SHA256
1
0
forked from pool/python38
Commit Graph

152 Commits

Author SHA256 Message Date
Steve Kowalik
d58978abbd Fix changelog entry
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=96
2022-09-02 05:08:55 +00:00
Steve Kowalik
3ea01e31b6 - http.server: Fix an open redirection vulnerability in the HTTP server
when an URI path starts with //. (bsc#1202624, CVE-2021-28861)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=95
2022-09-01 04:20:31 +00:00
825dab796f - Add conditional for requiring rpm-build-python, so we should be
compilable on SLE/Leap.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=94
2022-08-31 21:37:06 +00:00
a384b79efb - Add bpo34990-2038-problem-compileall.patch making compileall.py
compliant with year 2038 (bsc#1202666, gh#python/cpython#79171),
  backport of fix to Python 3.8.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=93
2022-08-31 09:50:12 +00:00
Richard Brown
f0e7813db0 Accepting request 990680 from devel:languages:python:Factory
- Switch from %primary_interpreter to prjconf-defined
  %primary_python (gh#openSUSE/python-rpm-macros#127).

OBS-URL: https://build.opensuse.org/request/show/990680
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=24
2022-07-29 14:46:56 +00:00
b2d593bc85 Restore %primary_interpreter
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=91
2022-07-21 15:15:33 +00:00
471da3977b Fix changelog
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=90
2022-07-21 14:22:45 +00:00
822856d8bd - Switch from %primary_interpreter to prjconf-defined %primary_python (gh#openSUSE/python-rpm-macros#127).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=89
2022-07-21 14:22:29 +00:00
Dominique Leuenberger
578f048a9f Accepting request 975215 from devel:languages:python:Factory
- Switch primary_interpreter from python38 to python310

OBS-URL: https://build.opensuse.org/request/show/975215
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=23
2022-06-14 22:31:44 +00:00
5493df1c9c - Switch primary_interpreter from python38 to python310
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=87
2022-05-05 14:35:19 +00:00
Dominique Leuenberger
71ed8dd763 Accepting request 965120 from devel:languages:python:Factory
- Update to 3.8.13:
Core and Builtins
    bpo-46794: Bump up the libexpat version into 2.4.6
    bpo-46985: Upgrade pip wheel bundled with ensurepip (pip 22.0.4)
    bpo-46932: Update bundled libexpat to 2.4.7
    bpo-46811: Make test suite support Expat >=2.4.5
    bpo-46784: Fix libexpat symbols collisions with user
      dynamically loaded or statically linked libexpat in embedded
      Python.
    bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4
    bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid
      potential REDoS by limiting ambiguity in consecutive
      whitespace.
    bpo-44849: Fix the os.set_inheritable() function on FreeBSD
      14 for file descriptor opened with the O_PATH flag: ignore
      the EBADF error on ioctl(), fallback on the fcntl()
      implementation.
    bpo-41028: Language and version switchers, previously
      maintained in every cpython branches, are now handled by
      docsbuild-script.
    bpo-45195: Fix test_readline.test_nonascii(): sometimes, the
      newline character is not written at the end, so don’t
      expect it in the output.
    bpo-44949: Fix auto history tests of test_readline:
      sometimes, the newline character is not written at the end,
      so don’t expect it in the output.
    bpo-45405: Prevent internal configure error when running
      configure with recent versions of clang.
- Remove upstreamed patches:
  - support-expat-245.patch

