Accepting request 1199398 from devel:languages:python:Factory
- Update to 3.13.0~rc2: - Tools/Demos - gh-123418: Update GitHub CI workflows to use OpenSSL 3.0.15 and multissltests to use 3.0.15, 3.1.7, and 3.2.3. - Tests - gh-119727: Add --single-process command line option to Python test runner (regrtest). Patch by Victor Stinner. - gh-101525: Skip test_gdb if the binary is relocated by BOLT. Patch by Donghee Na. - Security - gh-123678: Upgrade libexpat to 2.6.3 - gh-121285: Remove backtracking from tarfile header parsing for hdrcharset, PAX, and GNU sparse headers (bsc#1230227, CVE-2024-6232). - Library - gh-123448: Fixed memory leak of typing.NoDefault by moving it to the static types array. - gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output according to RFC 3596, §2.5. Patch by Bénédikt Tran. - gh-123270: Applied a more surgical fix for malformed payloads in zipfile.Path causing infinite loops (gh-122905) without breaking contents using legitimate characters (bsc#1229704, CVE-2024-8088). - gh-123228: Fix return type for _pyrepl.readline._ReadlineWrapper.get_line_buffer() to be str(). Patch by Sergey B Kirpichev. - gh-123240: Raise audit events for the input() in the new REPL. - gh-123243: Fix memory leak in _decimal. - gh-122546: Consistently use same file name for different OBS-URL: https://build.opensuse.org/request/show/1199398 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python313?expand=0&rev=7
This commit is contained in:
commit
a3ff8ce797
@ -1,361 +0,0 @@
|
||||
From a590277e980eaa8a08204b79ed6c62a763701c8b Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <encukou@gmail.com>
|
||||
Date: Wed, 31 Jul 2024 00:19:48 +0200
|
||||
Subject: [PATCH] gh-121650: Encode newlines in headers, and verify headers are
|
||||
sound (GH-122233)
|
||||
|
||||
GH-GH- Encode header parts that contain newlines
|
||||
|
||||
Per RFC 2047:
|
||||
|
||||
> [...] these encoding schemes allow the
|
||||
> encoding of arbitrary octet values, mail readers that implement this
|
||||
> decoding should also ensure that display of the decoded data on the
|
||||
> recipient's terminal will not cause unwanted side-effects
|
||||
|
||||
It seems that the "quoted-word" scheme is a valid way to include
|
||||
a newline character in a header value, just like we already allow
|
||||
undecodable bytes or control characters.
|
||||
They do need to be properly quoted when serialized to text, though.
|
||||
|
||||
GH-GH- Verify that email headers are well-formed
|
||||
|
||||
This should fail for custom fold() implementations that aren't careful
|
||||
about newlines.
|
||||
|
||||
(cherry picked from commit 097633981879b3c9de9a1dd120d3aa585ecc2384)
|
||||
|
||||
Co-authored-by: Petr Viktorin <encukou@gmail.com>
|
||||
Co-authored-by: Bas Bloemsaat <bas@bloemsaat.org>
|
||||
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
||||
---
|
||||
Doc/library/email.errors.rst | 7 +++
|
||||
Doc/library/email.policy.rst | 18 ++++++
|
||||
Doc/whatsnew/3.13.rst | 9 +++
|
||||
Lib/email/_header_value_parser.py | 12 +++-
|
||||
Lib/email/_policybase.py | 8 +++
|
||||
Lib/email/errors.py | 4 ++
|
||||
Lib/email/generator.py | 13 +++-
|
||||
Lib/test/test_email/test_generator.py | 62 +++++++++++++++++++
|
||||
Lib/test/test_email/test_policy.py | 26 ++++++++
|
||||
...-07-27-16-10-41.gh-issue-121650.nf6oc9.rst | 5 ++
|
||||
10 files changed, 160 insertions(+), 4 deletions(-)
|
||||
create mode 100644 Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst
|
||||
|
||||
diff --git a/Doc/library/email.errors.rst b/Doc/library/email.errors.rst
|
||||
index 33ab4265116178..f8f43d82a3df2e 100644
|
||||
--- a/Doc/library/email.errors.rst
|
||||
+++ b/Doc/library/email.errors.rst
|
||||
@@ -58,6 +58,13 @@ The following exception classes are defined in the :mod:`email.errors` module:
|
||||
:class:`~email.mime.nonmultipart.MIMENonMultipart` (e.g.
|
||||
:class:`~email.mime.image.MIMEImage`).
|
||||
|
||||
+
|
||||
+.. exception:: HeaderWriteError()
|
||||
+
|
||||
+ Raised when an error occurs when the :mod:`~email.generator` outputs
|
||||
+ headers.
|
||||
+
|
||||
+
|
||||
.. exception:: MessageDefect()
|
||||
|
||||
This is the base class for all defects found when parsing email messages.
|
||||
diff --git a/Doc/library/email.policy.rst b/Doc/library/email.policy.rst
|
||||
index 83feedf728351e..314767d0802a08 100644
|
||||
--- a/Doc/library/email.policy.rst
|
||||
+++ b/Doc/library/email.policy.rst
|
||||
@@ -229,6 +229,24 @@ added matters. To illustrate::
|
||||
|
||||
.. versionadded:: 3.6
|
||||
|
||||
+
|
||||
+ .. attribute:: verify_generated_headers
|
||||
+
|
||||
+ If ``True`` (the default), the generator will raise
|
||||
+ :exc:`~email.errors.HeaderWriteError` instead of writing a header
|
||||
+ that is improperly folded or delimited, such that it would
|
||||
+ be parsed as multiple headers or joined with adjacent data.
|
||||
+ Such headers can be generated by custom header classes or bugs
|
||||
+ in the ``email`` module.
|
||||
+
|
||||
+ As it's a security feature, this defaults to ``True`` even in the
|
||||
+ :class:`~email.policy.Compat32` policy.
|
||||
+ For backwards compatible, but unsafe, behavior, it must be set to
|
||||
+ ``False`` explicitly.
|
||||
+
|
||||
+ .. versionadded:: 3.13
|
||||
+
|
||||
+
|
||||
The following :class:`Policy` method is intended to be called by code using
|
||||
the email library to create policy instances with custom settings:
|
||||
|
||||
diff --git a/Doc/whatsnew/3.13.rst b/Doc/whatsnew/3.13.rst
|
||||
index b53f419a59f062..35b808a4dd00a4 100644
|
||||
--- a/Doc/whatsnew/3.13.rst
|
||||
+++ b/Doc/whatsnew/3.13.rst
|
||||
@@ -724,6 +724,15 @@ doctest
|
||||
email
|
||||
-----
|
||||
|
||||
+* Headers with embedded newlines are now quoted on output.
|
||||
+
|
||||
+ The :mod:`~email.generator` will now refuse to serialize (write) headers
|
||||
+ that are improperly folded or delimited, such that they would be parsed as
|
||||
+ multiple headers or joined with adjacent data.
|
||||
+ If you need to turn this safety feature off,
|
||||
+ set :attr:`~email.policy.Policy.verify_generated_headers`.
|
||||
+ (Contributed by Bas Bloemsaat and Petr Viktorin in :gh:`121650`.)
|
||||
+
|
||||
* :func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now return
|
||||
``('', '')`` 2-tuples in more situations where invalid email addresses are
|
||||
encountered instead of potentially inaccurate values. Add optional *strict*
|
||||
diff --git a/Lib/email/_header_value_parser.py b/Lib/email/_header_value_parser.py
|
||||
index 7da1bbaf8a80d7..ec2215a5e5f33c 100644
|
||||
--- a/Lib/email/_header_value_parser.py
|
||||
+++ b/Lib/email/_header_value_parser.py
|
||||
@@ -92,6 +92,8 @@
|
||||
ASPECIALS = TSPECIALS | set("*'%")
|
||||
ATTRIBUTE_ENDS = ASPECIALS | WSP
|
||||
EXTENDED_ATTRIBUTE_ENDS = ATTRIBUTE_ENDS - set('%')
|
||||
+NLSET = {'\n', '\r'}
|
||||
+SPECIALSNL = SPECIALS | NLSET
|
||||
|
||||
def quote_string(value):
|
||||
return '"'+str(value).replace('\\', '\\\\').replace('"', r'\"')+'"'
|
||||
@@ -2802,9 +2804,13 @@ def _refold_parse_tree(parse_tree, *, policy):
|
||||
wrap_as_ew_blocked -= 1
|
||||
continue
|
||||
tstr = str(part)
|
||||
- if part.token_type == 'ptext' and set(tstr) & SPECIALS:
|
||||
- # Encode if tstr contains special characters.
