=12
2023-07-11 22:30:57 +00:00
81dac994c0 Accepting request 1096094 from devel:languages:python:Factory
- Update to 3.12.0b3:
  - gh-103142: The version of OpenSSL used in Windows and
    Mac installers has been upgraded to 1.1.1u to address
    CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
    as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
    fixed previously in 1.1.1t (gh-101727).
  - gh-102153: urllib.parse.urlsplit() now strips leading C0
    control and space characters following the specification for
    URLs defined by WHATWG in response to CVE-2023-24329.
  - gh-99889: Fixed a security in flaw in uu.decode() that could
    allow for directory traversal based on the input if no
    out_file was specified.
  - gh-104049: Do not expose the local on-disk
    location in directory indexes produced by
    http.client.SimpleHTTPRequestHandler.
  - gh-103935: trace.__main__ now uses io.open_code() for files
    to be executed instead of raw open().
  - gh-102953: The extraction methods in tarfile, and
    shutil.unpack_archive(), have a new filter argument that
    allows limiting tar features than may be surprising or
    dangerous, such as creating files outside the destination
    directory. See Extraction filters for details.
- Remove upstreamed patches:
  - 00398-fix-stack-overwrite-on-32-bit-in-perf-map-test-harness-gh-104811-104823.patch

OBS-URL: https://build.opensuse.org/request/show/1096094
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=3
2023-06-30 17:59:53 +00:00
cde4f6d8a6 Fix patches
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=10
2023-06-28 20:21:39 +00:00
a91ccfd104 - Update to 3.12.0b3:
- gh-103142: The version of OpenSSL used in Windows and
    Mac installers has been upgraded to 1.1.1u to address
    CVE-2023-2650, CVE-2023-0465, CVE-2023-0466, CVE-2023-0464,
    as well as CVE-2023-0286, CVE-2022-4303, and CVE-2022-4303
    fixed previously in 1.1.1t (gh-101727).
  - gh-102153: urllib.parse.urlsplit() now strips leading C0
    control and space characters following the specification for
    URLs defined by WHATWG in response to CVE-2023-24329.
  - gh-99889: Fixed a security in flaw in uu.decode() that could
    allow for directory traversal based on the input if no
    out_file was specified.
  - gh-104049: Do not expose the local on-disk
    location in directory indexes produced by
    http.client.SimpleHTTPRequestHandler.
  - gh-103935: trace.__main__ now uses io.open_code() for files
    to be executed instead of raw open().
  - gh-102953: The extraction methods in tarfile, and
    shutil.unpack_archive(), have a new filter argument that
    allows limiting tar features than may be surprising or
    dangerous, such as creating files outside the destination
    directory. See Extraction filters for details.
- Remove upstreamed patches:
  - 00398-fix-stack-overwrite-on-32-bit-in-perf-map-test-harness-gh-104811-104823.patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=9
2023-06-28 20:08:16 +00:00
946e3d7e92 Accepting request 1090558 from devel:languages:python:Factory
- Add 00398-fix-stack-overwrite-on-32-bit-in-perf-map-test-harness-gh-104811-104823.patch
  gh#python/cpython#104811
- Refresh all patches
- Update to 3.12.0b1:
  Full changelog can be found here
  https://docs.python.org/dev/whatsnew/changelog.html#python-3-12-0-beta-1

OBS-URL: https://build.opensuse.org/request/show/1090558
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=2
2023-06-03 22:12:50 +00:00
c8f2873f34 Accepting request 1090373 from home:dgarcia:branches:devel:languages:python:Factory
- Add 00398-fix-stack-overwrite-on-32-bit-in-perf-map-test-harness-gh-104811-104823.patch
  gh#python/cpython#104811
- Refresh all patches
- Update to 3.12.0b1:
  Full changelog can be found here
  https://docs.python.org/dev/whatsnew/changelog.html#python-3-12-0-beta-1

OBS-URL: https://build.opensuse.org/request/show/1090373
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=7
2023-06-02 19:32:04 +00:00
dffdb8ee8a Accepting request 1084321 from devel:languages:python:Factory
New version of the Python interpreter for the further development of the package.

OBS-URL: https://build.opensuse.org/request/show/1084321
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python312?expand=0&rev=1
2023-05-04 15:10:22 +00:00
c4dcbc367b Make source_validator happy
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=5
2023-05-03 10:11:14 +00:00
9aad70a05f - Why in the world we download from HTTP?
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=4
2023-04-30 18:12:04 +00:00
c9e4db36b1 Accepting request 1083463 from home:dgarcia:branches:devel:languages:python:Factory
- Ignore failing test test_freeze_simple_script, it fails because it
  cannot import _sysconfigdata__linux_x86_64-linux-gnu that's not
  present in the test environment, it fails without bundled libs.
- Remove non existing paths:
  * %{sitedir}/tkinter/test
  * %{sitedir}/sqlite3/test
  * %{dynlib _curses_panel}

OBS-URL: https://build.opensuse.org/request/show/1083463
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=3
2023-04-29 07:31:45 +00:00
4dbe24b3a0 - Update to 3.12.0a7:
Full changelog can be found here
  https://docs.python.org/dev/whatsnew/changelog.html#python-3-12-0-alpha-7

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=2
2023-04-26 11:22:41 +00:00
b76df61a33 osc copypac from project:home:dirkmueller:acdc:as_python3_module package:python312 revision:15
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python312?expand=0&rev=1
2023-04-13 15:34:51 +00:00
21 changed files with 2008 additions and 1081 deletions