OBS-URL: https://build.opensuse.org/request/show/965120
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=22
2022-04-01 19:34:44 +00:00
8f9c4e7712 - Update to 3.8.13:
Core and Builtins
    bpo-46794: Bump up the libexpat version into 2.4.6
    bpo-46985: Upgrade pip wheel bundled with ensurepip (pip 22.0.4)
    bpo-46932: Update bundled libexpat to 2.4.7
    bpo-46811: Make test suite support Expat >=2.4.5
    bpo-46784: Fix libexpat symbols collisions with user
      dynamically loaded or statically linked libexpat in embedded
      Python.
    bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4
    bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid
      potential REDoS by limiting ambiguity in consecutive
      whitespace.
    bpo-44849: Fix the os.set_inheritable() function on FreeBSD
      14 for file descriptor opened with the O_PATH flag: ignore
      the EBADF error on ioctl(), fallback on the fcntl()
      implementation.
    bpo-41028: Language and version switchers, previously
      maintained in every cpython branches, are now handled by
      docsbuild-script.
    bpo-45195: Fix test_readline.test_nonascii(): sometimes, the
      newline character is not written at the end, so don’t
      expect it in the output.
    bpo-44949: Fix auto history tests of test_readline:
      sometimes, the newline character is not written at the end,
      so don’t expect it in the output.
    bpo-45405: Prevent internal configure error when running
      configure with recent versions of clang.
- Remove upstreamed patches:
  - support-expat-245.patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=85
2022-03-26 22:17:57 +00:00
Dominique Leuenberger
7137fa9432 Accepting request 956582 from devel:languages:python:Factory
- Add patch support-expat-245.patch:
  * Support Expat >= 2.4.5

OBS-URL: https://build.opensuse.org/request/show/956582
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=21
2022-02-23 15:25:35 +00:00
Steve Kowalik
d1acfb84ff - Add patch support-expat-245.patch:
* Support Expat >= 2.4.5

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=84
2022-02-22 05:55:24 +00:00
Dominique Leuenberger
055c12217c Accepting request 934639 from devel:languages:python:Factory
- Remove shebangs from from python-base libraries in _libdir
  (bsc#1193179).
- Readjust patches:
  - bpo-31046_ensurepip_honours_prefix.patch
  - decimal.patch
  - python-3.3.0b1-fix_date_time_compiler.patch

OBS-URL: https://build.opensuse.org/request/show/934639
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=20
2021-12-01 19:46:08 +00:00
e80a36de55 Run spec-cleaner
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=83
2021-11-29 21:18:48 +00:00
8daf777a48 - Remove shebangs from from python-base libraries in _libdir
(bsc#1193179).
- Readjust patches:
  - bpo-31046_ensurepip_honours_prefix.patch
  - decimal.patch
  - python-3.3.0b1-fix_date_time_compiler.patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=82
2021-11-29 21:16:35 +00:00
Dominique Leuenberger
fbd0354730 Accepting request 924942 from devel:languages:python:Factory
OBS-URL: https://build.opensuse.org/request/show/924942
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=19
2021-10-25 13:16:43 +00:00
3a1f3da6b5 Accepting request 924860 from home:dimstar:Factory
- BuildRequire rpm-build-python: The provider to inject python(abi)
  has been moved there. rpm-build pulls rpm-build-python
  automatically in when building anything against python3-base, but
  this implies that the initial build of python3-base does not
  trigger the automatic installation.

OBS-URL: https://build.opensuse.org/request/show/924860
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=81
2021-10-12 19:01:27 +00:00
Dominique Leuenberger
72acaf0548 Accepting request 915293 from devel:languages:python:Factory
OBS-URL: https://build.opensuse.org/request/show/915293
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=18
2021-09-11 20:24:10 +00:00
708a7675a4 Accepting request 915148 from home:fusionfuture:branches:devel:languages:python:Factory
- Update to 3.8.12
  * Complete list of changes is available at
    https://docs.python.org/release/3.8.12/whatsnew/changelog.html
  * Security
    - bpo-42278: Replaced usage of tempfile.mktemp() with
      TemporaryDirectory to avoid a potential race condition.
    - bpo-44394: Update the vendored copy of libexpat to 2.4.1
      (from 2.2.8) to get the fix for the CVE-2013-0340 “Billion
      Laughs” vulnerability. This copy is most used on Windows and
      macOS.
    - bpo-43124: Made the internal putcmd function in smtplib
      sanitize input for presence of \r and \n characters to avoid
      (unlikely) command injection.
    - bpo-36384: ipaddress module no longer accepts any leading
      zeros in IPv4 address strings. Leading zeros are ambiguous
      and interpreted as octal notation by some libraries. For
      example the legacy function socket.inet_aton() treats leading
      zeros as octal notation. glibc implementation of modern
      inet_pton() does not accept any leading zeros. For a while
      the ipaddress module used to accept ambiguous leading zeros.
- Refreshed patch:
  * decimal-3.8.patch

OBS-URL: https://build.opensuse.org/request/show/915148
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=80
2021-08-31 15:13:54 +00:00
db054e258d Accepting request 914696 from home:mcepl:python-libmpdec
- Add decimal-3.8.patch to add building with --with-system-libmpdec
  option (bsc#1189356).