|
||||
- want_encoding = True
|
||||
+ if not want_encoding:
|
||||
+ if part.token_type == 'ptext':
|
||||
+ # Encode if tstr contains special characters.
|
||||
+ want_encoding = not SPECIALSNL.isdisjoint(tstr)
|
||||
+ else:
|
||||
+ # Encode if tstr contains newlines.
|
||||
+ want_encoding = not NLSET.isdisjoint(tstr)
|
||||
try:
|
||||
tstr.encode(encoding)
|
||||
charset = encoding
|
||||
diff --git a/Lib/email/_policybase.py b/Lib/email/_policybase.py
|
||||
index 2ec54fbabae83c..5f9aa9fb091fa2 100644
|
||||
--- a/Lib/email/_policybase.py
|
||||
+++ b/Lib/email/_policybase.py
|
||||
@@ -157,6 +157,13 @@ class Policy(_PolicyBase, metaclass=abc.ABCMeta):
|
||||
message_factory -- the class to use to create new message objects.
|
||||
If the value is None, the default is Message.
|
||||
|
||||
+ verify_generated_headers
|
||||
+ -- if true, the generator verifies that each header
|
||||
+ they are properly folded, so that a parser won't
|
||||
+ treat it as multiple headers, start-of-body, or
|
||||
+ part of another header.
|
||||
+ This is a check against custom Header & fold()
|
||||
+ implementations.
|
||||
"""
|
||||
|
||||
raise_on_defect = False
|
||||
@@ -165,6 +172,7 @@ class Policy(_PolicyBase, metaclass=abc.ABCMeta):
|
||||
max_line_length = 78
|
||||
mangle_from_ = False
|
||||
message_factory = None
|
||||
+ verify_generated_headers = True
|
||||
|
||||
def handle_defect(self, obj, defect):
|
||||
"""Based on policy, either raise defect or call register_defect.
|
||||
diff --git a/Lib/email/errors.py b/Lib/email/errors.py
|
||||
index 3ad00565549968..02aa5eced6ae46 100644
|
||||
--- a/Lib/email/errors.py
|
||||
+++ b/Lib/email/errors.py
|
||||
@@ -29,6 +29,10 @@ class CharsetError(MessageError):
|
||||
"""An illegal charset was given."""
|
||||
|
||||
|
||||
+class HeaderWriteError(MessageError):
|
||||
+ """Error while writing headers."""
|
||||
+
|
||||
+
|
||||
# These are parsing defects which the parser was able to work around.
|
||||
class MessageDefect(ValueError):
|
||||
"""Base class for a message defect."""
|
||||
diff --git a/Lib/email/generator.py b/Lib/email/generator.py
|
||||
index c8056ad47baa0f..47b9df8f4e6090 100644
|
||||
--- a/Lib/email/generator.py
|
||||
+++ b/Lib/email/generator.py
|
||||
@@ -14,12 +14,14 @@
|
||||
from copy import deepcopy
|
||||
from io import StringIO, BytesIO
|
||||
from email.utils import _has_surrogates
|
||||
+from email.errors import HeaderWriteError
|
||||
|
||||
UNDERSCORE = '_'
|
||||
NL = '\n' # XXX: no longer used by the code below.
|
||||
|
||||
NLCRE = re.compile(r'\r\n|\r|\n')
|
||||
fcre = re.compile(r'^From ', re.MULTILINE)
|
||||
+NEWLINE_WITHOUT_FWSP = re.compile(r'\r\n[^ \t]|\r[^ \n\t]|\n[^ \t]')
|
||||
|
||||
|
||||
class Generator:
|
||||
@@ -222,7 +224,16 @@ def _dispatch(self, msg):
|
||||
|
||||
def _write_headers(self, msg):
|
||||
for h, v in msg.raw_items():
|
||||
- self.write(self.policy.fold(h, v))
|
||||
+ folded = self.policy.fold(h, v)
|
||||
+ if self.policy.verify_generated_headers:
|
||||
+ linesep = self.policy.linesep
|
||||
+ if not folded.endswith(self.policy.linesep):
|
||||
+ raise HeaderWriteError(
|
||||
+ f'folded header does not end with {linesep!r}: {folded!r}')
|
||||
+ if NEWLINE_WITHOUT_FWSP.search(folded.removesuffix(linesep)):
|
||||
+ raise HeaderWriteError(
|
||||
+ f'folded header contains newline: {folded!r}')
|
||||
+ self.write(folded)
|
||||
# A blank line always separates headers from body
|
||||
self.write(self._NL)
|
||||
|
||||
diff --git a/Lib/test/test_email/test_generator.py b/Lib/test/test_email/test_generator.py
|
||||
index bc6f734d4fd0a9..c75a842c33578e 100644
|
||||
--- a/Lib/test/test_email/test_generator.py
|
||||
+++ b/Lib/test/test_email/test_generator.py
|
||||
@@ -6,6 +6,7 @@
|
||||
from email.generator import Generator, BytesGenerator
|
||||
from email.headerregistry import Address
|
||||
from email import policy
|
||||
+import email.errors
|
||||
from test.test_email import TestEmailBase, parameterize
|
||||
|
||||
|
||||
@@ -249,6 +250,44 @@ def test_rfc2231_wrapping_switches_to_default_len_if_too_narrow(self):
|
||||
g.flatten(msg)
|
||||
self.assertEqual(s.getvalue(), self.typ(expected))
|
||||
|
||||
+ def test_keep_encoded_newlines(self):
|
||||
+ msg = self.msgmaker(self.typ(textwrap.dedent("""\
|
||||
+ To: nobody
|
||||
+ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com
|
||||
+
|
||||
+ None
|
||||
+ """)))
|
||||
+ expected = textwrap.dedent("""\
|
||||
+ To: nobody
|
||||
+ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com
|
||||
+
|
||||
+ None
|
||||
+ """)
|
||||
+ s = self.ioclass()
|
||||
+ g = self.genclass(s, policy=self.policy.clone(max_line_length=80))
|
||||
+ g.flatten(msg)
|
||||
+ self.assertEqual(s.getvalue(), self.typ(expected))
|
||||
+
|
||||
+ def test_keep_long_encoded_newlines(self):
|
||||
+ msg = self.msgmaker(self.typ(textwrap.dedent("""\
|
||||
+ To: nobody
|
||||
+ Subject: Bad subject=?UTF-8?Q?=0A?=Bcc: injection@example.com
|
||||
+
|
||||
+ None
|
||||
+ """)))
|
||||
+ expected = textwrap.dedent("""\
|
||||
+ To: nobody
|
||||
+ Subject: Bad subject
|
||||
+ =?utf-8?q?=0A?=Bcc:
|
||||
+ injection@example.com
|
||||
+
|
||||
+ None
|
||||
+ """)
|
||||
+ s = self.ioclass()
|
||||
+ g = self.genclass(s, policy=self.policy.clone(max_line_length=30))
|
||||
+ g.flatten(msg)
|
||||
+ self.assertEqual(s.getvalue(), self.typ(expected))
|
||||
+
|
||||
|
||||
class TestGenerator(TestGeneratorBase, TestEmailBase):
|
||||
|
||||
@@ -273,6 +312,29 @@ def test_flatten_unicode_linesep(self):
|
||||
g.flatten(msg)
|
||||
self.assertEqual(s.getvalue(), self.typ(expected))
|
||||
|
||||
+ def test_verify_generated_headers(self):
|
||||
+ """gh-121650: by default the generator prevents header injection"""
|
||||
+ class LiteralHeader(str):
|
||||
+ name = 'Header'
|
||||
+ def fold(self, **kwargs):
|
||||
+ return self
|
||||
+
|
||||
+ for text in (
|
||||
+ 'Value\r\nBad Injection\r\n',
|
||||
+ 'NoNewLine'
|
||||
+ ):
|
||||
+ with self.subTest(text=text):
|
||||
+ message = message_from_string(
|
||||
+ "Header: Value\r\n\r\nBody",
|
||||
+ policy=self.policy,
|
||||
+ )
|
||||
+
|
||||
+ del message['Header']
|
||||
+ message['Header'] = LiteralHeader(text)
|
||||
+
|
||||
+ with self.assertRaises(email.errors.HeaderWriteError):
|
||||
+ message.as_string()
|
||||
+
|
||||
|
||||
class TestBytesGenerator(TestGeneratorBase, TestEmailBase):
|
||||
|
||||
diff --git a/Lib/test/test_email/test_policy.py b/Lib/test/test_email/test_policy.py
|
||||
index c6b9c80efe1b54..baa35fd68e49c5 100644
|
||||
--- a/Lib/test/test_email/test_policy.py
|
||||
+++ b/Lib/test/test_email/test_policy.py
|
||||
@@ -26,6 +26,7 @@ class PolicyAPITests(unittest.TestCase):