View File

@ -1,474 +0,0 @@
From 4a153a1d3b18803a684cd1bcc2cdf3ede3dbae19 Mon Sep 17 00:00:00 2001
From: Victor Stinner <vstinner@python.org>
Date: Fri, 15 Dec 2023 16:10:40 +0100
Subject: [PATCH] [CVE-2023-27043] gh-102988: Reject malformed addresses in
email.parseaddr() (#111116)
Detect email address parsing errors and return empty tuple to
indicate the parsing error (old API). Add an optional 'strict'
parameter to getaddresses() and parseaddr() functions. Patch by
Thomas Dwyer.
Co-Authored-By: Thomas Dwyer <github@tomd.tel>
---
Doc/library/email.utils.rst | 19 -
Lib/email/utils.py | 151 +++++++-
Lib/test/test_email/test_email.py | 187 +++++++++-
Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst | 8
4 files changed, 344 insertions(+), 21 deletions(-)
create mode 100644 Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst
--- a/Doc/library/email.utils.rst
+++ b/Doc/library/email.utils.rst
@@ -58,13 +58,18 @@ of the new API.
begins with angle brackets, they are stripped off.
-.. function:: parseaddr(address)
+.. function:: parseaddr(address, *, strict=True)
Parse address -- which should be the value of some address-containing field such
as :mailheader:`To` or :mailheader:`Cc` -- into its constituent *realname* and
*email address* parts. Returns a tuple of that information, unless the parse
fails, in which case a 2-tuple of ``('', '')`` is returned.
+ If *strict* is true, use a strict parser which rejects malformed inputs.
+
+ .. versionchanged:: 3.13
+ Add *strict* optional parameter and reject malformed inputs by default.
+
.. function:: formataddr(pair, charset='utf-8')
@@ -82,12 +87,15 @@ of the new API.
Added the *charset* option.
-.. function:: getaddresses(fieldvalues)
+.. function:: getaddresses(fieldvalues, *, strict=True)
This method returns a list of 2-tuples of the form returned by ``parseaddr()``.
*fieldvalues* is a sequence of header field values as might be returned by
- :meth:`Message.get_all <email.message.Message.get_all>`. Here's a simple
- example that gets all the recipients of a message::
+ :meth:`Message.get_all <email.message.Message.get_all>`.
+
+ If *strict* is true, use a strict parser which rejects malformed inputs.
+
+ Here's a simple example that gets all the recipients of a message::
from email.utils import getaddresses
@@ -97,6 +105,9 @@ of the new API.
resent_ccs = msg.get_all('resent-cc', [])
all_recipients = getaddresses(tos + ccs + resent_tos + resent_ccs)
+ .. versionchanged:: 3.13
+ Add *strict* optional parameter and reject malformed inputs by default.
+
.. function:: parsedate(date)
--- a/Lib/email/utils.py
+++ b/Lib/email/utils.py
@@ -48,6 +48,7 @@ TICK = "'"
specialsre = re.compile(r'[][\\()<>@,:;".]')
escapesre = re.compile(r'[\\"]')
+
def _has_surrogates(s):
"""Return True if s may contain surrogate-escaped binary data."""
# This check is based on the fact that unless there are surrogates, utf8
@@ -106,12 +107,127 @@ def formataddr(pair, charset='utf-8'):
return address
+def _iter_escaped_chars(addr):
+ pos = 0
+ escape = False
+ for pos, ch in enumerate(addr):
+ if escape:
+ yield (pos, '\\' + ch)
+ escape = False
+ elif ch == '\\':
+ escape = True
+ else:
+ yield (pos, ch)
+ if escape:
+ yield (pos, '\\')
+
+
+def _strip_quoted_realnames(addr):
+ """Strip real names between quotes."""
+ if '"' not in addr:
+ # Fast path
+ return addr
+
+ start = 0
+ open_pos = None
+ result = []
+ for pos, ch in _iter_escaped_chars(addr):
+ if ch == '"':
+ if open_pos is None:
+ open_pos = pos
+ else:
+ if start != open_pos:
+ result.append(addr[start:open_pos])
+ start = pos + 1
+ open_pos = None
-def getaddresses(fieldvalues):
- """Return a list of (REALNAME, EMAIL) for each fieldvalue."""
- all = COMMASPACE.join(str(v) for v in fieldvalues)
- a = _AddressList(all)
- return a.addresslist
+ if start < len(addr):
+ result.append(addr[start:])
+
+ return ''.join(result)
+
+
+supports_strict_parsing = True
+
+def getaddresses(fieldvalues, *, strict=True):
+ """Return a list of (REALNAME, EMAIL) or ('','') for each fieldvalue.
+
+ When parsing fails for a fieldvalue, a 2-tuple of ('', '') is returned in
+ its place.
+
+ If strict is true, use a strict parser which rejects malformed inputs.
+ """
+
+ # If strict is true, if the resulting list of parsed addresses is greater
+ # than the number of fieldvalues in the input list, a parsing error has
+ # occurred and consequently a list containing a single empty 2-tuple [('',
+ # '')] is returned in its place. This is done to avoid invalid output.
+ #
+ # Malformed input: getaddresses(['alice@example.com <bob@example.com>'])
+ # Invalid output: [('', 'alice@example.com'), ('', 'bob@example.com')]
+ # Safe output: [('', '')]
+
+ if not strict:
+ all = COMMASPACE.join(str(v) for v in fieldvalues)
+ a = _AddressList(all)
+ return a.addresslist
+
+ fieldvalues = [str(v) for v in fieldvalues]
+ fieldvalues = _pre_parse_validation(fieldvalues)
+ addr = COMMASPACE.join(fieldvalues)
+ a = _AddressList(addr)
+ result = _post_parse_validation(a.addresslist)
+
+ # Treat output as invalid if the number of addresses is not equal to the
+ # expected number of addresses.
+ n = 0
+ for v in fieldvalues:
+ # When a comma is used in the Real Name part it is not a deliminator.
+ # So strip those out before counting the commas.
+ v = _strip_quoted_realnames(v)
+ # Expected number of addresses: 1 + number of commas
+ n += 1 + v.count(',')
+ if len(result) != n:
+ return [('', '')]
+
+ return result
+
+
+def _check_parenthesis(addr):
+ # Ignore parenthesis in quoted real names.
+ addr = _strip_quoted_realnames(addr)
+
+ opens = 0
+ for pos, ch in _iter_escaped_chars(addr):
+ if ch == '(':
+ opens += 1
+ elif ch == ')':
+ opens -= 1
+ if opens < 0:
+ return False
+ return (opens == 0)
+
+
+def _pre_parse_validation(email_header_fields):
+ accepted_values = []
+ for v in email_header_fields:
+ if not _check_parenthesis(v):
+ v = "('', '')"
+ accepted_values.append(v)
+
+ return accepted_values
+
+
+def _post_parse_validation(parsed_email_header_tuples):
+ accepted_values = []
+ # The parser would have parsed a correctly formatted domain-literal
+ # The existence of an [ after parsing indicates a parsing failure
+ for v in parsed_email_header_tuples:
+ if '[' in v[1]:
+ v = ('', '')
+ accepted_values.append(v)
+
+ return accepted_values
def _format_timetuple_and_zone(timetuple, zone):
@@ -205,16 +321,33 @@ def parsedate_to_datetime(data):
tzinfo=datetime.timezone(datetime.timedelta(seconds=tz)))
-def parseaddr(addr):
+def parseaddr(addr, *, strict=True):
"""
Parse addr into its constituent realname and email address parts.
Return a tuple of realname and email address, unless the parse fails, in
which case return a 2-tuple of ('', '').
+
+ If strict is True, use a strict parser which rejects malformed inputs.
"""
- addrs = _AddressList(addr).addresslist
- if not addrs:
- return '', ''
+ if not strict:
+ addrs = _AddressList(addr).addresslist
+ if not addrs:
+ return ('', '')
+ return addrs[0]
+
+ if isinstance(addr, list):
+ addr = addr[0]
+
+ if not isinstance(addr, str):
+ return ('', '')
+
+ addr = _pre_parse_validation([addr])[0]
+ addrs = _post_parse_validation(_AddressList(addr).addresslist)
+
+ if not addrs or len(addrs) > 1:
+ return ('', '')
+
return addrs[0]
--- a/Lib/test/test_email/test_email.py
+++ b/Lib/test/test_email/test_email.py
@@ -16,6 +16,7 @@ from unittest.mock import patch
import email
import email.policy
+import email.utils
from email.charset import Charset
from email.generator import Generator, DecodedGenerator, BytesGenerator
@@ -3352,15 +3353,137 @@ Foo
],
)
+ def test_parsing_errors(self):
+ """Test for parsing errors from CVE-2023-27043 and CVE-2019-16056"""
+ alice = 'alice@example.org'
+ bob = 'bob@example.com'
+ empty = ('', '')
+
+ # Test utils.getaddresses() and utils.parseaddr() on malformed email
+ # addresses: default behavior (strict=True) rejects malformed address,
+ # and strict=False which tolerates malformed address.
+ for invalid_separator, expected_non_strict in (
+ ('(', [(f'<{bob}>', alice)]),
+ (')', [('', alice), empty, ('', bob)]),
+ ('<', [('', alice), empty, ('', bob), empty]),
+ ('>', [('', alice), empty, ('', bob)]),
+ ('[', [('', f'{alice}[<{bob}>]')]),
+ (']', [('', alice), empty, ('', bob)]),
+ ('@', [empty, empty, ('', bob)]),
+ (';', [('', alice), empty, ('', bob)]),
+ (':', [('', alice), ('', bob)]),
+ ('.', [('', alice + '.'), ('', bob)]),
+ ('"', [('', alice), ('', f'<{bob}>')]),
+ ):
+ address = f'{alice}{invalid_separator}<{bob}>'
+ with self.subTest(address=address):
+ self.assertEqual(utils.getaddresses([address]),
+ [empty])
+ self.assertEqual(utils.getaddresses([address], strict=False),
+ expected_non_strict)
+
+ self.assertEqual(utils.parseaddr([address]),
+ empty)
+ self.assertEqual(utils.parseaddr([address], strict=False),
+ ('', address))
+
+ # Comma (',') is treated differently depending on strict parameter.
+ # Comma without quotes.
+ address = f'{alice},<{bob}>'
+ self.assertEqual(utils.getaddresses([address]),
+ [('', alice), ('', bob)])
+ self.assertEqual(utils.getaddresses([address], strict=False),
+ [('', alice), ('', bob)])
+ self.assertEqual(utils.parseaddr([address]),
+ empty)
+ self.assertEqual(utils.parseaddr([address], strict=False),
+ ('', address))
+
+ # Real name between quotes containing comma.
+ address = '"Alice, alice@example.org" <bob@example.com>'
+ expected_strict = ('Alice, alice@example.org', 'bob@example.com')
+ self.assertEqual(utils.getaddresses([address]), [expected_strict])
+ self.assertEqual(utils.getaddresses([address], strict=False), [expected_strict])
+ self.assertEqual(utils.parseaddr([address]), expected_strict)
+ self.assertEqual(utils.parseaddr([address], strict=False),
+ ('', address))
+
+ # Valid parenthesis in comments.
+ address = 'alice@example.org (Alice)'
+ expected_strict = ('Alice', 'alice@example.org')
+ self.assertEqual(utils.getaddresses([address]), [expected_strict])
+ self.assertEqual(utils.getaddresses([address], strict=False), [expected_strict])
+ self.assertEqual(utils.parseaddr([address]), expected_strict)
+ self.assertEqual(utils.parseaddr([address], strict=False),
+ ('', address))
+
+ # Invalid parenthesis in comments.
+ address = 'alice@example.org )Alice('
+ self.assertEqual(utils.getaddresses([address]), [empty])
+ self.assertEqual(utils.getaddresses([address], strict=False),
+ [('', 'alice@example.org'), ('', ''), ('', 'Alice')])
+ self.assertEqual(utils.parseaddr([address]), empty)
+ self.assertEqual(utils.parseaddr([address], strict=False),
+ ('', address))
+
+ # Two addresses with quotes separated by comma.
+ address = '"Jane Doe" <jane@example.net>, "John Doe" <john@example.net>'
+ self.assertEqual(utils.getaddresses([address]),
+ [('Jane Doe', 'jane@example.net'),
+ ('John Doe', 'john@example.net')])
+ self.assertEqual(utils.getaddresses([address], strict=False),
+ [('Jane Doe', 'jane@example.net'),
+ ('John Doe', 'john@example.net')])
+ self.assertEqual(utils.parseaddr([address]), empty)
+ self.assertEqual(utils.parseaddr([address], strict=False),
+ ('', address))
+
+ # Test email.utils.supports_strict_parsing attribute
+ self.assertEqual(email.utils.supports_strict_parsing, True)
+
def test_getaddresses_nasty(self):
- eq = self.assertEqual
- eq(utils.getaddresses(['foo: ;']), [('', '')])
- eq(utils.getaddresses(
- ['[]*-- =~$']),
- [('', ''), ('', ''), ('', '*--')])
- eq(utils.getaddresses(
- ['foo: ;', '"Jason R. Mastaler" <jason@dom.ain>']),
- [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')])
+ for addresses, expected in (
+ (['"Sürname, Firstname" <to@example.com>'],
+ [('Sürname, Firstname', 'to@example.com')]),
+
+ (['foo: ;'],
+ [('', '')]),
+
+ (['foo: ;', '"Jason R. Mastaler" <jason@dom.ain>'],
+ [('', ''), ('Jason R. Mastaler', 'jason@dom.ain')]),
+
+ ([r'Pete(A nice \) chap) <pete(his account)@silly.test(his host)>'],
+ [('Pete (A nice ) chap his account his host)', 'pete@silly.test')]),
+
+ (['(Empty list)(start)Undisclosed recipients :(nobody(I know))'],
+ [('', '')]),
+
+ (['Mary <@machine.tld:mary@example.net>, , jdoe@test . example'],
+ [('Mary', 'mary@example.net'), ('', ''), ('', 'jdoe@test.example')]),
+
+ (['John Doe <jdoe@machine(comment). example>'],
+ [('John Doe (comment)', 'jdoe@machine.example')]),
+
+ (['"Mary Smith: Personal Account" <smith@home.example>'],
+ [('Mary Smith: Personal Account', 'smith@home.example')]),
+
+ (['Undisclosed recipients:;'],
+ [('', '')]),
+
+ ([r'<boss@nil.test>, "Giant; \"Big\" Box" <bob@example.net>'],
+ [('', 'boss@nil.test'), ('Giant; "Big" Box', 'bob@example.net')]),
+ ):
+ with self.subTest(addresses=addresses):
+ self.assertEqual(utils.getaddresses(addresses),
+ expected)
+ self.assertEqual(utils.getaddresses(addresses, strict=False),
+ expected)
+
+ addresses = ['[]*-- =~$']
+ self.assertEqual(utils.getaddresses(addresses),
+ [('', '')])
+ self.assertEqual(utils.getaddresses(addresses, strict=False),
+ [('', ''), ('', ''), ('', '*--')])
def test_getaddresses_embedded_comment(self):
"""Test proper handling of a nested comment"""
@@ -3551,6 +3674,54 @@ multipart/report
m = cls(*constructor, policy=email.policy.default)
self.assertIs(m.policy, email.policy.default)
+ def test_iter_escaped_chars(self):
+ self.assertEqual(list(utils._iter_escaped_chars(r'a\\b\"c\\"d')),
+ [(0, 'a'),
+ (2, '\\\\'),
+ (3, 'b'),
+ (5, '\\"'),
+ (6, 'c'),
+ (8, '\\\\'),
+ (9, '"'),
+ (10, 'd')])
+ self.assertEqual(list(utils._iter_escaped_chars('a\\')),
+ [(0, 'a'), (1, '\\')])
+
+ def test_strip_quoted_realnames(self):
+ def check(addr, expected):
+ self.assertEqual(utils._strip_quoted_realnames(addr), expected)
+
+ check('"Jane Doe" <jane@example.net>, "John Doe" <john@example.net>',
+ ' <jane@example.net>, <john@example.net>')
+ check(r'"Jane \"Doe\"." <jane@example.net>',
+ ' <jane@example.net>')
+
+ # special cases
+ check(r'before"name"after', 'beforeafter')
+ check(r'before"name"', 'before')
+ check(r'b"name"', 'b') # single char
+ check(r'"name"after', 'after')
+ check(r'"name"a', 'a') # single char
+ check(r'"name"', '')
+
+ # no change
+ for addr in (
+ 'Jane Doe <jane@example.net>, John Doe <john@example.net>',
+ 'lone " quote',
+ ):
+ self.assertEqual(utils._strip_quoted_realnames(addr), addr)
+
+
+ def test_check_parenthesis(self):
+ addr = 'alice@example.net'
+ self.assertTrue(utils._check_parenthesis(f'{addr} (Alice)'))
+ self.assertFalse(utils._check_parenthesis(f'{addr} )Alice('))
+ self.assertFalse(utils._check_parenthesis(f'{addr} (Alice))'))
+ self.assertFalse(utils._check_parenthesis(f'{addr} ((Alice)'))
+
+ # Ignore real name between quotes
+ self.assertTrue(utils._check_parenthesis(f'")Alice((" {addr}'))
+
# Test the iterator/generators
class TestIterators(TestEmailBase):
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst
@@ -0,0 +1,8 @@
+:func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now
+return ``('', '')`` 2-tuples in more situations where invalid email
+addresses are encountered instead of potentially inaccurate values. Add
+optional *strict* parameter to these two functions: use ``strict=False`` to
+get the old behavior, accept malformed inputs.
+``getattr(email.utils, 'supports_strict_parsing', False)`` can be use to check
+if the *strict* paramater is available. Patch by Thomas Dwyer and Victor
+Stinner to improve the CVE-2023-27043 fix.