OBS-URL: https://build.opensuse.org/request/show/914696
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=79
2021-08-30 10:14:02 +00:00
24200752c4 Accepting request 914829 from home:Andreas_Schwab:Factory
- test_faulthandler is still problematic under qemu linux-user emulation,
  disable it there
- Reenable profileopt with qemu emulation, test_faulthandler is no longer
  run during profiling

OBS-URL: https://build.opensuse.org/request/show/914829
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=78
2021-08-29 06:01:55 +00:00
Richard Brown
b31aa5af09 Accepting request 911136 from devel:languages:python:Factory
OBS-URL: https://build.opensuse.org/request/show/911136
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=17
2021-08-18 06:55:17 +00:00
59e479a405 Accepting request 911124 from home:fusionfuture:branches:devel:languages:python:Factory
- Update to 3.8.11
  * Security
    - bpo-44022 (boo#1189241): mod:http.client now avoids
      infinitely reading potential HTTP headers after a 100
      Continue status response from the server.
    - bpo-43882: The presence of newline or tab characters in parts
      of a URL could allow some forms of attacks.
      Following the controlling specification for URLs defined by
      WHATWG urllib.parse() now removes ASCII newlines and tabs
      from URLs, preventing such attacks.
    - bpo-42800: Audit hooks are now fired for frame.f_code,
      traceback.tb_frame, and generator code/frame attribute
      access.
  * Core and Builtins
    - bpo-44070: No longer eagerly makes import filenames absolute,
      except for extension modules, which was introduced in 3.8.10.
  * Library
    - bpo-44061: Fix regression in previous release when calling
      pkgutil.iter_modules() with a list of pathlib.Path objects

OBS-URL: https://build.opensuse.org/request/show/911124
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=77
2021-08-10 04:45:47 +00:00
Dominique Leuenberger
1b0a998f35 Accepting request 909797 from devel:languages:python:Factory
- Use versioned python-Sphinx to avoid dependency on other
  version of Python (bsc#1183858).

OBS-URL: https://build.opensuse.org/request/show/909797
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=16
2021-08-05 18:47:37 +00:00
65288618bd - Use versioned python-Sphinx to avoid dependency on other
version of Python (bsc#1183858).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=76
2021-08-02 12:35:59 +00:00
Dominique Leuenberger
f0f8e4c1c1 Accepting request 900833 from devel:languages:python:Factory
- Add bpo44426-complex-keyword-sphinx.patch allowing generating
  documentation with Sphinx 4 (bpo#44426).

OBS-URL: https://build.opensuse.org/request/show/900833
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=15
2021-06-23 15:38:05 +00:00
e5fcdbe941 Fix metadata
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=74
2021-06-18 23:02:50 +00:00
ad0975bae5 - Add bpo44426-complex-keyword-sphinx.patch allowing generating
documentation with Sphinx 4 (bpo#44426).

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=73
2021-06-18 23:00:45 +00:00
1419092212 revert
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=72
2021-06-18 21:21:26 +00:00
bab078237e - add 22198.patch to build with Sphinx 4
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=71
2021-06-18 21:11:16 +00:00
Dominique Leuenberger
91d6e677aa Accepting request 898503 from devel:languages:python:Factory
OBS-URL: https://build.opensuse.org/request/show/898503
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=14
2021-06-11 20:29:55 +00:00
2aa8e57714 Accepting request 898393 from home:dirkmueller:Factory
- allow building against sphinx 3.x+