|
||||
'raise_on_defect': False,
|
||||
'mangle_from_': True,
|
||||
'message_factory': None,
|
||||
+ 'verify_generated_headers': True,
|
||||
}
|
||||
# These default values are the ones set on email.policy.default.
|
||||
# If any of these defaults change, the docs must be updated.
|
||||
@@ -294,6 +295,31 @@ def test_short_maxlen_error(self):
|
||||
with self.assertRaises(email.errors.HeaderParseError):
|
||||
policy.fold("Subject", subject)
|
||||
|
||||
+ def test_verify_generated_headers(self):
|
||||
+ """Turning protection off allows header injection"""
|
||||
+ policy = email.policy.default.clone(verify_generated_headers=False)
|
||||
+ for text in (
|
||||
+ 'Header: Value\r\nBad: Injection\r\n',
|
||||
+ 'Header: NoNewLine'
|
||||
+ ):
|
||||
+ with self.subTest(text=text):
|
||||
+ message = email.message_from_string(
|
||||
+ "Header: Value\r\n\r\nBody",
|
||||
+ policy=policy,
|
||||
+ )
|
||||
+ class LiteralHeader(str):
|
||||
+ name = 'Header'
|
||||
+ def fold(self, **kwargs):
|
||||
+ return self
|
||||
+
|
||||
+ del message['Header']
|
||||
+ message['Header'] = LiteralHeader(text)
|
||||
+
|
||||
+ self.assertEqual(
|
||||
+ message.as_string(),
|
||||
+ f"{text}\nBody",
|
||||
+ )
|
||||
+
|
||||
# XXX: Need subclassing tests.
|
||||
# For adding subclassed objects, make sure the usual rules apply (subclass
|
||||
# wins), but that the order still works (right overrides left).
|
||||
diff --git a/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst b/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst
|
||||
new file mode 100644
|
||||
index 00000000000000..83dd28d4ac575b
|
||||
--- /dev/null
|
||||
+++ b/Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst
|
||||
@@ -0,0 +1,5 @@
|
||||
+:mod:`email` headers with embedded newlines are now quoted on output. The
|
||||
+:mod:`~email.generator` will now refuse to serialize (write) headers that
|
||||
+are unsafely folded or delimited; see
|
||||
+:attr:`~email.policy.Policy.verify_generated_headers`. (Contributed by Bas
|
||||
+Bloemsaat and Petr Viktorin in :gh:`121650`.)
|
@ -1,148 +0,0 @@
|
||||
---
|
||||
Lib/test/test_zipfile/_path/test_path.py | 78 ++++++++++
|
||||
Lib/zipfile/_path/__init__.py | 18 ++
|
||||
Misc/NEWS.d/next/Library/2024-08-11-14-08-04.gh-issue-122905.7tDsxA.rst | 1
|
||||
Misc/NEWS.d/next/Library/2024-08-26-13-45-20.gh-issue-123270.gXHvNJ.rst | 3
|
||||
4 files changed, 98 insertions(+), 2 deletions(-)
|
||||
|
||||
--- a/Lib/test/test_zipfile/_path/test_path.py
|
||||
+++ b/Lib/test/test_zipfile/_path/test_path.py
|
||||
@@ -5,6 +5,7 @@ import pathlib
|
||||
import pickle
|
||||
import stat
|
||||
import sys
|
||||
+import time
|
||||
import unittest
|
||||
import zipfile
|
||||
import zipfile._path
|
||||
@@ -577,3 +578,80 @@ class TestPath(unittest.TestCase):
|
||||
zipfile.Path(alpharep)
|
||||
with self.assertRaises(KeyError):
|
||||
alpharep.getinfo('does-not-exist')
|
||||
+
|
||||
+ def test_malformed_paths(self):
|
||||
+ """
|
||||
+ Path should handle malformed paths gracefully.
|
||||
+
|
||||
+ Paths with leading slashes are not visible.
|
||||
+
|
||||
+ Paths with dots are treated like regular files.
|
||||
+ """
|
||||
+ data = io.BytesIO()
|
||||
+ zf = zipfile.ZipFile(data, "w")
|
||||
+ zf.writestr("/one-slash.txt", b"content")
|
||||
+ zf.writestr("//two-slash.txt", b"content")
|
||||
+ zf.writestr("../parent.txt", b"content")
|
||||
+ zf.filename = ''
|
||||
+ root = zipfile.Path(zf)
|
||||
+ assert list(map(str, root.iterdir())) == ['../']
|
||||
+ assert root.joinpath('..').joinpath('parent.txt').read_bytes() == b'content'
|
||||
+
|
||||
+ def test_unsupported_names(self):
|
||||
+ """
|
||||
+ Path segments with special characters are readable.
|
||||
+
|
||||
+ On some platforms or file systems, characters like
|
||||
+ ``:`` and ``?`` are not allowed, but they are valid
|
||||
+ in the zip file.
|
||||
+ """
|
||||
+ data = io.BytesIO()
|
||||
+ zf = zipfile.ZipFile(data, "w")
|
||||
+ zf.writestr("path?", b"content")
|
||||
+ zf.writestr("V: NMS.flac", b"fLaC...")
|
||||
+ zf.filename = ''
|
||||
+ root = zipfile.Path(zf)
|
||||
+ contents = root.iterdir()
|
||||
+ assert next(contents).name == 'path?'
|
||||
+ assert next(contents).name == 'V: NMS.flac'
|
||||
+ assert root.joinpath('V: NMS.flac').read_bytes() == b"fLaC..."
|
||||
+
|
||||
+ def test_backslash_not_separator(self):
|
||||
+ """
|
||||
+ In a zip file, backslashes are not separators.
|
||||
+ """
|
||||
+ data = io.BytesIO()
|
||||
+ zf = zipfile.ZipFile(data, "w")
|
||||
+ zf.writestr(DirtyZipInfo.for_name("foo\\bar", zf), b"content")
|
||||
+ zf.filename = ''
|
||||
+ root = zipfile.Path(zf)
|
||||
+ (first,) = root.iterdir()
|
||||
+ assert not first.is_dir()
|
||||
+ assert first.name == 'foo\\bar'
|
||||
+
|
||||
+
|
||||
+class DirtyZipInfo(zipfile.ZipInfo):
|
||||
+ """
|
||||
+ Bypass name sanitization.
|
||||
+ """
|
||||
+
|
||||
+ def __init__(self, filename, *args, **kwargs):
|
||||
+ super().__init__(filename, *args, **kwargs)
|
||||
+ self.filename = filename
|
||||
+
|
||||
+ @classmethod
|
||||
+ def for_name(cls, name, archive):
|
||||
+ """
|
||||
+ Construct the same way that ZipFile.writestr does.
|
||||
+
|
||||
+ TODO: extract this functionality and re-use
|
||||
+ """
|
||||
+ self = cls(filename=name, date_time=time.localtime(time.time())[:6])
|
||||
+ self.compress_type = archive.compression
|
||||
+ self.compress_level = archive.compresslevel
|
||||
+ if self.filename.endswith('/'): # pragma: no cover
|
||||
+ self.external_attr = 0o40775 << 16 # drwxrwxr-x
|
||||
+ self.external_attr |= 0x10 # MS-DOS directory flag
|
||||
+ else:
|
||||
+ self.external_attr = 0o600 << 16 # ?rw-------
|
||||
+ return self
|
||||
--- a/Lib/zipfile/_path/__init__.py
|
||||
+++ b/Lib/zipfile/_path/__init__.py
|
||||
@@ -1,3 +1,12 @@
|
||||
+"""
|
||||
+A Path-like interface for zipfiles.
|
||||
+
|
||||
+This codebase is shared between zipfile.Path in the stdlib
|
||||
+and zipp in PyPI. See
|
||||
+https://github.com/python/importlib_metadata/wiki/Development-Methodology
|
||||
+for more detail.