View File

@ -1,67 +0,0 @@
Index: Python-3.12.3/Lib/test/test_xml_etree.py
===================================================================
--- Python-3.12.3.orig/Lib/test/test_xml_etree.py
+++ Python-3.12.3/Lib/test/test_xml_etree.py
@@ -121,6 +121,11 @@ ATTLIST_XML = """\
</foo>
"""
+IS_SLE_15_6 = os.environ.get("SLE_VERSION", "") == "0150600"
+fails_with_expat_2_6_0 = (unittest.expectedFailure
+ # 2.4 version patched in SLE
+ if IS_SLE_15_6 and pyexpat.version_info >= (2, 4, 0) else
+ lambda test: test)
def checkwarnings(*filters, quiet=False):
def decorator(test):
def newtest(*args, **kwargs):
@@ -1424,9 +1429,11 @@ class XMLPullParserTest(unittest.TestCas
self.assert_event_tags(parser, [('end', 'root')])
self.assertIsNone(parser.close())
+ @fails_with_expat_2_6_0
def test_simple_xml_chunk_1(self):
self.test_simple_xml(chunk_size=1, flush=True)
+ @fails_with_expat_2_6_0
def test_simple_xml_chunk_5(self):
self.test_simple_xml(chunk_size=5, flush=True)
@@ -1651,6 +1658,9 @@ class XMLPullParserTest(unittest.TestCas
self.assert_event_tags(parser, [('end', 'doc')])
+ @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
+ f'Expat {pyexpat.version_info} does not '
+ 'support reparse deferral')
def test_flush_reparse_deferral_disabled(self):
parser = ET.XMLPullParser(events=('start', 'end'))
Index: Python-3.12.3/Lib/test/test_sax.py
===================================================================
--- Python-3.12.3.orig/Lib/test/test_sax.py
+++ Python-3.12.3/Lib/test/test_sax.py
@@ -1240,6 +1240,9 @@ class ExpatReaderTest(XmlTestBase):
self.assertEqual(result.getvalue(), start + b"<doc></doc>")
+ @unittest.skipIf(pyexpat.version_info < (2, 6, 0),
+ f'Expat {pyexpat.version_info} does not '
+ 'support reparse deferral')
def test_flush_reparse_deferral_disabled(self):
result = BytesIO()
xmlgen = XMLGenerator(result)
Index: Python-3.12.3/Lib/test/test_pyexpat.py
===================================================================
--- Python-3.12.3.orig/Lib/test/test_pyexpat.py
+++ Python-3.12.3/Lib/test/test_pyexpat.py
@@ -794,6 +794,10 @@ class ReparseDeferralTest(unittest.TestC
self.assertEqual(started, ['doc'])
def test_reparse_deferral_disabled(self):
+ if expat.version_info < (2, 6, 0):
+ self.skipTest(f'Expat {expat.version_info} does not '
+ 'support reparse deferral')
+
started = []
def start_element(name, _):

View File

@ -1,171 +0,0 @@
---
Lib/tempfile.py | 16 +
Lib/test/test_tempfile.py | 113 ++++++++++
Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst | 2
3 files changed, 131 insertions(+)
Index: Python-3.12.4/Lib/tempfile.py
===================================================================
--- Python-3.12.4.orig/Lib/tempfile.py
+++ Python-3.12.4/Lib/tempfile.py
@@ -285,6 +285,22 @@ def _resetperms(path):
_dont_follow_symlinks(chflags, path, 0)
_dont_follow_symlinks(_os.chmod, path, 0o700)
+def _dont_follow_symlinks(func, path, *args):
+ # Pass follow_symlinks=False, unless not supported on this platform.
+ if func in _os.supports_follow_symlinks:
+ func(path, *args, follow_symlinks=False)
+ elif _os.name == 'nt' or not _os.path.islink(path):
+ func(path, *args)
+
+def _resetperms(path):
+ try:
+ chflags = _os.chflags
+ except AttributeError:
+ pass
+ else:
+ _dont_follow_symlinks(chflags, path, 0)
+ _dont_follow_symlinks(_os.chmod, path, 0o700)
+
# User visible interfaces.
Index: Python-3.12.4/Lib/test/test_tempfile.py
===================================================================
--- Python-3.12.4.orig/Lib/test/test_tempfile.py
+++ Python-3.12.4/Lib/test/test_tempfile.py
@@ -1803,6 +1803,103 @@ class TestTemporaryDirectory(BaseTestCas
new_flags = os.stat(dir1).st_flags
self.assertEqual(new_flags, old_flags)
+ @os_helper.skip_unless_symlink
+ def test_cleanup_with_symlink_modes(self):
+ # cleanup() should not follow symlinks when fixing mode bits (#91133)
+ with self.do_create(recurse=0) as d2:
+ file1 = os.path.join(d2, 'file1')
+ open(file1, 'wb').close()
+ dir1 = os.path.join(d2, 'dir1')
+ os.mkdir(dir1)
+ for mode in range(8):
+ mode <<= 6
+ with self.subTest(mode=format(mode, '03o')):
+ def test(target, target_is_directory):
+ d1 = self.do_create(recurse=0)
+ symlink = os.path.join(d1.name, 'symlink')
+ os.symlink(target, symlink,
+ target_is_directory=target_is_directory)
+ try:
+ os.chmod(symlink, mode, follow_symlinks=False)
+ except NotImplementedError:
+ pass
+ try:
+ os.chmod(symlink, mode)
+ except FileNotFoundError:
+ pass
+ os.chmod(d1.name, mode)
+ d1.cleanup()
+ self.assertFalse(os.path.exists(d1.name))
+
+ with self.subTest('nonexisting file'):
+ test('nonexisting', target_is_directory=False)
+ with self.subTest('nonexisting dir'):
+ test('nonexisting', target_is_directory=True)
+
+ with self.subTest('existing file'):
+ os.chmod(file1, mode)
+ old_mode = os.stat(file1).st_mode
+ test(file1, target_is_directory=False)
+ new_mode = os.stat(file1).st_mode
+ self.assertEqual(new_mode, old_mode,
+ '%03o != %03o' % (new_mode, old_mode))
+
+ with self.subTest('existing dir'):
+ os.chmod(dir1, mode)
+ old_mode = os.stat(dir1).st_mode
+ test(dir1, target_is_directory=True)
+ new_mode = os.stat(dir1).st_mode
+ self.assertEqual(new_mode, old_mode,
+ '%03o != %03o' % (new_mode, old_mode))
+
+ @unittest.skipUnless(hasattr(os, 'chflags'), 'requires os.chflags')
+ @os_helper.skip_unless_symlink
+ def test_cleanup_with_symlink_flags(self):
+ # cleanup() should not follow symlinks when fixing flags (#91133)
+ flags = stat.UF_IMMUTABLE | stat.UF_NOUNLINK
+ self.check_flags(flags)
+
+ with self.do_create(recurse=0) as d2:
+ file1 = os.path.join(d2, 'file1')
+ open(file1, 'wb').close()
+ dir1 = os.path.join(d2, 'dir1')
+ os.mkdir(dir1)
+ def test(target, target_is_directory):
+ d1 = self.do_create(recurse=0)
+ symlink = os.path.join(d1.name, 'symlink')
+ os.symlink(target, symlink,
+ target_is_directory=target_is_directory)
+ try:
+ os.chflags(symlink, flags, follow_symlinks=False)
+ except NotImplementedError:
+ pass
+ try:
+ os.chflags(symlink, flags)
+ except FileNotFoundError:
+ pass
+ os.chflags(d1.name, flags)
+ d1.cleanup()
+ self.assertFalse(os.path.exists(d1.name))
+
+ with self.subTest('nonexisting file'):
+ test('nonexisting', target_is_directory=False)
+ with self.subTest('nonexisting dir'):
+ test('nonexisting', target_is_directory=True)
+
+ with self.subTest('existing file'):
+ os.chflags(file1, flags)
+ old_flags = os.stat(file1).st_flags
+ test(file1, target_is_directory=False)
+ new_flags = os.stat(file1).st_flags
+ self.assertEqual(new_flags, old_flags)
+
+ with self.subTest('existing dir'):
+ os.chflags(dir1, flags)
+ old_flags = os.stat(dir1).st_flags
+ test(dir1, target_is_directory=True)
+ new_flags = os.stat(dir1).st_flags
+ self.assertEqual(new_flags, old_flags)
+
@support.cpython_only
def test_del_on_collection(self):
# A TemporaryDirectory is deleted when garbage collected
@@ -1977,6 +2074,22 @@ class TestTemporaryDirectory(BaseTestCas
def check_flags(self, flags):
# skip the test if these flags are not supported (ex: FreeBSD 13)
+ filename = os_helper.TESTFN
+ try:
+ open(filename, "w").close()
+ try:
+ os.chflags(filename, flags)
+ except OSError as exc:
+ # "OSError: [Errno 45] Operation not supported"
+ self.skipTest(f"chflags() doesn't support flags "
+ f"{flags:#b}: {exc}")
+ else:
+ os.chflags(filename, 0)
+ finally:
+ os_helper.unlink(filename)
+
+ def check_flags(self, flags):
+ # skip the test if these flags are not supported (ex: FreeBSD 13)
filename = os_helper.TESTFN
try:
open(filename, "w").close()
Index: Python-3.12.4/Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst
===================================================================
--- /dev/null
+++ Python-3.12.4/Misc/NEWS.d/next/Library/2022-12-01-16-57-44.gh-issue-91133.LKMVCV.rst
@@ -0,0 +1,2 @@
+Fix a bug in :class:`tempfile.TemporaryDirectory` cleanup, which now no longer
+dereferences symlinks when working around file system permission errors.

View File

@ -1,148 +0,0 @@
---
Lib/test/test_zipfile/_path/test_path.py | 78 ++++++++++
Lib/zipfile/_path/__init__.py | 18 ++
Misc/NEWS.d/next/Library/2024-08-11-14-08-04.gh-issue-122905.7tDsxA.rst | 1
Misc/NEWS.d/next/Library/2024-08-26-13-45-20.gh-issue-123270.gXHvNJ.rst | 3
4 files changed, 98 insertions(+), 2 deletions(-)
--- a/Lib/test/test_zipfile/_path/test_path.py
+++ b/Lib/test/test_zipfile/_path/test_path.py
@@ -4,6 +4,7 @@ import contextlib
import pathlib
import pickle
import sys
+import time
import unittest
import zipfile
@@ -577,3 +578,80 @@ class TestPath(unittest.TestCase):
zipfile.Path(alpharep)
with self.assertRaises(KeyError):
alpharep.getinfo('does-not-exist')
+
+ def test_malformed_paths(self):
+ """
+ Path should handle malformed paths gracefully.
+
+ Paths with leading slashes are not visible.
+
+ Paths with dots are treated like regular files.
+ """
+ data = io.BytesIO()
+ zf = zipfile.ZipFile(data, "w")
+ zf.writestr("/one-slash.txt", b"content")
+ zf.writestr("//two-slash.txt", b"content")
+ zf.writestr("../parent.txt", b"content")
+ zf.filename = ''
+ root = zipfile.Path(zf)
+ assert list(map(str, root.iterdir())) == ['../']
+ assert root.joinpath('..').joinpath('parent.txt').read_bytes() == b'content'
+
+ def test_unsupported_names(self):
+ """
+ Path segments with special characters are readable.
+
+ On some platforms or file systems, characters like
+ ``:`` and ``?`` are not allowed, but they are valid
+ in the zip file.
+ """
+ data = io.BytesIO()
+ zf = zipfile.ZipFile(data, "w")
+ zf.writestr("path?", b"content")
+ zf.writestr("V: NMS.flac", b"fLaC...")
+ zf.filename = ''
+ root = zipfile.Path(zf)
+ contents = root.iterdir()
+ assert next(contents).name == 'path?'
+ assert next(contents).name == 'V: NMS.flac'
+ assert root.joinpath('V: NMS.flac').read_bytes() == b"fLaC..."
+
+ def test_backslash_not_separator(self):
+ """
+ In a zip file, backslashes are not separators.
+ """
+ data = io.BytesIO()
+ zf = zipfile.ZipFile(data, "w")
+ zf.writestr(DirtyZipInfo.for_name("foo\\bar", zf), b"content")
+ zf.filename = ''
+ root = zipfile.Path(zf)
+ (first,) = root.iterdir()
+ assert not first.is_dir()
+ assert first.name == 'foo\\bar'
+
+
+class DirtyZipInfo(zipfile.ZipInfo):
+ """
+ Bypass name sanitization.
+ """
+
+ def __init__(self, filename, *args, **kwargs):
+ super().__init__(filename, *args, **kwargs)
+ self.filename = filename
+
+ @classmethod
+ def for_name(cls, name, archive):
+ """
+ Construct the same way that ZipFile.writestr does.
+
+ TODO: extract this functionality and re-use
+ """
+ self = cls(filename=name, date_time=time.localtime(time.time())[:6])
+ self.compress_type = archive.compression
+ self.compress_level = archive.compresslevel
+ if self.filename.endswith('/'): # pragma: no cover
+ self.external_attr = 0o40775 << 16 # drwxrwxr-x
+ self.external_attr |= 0x10 # MS-DOS directory flag
+ else:
+ self.external_attr = 0o600 << 16 # ?rw-------
+ return self
--- a/Lib/zipfile/_path/__init__.py
+++ b/Lib/zipfile/_path/__init__.py
@@ -1,3 +1,12 @@
+"""
+A Path-like interface for zipfiles.
+
+This codebase is shared between zipfile.Path in the stdlib
+and zipp in PyPI. See
+https://github.com/python/importlib_metadata/wiki/Development-Methodology
+for more detail.
+"""
+
import io
import posixpath
import zipfile
@@ -34,7 +43,7 @@ def _parents(path):
def _ancestry(path):
"""
Given a path with elements separated by
- posixpath.sep, generate all elements of that path
+ posixpath.sep, generate all elements of that path.
>>> list(_ancestry('b/d'))
['b/d', 'b']
@@ -46,9 +55,14 @@ def _ancestry(path):
['b']
>>> list(_ancestry(''))
[]
+
+ Multiple separators are treated like a single.
+
+ >>> list(_ancestry('//b//d///f//'))
+ ['//b//d///f', '//b//d', '//b']
"""
path = path.rstrip(posixpath.sep)
- while path and path != posixpath.sep:
+ while path.rstrip(posixpath.sep):
yield path
path, tail = posixpath.split(path)
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2024-08-11-14-08-04.gh-issue-122905.7tDsxA.rst
@@ -0,0 +1 @@
+:class:`zipfile.Path` objects now sanitize names from the zipfile.
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2024-08-26-13-45-20.gh-issue-123270.gXHvNJ.rst
@@ -0,0 +1,3 @@
+Applied a more surgical fix for malformed payloads in :class:`zipfile.Path`
+causing infinite loops (gh-122905) without breaking contents using
+legitimate characters.