OBS-URL: https://build.opensuse.org/request/show/898393
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=69
2021-06-08 16:39:27 +00:00
c38e8596de - Stop providing "python" symbol (bsc#1185588), which means
python2 currently.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=68
2021-05-21 15:17:16 +00:00
Dominique Leuenberger
82fc01b8d7 Accepting request 890780 from devel:languages:python:Factory
- Update to 3.8.10:
  - Security
    - bpo-43434: Creating a sqlite3.Connection object now also
      produces a sqlite3.connect auditing event. Previously this
      event was only produced by sqlite3.connect() calls. Patch
      by Erlend E. Aasland.
    - bpo-43472: Ensures interpreter-level audit hooks receive
      the cpython.PyInterpreterState_New event when called
      through the _xxsubinterpreters module.
    - bpo-43075: Fix Regular Expression Denial of Service (ReDoS)
      vulnerability in urllib.request.AbstractBasicAuthHandler.
      The ReDoS-vulnerable regex has quadratic worst-case
      complexity and it allows cause a denial of service when
      identifying crafted invalid RFCs. This ReDoS issue is on
      the client side and needs remote attackers to control the
      HTTP server.
  - Core and Builtins
    - bpo-43105: Importlib now resolves relative paths when
      creating module spec objects from file locations.
    - bpo-42924: Fix bytearray repetition incorrectly copying
      data from the start of the buffer, even if the data is
      offset within the buffer (e.g. after reassigning a slice at
      the start of the bytearray to a shorter byte string).
  - Library
    - bpo-43993: Update bundled pip to 21.1.1.
    - bpo-43937: Fixed the turtle module working with non-default
      root window.
    - bpo-43930: Update bundled pip to 21.1 and setuptools to
      56.0.0
    - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now
      returns a consistent error message when cadata contains no
      valid certificate.
    - bpo-43607: urllib can now convert Windows paths with \\?\
      prefixes into URL paths.
    - bpo-43284: platform.win32_ver derives the windows version
      from sys.getwindowsversion().platform_version which in turn
      derives the version from kernel32.dll (which can be of
      a different version than Windows itself). Therefore change
      the platform.win32_ver to determine the version using the
      platform module’s _syscmd_ver private function to return an
      accurate version.
    - bpo-42248: [Enum] ensure exceptions raised in _missing__
      are released
    - bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1
      to suppress deprecation warnings. Python requires OpenSSL
      1.1.1 APIs.
    - bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants
      (OpenSSL 3.0.0)
    - bpo-43789: OpenSSL 3.0.0: Don’t call the password callback
      function a second time when first call has signaled an
      error condition.
    - bpo-43788: The header files for ssl error codes are now
      OpenSSL version-specific. Exceptions will now show correct
      reason and library codes. The make_ssl_data.py script has
      been rewritten to use OpenSSL’s text file with error codes.
    - bpo-43655: tkinter dialog windows are now recognized as
      dialogs by window managers on macOS and X Window.
    - bpo-43534: turtle.textinput() and turtle.numinput() create
      now a transient window working on behalf of the canvas
      window.
    - bpo-43522: Fix problem with hostname_checks_common_name.
      OpenSSL does not copy hostflags from struct SSL_CTX to
      struct SSL.
    - bpo-42967: Allow bytes separator argument in
      urllib.parse.parse_qs and urllib.parse.parse_qsl when
      parsing str query strings. Previously, this raised
      a TypeError.
    - bpo-43176: Fixed processing of a dataclass that inherits
      from a frozen dataclass with no fields. It is now correctly
      detected as an error.
    - bpo-34463: Fixed discrepancy between traceback and the
      interpreter in formatting of SyntaxError with lineno not
      set (traceback was changed to match interpreter).
    - bpo-41735: Fix thread locks in zlib module may go wrong in
      rare case. Patch by Ma Lin.
    - bpo-26053: Fixed bug where the pdb interactive run command
      echoed the args from the shell command line, even if those
      have been overridden at the pdb prompt.
    - bpo-36470: Fix dataclasses with InitVars and replace().
      Patch by Claudiu Popa.
    - bpo-28577: The hosts method on 32-bit prefix length
      IPv4Networks and 128-bit prefix IPv6Networks now returns
      a list containing the single Address instead of an empty
      list.
    - bpo-32745: Fix a regression in the handling of ctypes’
      ctypes.c_wchar_p type: embedded null characters would cause
      a ValueError to be raised. Patch by Zackery Spytz.
  - Documentation
    - bpo-43959: The documentation on the PyContextVar C-API was
      clarified.
    - bpo-43938: Update dataclasses documentation to express that
      FrozenInstanceError is derived from AttributeError.
    - bpo-43739: Fixing the example code in
      Doc/extending/extending.rst to declare and initialize the
      pmodule variable to be of the right type.
  - Tests
    - bpo-43842: Fix a race condition in the SMTP test of
      test_logging. Don’t close a file descriptor (socket) from
      a different thread while asyncore.loop() is polling the
      file descriptor. Patch by Victor Stinner.
    - bpo-43811: Tests multiple OpenSSL versions on GitHub
      Actions. Use ccache to speed up testing.
    - bpo-43791: OpenSSL 3.0.0: Disable testing of legacy
      protocols TLS 1.0 and 1.1. Tests are failing with
      TLSV1_ALERT_INTERNAL_ERROR.
  - IDLE
    - bpo-43655: IDLE dialog windows are now recognized as
      dialogs by window managers on macOS and X Window.
  - C API
    - bpo-43962: _PyInterpreterState_IDIncref() now calls
      _PyInterpreterState_IDInitref() and always increments
      id_refcount. Previously, calling
      _xxsubinterpreters.get_current() could create an
      id_refcount inconsistency when
      a _xxsubinterpreters.InterpreterID object was deallocated.
      Patch by Victor Stinner.
- Reapplied patches:
  - CVE-2019-5010-null-defer-x509-cert-DOS.patch
  - F00102-lib64.patch
  - SUSE-FEDORA-multilib.patch
  - bpo-31046_ensurepip_honours_prefix.patch
  - python-3.3.0b1-fix_date_time_compiler.patch
- Make sure to close the import_failed.map file after the exception
  has been raised in order to avoid ResourceWarnings when the
  failing import is part of a try...except block.