|
||||
+"""
|
||||
+
|
||||
import io
|
||||
import posixpath
|
||||
import zipfile
|
||||
@@ -36,7 +45,7 @@ def _parents(path):
|
||||
def _ancestry(path):
|
||||
"""
|
||||
Given a path with elements separated by
|
||||
- posixpath.sep, generate all elements of that path
|
||||
+ posixpath.sep, generate all elements of that path.
|
||||
|
||||
>>> list(_ancestry('b/d'))
|
||||
['b/d', 'b']
|
||||
@@ -48,9 +57,14 @@ def _ancestry(path):
|
||||
['b']
|
||||
>>> list(_ancestry(''))
|
||||
[]
|
||||
+
|
||||
+ Multiple separators are treated like a single.
|
||||
+
|
||||
+ >>> list(_ancestry('//b//d///f//'))
|
||||
+ ['//b//d///f', '//b//d', '//b']
|
||||
"""
|
||||
path = path.rstrip(posixpath.sep)
|
||||
- while path and path != posixpath.sep:
|
||||
+ while path.rstrip(posixpath.sep):
|
||||
yield path
|
||||
path, tail = posixpath.split(path)
|
||||
|
||||
--- /dev/null
|
||||
+++ b/Misc/NEWS.d/next/Library/2024-08-11-14-08-04.gh-issue-122905.7tDsxA.rst
|
||||
@@ -0,0 +1 @@
|
||||
+:class:`zipfile.Path` objects now sanitize names from the zipfile.
|
||||
--- /dev/null
|
||||
+++ b/Misc/NEWS.d/next/Library/2024-08-26-13-45-20.gh-issue-123270.gXHvNJ.rst
|
||||
@@ -0,0 +1,3 @@
|
||||
+Applied a more surgical fix for malformed payloads in :class:`zipfile.Path`
|
||||
+causing infinite loops (gh-122905) without breaking contents using
|
||||
+legitimate characters.
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:678b884775eec0224d5159fa900879020baca2a36ce942fd95febfa1adb4a6bd
|
||||
size 20881016
|
@ -1,18 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmaquNZfFIAAAAAALgAo
|
||||
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx
|
||||
Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6
|
||||
YwUclA//Tg0ybBUO7yjNvM85wbZLxIvYujAbReBRARLUkZXFGVMBG9zi3Arf4EE6
|
||||
PKvGvy0vg/jeQPraLBe4KQnaQUTU8qmLsjd7lWWEjZc0E+3zZzAvZ9hXNtcrqY4x
|
||||
YdLaGT8762c4sFoNsp173MYrqdun/usraKK50V1m/BPAqHX1Pdy0yxykkfG4p7lC
|
||||
LEUrc+2KtLWI9+Z0imH2FhI0OdhlSZKgJfi82dbmRDeJwMmEoG9+F9qmanrtIEVu
|
||||
6Tpwv8RphXI1JV7mzr6EjZqW4oHRayHlA4qcS9mTYKBNAfveEODXgbvsGRenh1X1
|
||||
kJclnX/GBpcjP/+PZ9aheAxxrTEvg7kmjrcfZKfzxepJEvCaxlg9hTKAvmMcgKp0
|
||||
V8rhWxBBfy47q8pvezjI4ip2rcedtJ21e0M98PPQLpuUxeo1xldjPLeGh8hyC9Z4
|
||||
F8HAs+uv11FXV5zaJvUIMCPx125ceYhl/1Jh36bJFX9MvjFlKOtR9mnsu84D5piW
|
||||
8+yUy353864bv9rrww/dMWzrrp7nO+/3gZi/goNGfMvm5KVpuhTro6xoW5KQ5LS+
|
||||
ZQGbWXl08lJ9+k8pUuwxCFHQCKjgjmerjb8xL9claBlF8FtfrQjy33BpxqF5BLpW
|
||||
CUbabJ9bA9O7fPsPhbW0XQGdXIJJLjHTP39pxCPGoBqAyUVJOc8=
|
||||
=CSLe
|
||||
-----END PGP SIGNATURE-----
|
3
Python-3.13.0rc2.tar.xz
Normal file
3
Python-3.13.0rc2.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:d60e8b7c10de4f71d2dffaf7c7be8efa54dc1e532fe931dbb84e5f625709e237
|
||||
size 21055084
|
18
Python-3.13.0rc2.tar.xz.asc
Normal file
18
Python-3.13.0rc2.tar.xz.asc
Normal file
@ -0,0 +1,18 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQKTBAABCgB9FiEEcWlgX2LHUTVtBUomqCHmgOX6YwUFAmbbgTdfFIAAAAAALgAo
|
||||
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDcx
|
||||
Njk2MDVGNjJDNzUxMzU2RDA1NEEyNkE4MjFFNjgwRTVGQTYzMDUACgkQqCHmgOX6
|
||||
YwUUpBAAnxUxwaFw3/XLw+5v3k2cbtzPtRmLtg81LlJ2bD5VG+RlCjbwHK03FghH
|
||||
kr4YILbFXN51mT0p2XtrXnd1WRYOIWTxXQ7jji02KY6OBlIordpa0KL415R+Y0O6
|
||||
fvS4sn9r5Ww8TMGHthGeN1boMjtFUHHRZKNUmIzVWihjxQX6UiPVcb9ezM2WDbhI
|
||||
hmGtyEq7KLYwl9GTW/YlsAQXyVvveePgr6PrMjRRquOSVL2vD+ZA8qrQvzWYCza6
|
||||
jDa2+6jrFlE6PpbCUDoRMDagjU2gEG9DllSziayh3aqMHG2fVbEqzLtBHl9EJ7IL
|
||||
yOkhgVVmqus52O5P0YhDDp2fkSxs2JgrXiF2Dd2UTIKKrFQkxmknoj/ScyyeajAj
|
||||
ymqf1CZf3ydhpEng+HGpnU+vWBnQA+v7BZBQXaoPGvMzTeNy1cn5JPTFFkcKXKDE
|
||||
jX8AzV82+OHnZ/80tLNTNCyFQNStKF2CNrHR1gnMAcgQTaJOlp4NMD3nC88WQlpx
|
||||
M4HC/yXq4556AaAzv0CctfzMLejvwmszMxbADHI4FcS7BJO85WsSXH3pnAx3Gfgg
|
||||
5NSEMB1ZAsoS9WbkxTkgaJOT9fHmf86S/sdx4W1zBetmag11bTVWHJwbE9z5V0YQ
|
||||
+fwQYVsi+ecgs3mL7vJzg8vEpJ33O2/y4vqySQYZRA4aIKn9Ks0=
|
||||
=dHr3
|
||||
-----END PGP SIGNATURE-----
|
@ -1,4 +1,6 @@
|
||||
<multibuild>
|
||||
<package>base</package>
|
||||
<package>doc</package>
|
||||
<package>nogil</package>
|
||||
<package>nogil-base</package>
|
||||
</multibuild>
|
||||
|
@ -1,24 +0,0 @@
|
||||
From ac2b8869724d7a57d9b5efbdce2f20423214e8bb Mon Sep 17 00:00:00 2001
|
||||
From: "Bernhard M. Wiedemann" <bwiedemann@suse.de>
|
||||
Date: Tue, 16 Jul 2024 21:39:33 +0200
|
||||
Subject: [PATCH] Allow to override build date with SOURCE_DATE_EPOCH
|
||||
|
||||
to make builds reproducible.
|
||||
See https://reproducible-builds.org/ for why this is good
|
||||
and https://reproducible-builds.org/specs/source-date-epoch/
|
||||
for the definition of this variable.
|
||||
---
|
||||
Doc/library/functions.rst | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
--- a/Doc/library/functions.rst
|
||||
+++ b/Doc/library/functions.rst
|
||||
@@ -1502,7 +1502,7 @@ are always available. They are listed h
|
||||
(where :func:`open` is declared), :mod:`os`, :mod:`os.path`, :mod:`tempfile`,
|
||||
and :mod:`shutil`.
|
||||
|
||||
- .. audit-event:: open file,mode,flags open
|
||||
+ .. audit-event:: open path,mode,flags open
|
||||
|
||||
The ``mode`` and ``flags`` arguments may have been modified or inferred from
|
||||
the original call.
|
@ -1,15 +0,0 @@
|
||||
---
|
||||
Misc/NEWS | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
--- a/Misc/NEWS
|
||||
+++ b/Misc/NEWS
|
||||
@@ -17647,7 +17647,7 @@ C API
|
||||
- bpo-40939: Removed documentation for the removed ``PyParser_*`` C API.