View File

@ -24,16 +24,15 @@ Co-authored-by: Miro Hrončok <miro@hroncok.cz>
Co-authored-by: Michal Cyprian <m.cyprian@gmail.com>
Co-authored-by: Lumír Balhar <frenzy.madness@gmail.com>
---
Lib/site.py | 9 ++++++-
Lib/sysconfig.py | 49 +++++++++++++++++++++++++++++++++++++-
Lib/test/test_sysconfig.py | 17 +++++++++++--
3 files changed, 71 insertions(+), 4 deletions(-)
Lib/sysconfig.py | 51 ++++++++++++++++++++++++++++++++++++++++++++-
Lib/test/test_sysconfig.py | 17 +++++++++++++--
2 files changed, 65 insertions(+), 3 deletions(-)
Index: Python-3.12.4/Lib/sysconfig.py
Index: Python-3.12.10/Lib/sysconfig.py
===================================================================
--- Python-3.12.4.orig/Lib/sysconfig.py
+++ Python-3.12.4/Lib/sysconfig.py
@@ -104,6 +104,11 @@ if os.name == 'nt':
--- Python-3.12.10.orig/Lib/sysconfig.py 2025-04-11 21:04:43.494305425 +0200
+++ Python-3.12.10/Lib/sysconfig.py 2025-04-11 21:04:51.517931810 +0200
@@ -104,6 +104,11 @@
else:
_INSTALL_SCHEMES['venv'] = _INSTALL_SCHEMES['posix_venv']
@ -45,7 +44,7 @@ Index: Python-3.12.4/Lib/sysconfig.py
# NOTE: site.py has copy of this function.
# Sync it when modify this function.
@@ -163,6 +168,19 @@ if _HAS_USER_BASE:
@@ -163,13 +168,28 @@
},
}
@ -65,7 +64,16 @@ Index: Python-3.12.4/Lib/sysconfig.py
_SCHEME_KEYS = ('stdlib', 'platstdlib', 'purelib', 'platlib', 'include',
'scripts', 'data')
@@ -263,11 +281,40 @@ def _extend_dict(target_dict, other_dict
_PY_VERSION = sys.version.split()[0]
_PY_VERSION_SHORT = f'{sys.version_info[0]}.{sys.version_info[1]}'
_PY_VERSION_SHORT_NO_DOT = f'{sys.version_info[0]}{sys.version_info[1]}'
+_PREFIX = os.path.normpath(sys.prefix)
_BASE_PREFIX = os.path.normpath(sys.base_prefix)
+_EXEC_PREFIX = os.path.normpath(sys.exec_prefix)
_BASE_EXEC_PREFIX = os.path.normpath(sys.base_exec_prefix)
# Mutex guarding initialization of _CONFIG_VARS.
_CONFIG_VARS_LOCK = threading.RLock()
@@ -268,11 +288,40 @@
target_dict[key] = value
@ -107,11 +115,11 @@ Index: Python-3.12.4/Lib/sysconfig.py
if os.name == 'nt':
# On Windows we want to substitute 'lib' for schemes rather
# than the native value (without modifying vars, in case it
Index: Python-3.12.4/Lib/test/test_sysconfig.py
Index: Python-3.12.10/Lib/test/test_sysconfig.py
===================================================================
--- Python-3.12.4.orig/Lib/test/test_sysconfig.py
+++ Python-3.12.4/Lib/test/test_sysconfig.py
@@ -110,8 +110,19 @@ class TestSysConfig(unittest.TestCase):
--- Python-3.12.10.orig/Lib/test/test_sysconfig.py 2025-04-11 21:04:45.175417431 +0200
+++ Python-3.12.10/Lib/test/test_sysconfig.py 2025-04-11 21:04:51.518393464 +0200
@@ -119,8 +119,19 @@
for scheme in _INSTALL_SCHEMES:
for name in _INSTALL_SCHEMES[scheme]:
expected = _INSTALL_SCHEMES[scheme][name].format(**config_vars)
@ -132,7 +140,7 @@ Index: Python-3.12.4/Lib/test/test_sysconfig.py
os.path.normpath(expected),
)
@@ -344,7 +355,7 @@ class TestSysConfig(unittest.TestCase):
@@ -353,7 +364,7 @@
self.assertTrue(os.path.isfile(config_h), config_h)
def test_get_scheme_names(self):
@ -141,7 +149,7 @@ Index: Python-3.12.4/Lib/test/test_sysconfig.py
if HAS_USER_BASE:
wanted.extend(['nt_user', 'osx_framework_user', 'posix_user'])
self.assertEqual(get_scheme_names(), tuple(sorted(wanted)))
@@ -356,6 +367,8 @@ class TestSysConfig(unittest.TestCase):
@@ -365,6 +376,8 @@
cmd = "-c", "import sysconfig; print(sysconfig.get_platform())"
self.assertEqual(py.call_real(*cmd), py.call_link(*cmd))

3
Python-3.12.11.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c30bb24b7f1e9a19b11b55a546434f74e739bb4c271a3e3a80ff4380d49f7adb
size 20525812

18
Python-3.12.11.tar.xz.asc Normal file
View File

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmg/MbpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx
Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6
YwXySQ/7Ba9qlnTLmxqTCO8C7Gf545WNMBL2Ep6JZPgjOcgNk9e1QdAnNV5OOtGm
gW5nNPSTNNcIcPn058GuI24D4RpTQCJfMbMLsfYgvio0E7ij1gC19PsJHb6ejtCS
H2kK237Y1kuqRUdbTZssFDoAR4R9+UCaDuo4XdW+UKQk2GgdNQDMWLKmWF/Xk6Ob
/LihMXj27mDU9nXVdWR55sJzTFzfGB015vmORvcpuctkf1lZ4AfVFMgGw1CgjRjF
kjrOkrDErjDUQ8BIhMh90deiTpigfg7cg1HBDI6GRzklFg6cMfIdfvmfM0MfamX3
Tow08TGBzmYXWgrqjYXW6JknKhBGOrjXMB7/yNDk9bJVLcOJaLbOmbcG0WRQF/Py
DMOCvr09l0yt5KFYpdKrDvyCuKYfpX33B4C60kU9JzmfXGyQ6LDTPXapZooJ+8Fg
GRTUsc0YWXoaDVCcxMIdiG+jEMQkjWVwW7E/nC/d7WT5L9KPoYFA1sZ834kKq3jr
NmZynbBnKH7m7L+u6HP6B+pa84FKEME69osAXZk0HJOIHB+SOX3E6BXRo6IV8Q/K
J6f5Ja26gJ7KXcUxTgkTkYh7tz0bhb+WeL3j6N/BC0eK7ZVsKRZ/3WnntGsG5B2m
FjVOYKolfkF4tf63SjdFuudgaKGCaDK1PvfwIr7k0oozxrB2ZEA=
=SYH/
-----END PGP SIGNATURE-----

File diff suppressed because one or more lines are too long

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:56bfef1fdfc1221ce6720e43a661e3eb41785dd914ce99698d8c7896af4bdaa1
size 20625068

View File

@ -1,18 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmYVDdNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx
Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6
YwU8Vg//aP8bxzPTDIM9Af1LLJj5LNLIuZOl5QysWQVbakoCpS8Z8ZiK3LyzGi7H
pQ5uJEnRjhULnOi+va2TPBDqiYvY1CkVizYzmUe1dMtzHdJUBE1TzybfON02JzPD
62oDHxUC1hvITyLE8tjnsgBuP9bbYYHnS+qqmDgBWS1M60i4bqcBiSdlWZp7ZTI4
KIxIy9eyNujHnNQrQQ1oqIoj7ty1Hrtkfqia/3cVq7rkQT8HecBIW0K82WuIXizm
/Ua/TQslTJsypslFYpoJBoIkWG2nk7RhJvfU5iLxQHen6cr7JOUo/u3jv0DIJyJs
LdBWG6noTIiqKJb65UswLUxexM5f3Y7gLEZ4FCqlbAOAPG16xwwC8Xd7LIF33cHK
133BvYCkwdl0MCpmsQuxi8i6Kql0MaEqJ9MEj6UN66ZJVpRx8hOm2FtZGhn5ZNxx
r5C2zXGw/IjXeS01wgD8cSRVA0XJdN4bu88vmvhqMuezg3CDF5bX85isoFUaLUjS
c5Lv1HNrqPiaWHOctnvzasy0djpwze+WCzsXFMI6VfejPpYwNlhmnxS7i3R9A4RK
gBwViMd5q5rwx365tCfRfGcBW6OOvrHZalhSGYmUw13sBarFliW9CvN4ghN9kWbN
YQwSggf5KD6v5mAAyReMrOJTyBG6B5hMlxKai5CzbRLlG25T2wI=
=ZQxz
-----END PGP SIGNATURE-----

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fa8a2e12c5e620b09f53e65bcd87550d2e5a1e2e04bf8ba991dcc55113876397
size 20422396

View File

@ -1,18 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmayiFtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx
Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6
YwUr4g//VyVs9tvbtiSp8pGe8f1gYErEw54r124sL/CBuNii8Irts1j5ymGxcm+l
hshPK5UlqRnhd5dCJWFTvLTXa5Ko2R1L3JyyxfGd1hmDuMhrWsDHijI0R7L/mGM5
6X2LTaadBVNvk8HaNKvR8SEWvo68rdnOuYElFA9ir7uqwjO26ZWz9FfH80YDGwo8
Blef2NYw8rNhiaZMFV0HYV7D+YyUAZnFNfW8M7Fd4oskUyj1tD9J89T9FFLYN09d
BcCIf+EdiEfqRpKxH89bW2g52kDrm4jYGONtpyF8eruyS3YwYSbvbuWioBYKmlxC
s51mieXz6G325GTZnmPxLek3ywPv6Gil9y0wH3fIr2BsWsmXust4LBpjDGt56Fy6
seokGBg8xzsBSk3iEqNoFmNsy/QOiuCcDejX4XqBDNodOlETQPJb07TkTI2iOmg9
NG4Atiz1HvGVxK68UuK9IIcNHyaWUmH8h4VQFGvc6KV6feP5Nm21Y12PZ5XIqJBO
Y8M/VJIJ5koaNPQfnBbbI5YBkUr4BVpIXIpY5LM/L5sUo2C3R7hMi0VGK88HGfSQ
KV4JmZgf6RMBNmrWY12sryS1QQ6q3P110GTUGQWB3sxxNbhmfcrK+4viqHc83yDz
ifmk33HuqaQGU7OzUMHeNcoCJIPo3H1FpoHOn9wLLCtA1pT+as4=
=t0Rk
-----END PGP SIGNATURE-----