OBS-URL: https://build.opensuse.org/request/show/890780
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=13
2021-05-12 17:31:05 +00:00
e509746279 - Update to 3.8.10:
- Security
    - bpo-43434: Creating a sqlite3.Connection object now also
      produces a sqlite3.connect auditing event. Previously this
      event was only produced by sqlite3.connect() calls. Patch
      by Erlend E. Aasland.
    - bpo-43472: Ensures interpreter-level audit hooks receive
      the cpython.PyInterpreterState_New event when called
      through the _xxsubinterpreters module.
    - bpo-43075: Fix Regular Expression Denial of Service (ReDoS)
      vulnerability in urllib.request.AbstractBasicAuthHandler.
      The ReDoS-vulnerable regex has quadratic worst-case
      complexity and it allows cause a denial of service when
      identifying crafted invalid RFCs. This ReDoS issue is on
      the client side and needs remote attackers to control the
      HTTP server.
  - Core and Builtins
    - bpo-43105: Importlib now resolves relative paths when
      creating module spec objects from file locations.
    - bpo-42924: Fix bytearray repetition incorrectly copying
      data from the start of the buffer, even if the data is
      offset within the buffer (e.g. after reassigning a slice at
      the start of the bytearray to a shorter byte string).
  - Library
    - bpo-43993: Update bundled pip to 21.1.1.
    - bpo-43937: Fixed the turtle module working with non-default
      root window.
    - bpo-43930: Update bundled pip to 21.1 and setuptools to
      56.0.0
    - bpo-43920: OpenSSL 3.0.0: load_verify_locations() now

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=66
2021-05-05 15:36:38 +00:00
0bcf65704a Accepting request 889802 from home:bnavigator:branches:devel:languages:python:Factory
- Make sure to close the import_failed.map file after the exception
  has been raised in order to avoid ResourceWarnings when the
  failing import is part of a try...except block.

Please sync to the other flavors.