|
||||
|
||||
- bpo-43795: The list in :ref:`limited-api-list` now shows the public name
|
||||
- :c:struct:`PyFrameObject` rather than ``_frame``. The non-existing entry
|
||||
+ :c:type:`PyFrameObject` rather than ``_frame``. The non-existing entry
|
||||
``_node`` no longer appears in the list.
|
||||
|
||||
- bpo-44378: :c:func:`Py_IS_TYPE` no longer uses :c:func:`Py_TYPE` to avoid
|
@ -1,48 +0,0 @@
|
||||
From 235fbc05dcbca5cb5f7f0cd836317b8426e33243 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Viktorin <encukou@gmail.com>
|
||||
Date: Wed, 28 Aug 2024 22:36:42 +0200
|
||||
Subject: [PATCH] gh-122136: test_asyncio: Don't fail if the kernel buffers
|
||||
more data than advertised (GH-123423) (cherry picked from commit
|
||||
b379f1b26c1e89c8e9160b4dede61b980cc77be6)
|
||||
|
||||
Co-authored-by: Petr Viktorin <encukou@gmail.com>
|
||||
---
|
||||
Lib/test/test_asyncio/test_server.py | 18 +++++++++++++-----
|
||||
1 file changed, 13 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/Lib/test/test_asyncio/test_server.py b/Lib/test/test_asyncio/test_server.py
|
||||
index 4ca8a166a0f1a1..60a40cc8349fed 100644
|
||||
--- a/Lib/test/test_asyncio/test_server.py
|
||||
+++ b/Lib/test/test_asyncio/test_server.py
|
||||
@@ -227,7 +227,7 @@ async def serve(rd, wr):
|
||||
|
||||
(s_rd, s_wr) = await fut
|
||||
|
||||
- # Limit the socket buffers so we can reliably overfill them
|
||||
+ # Limit the socket buffers so we can more reliably overfill them
|
||||
s_sock = s_wr.get_extra_info('socket')
|
||||
s_sock.setsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF, 65536)
|
||||
c_sock = c_wr.get_extra_info('socket')
|
||||
@@ -242,10 +242,18 @@ async def serve(rd, wr):
|
||||
await asyncio.sleep(0)
|
||||
|
||||
# Get the writer in a waiting state by sending data until the
|
||||
- # socket buffers are full on both server and client sockets and
|
||||
- # the kernel stops accepting more data
|
||||
- s_wr.write(b'a' * c_sock.getsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF))
|
||||
- s_wr.write(b'a' * s_sock.getsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF))
|
||||
+ # kernel stops accepting more data in the send buffer.
|
||||
+ # gh-122136: getsockopt() does not reliably report the buffer size
|
||||
+ # available for message content.
|
||||
+ # We loop until we start filling up the asyncio buffer.
|
||||
+ # To avoid an infinite loop we cap at 10 times the expected value
|
||||
+ c_bufsize = c_sock.getsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF)
|
||||
+ s_bufsize = s_sock.getsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF)
|
||||
+ for i in range(10):
|
||||
+ s_wr.write(b'a' * c_bufsize)
|
||||
+ s_wr.write(b'a' * s_bufsize)
|
||||
+ if s_wr.transport.get_write_buffer_size() > 0:
|
||||
+ break
|
||||
self.assertNotEqual(s_wr.transport.get_write_buffer_size(), 0)
|
||||
|
||||
task = asyncio.create_task(srv.wait_closed())
|
@ -1,3 +1,193 @@
|
||||
-------------------------------------------------------------------
|
||||
Sat Sep 7 15:36:03 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
|
||||
|
||||
- Update to 3.13.0~rc2:
|
||||
- Tools/Demos
|
||||
- gh-123418: Update GitHub CI workflows to use OpenSSL 3.0.15
|
||||
and multissltests to use 3.0.15, 3.1.7, and 3.2.3.
|
||||
- Tests
|
||||
- gh-119727: Add --single-process command line option to
|
||||
Python test runner (regrtest). Patch by Victor Stinner.
|
||||
- gh-101525: Skip test_gdb if the binary is relocated by
|
||||
BOLT. Patch by Donghee Na.
|
||||
- Security
|
||||
- gh-123678: Upgrade libexpat to 2.6.3
|
||||
- gh-121285: Remove backtracking from tarfile header parsing
|
||||
for hdrcharset, PAX, and GNU sparse headers (bsc#1230227,
|
||||
CVE-2024-6232).
|
||||
- Library
|
||||
- gh-123448: Fixed memory leak of typing.NoDefault by moving
|
||||
it to the static types array.
|
||||
- gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output
|
||||
according to RFC 3596, §2.5. Patch by Bénédikt Tran.
|
||||
- gh-123270: Applied a more surgical fix for malformed
|
||||
payloads in zipfile.Path causing infinite loops (gh-122905)
|
||||
without breaking contents using legitimate characters
|
||||
(bsc#1229704, CVE-2024-8088).
|
||||
- gh-123228: Fix return type for
|
||||
_pyrepl.readline._ReadlineWrapper.get_line_buffer() to be
|
||||
str(). Patch by Sergey B Kirpichev.
|
||||
- gh-123240: Raise audit events for the input() in the new
|
||||
REPL.
|
||||
- gh-123243: Fix memory leak in _decimal.
|
||||
- gh-122546: Consistently use same file name for different
|
||||
exceptions in the new repl. Patch by Sergey B Kirpichev.
|
||||
- gh-123213: xml.etree.ElementTree.Element.extend() and
|
||||
Element assignment no longer hide the internal exception if
|
||||
an erronous generator is passed. Patch by Bar Harel.
|
||||
- gh-85110: Preserve relative path in URL without netloc in
|
||||
urllib.parse.urlunsplit() and urllib.parse.urlunparse().
|
||||
- gh-123067: Fix quadratic complexity in parsing "-quoted
|
||||
cookie values with backslashes by http.cookies
|
||||
(bsc#1229596, CVE-2024-7592)
|
||||
- gh-122981: Fix inspect.getsource() for generated classes
|
||||
with Python base classes (e.g. enums).
|
||||
- gh-122903: zipfile.Path.glob now correctly matches
|
||||
directories instead of silently omitting them.
|
||||
- gh-122905: zipfile.Path objects now sanitize names from the
|
||||
zipfile.
|
||||
- gh-122695: Fixed double-free when using gc.get_referents()
|
||||
with a freed asyncio.Future iterator.
|
||||
- gh-116263: logging.handlers.RotatingFileHandler no longer
|
||||
rolls over empty log files.
|
||||
- gh-105376: Restore the deprecated logging warn() method. It
|
||||
was removed in Python 3.13 alpha 1. Keep the deprecated
|
||||
warn() method in Python 3.13. Patch by Victor Stinner.
|
||||
- gh-122744: Bump the version of pip bundled in ensurepip to
|
||||
version 24.2.
|
||||
- gh-118814: Fix the typing.TypeVar constructor when name is
|
||||
passed by keyword.
|
||||
- gh-122478: Remove internal frames from tracebacks
|
||||
shown in code.InteractiveInterpreter with non-default
|
||||
sys.excepthook(). Save correct tracebacks in
|
||||
sys.last_traceback and update __traceback__ attribute of
|
||||
sys.last_value and sys.last_exc.
|
||||
- gh-116622: On Android, the FICLONE and FICLONERANGE
|
||||
constants are no longer exposed by fcntl, as these ioctls
|
||||
are blocked by SELinux.
|
||||
- gh-82378: Make sure that the new REPL interprets
|
||||
sys.tracebacklimit in the same way that the classic REPL
|
||||
did.
|
||||
- gh-122334: Fix crash when importing ssl after the main
|
||||
interpreter restarts.
|
||||
- gh-87320: In code.InteractiveInterpreter, handle exceptions
|
||||
caused by calling a non-default sys.excepthook(). Before,
|
||||
the exception bubbled up to the caller, ending the REPL.
|
||||
- gh-121650: email headers with embedded newlines
|
||||
are now quoted on output. The generator will
|
||||
now refuse to serialize (write) headers
|
||||
that are unsafely folded or delimited; see
|
||||
verify_generated_headers. (Contributed by Bas Bloemsaat and
|
||||
Petr Viktorin in gh-121650.; CVE-2024-6923, bsc#1228780)
|
||||
- gh-121723: Make logging.config.dictConfig() accept any
|
||||
object implementing the Queue public API. See the queue
|
||||
configuration section for details. Patch by Bénédikt Tran.