View File

@ -5,30 +5,32 @@ Subject: [PATCH] bpo-31046: ensurepip does not honour the value of $(prefix)
Co-Authored-By: Xavier de Gaye <xdegaye@gmail.com>
---
Doc/library/ensurepip.rst | 9 +++--
Doc/library/ensurepip.rst | 12 +++++-
Lib/ensurepip/__init__.py | 18 +++++++---
Lib/test/test_ensurepip.py | 11 ++++++
Makefile.pre.in | 4 +-
Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst | 1
5 files changed, 34 insertions(+), 9 deletions(-)
5 files changed, 37 insertions(+), 9 deletions(-)
create mode 100644 Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst
Index: Python-3.12.4/Doc/library/ensurepip.rst
Index: Python-3.12.10/Doc/library/ensurepip.rst
===================================================================
--- Python-3.12.4.orig/Doc/library/ensurepip.rst
+++ Python-3.12.4/Doc/library/ensurepip.rst
@@ -59,8 +59,9 @@ is at least as recent as the one availab
--- Python-3.12.10.orig/Doc/library/ensurepip.rst 2025-04-08 13:35:47.000000000 +0200
+++ Python-3.12.10/Doc/library/ensurepip.rst 2025-04-11 21:16:06.140273604 +0200
@@ -61,7 +61,11 @@
By default, ``pip`` is installed into the current virtual environment
(if one is active) or into the system site packages (if there is no
active virtual environment). The installation location can be controlled
-through two additional command line options:
+through some additional command line options:
+
+.. option:: --prefix <dir>
+
+ Installs ``pip`` using the given directory prefix.
+* ``--prefix <dir>``: Installs ``pip`` using the given directory prefix.
* :samp:`--root {dir}`: Installs ``pip`` relative to the given root directory
rather than the root of the currently active virtual environment (if any)
or the default root for the current Python installation.
@@ -92,7 +93,7 @@ Module API
.. option:: --root <dir>
@@ -102,7 +106,7 @@
Returns a string specifying the available version of pip that will be
installed when bootstrapping an environment.
@ -37,7 +39,7 @@ Index: Python-3.12.4/Doc/library/ensurepip.rst
altinstall=False, default_pip=False, \
verbosity=0)
@@ -102,6 +103,8 @@ Module API
@@ -112,6 +116,8 @@
If *root* is ``None``, then installation uses the default install location
for the current environment.
@ -46,7 +48,7 @@ Index: Python-3.12.4/Doc/library/ensurepip.rst
*upgrade* indicates whether or not to upgrade an existing installation
of an earlier version of ``pip`` to the available version.
@@ -122,6 +125,8 @@ Module API
@@ -132,6 +138,8 @@
*verbosity* controls the level of output to :data:`sys.stdout` from the
bootstrapping operation.
@ -55,11 +57,11 @@ Index: Python-3.12.4/Doc/library/ensurepip.rst
.. audit-event:: ensurepip.bootstrap root ensurepip.bootstrap
.. note::
Index: Python-3.12.4/Lib/ensurepip/__init__.py
Index: Python-3.12.10/Lib/ensurepip/__init__.py
===================================================================
--- Python-3.12.4.orig/Lib/ensurepip/__init__.py
+++ Python-3.12.4/Lib/ensurepip/__init__.py
@@ -120,27 +120,27 @@ def _disable_pip_configuration_settings(
--- Python-3.12.10.orig/Lib/ensurepip/__init__.py 2025-04-11 21:04:42.789443156 +0200
+++ Python-3.12.10/Lib/ensurepip/__init__.py 2025-04-11 21:13:01.303399067 +0200
@@ -120,27 +120,27 @@
os.environ['PIP_CONFIG_FILE'] = os.devnull
@ -92,7 +94,7 @@ Index: Python-3.12.4/Lib/ensurepip/__init__.py
Note that calling this function will alter both sys.path and os.environ.
"""
@@ -190,6 +190,8 @@ def _bootstrap(*, root=None, upgrade=Fal
@@ -190,6 +190,8 @@
args = ["install", "--no-cache-dir", "--no-index", "--find-links", tmpdir]
if root:
args += ["--root", root]
@ -101,7 +103,7 @@ Index: Python-3.12.4/Lib/ensurepip/__init__.py
if upgrade:
args += ["--upgrade"]
if user:
@@ -265,6 +267,11 @@ def _main(argv=None):
@@ -265,6 +267,11 @@
help="Install everything relative to this alternate root directory.",
)
parser.add_argument(
@ -113,7 +115,7 @@ Index: Python-3.12.4/Lib/ensurepip/__init__.py
"--altinstall",
action="store_true",
default=False,
@@ -283,6 +290,7 @@ def _main(argv=None):
@@ -283,6 +290,7 @@
return _bootstrap(
root=args.root,
@ -121,11 +123,11 @@ Index: Python-3.12.4/Lib/ensurepip/__init__.py
upgrade=args.upgrade,
user=args.user,
verbosity=args.verbosity,
Index: Python-3.12.4/Lib/test/test_ensurepip.py
Index: Python-3.12.10/Lib/test/test_ensurepip.py
===================================================================
--- Python-3.12.4.orig/Lib/test/test_ensurepip.py
+++ Python-3.12.4/Lib/test/test_ensurepip.py
@@ -105,6 +105,17 @@ class TestBootstrap(EnsurepipMixin, unit
--- Python-3.12.10.orig/Lib/test/test_ensurepip.py 2025-04-11 21:04:44.274413027 +0200
+++ Python-3.12.10/Lib/test/test_ensurepip.py 2025-04-11 21:13:01.303691075 +0200
@@ -105,6 +105,17 @@
unittest.mock.ANY,
)
@ -143,11 +145,11 @@ Index: Python-3.12.4/Lib/test/test_ensurepip.py
def test_bootstrapping_with_user(self):
ensurepip.bootstrap(user=True)
Index: Python-3.12.4/Makefile.pre.in
Index: Python-3.12.10/Makefile.pre.in
===================================================================
--- Python-3.12.4.orig/Makefile.pre.in
+++ Python-3.12.4/Makefile.pre.in
@@ -1914,7 +1914,7 @@ install: @FRAMEWORKINSTALLFIRST@ commoni
--- Python-3.12.10.orig/Makefile.pre.in 2025-04-11 21:04:58.388346212 +0200
+++ Python-3.12.10/Makefile.pre.in 2025-04-11 21:13:01.304095180 +0200
@@ -1914,7 +1914,7 @@
install|*) ensurepip="" ;; \
esac; \
$(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \
@ -156,7 +158,7 @@ Index: Python-3.12.4/Makefile.pre.in
fi
.PHONY: altinstall
@@ -1925,7 +1925,7 @@ altinstall: commoninstall
@@ -1925,7 +1925,7 @@
install|*) ensurepip="--altinstall" ;; \
esac; \
$(RUNSHARED) $(PYTHON_FOR_BUILD) -m ensurepip \
@ -165,9 +167,9 @@ Index: Python-3.12.4/Makefile.pre.in
fi
.PHONY: commoninstall
Index: Python-3.12.4/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst
Index: Python-3.12.10/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst
===================================================================
--- /dev/null
+++ Python-3.12.4/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ Python-3.12.10/Misc/NEWS.d/next/Build/2019-12-16-17-50-42.bpo-31046.XA-Qfr.rst 2025-04-11 21:13:01.304672632 +0200
@@ -0,0 +1 @@
+A directory prefix can now be specified when using :mod:`ensurepip`.