This fixes test suite failures of packages with `-W error` and optional imports.
(e.g. pytest-doctestplus)

OBS-URL: https://build.opensuse.org/request/show/889802
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=65
2021-05-02 17:07:37 +00:00
Dominique Leuenberger
065f208443 Accepting request 889131 from devel:languages:python:Factory
- Update to 3.8.9:
  - bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile
    feature of the pydoc module which could be abused to read
    arbitrary files on the disk (directory traversal
    vulnerability). Moreover, even source code of Python modules
    can contain sensitive data like passwords. Vulnerability
    reported by David Schwörer.
  - bpo-43285: ftplib no longer trusts the IP address value
    returned from the server in response to the PASV command by
    default. This prevents a malicious FTP server from using the
    response to probe IPv4 address and port combinations on the
    client network.
  - Code that requires the former vulnerable behavior may set
    a trust_server_pasv_ipv4_address attribute on their
    ftplib.FTP instances to True to re-enable it.
  - bpo-43439: Add audit hooks for gc.get_objects(),
    gc.get_referrers() and gc.get_referents(). Patch by Pablo
    Galindo.
  - bpo-43660: Fix crash that happens when replacing sys.stderr
    with a callable that can remove the object while an exception
    is being printed. Patch by Pablo Galindo.
  - bpo-35883: Python no longer fails at startup with a fatal
    error if a command line argument contains an invalid Unicode
    character. The Py_DecodeLocale() function now escapes byte
    sequences which would be decoded as Unicode characters
    outside the [U+0000; U+10ffff] range.
  - bpo-43406: Fix a possible race condition where
    PyErr_CheckSignals tries to execute a non-Python signal
    handler.
  - bpo-35930: Raising an exception raised in a “future” instance
    will create reference cycles.
  - bpo-43577: Fix deadlock when using ssl.SSLContext debug
    callback with ssl.SSLContext.sni_callback().
  - bpo-43423: subprocess.communicate() no longer raises an
    IndexError when there is an empty stdout or stderr IO buffer
    during a timeout on Windows.
  - bpo-27820: Fixed long-standing bug of smtplib.SMTP where
    doing AUTH LOGIN with initial_response_ok=False will fail.
    The cause is that SMTP.auth_login _always_ returns a password
    if provided with a challenge string, thus non-compliant with
    the standard for AUTH LOGIN. Also fixes bug with the test for
    smtpd.
  - bpo-43399: Fix ElementTree.extend not working on iterators
    when using the Python implementation
  - bpo-43316: The python -m gzip command line application now
    properly fails when detecting an unsupported extension. It
    exits with a non-zero exit code and prints an error message
    to stderr.
  - bpo-43260: Fix TextIOWrapper can not flush internal buffer
    forever after very large text is written.
  - bpo-42782: Fail fast in shutil.move() to avoid creating
    destination directories on failure.
  - bpo-37193: Fixed memory leak in socketserver.ThreadingMixIn
    introduced in Python 3.7.
  - bpo-43199: Answer “Why is there no goto?” in the Design and
    History FAQ.
  - bpo-43407: Clarified that a result from time.monotonic(),
    time.perf_counter(), time.process_time(), or
    time.thread_time() can be compared with the result from any
    following call to the same function - not just the next
    immediate call.
  - bpo-27646: Clarify that ‘yield from <expr>’ works with any
    iterable, not just iterators.
  - bpo-36346: Update some deprecated unicode APIs which are
    documented as “will be removed in 4.0” to “3.12”. See PEP 623
    for detail.
  - bpo-37945: Fix test_getsetlocale_issue1813() of test_locale:
    skip the test if setlocale() fails. Patch by Victor Stinner.
  - bpo-41561: Add workaround for Ubuntu’s custom OpenSSL
    security level policy.
  - bpo-43631: Update macOS, Windows, and CI to OpenSSL 1.1.1k.
  - bpo-43617: Improve configure.ac: Check for presence of
    autoconf-archive package and remove our copies of M4 macros.
  - bpo-41837: Update macOS installer build to use OpenSSL
    1.1.1j.
  - bpo-42225: Document that IDLE can fail on Unix either from
    misconfigured IP masquerage rules or failure displaying
    complex colored (non-ascii) characters.
  - bpo-43283: Document why printing to IDLE’s Shell is often
    slower than printing to a system terminal and that it can be
    made faster by pre-formatting a single string before
    printing.