|
||||
- gh-122081: Fix a crash in the decimal.IEEEContext()
|
||||
optional function available via the EXTRA_FUNCTIONALITY
|
||||
configuration flag.
|
||||
- gh-121804: Correctly show error locations, when SyntaxError
|
||||
raised in new repl. Patch by Sergey B Kirpichev.
|
||||
- gh-121151: Fix wrapping of long usage text of arguments
|
||||
inside a mutually exclusive group in argparse.
|
||||
- gh-108172: webbrowser honors OS preferred browser on Linux
|
||||
when its desktop entry name contains the text of a known
|
||||
browser name.
|
||||
- gh-109109: You can now get the raw TLS .
|
||||
Cocertificate chains from TLS connections .
|
||||
Covia ssl.SSLSocket.get_verified_chain() and .
|
||||
Cossl.SSLSocket.get_unverified_chain() methods ntributed by .
|
||||
CoMateusz Nowak .
|
||||
- IDLE
|
||||
- gh-120083: Add explicit black IDLE Hovertip foreground
|
||||
color needed for recent macOS. Fixes Sonoma showing
|
||||
unreadable white on pale yellow. Patch by John Riggles.
|
||||
- Core and Builtins
|
||||
- gh-123572: Fix key mappings for various F-keys in Windows
|
||||
for the new REPL. Patch by devdanzin
|
||||
- gh-123484: Fix _Py_DebugOffsets for long objects to be
|
||||
relative to the start of the object rather than the start
|
||||
of a subobject.
|
||||
- gh-123344: Add AST optimizations for type parameter
|
||||
defaults.
|
||||
- gh-123321: Prevent Parser/myreadline race condition from
|
||||
segfaulting on multi-threaded use. Patch by Bar Harel and
|
||||
Amit Wienner.
|
||||
- gh-123177: Fix a bug causing stray prompts to appear in the
|
||||
middle of wrapped lines in the new REPL.
|
||||
- gh-122982: Extend the deprecation period for bool inversion
|
||||
(~) by two years.
|
||||
- gh-123177: Deactivate line wrap in the Apple Terminal via a
|
||||
ANSI escape code. Patch by Pablo Galindo
|
||||
- gh-123229: Fix valgrind warning by initializing the
|
||||
f-string buffers to 0 in the tokenizer. Patch by Pablo
|
||||
Galindo
|
||||
- gh-122298: Restore printout of GC stats when
|
||||
gc.set_debug(gc.DEBUG_STATS) is called. This featue was
|
||||
accidentally removed when implementing incremental GC.
|
||||
- gh-121804: Correctly show error locations when a
|
||||
SyntaxError is raised in the basic REPL. Patch by Sergey B
|
||||
Kirpichev.
|
||||
- gh-123142: Fix too-wide source location in exception
|
||||
tracebacks coming from broken iterables in comprehensions.
|
||||
- gh-123048: Fix a bug where pattern matching code could emit
|
||||
a JUMP_FORWARD with no source location.
|
||||
- gh-123123: Fix displaying SyntaxError exceptions covering
|
||||
multiple lines. Patch by Pablo Galindo
|
||||
- gh-123083: Fix a potential use-after-free in
|
||||
STORE_ATTR_WITH_HINT.
|
||||
- gh-123022: Fix crash in free-threaded build when calling
|
||||
Py_Initialize() from a non-main thread.
|
||||
- gh-122888: Fix crash on certain calls to str() with
|
||||
positional arguments of the wrong type. Patch by Jelle
|
||||
Zijlstra.
|
||||
- gh-116622: Fix Android stdout and stderr messages being
|
||||
truncated or lost.
|
||||
- gh-122527: Fix a crash that occurred when a
|
||||
PyStructSequence was deallocated after its type’s
|
||||
dictionary was cleared by the GC. The type’s tp_basicsize
|
||||
now accounts for non-sequence fields that aren’t included
|
||||
in the Py_SIZE of the sequence.
|
||||
- gh-122445: Add only fields which are modified via self.* to
|
||||
__static_attributes__.
|
||||
- gh-98442: Fix too wide source locations of the cleanup
|
||||
instructions of a with statement.
|
||||
- gh-93691: Fix source locations of instructions generated
|
||||
for with statements.
|
||||
- gh-120097: FrameLocalsProxy now subclasses
|
||||
collections.abc.Mapping and can be matched as a mapping in
|
||||
match statements
|
||||
- C API
|
||||
- gh-122728: Fix PyEval_GetLocals() to avoid SystemError
|
||||
(“bad argument to internal function”). Patch by Victor
|
||||
Stinner.
|
||||
- Build
|
||||
- gh-123297: Propagate the value of LDFLAGS to LDCXXSHARED in
|
||||
sysconfig. Patch by Pablo Galindo
|
||||
- gh-116622: Rename build variable MODULE_LDFLAGS back
|
||||
to LIBPYTHON, as it’s used by package build systems
|
||||
(e.g. Meson).
|
||||
- gh-118943: Fix an issue where the experimental JIT could be
|
||||
built several times by the make regen-all target, leading
|
||||
to possible race conditions on heavily parallelized builds.
|
||||
- gh-118943: Fix a possible race condition affecting parallel
|
||||
builds configured with --enable-experimental-jit, in which
|
||||
FileNotFoundError could be caused by another process
|
||||
already moving jit_stencils.h.new to jit_stencils.h.
|
||||
- Remove upstreamed patches:
|
||||
- bso1227999-reproducible-builds.patch
|
||||
- CVE-2024-8088-inf-loop-zipfile_Path.patch
|
||||
- gh120226-fix-sendfile-test-kernel-610.patch
|
||||
- gh122136-test_asyncio-kernel-buffer-data.patch
|
||||
- fix_configure_rst.patch
|
||||
- CVE-2024-6923-email-hdr-inject.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 2 09:44:26 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
|
||||
|
||||
- Add gh120226-fix-sendfile-test-kernel-610.patch to avoid
|
||||
failing test_sendfile_close_peer_in_the_middle_of_receiving
|
||||
tests on Linux >= 6.10 (GH-120227).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 29 14:46:39 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
|
||||
|
||||
@ -445,6 +635,12 @@ Fri Jun 28 06:12:20 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
|
||||
- python-3.3.0b1-fix_date_time_compiler.patch
|
||||
- subprocess-raise-timeout.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 6 11:48:20 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
|
||||
|
||||
- Build experimental package python313-base-nogil with
|
||||
--disable-gil option.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 6 09:59:51 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
|
||||
|
||||
@ -1330,6 +1526,7 @@ Thu May 9 08:18:00 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
|
||||
ipaddress.IPv6Address.is_global
|
||||
- Also in the corresponding ipaddress.IPv4Network and
|
||||
ipaddress.IPv6Network attributes.
|
||||
- Fixes bsc#1226448 (CVE-2024-4032).
|
||||
- gh-63283: In encodings.idna, any capitalization of the the ACE
|
||||
prefix (xn--) is now acceptable. Patch by Pepijn de Vos and
|
||||
Zackery Spytz.
|
||||
@ -2617,7 +2814,7 @@ Thu Feb 8 08:10:09 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
|
||||
behavior, accept malformed inputs. getattr(email.utils,
|
||||
'supports_strict_parsing', False) can be use to check if the
|
||||
strict paramater is available. Patch by Thomas Dwyer and Victor
|
||||
Stinner to improve the CVE-2023-27043 fix.
|
||||
Stinner to improve the CVE-2023-27043 fix (bsc#1210638).
|
||||
- gh-52161: cmd.Cmd.do_help() now cleans docstrings with
|
||||
inspect.cleandoc() before writing them. Patch by Filip
|
||||
Łapkiewicz.