780
doc-py38-to-py36.patch Normal file
View File

@ -0,0 +1,780 @@
---
Doc/Makefile | 8 +--
Doc/conf.py | 16 ++++++-
Doc/tools/check-warnings.py | 5 +-
Doc/tools/extensions/audit_events.py | 54 +++++++++++++-------------
Doc/tools/extensions/availability.py | 15 +++----
Doc/tools/extensions/c_annotations.py | 45 +++++++++++++--------
Doc/tools/extensions/changes.py | 8 +--
Doc/tools/extensions/glossary_search.py | 10 +---
Doc/tools/extensions/implementation_detail.py | 22 +++-------
Doc/tools/extensions/issue_role.py | 16 ++-----
Doc/tools/extensions/misc_news.py | 14 ++----
Doc/tools/extensions/patchlevel.py | 9 ++--
Doc/tools/extensions/pydoc_topics.py | 22 +++++-----
13 files changed, 126 insertions(+), 118 deletions(-)
Index: Python-3.12.10/Doc/Makefile
===================================================================
--- Python-3.12.10.orig/Doc/Makefile 2025-04-29 22:11:50.013198738 +0200
+++ Python-3.12.10/Doc/Makefile 2025-04-29 22:11:52.047098026 +0200
@@ -14,15 +14,15 @@
SOURCES =
DISTVERSION = $(shell $(PYTHON) tools/extensions/patchlevel.py)
REQUIREMENTS = requirements.txt
-SPHINXERRORHANDLING = --fail-on-warning
+SPHINXERRORHANDLING = -W
# Internal variables.
PAPEROPT_a4 = --define latex_elements.papersize=a4paper
PAPEROPT_letter = --define latex_elements.papersize=letterpaper
-ALLSPHINXOPTS = --builder $(BUILDER) \
- --doctree-dir build/doctrees \
- --jobs $(JOBS) \
+ALLSPHINXOPTS = -b $(BUILDER) \
+ -d build/doctrees \
+ -j $(JOBS) \
$(PAPEROPT_$(PAPER)) \
$(SPHINXOPTS) $(SPHINXERRORHANDLING) \
. build/$(BUILDER) $(SOURCES)
Index: Python-3.12.10/Doc/conf.py
===================================================================
--- Python-3.12.10.orig/Doc/conf.py 2025-04-29 22:11:46.161835452 +0200
+++ Python-3.12.10/Doc/conf.py 2025-04-29 22:11:52.047459667 +0200
@@ -11,6 +11,8 @@
from importlib import import_module
from importlib.util import find_spec
+from sphinx import version_info
+
# Make our custom extensions available to Sphinx
sys.path.append(os.path.abspath('tools/extensions'))
sys.path.append(os.path.abspath('includes'))
@@ -87,7 +89,7 @@
# Minimum version of sphinx required
# Keep this version in sync with ``Doc/requirements.txt``.
-needs_sphinx = '8.2.0'
+needs_sphinx = '4.2.0'
# Create table of contents entries for domain objects (e.g. functions, classes,
# attributes, etc.). Default is True.
@@ -342,7 +344,7 @@
# (See .readthedocs.yml and https://docs.readthedocs.io/en/stable/reference/environment-variables.html)
is_deployment_preview = os.getenv("READTHEDOCS_VERSION_TYPE") == "external"
repository_url = os.getenv("READTHEDOCS_GIT_CLONE_URL", "")
-repository_url = repository_url.removesuffix(".git")
+repository_url = repository_url[:-len(".git")]
html_context = {
"is_deployment_preview": is_deployment_preview,
"repository_url": repository_url or None,
@@ -588,6 +590,16 @@
}
extlinks_detect_hardcoded_links = True
+if version_info[:2] < (8, 1):
+ # Sphinx 8.1 has in-built CVE and CWE roles.
+ extlinks.update({
+ "cve": (
+ "https://www.cve.org/CVERecord?id=CVE-%s",
+ "CVE-%s",
+ ),
+ "cwe": ("https://cwe.mitre.org/data/definitions/%s.html", "CWE-%s"),
+ })
+
# Options for c_annotations extension
# -----------------------------------
Index: Python-3.12.10/Doc/tools/check-warnings.py
===================================================================
--- Python-3.12.10.orig/Doc/tools/check-warnings.py 2025-04-08 13:35:47.000000000 +0200
+++ Python-3.12.10/Doc/tools/check-warnings.py 2025-04-29 22:11:52.047704324 +0200
@@ -228,7 +228,8 @@
print(filename)
for warning in warnings:
if filename in warning:
- if match := WARNING_PATTERN.fullmatch(warning):
+ match = WARNING_PATTERN.fullmatch(warning)
+ if match:
print(" {line}: {msg}".format_map(match))
return -1
return 0
@@ -316,7 +317,7 @@
cwd = str(Path.cwd()) + os.path.sep
files_with_nits = {
- warning.removeprefix(cwd).split(":")[0]
+ (warning[len(cwd):].split(":")[0] if warning.startswith(cwd) else warning.split(":")[0])
for warning in warnings
if "Doc/" in warning
}
Index: Python-3.12.10/Doc/tools/extensions/audit_events.py
===================================================================
--- Python-3.12.10.orig/Doc/tools/extensions/audit_events.py 2025-04-08 13:35:47.000000000 +0200
+++ Python-3.12.10/Doc/tools/extensions/audit_events.py 2025-04-29 22:11:52.047967558 +0200
@@ -1,9 +1,6 @@
"""Support for documenting audit events."""
-from __future__ import annotations
-
import re
-from typing import TYPE_CHECKING
from docutils import nodes
from sphinx.errors import NoUri
@@ -12,12 +9,11 @@
from sphinx.util import logging
from sphinx.util.docutils import SphinxDirective
-if TYPE_CHECKING:
- from collections.abc import Iterator
+from typing import Any, List, Tuple
- from sphinx.application import Sphinx
- from sphinx.builders import Builder
- from sphinx.environment import BuildEnvironment
+from sphinx.application import Sphinx
+from sphinx.builders import Builder
+from sphinx.environment import BuildEnvironment
logger = logging.getLogger(__name__)
@@ -32,16 +28,16 @@
class AuditEvents:
def __init__(self) -> None:
- self.events: dict[str, list[str]] = {}
- self.sources: dict[str, list[tuple[str, str]]] = {}
+ self.events: dict[str, List[str]] = {}
+ self.sources: dict[str, List[Tuple[str, str]]] = {}
- def __iter__(self) -> Iterator[tuple[str, list[str], tuple[str, str]]]:
+ def __iter__(self) -> Any:
for name, args in self.events.items():
for source in self.sources[name]:
yield name, args, source
def add_event(
- self, name, args: list[str], source: tuple[str, str]
+ self, name, args: List[str], source: Tuple[str, str]
) -> None:
if name in self.events:
self._check_args_match(name, args)
@@ -49,7 +45,7 @@
self.events[name] = args
self.sources.setdefault(name, []).append(source)
- def _check_args_match(self, name: str, args: list[str]) -> None:
+ def _check_args_match(self, name: str, args: List[str]) -> None:
current_args = self.events[name]
msg = (
f"Mismatched arguments for audit-event {name}: "
@@ -60,7 +56,7 @@
if len(current_args) != len(args):
logger.warning(msg)
return
- for a1, a2 in zip(current_args, args, strict=False):
+ for a1, a2 in zip(current_args, args):
if a1 == a2:
continue
if any(a1 in s and a2 in s for s in _SYNONYMS):
@@ -73,7 +69,7 @@
name_clean = re.sub(r"\W", "_", name)
return f"audit_event_{name_clean}_{source_count}"
- def rows(self) -> Iterator[tuple[str, list[str], list[tuple[str, str]]]]:
+ def rows(self) -> Any:
for name in sorted(self.events.keys()):
yield name, self.events[name], self.sources[name]
@@ -97,7 +93,7 @@
def audit_events_merge(
app: Sphinx,
env: BuildEnvironment,
- docnames: list[str],
+ docnames: List[str],
other: BuildEnvironment,
) -> None:
"""In Sphinx parallel builds, this merges audit_events from subprocesses."""
@@ -126,14 +122,16 @@
),
]
- def run(self) -> list[nodes.paragraph]:
+ def run(self) -> List[nodes.paragraph]:
+ def _no_walrus_op(args):
+ for arg in args.strip("'\"").split(","):
+ aarg = arg.strip()
+ if aarg:
+ yield aarg
+
name = self.arguments[0]
if len(self.arguments) >= 2 and self.arguments[1]:
- args = [
- arg
- for argument in self.arguments[1].strip("'\"").split(",")
- if (arg := argument.strip())
- ]
+ args = list(_no_walrus_op(self.arguments[1]))
else:
args = []
ids = []
@@ -169,7 +167,7 @@
class AuditEventListDirective(SphinxDirective):
- def run(self) -> list[audit_event_list]:
+ def run(self) -> List[audit_event_list]:
return [audit_event_list()]
@@ -181,7 +179,11 @@
return
table = self._make_table(self.app.builder, self.env.docname)
- for node in self.document.findall(audit_event_list):
+ try:
+ findall = self.document.findall
+ except AttributeError:
+ findall = self.document.traverse
+ for node in findall(audit_event_list):
node.replace_self(table)
def _make_table(self, builder: Builder, docname: str) -> nodes.table:
@@ -217,8 +219,8 @@
builder: Builder,
docname: str,
name: str,
- args: list[str],
- sources: list[tuple[str, str]],
+ args: List[str],
+ sources: List[Tuple[str, str]],
) -> nodes.row:
row = nodes.row()
name_node = nodes.paragraph("", nodes.Text(name))
Index: Python-3.12.10/Doc/tools/extensions/availability.py
===================================================================
--- Python-3.12.10.orig/Doc/tools/extensions/availability.py 2025-04-08 13:35:47.000000000 +0200
+++ Python-3.12.10/Doc/tools/extensions/availability.py 2025-04-29 22:11:52.048206976 +0200
@@ -1,8 +1,6 @@
"""Support for documenting platform availability"""
-from __future__ import annotations
-
-from typing import TYPE_CHECKING
+from typing import Dict, List, TYPE_CHECKING, Union
from docutils import nodes
from sphinx import addnodes
@@ -53,7 +51,7 @@
optional_arguments = 0
final_argument_whitespace = True
- def run(self) -> list[nodes.container]:
+ def run(self) -> List[nodes.container]:
title = sphinx_gettext("Availability")
refnode = addnodes.pending_xref(
title,
@@ -77,7 +75,7 @@
return [cnode]
- def parse_platforms(self) -> dict[str, str | bool]:
+ def parse_platforms(self) -> Dict[str, Union[str, bool]]:
"""Parse platform information from arguments
Arguments is a comma-separated string of platforms. A platform may
@@ -96,12 +94,13 @@
platform, _, version = arg.partition(" >= ")
if platform.startswith("not "):
version = False
- platform = platform.removeprefix("not ")
+ platform = platform[len("not "):]
elif not version:
version = True
platforms[platform] = version
- if unknown := set(platforms).difference(KNOWN_PLATFORMS):
+ unknown = set(platforms).difference(KNOWN_PLATFORMS)
+ if unknown:
logger.warning(
"Unknown platform%s or syntax '%s' in '.. availability:: %s', "
"see %s:KNOWN_PLATFORMS for a set of known platforms.",
@@ -114,7 +113,7 @@
return platforms
-def setup(app: Sphinx) -> ExtensionMetadata:
+def setup(app):
app.add_directive("availability", Availability)
return {
Index: Python-3.12.10/Doc/tools/extensions/c_annotations.py
===================================================================
--- Python-3.12.10.orig/Doc/tools/extensions/c_annotations.py 2025-04-29 22:11:52.033400629 +0200
+++ Python-3.12.10/Doc/tools/extensions/c_annotations.py 2025-04-29 22:11:52.048411194 +0200
@@ -9,22 +9,18 @@
* Set ``stable_abi_file`` to the path to stable ABI list.
"""
-from __future__ import annotations
-
import csv
import dataclasses
from pathlib import Path
-from typing import TYPE_CHECKING
+from typing import Any, Dict, List, TYPE_CHECKING, Union
from docutils import nodes
from docutils.statemachine import StringList
-from sphinx import addnodes
+from sphinx import addnodes, version_info
from sphinx.locale import _ as sphinx_gettext
from sphinx.util.docutils import SphinxDirective
-if TYPE_CHECKING:
- from sphinx.application import Sphinx
- from sphinx.util.typing import ExtensionMetadata
+from sphinx.application import Sphinx
ROLE_TO_OBJECT_TYPE = {
"func": "function",
@@ -35,20 +31,20 @@
}
-@dataclasses.dataclass(slots=True)
+@dataclasses.dataclass()
class RefCountEntry:
# Name of the function.
name: str
# List of (argument name, type, refcount effect) tuples.
# (Currently not used. If it was, a dataclass might work better.)
- args: list = dataclasses.field(default_factory=list)
+ args: List = dataclasses.field(default_factory=list)
# Return type of the function.
result_type: str = ""
# Reference count effect for the return value.
- result_refs: int | None = None
+ result_refs: Union[int, None] = None
-@dataclasses.dataclass(frozen=True, slots=True)
+@dataclasses.dataclass(frozen=True)
class StableABIEntry:
# Role of the object.
# Source: Each [item_kind] in stable_abi.toml is mapped to a C Domain role.
@@ -67,7 +63,7 @@
struct_abi_kind: str
-def read_refcount_data(refcount_filename: Path) -> dict[str, RefCountEntry]:
+def read_refcount_data(refcount_filename: Path) -> Dict[str, RefCountEntry]:
refcount_data = {}
refcounts = refcount_filename.read_text(encoding="utf8")
for line in refcounts.splitlines():
@@ -103,7 +99,7 @@
return refcount_data
-def read_stable_abi_data(stable_abi_file: Path) -> dict[str, StableABIEntry]:
+def read_stable_abi_data(stable_abi_file: Path) -> Dict[str, StableABIEntry]:
stable_abi_data = {}
with open(stable_abi_file, encoding="utf8") as fp:
for record in csv.DictReader(fp):
@@ -127,11 +123,14 @@
continue
if not par[0].get("ids", None):
continue
- name = par[0]["ids"][0].removeprefix("c.")
+ name = par[0]["ids"][0]
+ if name.startswith("c."):
+ name = name[len("c."):]
objtype = par["objtype"]
# Stable ABI annotation.
- if record := stable_abi_data.get(name):
+ record = stable_abi_data.get(name)
+ if record:
if ROLE_TO_OBJECT_TYPE[record.role] != objtype:
msg = (
f"Object type mismatch in limited API annotation for {name}: "
@@ -238,7 +237,7 @@
)
-def _return_value_annotation(result_refs: int | None) -> nodes.emphasis:
+def _return_value_annotation(result_refs: Union[int, None]) -> nodes.emphasis:
classes = ["refcount"]
if result_refs is None:
rc = sphinx_gettext("Return value: Always NULL.")
@@ -258,7 +257,7 @@
optional_arguments = 0
final_argument_whitespace = True
- def run(self) -> list[nodes.Node]:
+ def run(self) -> List[nodes.Node]:
state = self.env.domaindata["c_annotations"]
content = [
f"* :c:{record.role}:`{record.name}`"
@@ -281,13 +280,23 @@
)
-def setup(app: Sphinx) -> ExtensionMetadata:
+def setup(app: Sphinx) -> Any:
app.add_config_value("refcount_file", "", "env", types={str})
app.add_config_value("stable_abi_file", "", "env", types={str})
app.add_directive("limited-api-list", LimitedAPIList)
app.connect("builder-inited", init_annotations)
app.connect("doctree-read", add_annotations)
+ if version_info[:2] < (7, 2):
+ from docutils.parsers.rst import directives
+ from sphinx.domains.c import CObject
+
+ # monkey-patch C object...
+ CObject.option_spec.update({
+ "no-index-entry": directives.flag,
+ "no-contents-entry": directives.flag,
+ })
+
return {
"version": "1.0",
"parallel_read_safe": True,
Index: Python-3.12.10/Doc/tools/extensions/changes.py
===================================================================
--- Python-3.12.10.orig/Doc/tools/extensions/changes.py 2025-04-08 13:35:47.000000000 +0200
+++ Python-3.12.10/Doc/tools/extensions/changes.py 2025-04-29 22:11:52.048619113 +0200
@@ -1,7 +1,5 @@
"""Support for documenting version of changes, additions, deprecations."""
-from __future__ import annotations
-
from typing import TYPE_CHECKING
from sphinx.domains.changeset import (
@@ -25,7 +23,7 @@
class PyVersionChange(VersionChange):
- def run(self) -> list[Node]:
+ def run(self) -> "list[Node]":
# Replace the 'next' special token with the current development version
self.arguments[0] = expand_version_arg(
self.arguments[0], self.config.release
@@ -43,7 +41,7 @@
"Deprecated since version %s, removed in version %s"
)
- def run(self) -> list[Node]:
+ def run(self) -> "list[Node]":
# Replace the first two arguments (deprecated version and removed version)
# with a single tuple of both versions.
version_deprecated = expand_version_arg(
@@ -73,7 +71,7 @@
versionlabel_classes[self.name] = ""
-def setup(app: Sphinx) -> ExtensionMetadata:
+def setup(app: "Sphinx") -> "ExtensionMetadata":
# Override Sphinx's directives with support for 'next'
app.add_directive("versionadded", PyVersionChange, override=True)
app.add_directive("versionchanged", PyVersionChange, override=True)
Index: Python-3.12.10/Doc/tools/extensions/glossary_search.py
===================================================================
--- Python-3.12.10.orig/Doc/tools/extensions/glossary_search.py 2025-04-29 22:11:52.033722879 +0200
+++ Python-3.12.10/Doc/tools/extensions/glossary_search.py 2025-04-29 22:11:52.048797629 +0200
@@ -1,18 +1,14 @@
"""Feature search results for glossary items prominently."""
-from __future__ import annotations
-
import json
from pathlib import Path
-from typing import TYPE_CHECKING
+from typing import Any, TYPE_CHECKING
from docutils import nodes
from sphinx.addnodes import glossary
from sphinx.util import logging
-if TYPE_CHECKING:
- from sphinx.application import Sphinx
- from sphinx.util.typing import ExtensionMetadata
+from sphinx.application import Sphinx
logger = logging.getLogger(__name__)
@@ -60,7 +56,7 @@
dest.write_text(json.dumps(app.env.glossary_terms), encoding='utf-8')
-def setup(app: Sphinx) -> ExtensionMetadata:
+def setup(app: Sphinx) -> Any:
app.connect('doctree-resolved', process_glossary_nodes)
app.connect('build-finished', write_glossary_json)
Index: Python-3.12.10/Doc/tools/extensions/implementation_detail.py
===================================================================
--- Python-3.12.10.orig/Doc/tools/extensions/implementation_detail.py 2025-04-08 13:35:47.000000000 +0200
+++ Python-3.12.10/Doc/tools/extensions/implementation_detail.py 2025-04-29 22:48:23.397548211 +0200
@@ -1,17 +1,10 @@
"""Support for marking up implementation details."""
-from __future__ import annotations
-
-from typing import TYPE_CHECKING
-
from docutils import nodes
from sphinx.locale import _ as sphinx_gettext
from sphinx.util.docutils import SphinxDirective
-if TYPE_CHECKING:
- from sphinx.application import Sphinx
- from sphinx.util.typing import ExtensionMetadata
-
+from sphinx.application import Sphinx
class ImplementationDetail(SphinxDirective):
has_content = True
@@ -21,23 +14,24 @@
label_text = sphinx_gettext("CPython implementation detail:")
def run(self):
- self.assert_has_content()
- content_nodes = self.parse_content_to_nodes()
+ container_node = nodes.container()
+ container_node.document = self.state.document # Ensure node has document context
+ self.state.nested_parse(self.content, self.content_offset, container_node)
+ parsed_nodes = container_node.children
# insert our prefix at the start of the first paragraph
- first_node = content_nodes[0]
+ first_node = parsed_nodes[0]
first_node[:0] = [
nodes.strong(self.label_text, self.label_text),
nodes.Text(" "),
]
- # create a new compound container node
- cnode = nodes.compound("", *content_nodes, classes=["impl-detail"])
+ cnode = nodes.compound("", *parsed_nodes, classes=["impl-detail"])
self.set_source_info(cnode)
return [cnode]
-def setup(app: Sphinx) -> ExtensionMetadata:
+def setup(app: Sphinx):
app.add_directive("impl-detail", ImplementationDetail)
return {
Index: Python-3.12.10/Doc/tools/extensions/issue_role.py
===================================================================
--- Python-3.12.10.orig/Doc/tools/extensions/issue_role.py 2025-04-08 13:35:47.000000000 +0200
+++ Python-3.12.10/Doc/tools/extensions/issue_role.py 2025-04-29 22:21:55.278961032 +0200
@@ -1,22 +1,18 @@
"""Support for referencing issues in the tracker."""
-from __future__ import annotations
-
-from typing import TYPE_CHECKING
+from typing import TYPE_CHECKING, List, Tuple
from docutils import nodes
from sphinx.util.docutils import SphinxRole
-if TYPE_CHECKING:
- from docutils.nodes import Element
- from sphinx.application import Sphinx
- from sphinx.util.typing import ExtensionMetadata
+from docutils.nodes import Element
+from sphinx.application import Sphinx
class BPOIssue(SphinxRole):
ISSUE_URI = "https://bugs.python.org/issue?@action=redirect&bpo={0}"
- def run(self) -> tuple[list[Element], list[nodes.system_message]]:
+ def run(self) -> Tuple[List[Element], List[nodes.system_message]]:
issue = self.text
# sanity check: there are no bpo issues within these two values
@@ -38,7 +34,7 @@
class GitHubIssue(SphinxRole):
ISSUE_URI = "https://github.com/python/cpython/issues/{0}"
- def run(self) -> tuple[list[Element], list[nodes.system_message]]:
+ def run(self) -> Tuple[List[Element], List[nodes.system_message]]:
issue = self.text
# sanity check: all GitHub issues have ID >= 32426
@@ -58,7 +54,7 @@
return [refnode], []
-def setup(app: Sphinx) -> ExtensionMetadata:
+def setup(app: Sphinx) -> "ExtensionMetadata":
app.add_role("issue", BPOIssue())
app.add_role("gh", GitHubIssue())
Index: Python-3.12.10/Doc/tools/extensions/misc_news.py
===================================================================
--- Python-3.12.10.orig/Doc/tools/extensions/misc_news.py 2025-04-08 13:35:47.000000000 +0200
+++ Python-3.12.10/Doc/tools/extensions/misc_news.py 2025-04-29 22:11:52.049046825 +0200
@@ -1,7 +1,5 @@
"""Support for including Misc/NEWS."""
-from __future__ import annotations
-
import re
from pathlib import Path
from typing import TYPE_CHECKING
@@ -24,13 +22,13 @@
+++++++++++
"""
-bpo_issue_re: Final[re.Pattern[str]] = re.compile(
+bpo_issue_re: "Final[re.Pattern[str]]" = re.compile(
"(?:issue #|bpo-)([0-9]+)", re.ASCII
)
-gh_issue_re: Final[re.Pattern[str]] = re.compile(
+gh_issue_re: "Final[re.Pattern[str]]" = re.compile(
"gh-(?:issue-)?([0-9]+)", re.ASCII | re.IGNORECASE
)
-whatsnew_re: Final[re.Pattern[str]] = re.compile(
+whatsnew_re: "Final[re.Pattern[str]]" = re.compile(
r"^what's new in (.*?)\??$", re.ASCII | re.IGNORECASE | re.MULTILINE
)
@@ -42,7 +40,7 @@
final_argument_whitespace = False
option_spec = {}
- def run(self) -> list[Node]:
+ def run(self) -> "list[Node]":
# Get content of NEWS file
source, _ = self.get_source_info()
news_file = Path(source).resolve().parent / self.arguments[0]
@@ -54,7 +52,7 @@
return [nodes.strong(text, text)]
# remove first 3 lines as they are the main heading
- news_text = news_text.removeprefix(BLURB_HEADER)
+ news_text = news_text[len(BLURB_HEADER):] if news_text.startswith(BLURB_HEADER) else news_text
news_text = bpo_issue_re.sub(r":issue:`\1`", news_text)
# Fallback handling for GitHub issues
@@ -65,7 +63,7 @@
return []
-def setup(app: Sphinx) -> ExtensionMetadata:
+def setup(app: "Sphinx") -> "ExtensionMetadata":
app.add_directive("miscnews", MiscNews)
return {
Index: Python-3.12.10/Doc/tools/extensions/patchlevel.py
===================================================================
--- Python-3.12.10.orig/Doc/tools/extensions/patchlevel.py 2025-04-08 13:35:47.000000000 +0200
+++ Python-3.12.10/Doc/tools/extensions/patchlevel.py 2025-04-29 22:11:52.049253068 +0200
@@ -3,7 +3,7 @@
import re
import sys
from pathlib import Path
-from typing import Literal, NamedTuple
+from typing import NamedTuple, Tuple
CPYTHON_ROOT = Path(
__file__, # cpython/Doc/tools/extensions/patchlevel.py
@@ -26,7 +26,7 @@
major: int #: Major release number
minor: int #: Minor release number
micro: int #: Patch release number
- releaselevel: Literal["alpha", "beta", "candidate", "final"]
+ releaselevel: str
serial: int #: Serial release number
@@ -37,7 +37,8 @@
defines = {}
patchlevel_h = PATCHLEVEL_H.read_text(encoding="utf-8")
for line in patchlevel_h.splitlines():
- if (m := pat.match(line)) is not None:
+ m = pat.match(line)
+ if m is not None:
name, value = m.groups()
defines[name] = value
@@ -50,7 +51,7 @@
)
-def format_version_info(info: version_info) -> tuple[str, str]:
+def format_version_info(info: version_info) -> Tuple[str, str]:
version = f"{info.major}.{info.minor}"
release = f"{info.major}.{info.minor}.{info.micro}"
if info.releaselevel != "final":
Index: Python-3.12.10/Doc/tools/extensions/pydoc_topics.py
===================================================================
--- Python-3.12.10.orig/Doc/tools/extensions/pydoc_topics.py 2025-04-08 13:35:47.000000000 +0200
+++ Python-3.12.10/Doc/tools/extensions/pydoc_topics.py 2025-04-29 22:33:59.916893510 +0200
@@ -1,21 +1,23 @@
"""Support for building "topic help" for pydoc."""
-from __future__ import annotations
-
from time import asctime
-from typing import TYPE_CHECKING
+from typing import TYPE_CHECKING, Tuple
from sphinx.builders.text import TextBuilder
from sphinx.util import logging
-from sphinx.util.display import status_iterator
+try:
+ from sphinx.util.display import status_iterator
+except ModuleNotFoundError:
+ from sphinx.util import status_iterator
from sphinx.util.docutils import new_document
from sphinx.writers.text import TextTranslator
-if TYPE_CHECKING:
+try:
+ from typing import Sequence, Set
+except ModuleNotFoundError:
from collections.abc import Sequence, Set
- from sphinx.application import Sphinx
- from sphinx.util.typing import ExtensionMetadata
+from sphinx.application import Sphinx
logger = logging.getLogger(__name__)
@@ -161,7 +163,7 @@
self.outdir.joinpath("topics.py").write_text(topics, encoding="utf-8")
-def _display_labels(item: tuple[str, Sequence[tuple[str, str]]]) -> str:
+def _display_labels(item: Tuple[str, Sequence[Tuple[str, str]]]) -> str:
_docname, label_ids = item
labels = [name for name, _id in label_ids]
if len(labels) > 4:
@@ -169,7 +171,7 @@
return ", ".join(labels)
-def _repr(text: str, /) -> str:
+def _repr(text: str) -> str:
"""Return a triple-single-quoted representation of text."""
if "'''" not in text:
return f"r'''{text}'''"
@@ -177,7 +179,7 @@
return f"'''{text}'''"
-def setup(app: Sphinx) -> ExtensionMetadata:
+def setup(app: Sphinx) -> "ExtensionMetadata":
app.add_builder(PydocTopicsBuilder)
return {