OBS-URL: https://build.opensuse.org/request/show/889131
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=12
2021-05-02 16:35:21 +00:00
c4ad231e8c Add BR autoconf-archive
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=63
2021-04-28 19:00:43 +00:00
8d39a136b6 - Update to 3.8.9:
- bpo#42988 (bsc#1183374) CVE-2021-3426: Remove the getfile
    feature of the pydoc module which could be abused to read
    arbitrary files on the disk (directory traversal
    vulnerability). Moreover, even source code of Python modules
    can contain sensitive data like passwords. Vulnerability
    reported by David Schwörer.
  - bpo-43285: ftplib no longer trusts the IP address value
    returned from the server in response to the PASV command by
    default. This prevents a malicious FTP server from using the
    response to probe IPv4 address and port combinations on the
    client network.
  - Code that requires the former vulnerable behavior may set
    a trust_server_pasv_ipv4_address attribute on their
    ftplib.FTP instances to True to re-enable it.
  - bpo-43439: Add audit hooks for gc.get_objects(),
    gc.get_referrers() and gc.get_referents(). Patch by Pablo
    Galindo.
  - bpo-43660: Fix crash that happens when replacing sys.stderr
    with a callable that can remove the object while an exception
    is being printed. Patch by Pablo Galindo.
  - bpo-35883: Python no longer fails at startup with a fatal
    error if a command line argument contains an invalid Unicode
    character. The Py_DecodeLocale() function now escapes byte
    sequences which would be decoded as Unicode characters
    outside the [U+0000; U+10ffff] range.
  - bpo-43406: Fix a possible race condition where
    PyErr_CheckSignals tries to execute a non-Python signal
    handler.
  - bpo-35930: Raising an exception raised in a “future” instance

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=62
2021-04-28 17:38:20 +00:00
Dominique Leuenberger
f6fabb920e Accepting request 879914 from devel:languages:python:Factory
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/879914
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=11
2021-03-18 21:55:01 +00:00
988a108da4 Fix changes
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=60
2021-03-11 14:03:10 +00:00
Richard Brown
dd6e8139a8 Accepting request 874121 from devel:languages:python:Factory
- Update to 3.8.8:
  - bpo#42938 (bsc#1181126): Avoid static buffers when computing
    the repr of ctypes.c_double and ctypes.c_longdouble
    values. This issue was assigned CVE-2021-3177.
  - bpo#42967 (bso#1182379): Fix web cache poisoning
    vulnerability by defaulting the query args separator to &,
    and allowing the user to choose a custom separator. This
    issue was assigned CVE-2021-23336.
- Remove bsc1167501-invalid-alignment.patch and
  CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch, which were included
  into the upstream tarball.

OBS-URL: https://build.opensuse.org/request/show/874121
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python38?expand=0&rev=10
2021-03-02 13:41:29 +00:00
c6090234a8 Fix changes
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=58
2021-02-21 09:51:16 +00:00
73a62948e4 Fix changes
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=57
2021-02-21 09:40:47 +00:00
100371da1e Fix changes ... make obvious removal of patches
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=56
2021-02-21 06:54:11 +00:00
47660f8a24 Clean SPEC file
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=55
2021-02-20 23:39:56 +00:00
ad17b0295b Fixes changes
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=54
2021-02-20 18:22:09 +00:00
c36a6fcb46 - Update to 3.8.8:
- bpo#42938 (bsc#1181126): Avoid static buffers when computing
    the repr of ctypes.c_double and ctypes.c_longdouble
    values. This issue was assigned CVE-2021-3177.
  - bpo#42967 (bso#1182379): Fix web cache poisoning
    vulnerability by defaulting the query args separator to &,
    and allowing the user to choose a custom separator. This
    issue was assigned CVE-2021-23336.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python38?expand=0&rev=53
2021-02-19 16:53:23 +00:00