|
||||
@ -6096,7 +6293,8 @@ Thu Jul 16 21:45:50 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
|
||||
|
||||
- Spec file fixes
|
||||
- Re-added subprocess-raise-timeout.patch: now compatible
|
||||
- Removed bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch: contained in upstream
|
||||
- Removed bpo34022-stop_hash-based_invalidation_w_SOURCE_DATE_EPOCH.patch:
|
||||
contained in upstream
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 15 09:10:42 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||||
|
136
python313.spec
136
python313.spec
@ -22,18 +22,36 @@
|
||||
%bcond_without doc
|
||||
%bcond_with base
|
||||
%bcond_with general
|
||||
%bcond_without GIL
|
||||
%endif
|
||||
%if "%{flavor}" == "base"
|
||||
%define psuffix -core
|
||||
%bcond_with doc
|
||||
%bcond_without base
|
||||
%bcond_with general
|
||||
%bcond_without GIL
|
||||
%endif
|
||||
%if "%{flavor}" == ""
|
||||
%define psuffix %{nil}
|
||||
%bcond_with doc
|
||||
%bcond_with base
|
||||
%bcond_without general
|
||||
%bcond_without GIL
|
||||
%endif
|
||||
|
||||
%if "%{flavor}" == "nogil"
|
||||
%define psuffix %{nil}
|
||||
%bcond_with doc
|
||||
%bcond_with base
|
||||
%bcond_without general
|
||||
%bcond_with GIL
|
||||
%endif
|
||||
%if "%{flavor}" == "nogil-base"
|
||||
%define psuffix -nogil-core
|
||||
%bcond_with doc
|
||||
%bcond_without base
|
||||
%bcond_with general
|
||||
%bcond_with GIL
|
||||
%endif
|
||||
|
||||
%if 0%{?do_profiling}
|
||||
@ -51,6 +69,11 @@
|
||||
%endif
|
||||
|
||||
%define python_pkg_name python313
|
||||
%if %{without GIL}
|
||||
%define python_pkg_name python313-nogil
|
||||
%define base_pkg_name python313
|
||||
%endif
|
||||
|
||||
%if "%{python_pkg_name}" == "%{primary_python}"
|
||||
%define primary_interpreter 1
|
||||
%else
|
||||
@ -87,6 +110,10 @@
|
||||
%define sitedir %{_libdir}/python%{python_version}
|
||||
# three possible ABI kinds: m - pymalloc, d - debug build; see PEP 3149
|
||||
%define abi_kind %{nil}
|
||||
%if %{without GIL}
|
||||
%define abi_kind t
|
||||
%define sitedir %{_libdir}/python%{python_version}%{abi_kind}
|
||||
%endif
|
||||
# python ABI version - used in some file names
|
||||
%define python_abi %{python_version}%{abi_kind}
|
||||
# soname ABI tag defined in PEP 3149
|
||||
@ -117,8 +144,8 @@
|
||||
# _md5.cpython-38m-x86_64-linux-gnu.so
|
||||
%define dynlib() %{sitedir}/lib-dynload/%{1}.cpython-%{abi_tag}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}.so
|
||||
Name: %{python_pkg_name}%{psuffix}
|
||||
Version: 3.13.0~rc1
|
||||
%define tarversion 3.13.0rc1
|
||||
Version: 3.13.0~rc2
|
||||
%define tarversion 3.13.0rc2
|
||||
%define tarname Python-%{tarversion}
|
||||
Release: 0
|
||||
Summary: Python 3 Interpreter
|
||||
@ -174,21 +201,6 @@ Patch08: no-skipif-doctests.patch
|
||||
# PATCH-FIX-SLE skip-test_pyobject_freed_is_freed.patch mcepl@suse.com
|
||||
# skip a test failing on SLE-15
|
||||
Patch09: skip-test_pyobject_freed_is_freed.patch
|
||||
# PATCH-FIX-SLE fix_configure_rst.patch bpo#43774 mcepl@suse.com
|
||||
# remove duplicate link targets and make documentation with old Sphinx in SLE
|
||||
Patch10: fix_configure_rst.patch
|
||||
# PATCH-FIX-UPSTREAM CVE-2024-6923-email-hdr-inject.patch bsc#1228780 mcepl@suse.com
|
||||
# prevent email header injection, patch from gh#python/cpython!122608
|
||||
Patch12: CVE-2024-6923-email-hdr-inject.patch
|
||||
# PATCH-FIX-UPSTREAM bso1227999-reproducible-builds.patch bsc#1227999 mcepl@suse.com
|
||||
# reproducibility patches
|
||||
Patch13: bso1227999-reproducible-builds.patch
|
||||
# PATCH-FIX-UPSTREAM CVE-2024-8088-inf-loop-zipfile_Path.patch bsc#1229704 mcepl@suse.com
|
||||
# avoid denial of service in zipfile
|
||||
Patch14: CVE-2024-8088-inf-loop-zipfile_Path.patch
|
||||
# PATCH-FIX-UPSTREAM gh122136-test_asyncio-kernel-buffer-data.patch gh#python/cpython#122136 mcepl@suse.com
|
||||
# test.test_asyncio.test_server.TestServer2.test_abort_clients fails because of changes in the kernel
|
||||
Patch15: gh122136-test_asyncio-kernel-buffer-data.patch
|
||||
BuildRequires: autoconf-archive
|
||||
BuildRequires: automake
|
||||
BuildRequires: fdupes
|
||||
@ -226,6 +238,10 @@ BuildRequires: python3-python-docs-theme >= 2022.1
|
||||
BuildRequires: clang => 18
|
||||
BuildRequires: llvm => 18
|
||||
|
||||
%if %{without GIL}
|
||||
ExcludeArch: aarch64
|
||||
%endif
|
||||
|
||||
%if %{with general}
|
||||
# required for idle3 (.desktop and .appdata.xml files)
|
||||
BuildRequires: appstream-glib
|
||||
@ -444,7 +460,7 @@ This package contains libpython3.2 shared library for embedding in
|
||||
other applications.
|
||||
|
||||
%prep
|
||||
%autosetup -p1 -N -n %{tarname}
|
||||
%setup -q -n %{tarname}
|
||||
%autopatch -p1 -M 07
|
||||
|
||||
%if 0%{?suse_version} <= 1500
|
||||
@ -478,7 +494,7 @@ sed -i -e '/Breakpoint 3 at ...pdb.py:97/s/97/96/' Lib/test/test_pdb.py
|
||||
%endif
|
||||
|
||||
# Cannot remove it because of gh#python/cpython#92875
|
||||
# rm -r Modules/expat
|
||||
rm -r Modules/expat
|
||||
|
||||
# drop duplicate README from site-packages
|
||||
rm Lib/site-packages/README.txt
|
||||
@ -536,6 +552,9 @@ export CFLAGS="%{optflags} -IVendor/"
|
||||
%endif
|
||||
%if %{with experimental_jit}
|
||||
--enable-experimental-jit=yes-off \
|
||||
%endif
|
||||
%if %{without GIL}
|
||||
--disable-gil \
|
||||
%endif
|
||||
--enable-loadable-sqlite-extensions
|
||||
|
||||
@ -680,12 +699,12 @@ done
|
||||
|
||||
# Idle is not packaged in base due to the appstream-glib dependency
|
||||
# move idle config into /etc
|
||||
install -d -m 755 %{buildroot}%{_sysconfdir}/idle%{python_version}
|
||||
install -d -m 755 %{buildroot}%{_sysconfdir}/idle%{python_abi}
|
||||
(
|
||||
cd %{buildroot}/%{sitedir}/idlelib/
|
||||
for file in *.def ; do
|
||||
mv $file %{buildroot}%{_sysconfdir}/idle%{python_version}/
|
||||
ln -sf %{_sysconfdir}/idle%{python_version}/$file %{buildroot}/%{sitedir}/idlelib/
|
||||
mv $file %{buildroot}%{_sysconfdir}/idle%{python_abi}/
|
||||
ln -sf %{_sysconfdir}/idle%{python_abi}/$file %{buildroot}/%{sitedir}/idlelib/
|
||||
done
|
||||
)
|
||||
|
||||
@ -693,23 +712,28 @@ install -d -m 755 %{buildroot}%{_sysconfdir}/idle%{python_version}
|
||||
ls -l %{buildroot}%{_bindir}/
|
||||
rm %{buildroot}%{_bindir}/idle3
|
||||
|
||||
# mve idle binary to idle3.13t to avoid conflict
|
||||
%if %{without GIL}
|
||||
mv %{buildroot}%{_bindir}/idle%{python_version} %{buildroot}%{_bindir}/idle%{python_abi}
|
||||
%endif
|
||||
|
||||
# install idle icons
|
||||
for size in 16 32 48 ; do
|
||||
install -m 644 -D Lib/idlelib/Icons/idle_${size}.png \
|
||||