View File

@ -1,12 +1,13 @@
---
Doc/tools/extensions/c_annotations.py | 6 +++++-
Doc/tools/extensions/glossary_search.py | 12 ++++++++++--
Doc/tools/extensions/pyspecific.py | 5 ++++-
3 files changed, 19 insertions(+), 4 deletions(-)
2 files changed, 15 insertions(+), 3 deletions(-)
--- a/Doc/tools/extensions/c_annotations.py
+++ b/Doc/tools/extensions/c_annotations.py
@@ -118,7 +118,11 @@ def add_annotations(app: Sphinx, doctree
Index: Python-3.12.10/Doc/tools/extensions/c_annotations.py
===================================================================
--- Python-3.12.10.orig/Doc/tools/extensions/c_annotations.py 2025-04-08 13:35:47.000000000 +0200
+++ Python-3.12.10/Doc/tools/extensions/c_annotations.py 2025-04-11 21:16:39.007011463 +0200
@@ -117,7 +117,11 @@
state = app.env.domaindata["c_annotations"]
refcount_data = state["refcount_data"]
stable_abi_data = state["stable_abi_data"]
@ -19,9 +20,11 @@
par = node.parent
if par["domain"] != "c":
continue
--- a/Doc/tools/extensions/glossary_search.py
+++ b/Doc/tools/extensions/glossary_search.py
@@ -30,8 +30,16 @@ def process_glossary_nodes(
Index: Python-3.12.10/Doc/tools/extensions/glossary_search.py
===================================================================
--- Python-3.12.10.orig/Doc/tools/extensions/glossary_search.py 2025-04-08 13:35:47.000000000 +0200
+++ Python-3.12.10/Doc/tools/extensions/glossary_search.py 2025-04-11 21:16:39.007340209 +0200
@@ -30,8 +30,16 @@
else:
terms = app.env.glossary_terms = {}
@ -40,17 +43,3 @@
term = glossary_item[0].astext()
definition = glossary_item[-1]
--- a/Doc/tools/extensions/pyspecific.py
+++ b/Doc/tools/extensions/pyspecific.py
@@ -27,7 +27,10 @@ from sphinx.locale import _ as sphinx_ge
from sphinx.util import logging
from sphinx.util.docutils import SphinxDirective
from sphinx.writers.text import TextWriter, TextTranslator
-from sphinx.util.display import status_iterator
+try:
+ from sphinx.util.display import status_iterator
+except ModuleNotFoundError:
+ from sphinx.util import status_iterator
ISSUE_URI = 'https://bugs.python.org/issue?@action=redirect&bpo=%s'