%{buildroot}%{_datadir}/icons/hicolor/${size}x${size}/apps/idle%{python_version}.png
|
||||
%{buildroot}%{_datadir}/icons/hicolor/${size}x${size}/apps/idle%{python_abi}.png
|
||||
done
|
||||
|
||||
# install idle desktop file
|
||||
cp %{SOURCE19} idle%{python_version}.desktop
|
||||
sed -i -e 's:idle3:idle%{python_version}:g' idle%{python_version}.desktop
|
||||
install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_version}.desktop
|
||||
cp %{SOURCE19} idle%{python_abi}.desktop
|
||||
sed -i -e 's:idle3:idle%{python_abi}:g' idle%{python_abi}.desktop
|
||||
install -m 644 -D -t %{buildroot}%{_datadir}/applications idle%{python_abi}.desktop
|
||||
|
||||
cp %{SOURCE20} idle%{python_version}.appdata.xml
|
||||
sed -i -e 's:idle3.desktop:idle%{python_version}.desktop:g' idle%{python_version}.appdata.xml
|
||||
install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_version}.appdata.xml
|
||||
appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle%{python_version}.appdata.xml
|
||||
cp %{SOURCE20} idle%{python_abi}.appdata.xml
|
||||
sed -i -e 's:idle3.desktop:idle%{python_abi}.desktop:g' idle%{python_abi}.appdata.xml
|
||||
install -m 644 -D -t %{buildroot}%{_datadir}/metainfo idle%{python_abi}.appdata.xml
|
||||
appstream-util validate-relax --nonet %{buildroot}%{_datadir}/metainfo/idle%{python_abi}.appdata.xml
|
||||
|
||||
%fdupes %{buildroot}/%{_libdir}/python%{python_version}
|
||||
%fdupes %{buildroot}/%{_libdir}/python%{python_abi}
|
||||
%endif
|
||||
%if %{with base}
|
||||
%make_install
|
||||
@ -721,7 +745,7 @@ find %{buildroot} -name "*.a" -delete
|
||||
install -d -m 755 %{buildroot}%{sitedir}/site-packages
|
||||
install -d -m 755 %{buildroot}%{sitedir}/site-packages/__pycache__
|
||||
# and their 32bit counterparts explicitly
|
||||
mkdir -p %{buildroot}%{_prefix}/lib/python%{python_version}/site-packages/__pycache__
|
||||
mkdir -p %{buildroot}%{_prefix}/lib/python%{python_abi}/site-packages/__pycache__
|
||||
|
||||
# cleanup parts that don't belong
|
||||
for dir in curses dbm sqlite3 tkinter idlelib; do
|
||||
@ -749,7 +773,7 @@ sed -e 's,__PYTHONPREFIX__,%{python_pkg_name},' -e 's,__PYTHON__,python%{python_
|
||||
%endif
|
||||
|
||||
# link shared library instead of static library that tools expect
|
||||
ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_version}/config-%{python_abi}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}/libpython%{python_abi}.so
|
||||
ln -s ../../libpython%{python_abi}.so %{buildroot}%{_libdir}/python%{python_abi}/config-%{python_abi}-%{archname}-%{_os}%{?_gnu}%{?armsuffix}/libpython%{python_abi}.so
|
||||
|
||||
# delete idle3, which has to many packaging dependencies for base
|
||||
rm %{buildroot}%{_bindir}/idle3*
|
||||
@ -805,6 +829,17 @@ LD_LIBRARY_PATH=. ./python -O -c "from py_compile import compile; compile('$FAIL
|
||||
done < %{SOURCE9}
|
||||
)
|
||||
echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-import-failed-hooks.pth
|
||||
|
||||
# not packaged without GIL
|
||||
%if %{without GIL}
|
||||
rm -rf %{buildroot}%{_libdir}/pkgconfig/python-%{python_version}.pc
|
||||
rm -rf %{buildroot}%{_libdir}/pkgconfig/python-%{python_version}-embed.pc
|
||||
rm %{buildroot}%{_bindir}/python%{python_version}
|
||||
rm %{buildroot}%{_bindir}/pydoc%{python_version}
|
||||
rm %{buildroot}%{_bindir}/python%{python_version}-config
|
||||
rm %{buildroot}%{_mandir}/man1/python%{python_version}.1*
|
||||
%endif
|
||||
|
||||
%endif
|
||||
|
||||
%if %{with general}
|
||||
@ -831,21 +866,22 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo
|
||||
|
||||
%files -n %{python_pkg_name}-idle
|
||||
%{sitedir}/idlelib
|
||||
%dir %{_sysconfdir}/idle%{python_version}
|
||||
%config %{_sysconfdir}/idle%{python_version}/*
|
||||
%dir %{_sysconfdir}/idle%{python_abi}
|
||||
%config %{_sysconfdir}/idle%{python_abi}/*
|
||||
%doc Lib/idlelib/README.txt
|
||||
%doc Lib/idlelib/TODO.txt
|
||||
%doc Lib/idlelib/extend.txt
|
||||
%doc Lib/idlelib/ChangeLog
|
||||
%{_bindir}/idle%{python_version}
|
||||
%{_datadir}/applications/idle%{python_version}.desktop
|
||||
%{_datadir}/metainfo/idle%{python_version}.appdata.xml
|
||||
%{_datadir}/icons/hicolor/*/apps/idle%{python_version}.png
|
||||
%{_bindir}/idle%{python_abi}
|
||||
%{_datadir}/applications/idle%{python_abi}.desktop
|
||||
%{_datadir}/metainfo/idle%{python_abi}.appdata.xml
|
||||
%{_datadir}/icons/hicolor/*/apps/idle%{python_abi}.png
|
||||
%dir %{_datadir}/icons/hicolor
|
||||
%dir %{_datadir}/icons/hicolor/16x16
|
||||
%dir %{_datadir}/icons/hicolor/32x32
|
||||
%dir %{_datadir}/icons/hicolor/48x48
|
||||
%dir %{_datadir}/icons/hicolor/*/apps
|
||||
|
||||
# endif for if general
|
||||
%endif
|
||||
|
||||
@ -920,7 +956,11 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo
|
||||
%if %{primary_interpreter}
|
||||
%{_mandir}/man1/python3.1%{?ext_man}
|
||||
%endif
|
||||
|
||||
%if %{with GIL}
|
||||
%{_mandir}/man1/python%{python_version}.1%{?ext_man}
|
||||
%endif
|
||||
|
||||
%if %{suse_version} > 1550
|
||||
# PEP-0668
|
||||
%{sitedir}/EXTERNALLY-MANAGED
|
||||
@ -931,8 +971,10 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo
|
||||
%if %{primary_interpreter}
|
||||
%{_rpmconfigdir}/macros.d/macros.python3
|
||||
%endif
|
||||
|
||||
# binary parts
|
||||
%dir %{sitedir}/lib-dynload
|
||||
|
||||
%{dynlib array}
|
||||
%{dynlib _asyncio}
|
||||
%{dynlib binascii}
|
||||
@ -993,11 +1035,13 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo
|
||||
%{dynlib _sha1}
|
||||
%{dynlib _sha2}
|
||||
%{dynlib _sha3}
|
||||
# python parts
|
||||
%dir %{_prefix}/lib/python%{python_version}
|
||||
%dir %{_prefix}/lib/python%{python_version}/site-packages
|
||||
%dir %{_prefix}/lib/python%{python_version}/site-packages/__pycache__
|
||||
|
||||
%dir %{sitedir}
|
||||
# python parts
|
||||
%dir %{_prefix}/lib/python%{python_abi}
|
||||
%dir %{_prefix}/lib/python%{python_abi}/site-packages
|
||||
%dir %{_prefix}/lib/python%{python_abi}/site-packages/__pycache__
|
||||
|
||||
%dir %{sitedir}/site-packages
|
||||
%dir %{sitedir}/site-packages/__pycache__
|
||||
# %%exclude %%{sitedir}/*/test
|
||||
@ -1041,9 +1085,11 @@ echo %{sitedir}/_import_failed > %{buildroot}/%{sitedir}/site-packages/zzzz-impo
|
||||
%{_bindir}/pydoc3
|
||||
%endif
|
||||
# executables
|
||||
%if %{with GIL}
|
||||
%attr(755, root, root) %{_bindir}/pydoc%{python_version}
|
||||
# %%attr(755, root, root) %%{_bindir}/python%%{python_abi}
|
||||
%attr(755, root, root) %{_bindir}/python%{python_version}
|
||||
%endif
|
||||
%attr(755, root, root) %{_bindir}/python%{python_abi}
|
||||
|
||||
# endif for if base
|
||||
%endif
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user