View File

@ -1,7 +1,9 @@
Index: Python-3.12.3/Lib/test/test_compile.py
===================================================================
--- Python-3.12.3.orig/Lib/test/test_compile.py
+++ Python-3.12.3/Lib/test/test_compile.py
---
Lib/test/test_compile.py | 5 +++++
1 file changed, 5 insertions(+)
--- a/Lib/test/test_compile.py
+++ b/Lib/test/test_compile.py
@@ -14,6 +14,9 @@ from test.support import (script_helper,
requires_specialization, C_RECURSION_LIMIT)
from test.support.os_helper import FakePath

View File

@ -21,7 +21,7 @@
Create a Python.framework rather than a traditional Unix install. Optional
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -13832,7 +13832,7 @@ C API
@@ -15146,7 +15146,7 @@ C API
- bpo-40939: Removed documentation for the removed ``PyParser_*`` C API.
- bpo-43795: The list in :ref:`limited-api-list` now shows the public name

View File

@ -1,17 +0,0 @@
---
Lib/test/test_posix.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: Python-3.12.2/Lib/test/test_posix.py
===================================================================
--- Python-3.12.2.orig/Lib/test/test_posix.py
+++ Python-3.12.2/Lib/test/test_posix.py
@@ -433,7 +433,7 @@ class PosixTester(unittest.TestCase):
def test_posix_fadvise(self):
fd = os.open(os_helper.TESTFN, os.O_RDONLY)
try:
- posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_WILLNEED)
+ posix.posix_fadvise(fd, 0, 0, posix.POSIX_FADV_RANDOM)
finally:
os.close(fd)

File diff suppressed because it is too large Load Diff

View File

@ -1,7 +1,7 @@
#
# spec file for package python312
#
# Copyright (c) 2024 SUSE LLC
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -36,12 +36,20 @@
%bcond_without general
%endif
%if 0%{?do_profiling}
%if 0%{?do_profiling} && !0%{?want_reproducible_builds}
%bcond_without profileopt
%else
%bcond_with profileopt
%endif
# Only for Tumbleweed
# https://en.opensuse.org/openSUSE:Python:Externally_managed
%if 0%{?suse_version} > 1600
%bcond_without externally_managed
%else
%bcond_with externally_managed
%endif
%define python_pkg_name python312
%if "%{python_pkg_name}" == "%{primary_python}"
%define primary_interpreter 1
@ -110,16 +118,17 @@
# _md5.cpython-38m-x86_64-linux-gnu.so
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
Name: %{python_pkg_name}%{psuffix}
Version: 3.12.5
Version: 3.12.11
Release: 0
Summary: Python 3 Interpreter
License: Python-2.0
URL: https://www.python.org/
Source0: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz
Source1: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.asc
Source2: baselibs.conf
Source3: README.SUSE
Source4: externally_managed.in
Source2: https://www.python.org/ftp/python/%{folderversion}/%{tarname}.tar.xz.sigstore
Source3: baselibs.conf
Source4: README.SUSE
Source5: externally_managed.in
Source7: macros.python3
Source8: import_failed.py
Source9: import_failed.map
@ -152,8 +161,6 @@ Patch02: F00251-change-user-install-location.patch
Patch07: python-3.3.0b1-localpath.patch
# replace DATE, TIME and COMPILER by fixed definitions to aid reproducible builds
Patch08: python-3.3.0b1-fix_date_time_compiler.patch
# POSIX_FADV_WILLNEED throws EINVAL. Use a different constant in test
Patch09: python-3.3.0b1-test-posix_fadvise.patch
# Raise timeout value for test_subprocess
Patch15: subprocess-raise-timeout.patch
# PATCH-FEATURE-UPSTREAM bpo-31046_ensurepip_honours_prefix.patch bpo#31046 mcepl@suse.com
@ -168,27 +175,15 @@ Patch34: skip-test_pyobject_freed_is_freed.patch
# PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com
# remove duplicate link targets and make documentation with old Sphinx in SLE
Patch35: fix_configure_rst.patch
# PATCH-FIX-UPSTREAM CVE-2023-27043-email-parsing-errors.patch bsc#1210638 mcepl@suse.com
# Detect email address parsing errors and return empty tuple to
# indicate the parsing error (old API)
Patch36: CVE-2023-27043-email-parsing-errors.patch
# PATCH-FIX-UPSTREAM CVE-2023-6597-TempDir-cleaning-symlink.patch bsc#1219666 mcepl@suse.com
# tempfile.TemporaryDirectory: fix symlink bug in cleanup (from gh#python/cpython!99930)
Patch38: CVE-2023-6597-TempDir-cleaning-symlink.patch
# PATCH-FIX-OPENSUSE CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch
# This problem on libexpat is patched on 15.6 without version
# update, this patch changes the tests to match the libexpat provided
# by SUSE
Patch39: CVE-2023-52425-libexpat-2.6.0-backport-15.6.patch
# PATCH-FIX-OPENSUSE fix-test-recursion-limit-15.6.patch gh#python/cpython#115083
# Skip some failing tests in test_compile for i586 arch in 15.6.
Patch40: fix-test-recursion-limit-15.6.patch
# PATCH-FIX-SLE docs-docutils_014-Sphinx_420.patch bsc#[0-9]+ mcepl@suse.com
# related to gh#python/cpython#119317
Patch41: docs-docutils_014-Sphinx_420.patch
# PATCH-FIX-UPSTREAM CVE-2024-8088-inf-loop-zipfile_Path.patch bsc#1229704 mcepl@suse.com
# avoid denial of service in zipfile
Patch42: CVE-2024-8088-inf-loop-zipfile_Path.patch
# PATCH-FIX-SLE doc-py38-to-py36.patch mcepl@suse.com
# Make documentation extensions working with Python 3.6
Patch44: doc-py38-to-py36.patch
BuildRequires: autoconf-archive
BuildRequires: automake
BuildRequires: fdupes
@ -219,6 +214,9 @@ BuildRequires: mpdecimal-devel
BuildRequires: python3-Sphinx >= 4.0.0
%if 0%{?suse_version} >= 1500
BuildRequires: python3-python-docs-theme >= 2022.1
%if 0%{?suse_version} < 1599
BuildRequires: python3-dataclasses
%endif
%endif
%endif
%if %{with general}
@ -442,8 +440,7 @@ This package contains libpython3.2 shared library for embedding in
other applications.
%prep
%setup -q -n %{tarname}
%autopatch -p1
%autosetup -p1 -n %{tarname}
# Fix devhelp doc build gh#python/cpython#120150
echo "master_doc = 'contents'" >> Doc/conf.py
@ -480,7 +477,7 @@ rm Lib/site-packages/README.txt
tar xvf %{SOURCE21}
# Don't fail on warnings when building documentation
# sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile
sed -i -e '/^SPHINXERRORHANDLING/s/-W//' Doc/Makefile
%build
%if %{with doc}
@ -729,7 +726,7 @@ rm %{buildroot}%{_libdir}/libpython3.so
rm %{buildroot}%{_libdir}/pkgconfig/{python3,python3-embed}.pc
%endif
%if %{suse_version} > 1550
%if %{with externally_managed}
# PEP-0668 mark this as a distro maintained python
sed -e 's,__PYTHONPREFIX__,%{python_pkg_name},' -e 's,__PYTHON__,python%{python_version},' < %{SOURCE4} > %{buildroot}%{sitedir}/EXTERNALLY-MANAGED
%endif
@ -751,7 +748,7 @@ rm %{buildroot}%{_bindir}/2to3
# documentation
export PDOCS=%{buildroot}%{_docdir}/%{name}
install -d -m 755 $PDOCS
install -c -m 644 %{SOURCE3} $PDOCS/
install -c -m 644 %{SOURCE4} $PDOCS/
install -c -m 644 README.rst $PDOCS/
# tools
@ -770,6 +767,9 @@ install -m 755 -D Tools/gdb/libpython.py %{buildroot}%{_datadir}/gdb/auto-load/%
# install devel files to /config
#cp Makefile Makefile.pre.in Makefile.pre $RPM_BUILD_ROOT%{sitedir}/config-%{python_abi}/
# Remove -IVendor/ from python-config boo#1231795
sed -i 's/-IVendor\///' %{buildroot}%{_bindir}/python%{python_abi}-config
# RPM macros
%if %{primary_interpreter}
mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d/
@ -801,6 +801,11 @@ LD_LIBRARY_PATH=. ./python -O -c "from py_compile import compile; compile('$FAIL
echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-import-failed-hooks.pth
%endif
# For the purposes of reproducibility, it is necessary to eliminate any *.pyc files inside documentation dirs
if [ -d %{buildroot}%{_defaultdocdir} ] ; then
find %{buildroot}%{_defaultdocdir} -type f -name \*.pyc -ls -exec rm -vf '{}' \;
fi
%if %{with general}
%files -n %{python_pkg_name}-tk
%{sitedir}/tkinter
@ -919,7 +924,7 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo
%{_mandir}/man1/python3.1%{?ext_man}
%endif
%{_mandir}/man1/python%{python_version}.1%{?ext_man}
%if %{suse_version} > 1550
%if %{with externally_managed}
# PEP-0668
%{sitedir}/EXTERNALLY-MANAGED
%endif

View File

@ -1,18 +1,21 @@
---
Lib/test/test_subprocess.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Lib/test/test_subprocess.py | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
Index: Python-3.12.4/Lib/test/test_subprocess.py
Index: Python-3.12.10/Lib/test/test_subprocess.py
===================================================================
--- Python-3.12.4.orig/Lib/test/test_subprocess.py
+++ Python-3.12.4/Lib/test/test_subprocess.py
@@ -280,7 +280,8 @@ class ProcessTestCase(BaseTestCase):
"time.sleep(3600)"],
# Some heavily loaded buildbots (sparc Debian 3.x) require
# this much time to start and print.
- timeout=3)
+ # OBS might require even more
+ timeout=10)
self.fail("Expected TimeoutExpired.")
self.assertEqual(c.exception.output, b'BDFL')
--- Python-3.12.10.orig/Lib/test/test_subprocess.py 2025-04-11 21:04:45.154639562 +0200
+++ Python-3.12.10/Lib/test/test_subprocess.py 2025-04-11 21:12:03.374471647 +0200
@@ -274,7 +274,11 @@
output = subprocess.check_output(
[sys.executable, "-c",
"import time; time.sleep(3600)"],
- timeout=0.1)
+ # Some heavily loaded buildbots (sparc Debian 3.x) require
+ # this much time to start and print.
+ # timeout=0.1)
+ # OBS might require even more
+ timeout=10)
def test_call_kwargs(self):
# call() function with keyword args